Preamble

This privacy policy applies to the use of the Captivr_App – hereinafter named as “App” – and related services. These services include the video recording of rides on amusement park rides and the use and purchase of the video recordings by the respective passenger.

We attach great importance to protecting your data and safeguarding your privacy. In the following, we describe which data we process, when and for what purpose and on what legal basis. The aim is to explain how our services work and how the protection of your personal data is guaranteed.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly. Further information on this can be found in Art. 4 No. 1 DSGVO, among others.

This privacy policy can be accessed at any time at the following link: Datenschutzerklärung

Among other things, you can access our App via our website: https://www.captivr.net/ or via a landing page. In this case, the data protection provisions of the respective website also apply.

General provisions

1. Responsible

The person responsible for the processing of personal data within the scope of this data protection declaration within the meaning of Art. 4 No. 7 DSGVO is:

Captivr Ltd,

Oliver Scholz, Andreas Peusch

Bliesheimer-Str.3,

50374 Erftstadt,

E-mail: info@captivr.de

2. Contact person for data protection

If you have any questions about the processing of your personal data or about your data protection rights, please contact:

Peter Quaglia

(Captivr Ltd.)

datenschutz@captivr.de

3. Legal basis of data processing, objection and revocation

We process your data for various purposes. Depending on the purpose of the processing, the following legal bases apply:

a) for the performance of the app services: Legal basis: performance of contracts (Art. 6 (1) b) DSGVO) and in our legitimate interest (Art. 6 (1) f) DSGVO),
b) for video recording of rides: Legal basis: Prior consent of the passenger (Art. 6 (1) a) DSGVO).
c) for the purchase, retrieval and payment of the video file by the passenger: Legal basis: performance of the contract (Art. 6 (1) b) DSGVO).

Legitimate interest and opposition

Insofar as data processing is carried out in our legitimate interest, you have the right to object to its use for marketing/advertising purposes and to profiling. Your data will then not be processed for these purposes. Otherwise, you can object to data processing on the basis of legitimate interest for reasons arising from your personal situation. In this case, your data will also not be processed unless we have compelling legitimate grounds that override your interests, rights and freedoms.

You can declare your objection by e-mail to datenschutz@captivr.de , by mail to Captivr GmbH, Bliesheimer-Str. 3, 50374 Erftstadt or by telephone to +49 (0)221 98651440. The objection may result in that the service in question cannot be used or can only be used to a limited extent.

Consent and revocation

If you have consented to the processing of your data, you can revoke your consent at any time without giving reasons. You can declare your revocation by e-mail to datenschutz@captivr.de, by mail to Captivr GmbH, Bliesheimer-Str. 3, 50374 Erftstadt or by telephone to +49 (0)221 98651440 (supplement).

The revocation has the consequence that data processing to which you have consented will no longer take place, whereby any processing of your data that may have been carried out until the revocation remains unaffected. In the event of a revocation, the service in question can no longer be provided.

Where you have given consent in the App for the tracking of your behaviour in the App, the collection of your location, access to your camera or the sending of push notifications, you can revoke this consent in the App. On ‘Permission Overview’ you can see the consents you have given us. From here, you can go directly to your phone’s settings where you can revoke your consents.

4. Information on Google services

We use services of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland in our App. You can find more detailed information on the individual concrete services from Google that we use in the further data protection declaration. By integrating Google services, Google may collect and process information (including personal data). It cannot be ruled out that Google also transmits the information to a server in a third country.

The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use.

There is currently no adequacy decision pursuant to Art. 45 of the GDPR.

However, the transfer can be based on. Standard Contractual Clauses. Google has committed to comply with the Standard Contractual Clauses for the transfer of personal data to third countries under Directive 95/46/EC (SCC).

You can find more information on SCC clauses at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de and at https://policies.google.com/privacy/frameworks?hl=de.

We ourselves cannot influence what data Google actually collects and processes. However, Google states that, in principle, the following information (including personal data) may be processed, among other things:

Log data (in particular the IP address)
Site-related information
Unique application numbers
Cookies and similar technologies

Information on the types of cookies used by Google can be found at https://policies.google.com/technologies/types.

If you are logged into your Google Account, Google may add the processed information to your account and treat it as personal data, depending on your account settings. Google states the following, among other things, in this regard:

“If you are not signed in to a Google Account, we store the data we collect with unique identifiers associated with the browser, app or device you are using. This allows us to ensure, for example, that your language settings are retained across all browsing sessions.

If you are logged into a Google account, we also collect data that we store in your Google account and consider to be personal data.” (https://www.google.com/intl/de/policies/privacy/index.html)

You can prevent this data from being added directly by logging out of your Google account or by making the appropriate account settings in your Google account. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

You can find out how to delete cookies in the most common browsers here:

Google Chrome: Website
Mozilla Firefox: Website
Apple Safari: Website
Microsoft Internet Explorer: Website

You can find more information in Google’s privacy policy, which you can access here:

https://www.google.com/policies/privacy/

You can find information on Google’s privacy settings at https://privacy.google.com/take-control.html.

Special provisions: Data processing when using the App and the video service

1. Data processing when using the Captivr App

Log files and other data when calling up and downloading the App

When you access our App, we automatically collect data and information from your device’s system and store some of this in so-called server log files.

When our App is accessed for the first time, the following data is stored on the mobile device.

A unique ID identifier stored by us for this purpose on the device being used, which we refer to as a SerialNumber.
A unique identification number called an AuthIdentifier that is assigned to the user of the App.
Their confirmation that they are over 16 years of age to validate the effectiveness of any required video recording consent forms.
The creation and storage of a device token is necessary in order to be able to send you push messages when using the App.

The purpose of this processing is to enable the retrieval of the App on your device. Furthermore, we use the data to optimise our App and to ensure the security of our systems and compliance with data protection requirements.

The following data is transmitted in the communication between the mobile device and our server.

a) A session identification number that enables us to provide the correct data for your mobile device.
b) The time of the retrieval.
c) The IP address of your mobile device at the time of retrieval.

This allows your mobile device to access the products ordered for viewing or already purchased from us at any time without you having to register with your name and email. We analyse the process of ordering products for viewing or ultimately purchasing them with the help of Google Analytics, provided you give us your consent to do so (see point B.4 below).

Legal basis for the fulfilment of the usage contract concluded with you pursuant to Art. 6 para. 1b) as well as our legitimate Art. 6 para. 1 lit. f) DSGVO. We have a legitimate interest in protecting our systems and optimising the App.

We store the data for two months.

The recipient of the data is our server host, which acts for us under a commissioned data agreement: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521

Right of objection

You have the right to object. You can send or inform us of your objection at any time (e.g. by e-mail to datenschutz@captivr.de).

The provision of personal data is neither legally nor contractually required. You are also not obliged to provide the personal data. However, failure to provide the data will result in you not being able to use our App or not being able to use it to its full extent.

Data processing when using the video service.

When you use our video service, we process the following personal data from you:

a) scanned QR code before starting the journey to identify the row you are in and yours of the seat of the row to be recorded during the journey.
b) Inputs of consent to video recording: session identification number, time of consent, version of privacy policy against which consent has been executed.

c)Payment data when purchasing a video file: amount paid, status, description, ID payment provider, last 4 characters of the payment instrument number, fingerprint, validity period, issuer of the payment instrument, holder address, country of origin holder and CVR token.

The processing of the aforementioned data is carried out for the purpose of contract initiation and contract fulfilment in accordance with Art. 6 para. 1 lit. b) DSGVO.

The provision of your personal data is voluntary. However, it is not possible to use our services without providing the data.

2. Acquisition, retrieval and download of the video files

2.1 Storage of the data
The video file is stored in the Microsoft Cloud in Amsterdam. Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 is to that extent the recipient of the data collected in connection with the purchase of the video file .

2.2 Purchase
After completion of the video file, you will be given the opportunity to purchase it within 2 weeks of the link being sent to you at the price conditions stated there. For this purpose, you will receive a link on your device which will direct you to a web service of Stripe Payments Europe Ltd, where you can purchase and pay for the file. If you do not purchase the video file within 2 weeks, it will be deleted.

2.3 Retrieval and download of the video file

After paying for the video file, you will receive a link to access the file in the Microsoft Cloud. The video file will be stored there for 1 year and can be retrieved at any time. It can also be downloaded and stored individually. Storage in the Microsoft Cloud for longer than 1 year is possible for an additional fee. Please note that you are responsible for your continued use of the video file in accordance with data protection regulations.

The processing of data within the framework of the processes described above is based on the usage contract concluded with you pursuant to Art. 6 (1b) DSGVO.

3. Payment via Stripe or Pay Pal

You have the option to pay for the video recording using Stripe. The service provider is Stripe Technology Europe, Limited, The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland. If you choose Stripe as your payment service provider, the payment will be processed through Stripe. To this extent, Stripe is also the recipient of your data required for the purchase of the video file. This allows us to accept credit and debit card payments in our webshop.

You also have the option of paying the fee for the video recording via PayPal. The service provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you choose PayPal as your payment service provider, the payment will be processed via PayPal. In this respect, PayPal is also the recipient of your data required for the purchase of the video file.

You will be redirected to the Stripe or PayPal website.

Stripe: When paying via Stripe, information (including personal data) is transmitted by us to Stripe for the purpose of payment processing and processed by Stripe. When paying via Stripe, the following data in particular is transmitted by us to Stripe:

CVR token
Purchase amount and date of purchase,
The description of the product or products that have been ordered. The location of a ride where the onride video is created may be included.

As part of the transaction, we receive the following data from Stripe:

Amount, fee, net amount, status, description, ID payment provider, last 4 characters of the payment instrument number, fingerprint, validity period, issuer of the payment instrument, holder, holder address, country of origin and CVR token.

PayPal: When paying via PayPal, information (including personal data) is transmitted from us to PayPal for the purpose of payment processing and processed by PayPal. When paying via PayPal, the following data in particular will be transmitted by us to PayPal:

CVR token
Purchase amount and purchase date
The description of the product or products that have been ordered. The location of a ride where the onride video is created may be included.
PayPal email address from you

As part of the transaction, we receive the following data from PayPal:

The legal basis for the processing of the above-mentioned data within the framework of the ordering process and the processing of the contract is Art. 6 para. 1 lit. b) DSGVO. The data will only be stored by us for as long as is necessary for the implementation and processing of your order and compliance with the statutory retention periods.

The provision of personal data is necessary for the conclusion of a contract. Failure to provide the data would result in the contract not being concluded.

Setting cookies through Stripe

Stripe also places cookies on your device during payment processing. Stripe uses these cookies, among other things, to detect and prevent fraudulent activities (necessary cookies), for analysis purposes to improve Stripe’s service or to serve personalised advertising. Cookies for analysis purposes aim, for example, to recognise you as a customer and your preferred payment method or to evaluate the effectiveness of advertising measures.

Further information on Stripe’s use of cookies can be found here: https://stripe.com/cookies-policy/legal. Information on the further processing of personal data by Stripe can be found here: https://stripe.com/de/privacy

The legal basis for the processing of data through cookies by Stripe is the consent given by you in accordance with Art. 6 (1) a), insofar as this is necessary for the cookies to be set in accordance with data protection.

Setting of cookies by PayPal

PayPal also places cookies on your device when processing payments. PayPal uses these cookies, among other things, to detect and prevent fraudulent activities (necessary cookies), for analysis purposes to improve PayPal’s service or to serve personalised advertising. Cookies for analysis purposes aim, for example, to recognise you as a customer and your preferred payment method or to evaluate the effectiveness of advertising measures.

Further information on PayPal’s use of cookies can be found here: https://www.paypal.com/DE/webapps/mpp/ua/cookie-full . Information on the further processing of personal data by Stripe can be found here: https://www.paypal.com/de/legalhub/privacy-full.

The legal basis for the processing of data through cookies by PayPal is the consent given by you in accordance with Art. 6 (1) a), insofar as this is necessary for setting the cookies in accordance with data protection.

The legal basis for the processing of those data that are processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) lit. f) DSGVO. We have a legitimate interest in being able to prove that you have given your consent (Art. 7 (1) DSGVO).

For the transfer of personal data, we as the responsible party have concluded an order processing contract with PayPal.

Under certain circumstances, a data transfer of the collected and processed data takes place to the USA or other third countries in which an adequate level of data protection cannot be guaranteed. This data transfer can be based on standard contractual clauses in accordance with Art. 46, which have found their way into our agreement with Stripe.

Under certain circumstances, a data transfer of the collected and processed data takes place to the USA or other third countries in which no adequate level of data protection can be guaranteed. This data transfer can be based on standard contractual clauses in accordance with Art. 46, which have found their way into our agreement with PayPal.

Your rights:

Right of withdrawal

You have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

To do this, you can change your cookie settings (e.g. delete cookies, block cookies, etc. For more information, see 5.), unless these cookies are required for fraud prevention or to ensure the security of the websites managed by Stripe or PayPal. However, we would like to point out that in this case you may not be able to use all functions of Stripe or PayPal to their full extent.

4. Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited. (“Google”), Gordon House, Barrow Street, Dublin 4 Ireland.

Google Analytics is used to record and evaluate the occurrence of certain events in the App or the web App that describe your use of the App (e.g. user registration, purchase completion, selection of content, sharing of content, …), An overview of all registered events can be found in the following table:

Event	We triggered in the following cases
login	A user logs in.
purchase	A user completes a purchase.
select_content	A user selects content.
share	A user shares content.
sign_up	A user registers. This way you can measure the popularity of each registration method.
spend_virtual_currency	A user spends virtual currency (e.g. coins, gems or tokens).
tutorial_begin	A user starts a tutorial.
add_payment_info	A user submits his payment information.
add_to_cart	A user adds items to the shopping cart.
begin_checkout	A user starts the payment process.
purchase	A user completes a purchase.
refund	A user receives a refund.
remove_from_cart	A user removes items from the shopping cart.
select_item	A user selects an item from a list.
view_cart	A user looks at his shopping cart.
view_item	A user looks at an article.
view_item_list	A user sees a list of items or offers.

Information on data processing by Google in the context of the use of Google services can be found in this privacy policy above under the section “A 4) Information on Google services“.

The following types of data are processed by Google:

Online identifiers (including cookie identifiers)
IP address
Device identifiers
Number of users
Behaviour of the user in the App (e.g. completing a purchase, adding goods to the shopping basket)
Session statistics
Approximate location
Browser and device information

In addition, you can find more detailed information on the information processed at https://www.google.com/intl/de/policies/privacy/#infocollect under “Data we receive as a result of your use of our services”, and at https://privacy.google.com/businesses/adsservices/ .

In the context of granting consent to use Google Analytics, we also process the following data:

Your IP address
Date and time of sending

We only use Google Analytics with activated IP anonymisation (“anonymize IP”). This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Furthermore, we have concluded an order processing agreement with Google for the use of Google Analytics (Art. 28 DSGVO). Google processes the data on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Within the framework of commissioned data processing, Google is entitled to engage subcontractors. A list of subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.

By integrating Google Analytics, we pursue the purpose of analysing user behaviour on our website and being able to react to this. This enables us to continuously improve our offer.

The purpose of processing the data collected in the course of the declaration of consent is to record your consent.

The legal basis for the processing of personal data described here in the context of the measurement procedure is your express consent pursuant to Art. 6 (1) a) DSGVO.

The legal basis for processing those data that are processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) lit. f) DSGVO. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7 (1) DSGVO).

As part of the order processing, Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.

Your rights:

right of withdrawal

Right of withdrawal

You have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

You can revoke your consent in the App via “Permission Overview”, see above. Point A 3) Consent and revocation.

Furthermore, you can change your cookie settings (e.g. delete cookies, block cookies, etc.). For further information, please refer to section B. 5) Cookies.

right of objection

Insofar as the processing of your data is not covered by consent (proof of consent), you have the right to object.

Right of objection

You can send or inform us of your objection at any time (e.g. by e-mail to datenschutz@captivr.de ).

The data collected and processed as part of the measurement procedure is stored for 60 days and automatically deleted after this retention period has expired.

Consent logging data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For further information on data handling in connection with Google Analytics, please refer to Google’s privacy policy:

https://support.google.com/analytics/answer/6004245?hl=de

You can find information on Google’s privacy settings at https://privacy.google.com/take-control.html?categories_activeEl=sign-in.

The provision of personal data is neither legally nor contractually required and is also not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data may result in you not being able to use our website or not being able to use it to its full extent.

5. Cookies

Our App or web App uses cookies. Cookies are text files that are stored on your device, e.g. to make the use of an app more convenient or to recognise the user’s device and save settings or similar. Entries and settings can be saved in cookies so that you do not have to enter them again on each new visit. Cookies contain a so-called cookie ID, which makes it possible to assign the device in which the cookie was stored.

Cookies help us to make our app user-friendly and tailor-made. We use our own cookies and cookies from third-party providers. You have the option to configure the setting of cookies at any time.

You can find out how to change the cookie settings here:

Google Chrome: Website

Mozilla Firefox: Website

Apple Safari: Website

Microsoft Internet Explorer: Website

Cookies for analysis (performance):

These cookies can be used to measure the reach of our App. Through the cookie set, we can, among other things, track how many users call up our App and track the behaviour of users in the App. We use this data, among other things, to optimise the App through evaluations of the

You can give your consent conclusively by actively clicking on “Accept” in the displayed notice. You can revoke your consent at any time via the Permission Overview. Your revocation does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

We use Google Analytics cookies for tracking purposes:

_ga: This cookie identifies the user and has a duration of two years,

_gid: Used to identify the user and has a duration of 24 hours

Essential cookies

Technically necessary cookies are those that are required for the smooth functioning of our App. Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f) DSGVO. We have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services.

The provision of personal data is neither legally nor contractually required and is also not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide the data may result in you not being able to use the App or not being able to use it to its full extent.

Other services used by us also use cookies. We inform you separately about the use of cookies in the individual services.

As technically necessary cookies we use:

cookie-allow: This cookie stores the answer to the request whether we are allowed to store cookies or not. It has a duration of one month.

isPlatform: This cookie stores data about the browser used for the duration of the session.

isDeviceID: This cookie stores a generated Guid for the duration of the session. This ensures that the videos generated by users remain assignable until one of our apps is installed.

6. Fire Base

We use Fire Base on our website, which is an analysis and monitoring tool of Google Ireland Limited. (“Google”), Gordon House, Barrow Street, Dublin 4 Ireland.

With the help of Firebase, we can determine from which advertising medium the App was installed by scanning a QR code. Each advertising medium contains a unique QR code for this purpose, so that we can determine the route by which you reached the App.

Furthermore, we use Fire Base to provide you with the video.

Google processes data in the USA. In this regard, we refer to section 4.

You can find further information at https://firebase.google.com/support/privacy?hl=de

7. Social Networks & External Links

In addition to this website, we also maintain presences in various social media, which you can access via corresponding buttons on our website. If you visit such a presence, personal data may be transmitted to the provider of the social network.

Please note that user data may also be transmitted to a server in a third country and thus processed outside the European Union.

It is possible that, in addition to the storage of the data specifically entered by you in this social medium, further information will also be processed by the provider of the social network.

In addition, the provider of the social network may process the most important data of the computer system from which you visit it – for example, your IP address, the processor type and browser version used, including plug-ins.

If you are logged in with your personal user account of the respective network while visiting such a website, this network can assign the visit to this account.

The purpose and scope of the data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the respective provisions of the respective responsible party, e.g. under:

Facebook (Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA):
- For fan pages: agreement on joint processing of personal data (Art. 26 (1) DSGVO) https://www.facebook.com/legal/terms/page_controller_addendum
- Facebook privacy policy: https://www.facebook.com/about/privacy/,
- Opt-out option: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com/,
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
- Privacy policy and opt-out option: https://help.instagram.com/155833707900388

We would also like to point out that our website contains further links to external third-party websites, whereby we have no influence on the processing of data on these third-party websites.

Final provisions

1) Data security

We secure our website and other systems through technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. However, despite regular checks, complete protection against all dangers is not possible.

2) Amendment of the privacy policy

Changes in the law or changes to our internal company processes may make it necessary to adapt this data protection declaration.

In the event of such a change, we will notify you at the beginning of the privacy policy.

3) Revocation

You have the right to revoke your consent at any time with effect for the future without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

4) Data subjects’ rights

In principle, you have the following rights:

Right of access (Art. 15 GDPR)
Right of rectification (Art. 16 GDPR)
Right of objection (Art. 21 DSGVO)
Right to erasure (Art. 17 DSGVO)
Right to restriction of processing (Art. 18f. DSGVO)
Right to data portability (Art. 20 DSGVO)

For requests of this nature, please contact datenschutz@captivr.de. Please note that we must ensure that this is indeed the data subject when making such requests.

You have the right to lodge a complaint with a data protection supervisory authority, without prejudice to any other administrative or judicial remedy.

Automated decision-making does not take place on our website.

Status: 15.06.2023