Privacy policy
The Quick Picture (app)
Privacy Policy
1. General Provisions
1.1 What Constitutes Personal Data
Personal data refers to information that discloses or may disclose the user's identity. We adhere to the principle of data minimization, avoiding collection of personal data wherever possible.
1.2 Handling of Personal Data
Personal data serves exclusively for contract initiation, substantive design, performance, or settlement of the contractual relationship (Art. 6(1)(b) GDPR).
Beyond this scope, we process personal data only when we have obtained your consent (Art. 6(1)(a) GDPR) or when processing is necessary for our legitimate interests, provided that balancing reveals no overriding interests, fundamental rights, or freedoms on your part (Art. 6(1)(f) GDPR).
While we may use data processors for processing your personal data, we generally will not transfer personal data to third parties beyond such arrangements.
Processing of your personal data primarily occurs within the EU and in countries classified by the EU as safe or adequate. Should processing of personal data occur in the USA, we ensure that the services we use are certified under the Data Privacy Framework.
1.3 Usage Data and Permissions
When you install our mobile application, certain necessary data is transmitted to the store you use. This includes your username, download timestamp, your unique device identifier, and the device's unique identifier. You also have the option to rate our app in the respective store. We have no influence over this data collection and processing and assume no responsibility for it. Additional information can be found in the privacy policy of the respective store you use.
When you use our mobile app, we process the following data that is technically required for us to provide you with our mobile app's functions and ensure stability and security. The legal basis is Art. 6(1)(f) GDPR:
- IP address,
- Date and time of request,
- Time zone difference to Greenwich Mean Time (GMT),
- Request content,
- Access status,
- Respective data volume transferred,
- End device type,
- Operating system,
- Language and version of browser software.
- Installation ID (randomly generated)
The app additionally requires the following permissions:
- Internet access (technically necessary): Enables the app to access the internet for online features such as possible cloud storage of game progress, loading additional content, displaying advertisements, in-app purchases, and app updates.
- Network status access (technically necessary): Allows the app to verify internet connection availability before activating online features.
- Advertising ID: Necessary for personalized advertisements if you use the ad-supported app.
- In-app purchases (technically necessary): Enables in-app purchases for virtual goods or additional features.
- Protection of internal communications (technically necessary): The app ensures that important internal notifications can only originate from the app itself and cannot be disrupted by other apps.
- Enhanced privacy for advertising: Through new Google advertising tools, the app receives only general information about your interests so you continue to see relevant advertisements without unnecessary sharing of your personal data (from Android 14, https://developer.android.com/privacy-sandbox).
- Automatic continuation after restart (technically necessary): After a phone restart, the app automatically restarts certain background tasks where required for app functionality.
- Support for important background processes (technically necessary): To prevent interruption of downloads, updates, or other background tasks, the app keeps the device active when necessary, even when the screen is off.
- Persistent services with notification (technically necessary): Functions intended to run continuously display ongoing notifications so you always know the app is active in the background.
- Notifications (optional): Enables the app to inform you about important communications and news directly on your device, ensuring you don't miss relevant information.
Please note that the technically necessary permissions listed above cannot be deactivated, as this would completely restrict app functionality. However, you may deactivate use of the advertising ID for personalized advertisements through corresponding Android settings at any time without impairing app functionality.
The legal basis for technically necessary permissions is Art. 6(1)(b) GDPR (contract performance) or § 25(2)(2) TDDDG (unconditional necessity). The pseudonymized advertising ID is used only after your active consent (Art. 6(1)(a) GDPR).
For all optional permissions, the app obtains your express consent. If these are declined, only the respective functions become unavailable; the app's remaining functionality remains fully intact.
The permissions listed here also refer to functions that may only become available in later app versions.
1.4 In-App Purchases
When you make in-app purchases, we do not process any of your personal data in this connection. Such data, particularly data relevant for electronic payment processing, is exclusively collected and processed by the respective App Store. Please observe the App Store's privacy provisions when using it.
Should you have questions about the processing of your personal data by the respective app store, please contact the app store through which you made the download or in-app purchase.
1.5 Storage Duration
Following termination of the purpose for which data was collected, we store your personal data only as long as required by legal (particularly tax law) provisions.
In detail, the following retention periods apply, for example:
| Type of data | Retention period |
|---|---|
| Tax Data | 10 years |
| Commercial or business letters (including e-mails and faxes) and other documents insofar as these are relevant for taxation purposes. | 6 years from the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting voucher was created, the record was made, or the other documents were created. |
| Transaction and registration data | 10 years from the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting voucher was created, the record was made, or the other documents were created. |
| Consent to data processing under data protection law | For the duration of the possibility of the assertion of rights by the data subject(s). |
| (Electronic) correspondence that has no relevance under tax law | As long as this is necessary to fulfill the task, unless the processing serves the assertion, exercise or defense of legal claims. |
| Usage data and pseudonymized installation-related identifiers in accordance with section 1.3 of this privacy policy | For as long as necessary for app functionality, security, and pseudonymized usage analysis. Infrastructure and server logs are stored for a maximum of 30 days. Longer retention may apply where required for legal claims or statutory obligations. |
2. Your Rights
2.1 Information
You may request information from us about whether we process personal data concerning you, and if so, you have a right to information about this personal data and the additional information specified in Art. 15 GDPR.
2.2 Right to Rectification
You have the right to rectification of inaccurate personal data concerning you and may request completion of incomplete personal data according to Art. 16 GDPR.
2.3 Right to Erasure
You have the right to request that we immediately delete personal data concerning you. We are obligated to delete it immediately, particularly if one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on which data processing was based, and no other legal basis exists for processing.
- Your data was unlawfully processed.
The right to erasure does not exist when your personal data is necessary for asserting, exercising, or defending our legal claims.
2.4 Right to Restriction of Processing
You have the right to request restriction of processing of your personal data when:
- You contest the accuracy of the data, and we must therefore verify accuracy.
- Processing is unlawful, and you decline deletion, instead requesting restriction of use.
- We no longer need the data, but you require it for asserting, exercising, or defending legal claims.
- You have objected to the processing of your data, and it has not yet been determined whether our legitimate grounds outweigh your grounds.
2.5 Right to Data Portability
You have the right to receive personal data concerning you that you provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided processing is based on consent or a contract and processing by us occurs through automated procedures.
2.6 Rights of Withdrawal and Objection
When processing of your personal data is based on consent (Art. 6(1)(a) GDPR), you have the right to withdraw this consent at any time. This does not affect the lawfulness of processing performed based on consent before withdrawal.
When processing of your personal data is based on Art. 6(1)(e) GDPR or Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to processing of personal data concerning you at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or processing serves to assert, exercise, or defend legal claims.
2.7 General Provisions and Right to Complaint
Exercise of your aforementioned rights is generally free of charge. You also have the right to lodge a complaint with a competent data protection authority, including in your country of residence where applicable.
3. Pseudonymized Usage Analysis
We collect and process pseudonymized data about use of our app to improve functionality and optimize user experience. In this context, the following data is processed:
- Interactions with app functions (without personal reference)
- Frequency of use of individual features
- Technical performance data
- Pseudonymized crash reports
Processing of this data serves general improvement of app functionality, error analysis and correction, optimization of user guidance, and development of new features.
Processing occurs based on our legitimate interest in continuous improvement of our app according to Art. 6(1)(f) GDPR.
The collected data is pseudonymized such that identification of your person is excluded. Technical tracing back to individual users is not possible.
To assign usage events and aggregated usage data, the app uses a pseudonymized installation ID. This ID does not allow identification of the user, but enables the grouping of multiple usage events belonging to the same app installation.
4. Third-Party Services
4.1 Google Ads API
The app may use Google services to display advertising banners and other advertising content. This integration serves to finance the app. In this context, the following personal data may be processed:
- IP addresses
- Device ID (Android Advertising ID)
- Click behavior and interaction times
- HTTP header data (including referrer URL)
Google processes this data in pseudonymized form to deliver advertisements, assign conversions, and prevent abuse.
Google also employs cookies and device fingerprinting to track user activities across sessions. This may enable the assignment of advertising interactions.
Processing occurs based on Art. 6(1)(f) GDPR (legitimate interest in cost-covering operation). For tracking technologies, additional consent under Art. 6(1)(a) GDPR is required, obtained through a Consent Management Tool.
Interactions with advertising content may result in data being transmitted directly to the integrated third-party providers. Data protection responsibility for subsequent processing steps lies with the respective providers.
You can view Google's privacy policy here: https://policies.google.com/privacy
4.2 Use of Google Play Games Services
Our app may also use Google Play Games Services from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for extended gaming functions. These include:
- Cloud storage of game progress
- Leaderboards
- Player achievements
In this context, the following (personal) data is processed:
- Game progress and achievements
- Leaderboard entries and scores
- Google account information (as required for gaming functions)
- Device identifiers
Processing of your (personal) data serves synchronization of game progress between different devices, provision of leaderboards and comparison functions, and securing of game progress.
Stored game progress is placed in your personal Google Drive storage and occupies part of your available storage quota. Google manages this data according to Google's privacy provisions.
Use of Google Play Games Services occurs based on your consent according to Art. 6(1)(a) GDPR, which you provide upon first use of the corresponding functions.
Detailed information about privacy at Google can be found at: https://policies.google.com/privacy
Information about Google Play Games Services: https://developers.google.com/games/services
5. Contact
For contact regarding data protection, you may reach us using the following contact options. Responsible entity for privacy matters:
Udo Reiss
c/o IP-Management #24278*
Ludwig-Erhard-Str. 18
20459 Hamburg
Germany
Email: contact@panotium.com
Phone: +49 17622947565
6. International Users & Specific Jurisdictions
For users residing outside the European Union, the European Economic Area, and the United Kingdom, the following country-specific provisions apply in addition to this Privacy Policy, where required by applicable local law.
6.1 Brazil (LGPD)
If you are located in Brazil, your personal data is processed in accordance with the Lei Geral de Proteção de Dados (LGPD), where applicable. Subject to applicable law, your rights may include confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about data sharing, and information about the possibility of denying consent and the consequences of such denial. For privacy requests, you can contact us at contact@panotium.com.
6.2 Canada (PIPEDA)
If you are located in Canada, your personal data is processed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), where applicable. Your personal data may be processed and stored outside Canada, including in the European Union. Subject to applicable law and insofar as we are able to identify you or the personal data relating to you, you may request access to and correction of your personal information by contacting us at contact@panotium.com.
6.3 Japan (APPI)
If you are located in Japan, your personal data is processed in accordance with the Act on the Protection of Personal Information (APPI), where applicable. Where required by law, we provide information about the purposes of use of personal information, categories of data processed, and applicable rights regarding disclosure, correction, suspension of use, or deletion. For privacy requests, you can contact us at contact@panotium.com.
6.4 New Zealand (Privacy Act 2020)
If you are located in New Zealand, your personal data is processed in accordance with the Privacy Act 2020, where applicable. Subject to applicable law and insofar as we are able to identify you or the personal data relating to you, you may request access to and correction of your personal information by contacting us at contact@panotium.com.