Status as at June 14, 2022
1. Blackhole App – Privacy at a glance
Data collection within our app
Who is responsible for data collection within the app?
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter directly into the app.
Other data is collected by our apps accessing data stores on your device, for example, to send messages to a contact from your address book.
Other data is collected automatically by Google Play or Apple when the app is used. This is mainly technical data (e.g. mobile device, operating system, speeds or key figures on software stability). This data is collected automatically as soon as you use our app.
What do we use your data for?
Some of the data is collected to ensure error-free provision of the app (function fulfillment). Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.
Third-party analytics and tools
When using this app, your usage behavior can be statistically evaluated. This is done primarily with so-called analysis programs.
2. Nature and purpose of the data
For the purpose of image-based evaluation, the app requires access to the camera or gallery. The images are used exclusively for the hit image evaluation, which is executed locally on your device and are not saved.
In the inventory, the user has the option to assign images from his gallery to his equipment. These images are only stored locally and cannot be seen by others.
Users can create a user account. This is necessary to be able to use the online offers. Within the scope of registration, the required mandatory data is communicated to the users and processed on the basis of Art. 6 (1) lit. b GDPR for the purpose of providing the user account. The processed data includes in particular the login information (nickname, password as well as an email address). The data entered during registration is used for the purposes of using the user account and its purpose.
On the basis of Art. 6 para. 1 sentence 1 lit. a GDPR, the profile can be voluntarily supplemented by the user with further personal information such as first name, last name, city or club and shooter number. This information can be used within the app to pre-fill the corresponding fields in the user-specific shooting book entries. In addition, this information is only displayed to users from the in-app friend list to enable them to better assign the person than the nickname. A passing on to further third parties does not take place. These additional personal details may only be filled in by minors under the age of 16 with the consent of a parent or guardian.
Users may be informed of information relevant to their user account, such as technical changes, by e-mail. If users have terminated their user account, their data relating to the user account will be deleted, subject to any legal obligation to retain such data. We are entitled to irretrievably delete all stored data of the user.
Within the scope of the use of our registration and login functions as well as the use of the user account, the IP address, the location and the time of the respective user action are stored. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c GDPR. The IP addresses are anonymized or deleted after 31 days at the latest.
User related data
Data such as entries in the shooting log, inventory items, friend lists, messages to friends are stored online and are not publicly accessible. This data can be deleted independently by the user at any time. This data can be evaluated anonymously for statistical purposes.
Posts in the newsfeed
Online posts in the newsfeed must be actively posted by the user. They do not appear automatically. They contain all the data of a shooting log entry except for the user’s own notes and are visible to all friends. Users can delete their entries in the newsfeed at any time. Otherwise, newsfeed entries are automatically deleted after a certain time. Newsfeed entries can be “liked” by other users.
Text messages can be exchanged between users within the app. This requires that the users are “friends”, i.e. a friend request has been accepted in advance. The friend request is based on the user’s e-mail address, which must be known to the requester in advance.
The messages are stored on the server without end-to-end encryption until they are retrieved by the addressee. Immediately after retrieval, the messages are deleted from the server.
Data on your device
Data such as entries in the shooting log, inventory items and their pictures, friend lists, and messages to friends are stored locally on your device. In addition, configuration settings related to the app as well as regionally customized advertising banners and product catalogs containing links to affiliate advertising partners are stored on your device.
For the logging of in-app purchases, we collect and store transaction-specific data such as transaction ID and timestamp. We do not collect or process any other personal data. This data, in particular data for electronic payment processing, is only collected and processed directly by the relevant app store. When using the app stores, please note their privacy statements:
- Apple App Store: https://www.apple.com/privacy/
- Google Play Store: policies.google.com/privacy
If you have any questions about the processing of your personal data by the App Store in question (e.g., How can I delete my data?), please contact directly the App Store through which you made the download or purchase of an App.
Request by e-mail or contact form
If you contact us by e-mail or contact form, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
3. Authorized third parties
Microsoft Azure Cloud Services
This app uses Microsoft Azure cloud services. The personal data collected within this app is stored on Microsoft servers exclusively in European data centers for users from European regions. This may include, but is not limited to, meta and communication data, shooting log entries, inventory items, user profiles, friend lists within the app, unencrypted personal messages, posts in the newsfeed, transaction-specific data on in-app purchases, contact data, and other data generated through the app.
Some configuration data and key containers are stored in data centers in the USA. These do not contain any personal user data.
The service provider is used for the purpose of fulfilling functions for our users (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our service provider will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
The address of the service provider is:
One Microsoft Way
Redmond, WA 98052-6399
We would like to point out that the Microsoft Azure service used complies with a number of compliance standards (including Germany C5, GDPR, EU-US Privacy Shield) and thus assures compliance with German, European and international data protection law (https://azure.microsoft.com/en-us/resources/microsoft-azure-compliance-offerings/).
4. Advertising networks
You will be shown personalized and also non-personalized advertising via various advertising networks. Therefore, we may transmit your IP address and your advertising ID or IDFA to the operators of the advertising networks. The advertising ID is a pseudonym under which general information about your surfing behavior is stored. On our behalf, the operator of the advertising network used processes the data in order to place advertising of interest to you. Even in the case of non-personalized advertising, cookies or technically necessary data that are required for the use of the advertising network are stored on your device or transmitted to the operator of the advertising network. This can be, for example, device identifiers, data for anonymous user statistics, rough location data, diagnostic data and crash logs.
For the display of advertising, we receive a fee from the operators of the advertising networks used, in order to be able to make our offer available to you free of charge in this way.
If we ask for your consent to store technically necessary data for the purpose of advertising or personalized advertising (e.g. in the context of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a. GDPR. Otherwise, the users’ personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer and the mobile apps within the meaning of Art. 6 para. 1 lit. f. GDPR are processed. Consent to personalized advertising may only be given by minors under the age of 16 with the consent of a parent or guardian.
Your consent can be revoked at any time within the app in the basic settings under the menu item “Privacy”.
AWIN Affiliate Program
We are a participant of the partner program of AWIN AG, Eichhornstraße 3,10785 Berlin, Germany.
We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Our app uses Google AdMob(Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) technologies to serve personalized and non-personalized ads.
Our app uses the SDK of the Israeli advertising network ironSource (ironSource Ltd., 121 Menachem Begin Rd., Tel Aviv, Israel) to display personalized and non-personalized ads.
We use the Applovin advertising network (AppLovin Corporation, 1100 Page Mill Road, Palo Alto, CA 94304, USA) in our app to display personalized and non-personalized advertising. Access to the advertising network is provided via ironSource’s SDK as part of mediation.
5. General notes and mandatory information
When you use this app, various personal data is collected.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Note on the responsible entity
The data controller of this application is:
9oClock Software GmbH
An der Krebswiese 2a
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Note on data transfer to the USA and other third countries
Among other things, we use tools or SDKs from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to the EU can be guaranteed in these countries.
For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that U.S. authorities (e.g. intelligence agencies) may process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING.
THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) GDPR).
Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, the data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you may request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data (apart from its storage) may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Translated with www.DeepL.com/Translator (free version)