appamass - Privacy Policy

The protection of your personal data is a top priority for us, appamass LLC (hereinafter "appamass", "we" or "us").

We are a US-based company operating worldwide. In order to offer our international customers the highest security standards, your personal data is primarily stored on our infrastructure within the European Union.

This statement explains transparently what data we collect, why we do it and how we protect it.

This privacy policy applies to all services, websites, applications and platforms offered by appamass LLC (hereinafter services).

The controller for data processing (Data Controller) is:

appamass LLC

304 S Jones Blvd, #8248

Las Vegas, NV 89107

US

Email for data protection questions:

Representative in the European Union:

Rainer Dechet

Rennbahnweg 27/46/56

1220 Vienna

Austria

This representative is our official point of contact in accordance with Art. 27 GDPR for all supervisory authorities and data subjects for all matters relating to the processing of personal data to protect their rights in accordance with the GDPR.

We recognize that you have control over your data. Under the General Data Protection Regulation (GDPR) and applicable national law, you have the following rights:

Right to information (Art. 13 & 14 GDPR)

Before processing your personal data begins, you will be informed by us about the type, scope, purposes, legal basis and recipients of the data as well as your rights – usually through this privacy policy.

Right of access (Art. 15 GDPR)

You can request information at any time as to whether and which personal data we process about you, including the purposes of processing, categories of data and recipients.

Right to rectification (Art. 16 GDPR)

You can request the correction of incorrect data or the completion of incomplete data.

Right to erasure (Art. 17 GDPR)

Under certain conditions, you can request the deletion of your data, for example if it is no longer required for the purposes for which it was collected or if you have withdrawn your consent. Legal storage obligations or legitimate interests can prevent deletion.

Right to restriction of processing (Art. 18 GDPR)

Under certain conditions, you can request that your data only be stored and no longer processed further.

Right to data portability (Art. 20 GDPR)

You can receive data that you have provided to us in a structured, common and machine-readable format or – as far as technically possible – have it transferred to third parties.

Right to object (Art. 21 GDPR)

You can object to the processing of your data at any time, especially in the case of direct marketing or processing based on legitimate interests.

Right to withdraw consent (Art. 7 para. 3 GDPR)

You can withdraw consent given at any time with effect for the future.

Right to protection against automated decisions (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you.

For persons residing in Austria, a right to the secrecy of personal data also applies in accordance with § 1 DSG.

Exercise of your rights and complaints

To exercise your rights or if you have any questions, please contact the contact details mentioned in Chapter 11. We usually respond to your request within one month. You also have the right to file a complaint with a data protection authority of your choice in the European Economic Area (EEA) or in the United Kingdom (UK).

3.1. Specific rights for users in California (CCPA/CPRA)

In addition to the rights mentioned above, we grant you all rights provided for under the California Consumer Privacy Act (CCPA/CPRA). This includes in particular the right to information about the categories of data collected and their sources as well as the right to object to the sale or disclosure ("Do Not Sell or Share") of your data.

We clarify that we do not sell or share personal data. You also have the right to lodge complaints with the California Privacy Protection Agency (CPPA).

3.2. Users in other countries

We respect the data protection laws of all countries. The European GDPR regulations remain authoritative. In addition, we take into account the legal requirements specific to your country.

4.1. Provision of our services (hosting in the EU)

The legal basis is our legitimate interest in providing a secure and functional service (Art. 6 para. 1 lit. f GDPR).

4.2. Cookies and your consent

Essential cookies are absolutely necessary for the operation of our services. All other cookies (e.g. for analysis or marketing) are not essential. All non-essential cookies are only activated with your express consent (Art. 6 para. 1 lit. a GDPR). You can also delete or block cookies yourself in your browser.

4.3. User behavior analysis (Google Analytics)

With your consent, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Analytics with an anonymized IP address to understand user behavior on our services and to continuously improve them. Pseudonymized data such as duration of stay, pages visited, device used and browser are analyzed.

Data transfer to the USA

Since Google LLC is headquartered in the USA, your pseudonymized data will be transmitted to Google servers in the USA as part of the use of Google Analytics. This transmission takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR) as well as the standard contractual clauses (SCCs) we have concluded with Google.

Google Analytics Opt-Out possibility

You can object to the collection of your data by Google Analytics at any time for the future. An easy way to do this is to install a browser add-on provided by Google that prevents tracking by Google Analytics on websites.

You can find this browser add-on from Google at the following link:

4.4. Contact forms and communication

Your requests for contract fulfillment (e.g., support) are based on Art. 6 para. 1 lit. b GDPR; other matters on the basis of our legitimate interest (lit. f).

4.5. Technical protocols (logs) for error analysis and security

We store pseudonymized logs for a maximum of 90 days to ensure stability and security. The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR).

Your data is primarily stored in the EU. Since we are a US company, data transfers to countries outside the EU/EEA may take place (in particular through administrative access from the USA).

For data transfers to countries without an adequate level of protection recognized by the EU Commission, we rely on appropriate guarantees. These are the standard contractual clauses (SCCs) approved by the EU Commission, which we have concluded with our service providers.

Despite these protective measures, there may be a residual risk that authorities in third countries (e.g., the USA) could access data under certain circumstances.

We adhere to the principle of data economy and delete data as soon as the purpose of its processing has been fulfilled and no legal retention obligations stand in the way.

We use extensive technical and organizational security measures to protect your data, including encryption (HTTPS, TLS/SSL) of data transmission, access authorizations only for authorized persons, access restrictions, pseudonymization where appropriate, and regular security audits and backup copies.

Our services are not directed at children. We do not knowingly collect data from persons under 16 years of age (or the respective applicable legal age limit).

We do not use your data for automated decisions or profiling with legal effect for you.

This privacy policy may be adjusted from time to time. We will prominently publish any significant changes to this privacy policy on our website and, if necessary, communicate them to our users by email.

If you have any questions, concerns, or wish to exercise your data protection rights, you can reach us via the menu item: Contact in the footer or by email at the address specified in the imprint.