Privacy Policy - Eifelflow

1. Controller Adminstator

EifelFlow GbR (civil-law partnership under German law)
Partners: Andre Silin, Vadym Havryshchuk
Hauptstraße 33
54647 Pickließem, Germany
E-mail: eifelflowgbr@gmail.com

2. General Information on Data Processing

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications Telemedia Data Protection Act (TTDSG).

3. Types of Data Processed

• Account and profile data: name, e-mail address, profile photo, optional phone number
• Ride data: pickup location, destination, date, delivery or travel information
• Location data: only when actively using the app and with granted permission
• Communication data: in-app messages (stored in Firebase Firestore)
• App and device data: device type, OS version, IP address, network information, Firebase Installation ID
• Media: photos and files uploaded via camera or gallery (stored in Firebase Storage)

4. Purposes of Processing

• Managing user accounts and profiles
• Providing ride creation, search, and messaging functionality
• Displaying routes and nearby rides (Google Maps API)
• Sending push notifications (Firebase Cloud Messaging)
• Improving app performance and stability (Firebase Analytics, Crashlytics)
• Ensuring security and preventing misuse

5. Types of Data Processed

We do not share your personal information with third parties except as described in this policy. We may share information with service providers who perform services on our behalf, in response to legal requests, to protect our rights and property, and with your consent.

6. Legal Bases of Processing

• Art. 6 (1) (b) GDPR – Contract performance
(e.g., registration, use of the app)
• Art. 6 (1) (f) GDPR – Legitimate interest
(e.g., security, stability)
• Art. 6 (1) (a) GDPR – Consent
(e.g., location sharing, analytics tools, push notifications)

7. Types of Data Processed

8. Services Used

We use the following Google Firebase and Google Cloud services:
• Firebase Authentication – registration and login
• Firebase Firestore – storage of user profiles, rides, and chat data
• Firebase Storage – storage of images and media files
• Firebase Cloud Messaging (FCM) – push notifications
• Firebase Analytics / Crashlytics – app usage analytics and stability
• Google Maps API – display of routes and nearby rides

9. Data Transfers to Third Countries

When using Google services, personal data may be transferred to third countries, particularly the United States.
Google LLC is based in the USA.
Adequate data protection is ensured through:
• EU Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR)
• Additional technical and organizational measures
However, despite these measures, access to personal data by U.S. authorities cannot be fully ruled out, and effective legal remedies may not always be available.

10. Storage Period and Data Deletion

• Data is stored as long as the user account remains active.
• Users may request deletion of their account or specific data at any time via the app or by e-mail.
• Server log files (including IP addresses) are stored for a limited time for security purposes.
• Statutory retention requirements remain unaffected.

11. Data Sharing

• Data is shared only between relevant users (e.g., driver ↔ requester) for coordinating rides.
• Data is shared with Google/Firebase for technical operation of the app.
• No data is sold or shared with advertisers or other third parties.

12. Security

• Data is stored in Firebase/Google Cloud with high security standards.
• Chats and media files are not end-to-end encrypted.
• Passwords are managed exclusively by Firebase Authentication and are not visible to developers.

13. User Rights

Users have the following rights:
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)
To exercise these rights, please contact: eifelflowgbr@gmail.com
Users also have the right to lodge a complaint with the competent data protection authority.

14. Changes

We reserve the right to amend this privacy policy to reflect legal or technical changes.
The current version is always available in the app.

Contact
For questions regarding data protection, please contact:
EifelFlow GbR
E-mail: eifelflowgbr@gmail.com