This privacy policy explains how we process personal data in connection with the Munich City Rally app.
Julian Blöchl – Sole proprietor, Keferloherstraße 45, 80809 Munich, Germany
Email: julian@bloechl.io
Our app is hosted on Vercel with data centres located within the European Union. Vercel acts as a processor pursuant to Art. 28 GDPR. We have concluded a data processing agreement with Vercel that provides appropriate technical and organisational measures to protect your data.
When you unlock our premium content, you choose when the 72-hour period begins: it only starts once you open the first station card. To provide this access we process your contact details, login data, and usage information (e.g. activation time and expiry). This data is necessary to manage your access, prevent misuse, and fulfil our contractual obligations (Art. 6(1)(b) GDPR).
We process the data you provide during registration, purchase, or support requests. This includes in particular your name, email address, payment information, communication content, and technical usage data (e.g. IP address, device information, time and scope of use).
When you use our app we also automatically collect server log files containing, for example, IP address, date and time of access, browser type, and operating system. This data is required for technical delivery and system security (Art. 6(1)(f) GDPR) and is automatically deleted after 30 days at the latest.
We use Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland, as well as Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, USA, to process payments. Stripe processes the payment information you enter (e.g. credit card details), your email address, billing data, purchase amount, currency, and the transaction ID. Processing is carried out to fulfil the contract (Art. 6(1)(b) GDPR).
Stripe may transfer data to the USA. We have entered into the EU Commission's standard contractual clauses with Stripe to ensure an adequate level of data protection. Find more details in Stripe's privacy policy at https://stripe.com/privacy.
We use Resend, 2261 Market Street #5137, San Francisco, CA 94114, USA, to send transactional emails (e.g. confirmations, support). Resend processes email addresses, names, message content, and technical delivery information. Processing is based on contract fulfilment or our legitimate interest in reliable communication (Art. 6(1)(b) and (f) GDPR). Resend bases transfers to the USA on recognised safeguards; see the Resend privacy policy at https://resend.com/legal/privacy.
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse how you use the app. We operate Google Analytics with IP anonymisation enabled, meaning your IP address is shortened within the EU or EEA before being transmitted to Google.
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future in the cookie settings or prevent the storage of cookies via your browser. Further information about Google Analytics' terms and Google's privacy policy can be found at https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/privacy?hl=en.
We store personal data only for as long as necessary to meet our contractual and legal obligations. Access data for premium content is deleted or anonymised no later than 30 days after the 72-hour window has expired, unless statutory retention requirements apply.
We only share personal data with third parties when required to fulfil the contract, when you have given consent, or when we are legally obliged to do so. Transfers to third countries take place only where appropriate safeguards pursuant to Art. 46 GDPR exist.
You have the right to request access, rectification, erasure, restriction of processing, data portability, and to object to processing of your personal data. If you gave us consent, you can withdraw it at any time by emailing julian@bloechl.io. You also have the right to lodge a complaint with a data protection supervisory authority.
We implement technical and organisational measures to protect your data against manipulation, loss, destruction, or unauthorised access. These measures reflect the current state of the art and are reviewed regularly.