Data privacy notice flow app

a. Personal Data actively provided by you:

• Newsletter-Registration: After you have downloaded the flow app, you can register to receive flow email “newsbites” in the flow app by inserting your email address (“Registration Data”), whereupon you will receive an email asking you to confirm your registration The legal basis for the processing of such Newsletter-Registration Data, in this case your e-mail address, is your consent, which you have given in the registration process of the flow app.

b. Other passively collected information

In addition to the personal data that you actively provide, the flow app may automatically collect, process and store certain information on a pseudonymous basis:

• Device and usage information – that may include (i) information specific to the used device to access the flow app (including, but not limited to, make, model, operating system, advertising identifier, language, carrier and similar information) and (ii) information about the use of features, functions, or notifications on the device.
  
  For the hosting and backend infrastructure we use Firebase Cloud Firestore, which is a hosting and backend service provided by Google Ireland Limited.This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application.
  
  The legal basis for processing device and usage information is our legitimate interests which are the following: to monitor and maintain the performance of the flow app, validate users and ensure their technological compatibility with users.
  
  
• Mobile analytics – such as how often a member uses the flow app, the events that occur within the flow app, aggregated usage, performance data, and where the was downloaded from. We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. For this purpose we use Google Analytics for Firebase, which is an analytics service provided by Google Ireland Limited.
  
  For more information about Google´s use of Data with regard to Google Analytics for Firebase, please click here.
  
  Firebase Analytics may share Data with other tools provided by Firebase, such as Crash Reporting, Authentication, Remote Config or Notifications. For more information on how Google uses data from apps on or in which Google´s services are used, click here.
  
  This Application uses identifiers for mobile devices and technologies similar to cookies to run the Firebase Analytics service.
  
  Users may opt-in Google Analytics for Firebase features through settings on the first launch of the app, and settings within the flow app.
  
  Personal Data processed: Application opens; Application updates; device information; number of sessions; number of Users; operating systems; session duration; Usage Data.
  
  The legal basis for using analytic technologies or cookies is your consent.
  
  

c. Push notifications

This application will send you push notifications if you proactively agree to it. These notifications may include updates of new News Articles and release of our flow magazine. You can revoke your consent at any time by visiting the global app settings in the menu area.

a. Transfer to service providers

The flow app collected data will be hosted by a service provider in Germany that acts as a data processor for us. Also IT services will be provided by an external service provider. When providing such services, the external service providers may have access to and/or may process your personal data, including Registration Data.

We request those external service providers to implement and apply security safeguards to ensure the protection and security of your personal data.

b. Other recipients

Some of our colleagues administering the flow app and providing IT services may be employees of our subsidiaries and branch offices. When administering the flow app our colleagues may have access to and/or may process your personal data, including Registration Data. The transfer of personal data is based on our legitimate interests. Our legitimate interest is the transmission of personal data within the group of companies for internal administrative and support purposes. The access is limited to colleagues with a need to know.

c. International transfers of personal data

Data will only be transferred to countries outside the EU or the EEA (so- called third countries), if you have given us your consent or in the context of commissioned data processing. If service providers in a third country are used, they are obligated to comply with the data protection level in Europe in addition to written instructions by agreement of the EU standard contractual clauses.

Pursuant to the applicable data protection law you may have the right (i) to request access to your personal data, (ii) to request rectification of your personal data, (iii) to request erasure of your personal data, (iv) to request restriction of processing of your personal data, (v) to request data portability, (vi) to object to the processing of your personal data (including objection to profiling; also other rights in connection with automated decision-making).

Please note that the above mentioned rights might be limited under the applicable national data protection law. Below please find further information on your rights:

a. Right of access

You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information include – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed.

You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

b. Right to rectification

You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement. You can change your Profile Data any time via your account.

c. Right to erasure (right to be forgotten)

Under certain circumstances you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.

d. Right to restriction of processing

Under certain circumstances you may have the right to obtain from us restriction of processing your personal data. In this case the respective data will be marked and may only be processed by us for certain purposes.

e. Right to data portability

Under certain circumstances you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.

f. Right to object

Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data. As we process and use your personal data primarily for purposes of carrying out the contractual relationship with you, we will in principle have a legitimate interest for the processing which will override your objection request, unless the objection request relates to marketing activities.

To exercise your rights please contact us as stated under Sec. 5 (Contact us) below. You also have the right to lodge a complaint with the competent data protection supervisory authority (Der Hessische Datenschutzbeauftragte).

Your Registration Data will be retained as long as necessary to provide you with the services, i.e. during the term of the contract on the use of the flow app. Once our relationship has come to an end, we will store your Registration Data and Profile Data - not visible for other members - for “Defining a legally valid Period and then either delete your Registration Data and Profile Data or anonymize it, unless statutory retention requirements apply or if necessary to establish, exercise or defend a legal claim. This also applies to passively collected information, unless you object to the respective processing in which case we will erase or anonymize such information.

In case of questions and to exercise the rights mentioned in Sec. 3 please contact us under the following email address: corporate.bank@db.com

Our data protection officer is available under the following address: Taunusanlage 12, 60325 Frankfurt/Main, datenschutz.db@db.com