RUUT Privacy Policy

We would like to give you an overview of how we process your personal data and what rights you have under data protection law. The specific data processed and its use depend on the services requested or agreed, so not all information may be relevant to you.

1. Definitions

In accordance with Art. 4 GDPR, this data protection notice is based on the following definitions:

  • Personal data (Art. 4 No. 1 GDPR) is any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability can also be achieved by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or audio recordings can also contain personal data).
  • The controller (Art. 4 No. 7 GDPR) is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Third party (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; this also includes other legal entities belonging to the group.
  • Processor (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.
  • Processing (Art. 4 No. 2 GDPR) means any operation which is performed on personal data, whether or not by automated means (i.e. using technical specifications). This includes, in particular, the collection (i.e. acquisition), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, or alteration of the purposes for which they were originally processed.
  • Consent (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Contact details of the person responsible

The controller within the meaning of the GDPR is:

Maxi Digital GmbH
Taunustor 1
60310 Frankfurt am Main
Germany

Email: info@ruutapp.com

3. Contact details for data protection issues

If you have any questions about data protection, please contact our data protection officer at dpo@ruutapp.com or using the contact details given above.

4. Scope of the processing of personal data

Personal data is collected when you use our app. This includes all information that relates to an identifiable person - for example, your surname, first name, location data, IP address, email address and any other voluntary information.

This data is only processed to the extent necessary for the proper functioning and provision of our services. As a rule, this is only done with your express consent. Processing without prior consent can only take place if this is not possible for practical reasons and is permitted by law.

5. Legal basis for the processing of personal data

In principle, the processing of personal data is prohibited by law and is only permitted if it is based on one of the following legal bases:

  • Art. 6 para. 1, sentence 1 lit. a GDPR ("consent"): If the data subject has voluntarily, in an informed and unambiguous manner, by means of a statement or other unambiguous affirmative act, indicated that they consent to the processing of personal data concerning them for one or more specific purposes;
  • Art. 6 para. 1, sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Art. 6 para. 1, sentence 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a statutory retention obligation);
  • Art. 5 para. 1, sentence 1 lit. d GDPR: If processing is necessary in order to protect the vital interests of the data subject or another natural person;
  • Art. 6 para. 1, sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
  • Art. 6 para. 1, sentence 1 lit. f GDPR ("Legitimate interests"): If the processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject (in particular where the data subject is a minor).

6. Purpose of data processing

Personal data is processed for various purposes. These include, in particular, the provision of our online offering, including all content and functions, as well as the fulfilment of contractual obligations - for example in the context of services and customer support. We also use the data to process contact enquiries and to communicate with our users. These processing purposes also constitute our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

7. Data processing by third parties

We use external service providers to provide certain functions of our app. As is common practice in many companies, we work with both national and international partners who support various business processes - for example in the areas of IT infrastructure, logistics, telecommunications, sales and marketing.

These service providers process personal data exclusively on our instructions and within the framework of contractual agreements on order processing in accordance with Art. 28 GDPR. They are obliged to comply with all data protection regulations. Depending on the specific purpose of processing, the following categories of recipients in particular may have access to your personal data

  • Technical service providers who are responsible for the secure and reliable operation of our app and for the storage and processing of data (e.. hosting providers, payment service providers, providers of IT security solutions). The transfer takes place either within the framework of order processing or on the basis of Art. 6 para. 1 lit. b or lit. f GDPR, provided that no order processing is involved.
  • Public authorities or government agencies if we are legally obliged to disclose data. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
  • Other external business partners, such as auditors, banks, insurance companies, legal advisors or supervisory authorities, insofar as this is necessary to fulfil contractual obligations or to safeguard legitimate interests (Art. 6 para. 1 lit. b or lit. f GDPR).

In addition, we only pass on personal data to third parties if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR.

8. Duration of data storage

We only store your personal data for as long as is necessary to fulfil the respective purposes for which it was collected or processed. As a rule, data is only stored for the duration of the use of our app or beyond the term of an existing contractual relationship if there is a legal obligation or a legitimate interest.

As a matter of principle, your data is stored exclusively on servers in Germany - unless it is necessary and legally permissible to pass it on to third parties or transfer it to associated partner apps in order to fulfil the intended purposes. Service providers commissioned by us only store your personal data for as long as is necessary to provide the respective services. Storage beyond this may be necessary in individual cases, for example in the event of existing or anticipated legal disputes or to safeguard legitimate interests in the context of legal proceedings.

Statutory retention obligations remain unaffected, in particular in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO). After expiry of these periods, the relevant data will be routinely deleted, unless further storage is legally required or permitted.

9. Right of objection

You can object to the processing of your data. You can declare your objection at any time by sending or simply sending an e-mail to info@ruutapp.com.

10. Use of cookies

The RUUT app uses cookies to optimise your user experience. Cookies are small text files that are stored on the memory of your mobile device and are assigned to the respective app instance. They enable the entity that places the cookie to recognise certain information and make it usable.

Cookies cannot execute programmes or transmit malware - they are technically harmless. Their main purpose is to make the use of our app easier, more efficient and more pleasant. Some cookies store settings or preferences that do not allow any conclusions to be drawn about your identity. Others may contain information that enables your device to be recognised - for example, to restore sessions or optimise loading times.

A basic distinction is made between different types of cookies:

Types of cookies used in the RUUT app:

  • Session cookies: These temporary cookies are automatically deleted as soon as you close the app
  • Permanent cookies: They remain stored beyond the current session, e.. to save settings for future use.

Differentiation by function:

  • Technically necessary cookies: They are essential for the basic operation of the RUUT app. They enable navigation, ensure stability and security and save important settings. They do not collect information for analysis or marketing purposes. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest).
  • Performance cookies: These collect anonymised information about how our app is used - e.g. which functions are used particularly frequently or whether technical errors occur. This helps us to continuously improve the user experience.
  • Advertising & targeting cookies: They enable us to display personalised content or advertising within the app or from thirdparty providers - tailored to your interests. At the same time, they collect data to measure the success of this content. These cookies are stored for a maximum of 13 months. Only used with your consent: Art. 6 para. 1 lit. a GDPR.
  • Sharing cookies: They improve interaction with other platforms, e.. social networks, and enable content to be shared. They are also stored for a maximum of 13 months and are only set with your consent.

The use of cookies that are not technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a GDPR. This applies in particular to advertising, targeting and sharing cookies. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. In addition, personal data collected by cookies will only be passed on to third parties if you give us your express consent in accordance with Art. 6 para. 1 lit. a GDPR.

10.1 Meta Pixel

In the RUUT app, we use the analytics and tracking tool Meta Pixel, which is provided by Meta Platforms Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This tool helps us to better understand the impact of our advertising campaigns on platforms such as Facebook and Instagram and to improve them in a targeted manner. By integrating the meta pixel, we can track which actions users perform within the app, such as whether certain content has been viewed or certain functions have been used, and on this basis we can display our advertising content in a more targeted manner. It also enables us to retarget app users who have already shown an interest in certain offers with relevant advertising. During app use, various technical information is processed by Meta, including the content accessed, interactions with certain elements, technical data such as your IP address, the device used, operating system, screen resolution and - if you have reached us via an advert - also an anonymous advertising click identifier. In addition, a randomly generated user ID is used to track sessions in pseudonymised form. Personal contact information such as your name, email address or telephone number is not transmitted to Meta. The data collected via the Meta Pixel may also be processed on Meta's servers outside the European Union, in particular in the United States. Meta may also store a recognition feature in your browser or in the app, which remains stored for up to one year and allows you to be recognised at a later date. If you are logged in to Facebook or Instagram at the same time as using the app, it is possible that Meta will assign the app activities recorded to your user account there. If you do not want this data to be collected, you can deactivate tracking at any time by either adjusting the app-specific data protection settings of your end device, for example via the app tracking transparency under iOS or corresponding Android settings, or by rejecting the use of marketing technologies in our consent dialogue. As soon as tracking is deactivated, the Meta Pixel is not activated and no data is transferred to Meta. You can find further information on data processing for meta pixels and the protection mechanisms used in Firebase's official privacy policy at More info

10.2 Google Ads

We use the Google Ads service in our app to provide you with relevant and personalised advertisements. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads allows us to display ads within the Google search engine and on partner websites and other Google services that are tailored to your interests and user behaviour. In order to measure and optimise the effectiveness of our advertising campaigns, we collect certain information, such as your interactions with the ads. Google may use cookies or similar technologies to process data such as your IP address, device information and usage data. The processing of your data in connection with Google Ads takes place exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You have the option to withdraw your consent at any time with effect for the future in the RUUT app's privacy settings. Further details on data processing by Google in the context of Google Ads can be found in Google's privacy policy: Google Privacy Policy

10.3 Apple Search Ads

We also use Apple Search Ads in the RUUT app; an advertising platform from Apple Inc, Infinite Loop, Cupertino, CA 95014, USA. With the help of this service, we can place targeted adverts in the Apple App Store that are displayed to users based on search terms or other criteria. This helps us to make our app more visible and to target users more effectively. Apple processes information such as device type, iOS version, location (if activated), search queries and App Store activity. The processing of your data in connection with Apple Search Ads takes place exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future in the privacy settings of the RUUT app. Further information can be found in the Apple Search Ads privacy policy: Apple Search Ads Privacy

10.4 X Ads Manager

The "RUUT" app uses the X Ads Manager (formerly Twitter Ads Manager) to run targeted advertising campaigns on the X platform (formerly Twitter). Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland processes personal data in order to measure and improve the effectiveness of advertising. The processed data includes device information such as IP address, browser type, operating system, location data (if activated), interactions with adverts (e.. clicks, video views). This data helps to optimise the display of advertising and improve targeting.

Your data is processed exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You have the option to revoke your consent at any time with effect for the future in the RUUT app's privacy settings. Further information can be found in the X Ads Manager privacy policy: X Privacy Policy

10.5 Google Tag Manager

In our app, we use the Google Tag Manager , a tool from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager enables us to manage website tags via a user interface without storing personal data or setting cookies. It is used exclusively to trigger other tags, which in turn may collect data. The Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. The use of Google Tag Manager is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to increase the efficiency of our app and to simplify the management of tags. However, it should be noted that technical information such as IP address and browser data may be transmitted to Google when the Google Tag Manager is loaded. Google Tag Manager itself does not store any personal data. Further information on data processing by Google can be found in Google's privacy policy: Google Privacy Policy

10.6 Firebase Analytics

In the RUUT app, we use the analytics service Firebase Analytics, a service provided by Google Ireland Limited for users in the European Economic Area and Google LLC based in the USA. This service helps us to better understand the behaviour within our app in order to continuously improve functions and user-friendliness. Firebase Analytics only collects pseudonymised information. This includes, for example, device and app-related information such as the operating system, the installed app version, usage information such as the frequency or duration of certain views and a shortened IP address that does not allow any conclusions to be drawn about your identity. A randomly generated app instance ID is used to recognise you. Personal data such as your name, address or sensitive information from your banking profile is neither transmitted to Google nor processed by RUUT. The basis for the processing of your data is either your express consent in accordance with Art. 6 para. 1 lit. a GDPR or - if you have not consented to this - our legitimate interest in the qualitative and technical optimisation of the app in accordance with Art. 6 para. 1 lit. f GDPR. If it is necessary to transfer data to servers outside the European Union, in particular to the United States, this will only be done in compliance with the statutory safeguards, such as the use of EU standard contractual clauses. Firebase Analytics is used by Google exclusively on behalf of RUUT. To the best of our current knowledge, Google does not process this data for its own purposes. The data is only stored for as long as is necessary for analysis purposes and is then either deleted or completely anonymised. If you do not want Firebase to analyse your usage behaviour, you can deactivate tracking at any time in the privacy settings of the RUUT app. Alternatively, you can also use system-wide data protection or advertising settings on your mobile device. If you have previously given us your consent, this can also be revoked at any time via the app settings in the "Privacy" section - with effect for the future, of course. Deactivating the analysis has no influence on the use of the core functions of the RUUT app. Further information on data processing by Firebase and the protection mechanisms used can be found in Firebase's official privacy policy at: Firebase Privacy Policy

In our "RUUT" app, we use the Adjust service from Adjust GmbH, Saarbrücker Str. 37a, 10405 Berlin, Germany, to analyse the effectiveness of our marketing campaigns and to better understand the use of our app. Adjust processes pseudonymised data such as hashed IP addresses, device identifiers, app usage data such as app starts, session duration and interactions as well as installation and event data. This information helps us to improve the performance of our app and optimise our marketing measures. The processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Adjust ensures an appropriate level of data protection through suitable guarantees. Further information on data processing by Adjust can be found in Adjust's privacy policy: Adjust Privacy Policy

11. Data transfer to a third country

As part of the use of certain services used in this app, it may be necessary for personal data to be transferred to recipients outside the European Union or the European Economic Area. Such data transfers to so-called third countries are carried out in accordance with the provisions of Article 44 et seq. of the General Data Protection Regulation (GDPR). If service providers operate in a third country and there is no adequacy decision by the European Commission for this country, these providers undertake to comply with a level of data protection comparable to that in the EU by concluding so-called standard contractual clauses. These model contracts provided by the EU Commission ensure that your data is also adequately protected outside the EU. Where necessary, these regulations are supplemented by additional contractual, technical or organisational measures. The standard contractual clauses are publicly available and can be accessed on the European Commission's website. We would like to point out that when data is transferred to countries such as the USA, government agencies may gain access to your data under certain circumstances - for monitoring or control purposes, for example. As the data subject, you may not have any effective legal means at your disposal to defend yourself against such access. As the data processing organisation, we also have no influence over this and may not be informed about it.

12. Your rights as a data subject

As a user of the RUUT app, you have various rights with regard to the handling of your personal data. These arise from the General Data Protection Regulation and can be asserted at any time via the contact options specified in this privacy policy.

12.1 Information about stored data

You have the right to receive information at any time about what personal data we have stored about you, for what purpose it is processed and to whom it may have been passed on. You can send us your request for information by e-mail or by post.

12.2 Objection to data processing & revocation of your consent

You can object to the processing of your personal data at any time if this is based on a legitimate interest (Art. 6 para. 1 lit. f GDPR). In this case, we will carefully check whether our legitimate reasons outweigh your interests. If you have given us your consent to process your data, you can revoke this at any time with effect for the future. The processing carried out up to that point remains unaffected.

12.3 Correction and deletion of personal data

Insofar as personal data concerning you is incorrect, you have the right under Art. 16 GDPR to demand that we correct it immediately. If you wish to make such a request, please contact the contact point specified above.

Under the conditions set out in Art. 17 GDPR, you have the right to request the erasure of personal data concerning you. To make a request in this regard, please contact the contact point specified above. In particular, you have the right to erasure if the data in question is no longer necessary for the purposes for which it was collected or processed, if the data retention period has expired, if there is an objection or if the processing is unlawful.

12.4 Restriction of processing

In accordance with Art. 18 GDPR, you have the right to request that we restrict the processing of your personal data. To make a request in this regard, please contact the contact point specified above.

In particular, you have the right to restrict processing if the accuracy of the personal data is disputed between you and us; in this case, you have this right for the period of time required to verify the accuracy. The same applies if the successful exercise of a right to object is still disputed between you and us. You also have this right in particular if you have a right to erasure and you request restricted processing instead of erasure.

12.5 Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used and machinereadable format in accordance with the requirements. To make a request in this regard, please contact the contact point specified above. You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. On request, we will also transfer this data directly to another controller if technically possible.

13. Contact via the RUUT app

If you contact us via the contact form integrated in the RUUT app, your data will be processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. We will only use the information you provide to process your request. The data will not be used or passed on for any other purpose. You can revoke your consent at any time with effect for the future. In this case, your data will be deleted immediately - provided there is no legal obligation to retain it. If there is no such obligation, we will delete your data no later than three years after final processing of your enquiry.

14. Right of appeal

If you believe that our app violates data protection regulations, you have the right to contact the competent data protection supervisory authority in accordance with Art. 77 GDPR

The contact details are:

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: 0611-1408 0
Email: poststelle@datenschutz.hessen.de

15. Update of the privacy policy

Due to ongoing technical progress in the areas of IT, security and the Internet, it may be necessary to adapt our privacy policy. We therefore reserve the right to update or amend this statement at any time - without prior notice. The current version can be viewed at any time in the RUUT app. If these privacy notices are provided in multiple languages, the German version shall prevail in the event of any discrepancies or inconsistencies.