Privacy Policy

1. Controller

AWO Perspektiven gGmbH
Kruppstraße 105 60388 Frankfurt am Main
60388 Frankfurt am Main
post@awo-hs.org
Data Protection Officer: post@awo-hs.org

This privacy policy refers to the technical use of the web app. For information on the processing of personal data in the context of support services (e.g., data of children, health data, payment data), please refer to the privacy policy of AWO Perspektiven gGmbH, which is provided during registration.

2. Technical service provider and order processor

We work with the following technical service provider as a processor:

Stefan Landvogt - IT Consulting
Wolfratshauser Str. 137a
81479 München
hilfe@awo-care.org

The technical service provider is responsible for the provision and operation of the web app's technical infrastructure. Data processing is carried out exclusively on behalf and according to the instructions of the controller based on a data processing agreement in accordance with Art. 28 GDPR.

3. Collection and processing of personal data

For the use of the web app, we collect and process the following data:

• Email addressFor registration, password reset, notifications, and communication within the platform.
• PasswordStored in encrypted form to protect access to your account.

4. Purpose of data processing

We use the collected data exclusively for the following purposes:

• Provision of the web appWe use your data to provide you with the functions of the web app, such as creating, editing, and managing orders.
• CommunicationWe use your contact details to send you important information about the web app, such as updates, security notices, or answers to your inquiries.
• AuthenticationYour password is used to prevent unauthorized access to your account.
• AnalysisWe analyze usage data anonymously to continuously improve the functionality of the web app.

5. Legal basis

The processing of your personal data is based on Article 6 paragraph 1 lit. b GDPR (performance of a contract) and Article 6 paragraph 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in providing and improving our services.

6. Data Transfer

We generally do not share your personal data with third parties. Exceptions apply only if:

• You have given us your explicit consent.
• Disclosure is necessary to fulfill legal obligations.
• Disclosure is necessary to enforce our rights.

We use the following third-party providers:

• CloudflareTo provide the web app and protect against cyberattacks. Cloudflare processes data such as IP addresses and browser information to ensure secure and fast delivery of the web app.
• FirebaseTo provide various services, including hosting, database, authentication, and Cloud Functions. Firebase, a service from Google, processes data for authentication, storage and hosting of content, as well as for the execution of Cloud Functions.
• Google reCAPTCHATo protect against automated requests (spam protection). IP address and usage behavior are transmitted to Google.
• Firebase Performance MonitoringOptional service for measuring technical performance data (e.g., page load times, response times of backend services, network errors). Anonymized performance metrics and a pseudonymous installation ID are transmitted. No content of your inputs or personal data from forms is collected. The provider is Google Ireland Limited; transmission to Google servers outside the EU cannot be ruled out. Activation only occurs with your consent via the cookie banner (category "Analytics and Performance Cookies"). The legal basis is Art. 6 Para. 1 lit. a GDPR (consent). You can revoke your consent at any time via the cookie settings; ongoing measurements will end with the next page reload.
• Twilio SendGridFor sending transactional emails (e.g., registration confirmation, password reset, notifications). The recipient's email address and the respective email content are transmitted. To verify deliverability and ensure a good sending reputation, an invisible 1×1 pixel is embedded in every email, which is loaded when the message is opened (Open Tracking). The time of opening and the IP address of the opening device are transmitted to SendGrid. The provider is Twilio Inc., USA; data transfer is based on the EU Standard Contractual Clauses and the EU-US Data Privacy Framework. The legal basis is Art. 6 Para. 1 lit. f GDPR (legitimate interest in proof of delivery and reputation of email dispatch).

Your data is primarily stored in the EU. However, due to the technical architecture of Google Firebase, your data may also be temporarily transferred or processed in other regions, including the USA. Google has committed to adhering to EU data protection standards and has implemented appropriate security measures. For more information on the privacy policies of third-party providers, please see here:

• https://firebase.google.com/support/privacy?hl=de
• https://www.cloudflare.com/de-de/trust-hub/gdpr/
• https://policies.google.com/privacy?hl=de
• https://www.twilio.com/en-us/legal/privacy

7. Contact Form

If you use our contact form, we collect the following data to process your request:

• Name and E-mail addressFor identification and answering your request.
• Message and CategoryFor the content-related processing of your request.
• Device InformationOperating system, browser, and screen resolution — for error analysis in case of technical problems.
• IP AddressFor protection against misuse (spam protection). The IP address is deleted regularly and promptly.

The legal basis is Art. 6 para. 1 lit. b GDPR (contract initiation or pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in protection against misuse). The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions — especially retention periods — remain unaffected.

8. Duration of Data Storage

We generally store your personal data only for as long as it is necessary to fulfill the aforementioned purposes or as required by statutory retention periods. After these periods expire, your data will be deleted. If you request us to delete your data or revoke your consent to storage, your data will be deleted immediately, provided there are no legal retention obligations to the contrary.

9. Your Rights

You have the right to:

• InformationYou can request information about your personal data stored with us at any time.
• RectificationIf incorrect data is stored, you can request its correction.
• ErasureUnder certain conditions, you can request the deletion of your data.
• Restriction of processingYou can request the restriction of the processing of your data.
• Data PortabilityYou have the right to receive your data in a structured, common, and machine-readable format or to have it transferred to another controller.
• ObjectionYou can object to the processing of your data if it is based on Article 6 paragraph 1 lit. f GDPR.
• Complaint to the supervisory authorityYou have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data (Art. 77 GDPR).

10. Security

We implement technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access.

11. Changes to this Privacy Policy

We reserve the right to amend this privacy policy at any time. We will inform you of any significant changes in a timely manner.

12. Contact for Data Protection Questions

If you have any questions regarding data protection, please contact:
AWO Perspektiven gGmbH
post@awo-hs.org