The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is: Level28 UG (limited liability) Managing Director: Sami Lechner Blumenstr. 30 69214 Eppelheim +49 6221 5997007
We only process personal data that is essential for the functionalities of our service. Personal data is any individual information that relates to a person or that is suitable to establish a relationship to a person, such as the first name, an e-mail address, an address and the like. Personal data may therefore allow conclusions to be drawn about the identity of a person.
Art. 6 Section 1 S.1 EU General Data Protection Regulation (GDPR) serves
as the legal basis for the processing of personal data. In connection with
our processing of your data, you have the following rights:
(1) Right to information pursuant to Art. 15 GDPR about the processing of
your personal data by us for processing purposes, categories of data
processed, recipients or categories of recipients, duration of storage or
criteria for determining the duration, right to rectification, erasure,
restriction of processing or objection to processing, right of appeal to
the supervisory authority, if applicable information about the origin of
the data and the existence of automated decision-making and, if
applicable, information about guarantees pursuant to Art. 46 GDPR in the
event of transmission to a third country or international organizations;
(2) Right to immediate rectification of incorrect or completion of
incomplete personal data pursuant to Art. 16 GDPR;
(3) Right to erasure of stored personal data pursuant to Art. 17 GDPR if
the data is no longer necessary for the purposes for which it was
collected or otherwise processed, if consent has been revoked and there is
no other legal basis, if objection to processing has been filed and the
data may no longer be processed pursuant to Art. 21 Para. 1 or 2 GDPR, if
the data has been processed unlawfully, if the erasure is necessary to
fulfill a legal obligation, or if the data has been collected in relation
to services offered by an information society pursuant to Art. 8 Para. 1
GDPR. This does not apply to the extent that processing is necessary for
the exercise of the right to freedom of expression and information,
compliance with a legal obligation, reasons of public interest or for the
establishment, exercise or defense of legal claims. If you wish to request
the deletion of your personal data, you can do so in the Unypan Mobile
App.
(4) Right to restriction of processing pursuant to Art. 18 GDPR if you
dispute the accuracy of the data (namely for the duration required to
verify the accuracy), if the processing is unlawful, but you refuse the
erasure and instead request the restriction of use, if we no longer need
the data for the purposes of processing, but you need the data for the
establishment, exercise or defense of legal claims, or if you have
objected to processing pursuant to Art. 21 Para. 1 GDPR, as long as it has
not yet been determined whether our legitimate grounds outweigh your
legitimate grounds;
(5) Right to object to the processing of your personal data pursuant to
Art. 21 Para. 2 GDPR (if the data is processed for the purpose of direct
advertising) or pursuant to Art. 21 Para. 1 GDPR (if the processing is
carried out pursuant to Art. 6 Para. 1 S. 1 e) or f) GDPR, for reasons
arising from your particular situation, unless we have compelling
legitimate grounds for processing that outweigh your interests, or the
processing serves the establishment, exercise or defense of legal claims).
For more information on the right to object, please also refer to Section
23. below;
(6) Right to data portability pursuant to Art. 20 GDPR, i.e. to receive
the personal data concerning you that you have provided to us in a
structured, commonly used and machine-readable format or to transmit it to
another controller;
(7) Right to revoke consent at any time pursuant to Art. 7 Para. 3 GDPR.
The revocation has the consequence that we may no longer carry out the
data processing for the future from the time of the revocation. See also
Section 24. below;
(8) Right to lodge a complaint with a supervisory authority pursuant to
Art. 77 GDPR. The supervisory authority responsible for us can be found
under Section 4. above. The right to lodge a complaint is without
prejudice to other administrative or judicial remedies.
(9) Please send all information requests, requests for information or
objections to data processing by e-mail to info@level28.de or to the
address specified in point 1 para. 2.
Automated decision-making is not applied here.
The address of the supervisory authority responsible for us is:
The Heidelberg Commissioner for Data Protection and Freedom of Information
Rohrbacherstraße 12,
69115 Heidelberg
E-mail: datenschutz@heidelberg.de
Homepage: http://www.heidelberg.de
(1) Each time our website is accessed, access data is stored in a log file on the server of our provider. (2) This data is collected for technical reasons. An evaluation takes place exclusively for statistical purposes (number of visitors and page popularity) and without personal reference. The processing is based on Art. 6 Para. 1 lit. f GDPR, whereby our legitimate interest lies in gaining knowledge about the use of our website and our services in order to optimize them and adapt them to the needs of users. (3) Deletion takes place automatically after 31 days at the latest. (4) Information on the provider and hosting can be found under point 6.6.
(1) When using the website for informational purposes only, i.e. if you do not register to use the website, register or otherwise transmit information to us, we do not collect any personal data, with the exception of the data mentioned under 6.1, which your browser transmits in order to technically enable you to visit the website. (2) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you usually have to provide further personal data that we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly. (3) When you contact one of our employees by e-mail or via the contact form, your e-mail address and, if you provide it, your name will be stored by us in order to answer your questions and provide you with the best possible service. (4) The legal basis for this data processing of the personal data of interested parties and customers is Art. 6 Para. 1 S. 1 based on a) your consent, b) for the fulfillment of contractual obligations, c) based on legal requirements or in the public interest and f) the processing to protect the legitimate interests of the controller. Our legitimate interest lies in providing optimal support to our customers, efficiently managing our business operations and further developing our services and products. In addition, processing may also be necessary to pursue legal claims or defend against such claims.
Your personal data will be stored by us for as long as it is required for the respective purposes underlying the processing. In addition, we only store data to the extent that we are legally obliged to do so, e.g. due to statutory retention obligations.
(1) Description and Scope of Data Processing We use cookies in the
operation of our website. Cookies are small files that make it possible to
store specific information related to you on your PC or other end devices.
In the settings of the web browser used, you can set how cookies are
handled and deactivate, restrict and control the use of cookies. On our
website, in addition to the necessary cookies, we use performance and
functional cookies. Please note that deactivating cookies may affect the
full functionality of our website and we cannot guarantee full
functionality.
(2) Type of Storage
The user data collected by cookies is stored independently of the master data
and cannot be assigned to a specific user. When you access our website, consent
for the processing of personal data and the setting of cookies is obtained and
reference is made to the privacy policy.
(3) Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of
websites for users. Some functions of our website cannot be offered without
the use of cookies. For these, it is necessary that the browser is recognized
even after a page change.
(4) Legal Basis for Data Processing
The legal basis for the processing of personal data using technically necessary
cookies is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest lies in
providing a functional and convenient website.
(5) Duration of Storage, Possibility of Objection and Removal
Cookies are stored on the respective device of the user. The user has the possibility
to control the cookies that are set on the device through the settings of his
browser.
Our website is hosted on the servers of STRATO AG in Germany. STRATO AG,
Pascalstraße 10, 10587 Berlin, Germany https://www.strato.de/impressum/
(2) We do not store automated log files when using our website.
We secure our website and other systems through suitable technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Despite regular controls, complete protection against all hazards cannot be 100% guaranteed. Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal information over the Internet. You can recognize whether an encrypted transmission is taking place by the closed key/lock symbol in the display of your browser.
When you visit our website, you will be informed about the use of cookies
via a cookie banner and asked for your consent. You have the option to
choose between necessary and optional cookies.
Essential Cookies
These cookies are required for the basic functionality of the website and cannot
be deactivated. They do not store any personal data and serve exclusively technical
purposes. The legal basis for processing is Art. 6 Para. 1 lit. f GDPR (legitimate
interest in providing a functional website).
Analytics Cookies (Optional)
With your consent, we use Google Analytics and Google Tag Manager to analyze
the use of our website. These tools help us understand user behavior and continuously
improve our website.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland
Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics
uses cookies to enable an analysis of your use of the website.
The information generated by the cookie about your use of this website is
usually transferred to a Google server in the USA and stored there. We
have activated IP anonymization, so that your IP address is shortened by
Google within member states of the European Union or in other contracting
states of the Agreement on the European Economic Area beforehand. Only in
exceptional cases will the full IP address be transferred to a Google
server in the USA and shortened there.
On behalf of the operator of this website, Google will use this
information to evaluate your use of the website, to compile reports on
website activity and to provide other services related to website activity
and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics
will not be merged with other Google data. Data transfer to the USA is
based on the EU Commission's standard contractual clauses.
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited. Google
Tag Manager itself does not store cookies and does not collect personal data.
It only serves to manage and trigger other tags (such as Google Analytics).
The Tag Manager enables us to integrate and manage tags centrally via an interface.
Legal Basis and Revocation
The legal basis for the use of Google Analytics and Google Tag Manager is your
consent pursuant to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent
at any time with effect for the future by deleting the cookies in your browser
settings or by calling up the cookie settings on our website again and changing
your preferences.
Storage Duration
The cookies set by Google Analytics are automatically deleted after 14 months.
Data whose retention period has been reached is automatically deleted once a
month.
Further information on terms of use and data protection can be found at:
- Google Analytics: https://www.google.com/analytics/terms/
- Google Tag Manager: https://www.google.com/intl/en/tagmanager/use-policy.html
- Google Privacy Policy: https://policies.google.com/privacy?hl=en
(1) When the mobile application communicates with the backend systems,
anonymized access data is stored.
(2) This data is used to optimize our systems, statistics and detect
unauthorized requests. An evaluation takes place without personal
reference. The processing is based on Art. 6 Para. 1 lit. f GDPR, whereby
our legitimate interest lies in gaining knowledge about the use of our
systems and our services in order to optimize them and adapt them to the
needs of users.
(3) Deletion takes place automatically after 90 days at the latest.
Your personal data will be stored by us for as long as it is required for the respective purposes underlying the processing. In addition, we only store data to the extent that we are legally obliged to do so, e.g. due to statutory retention obligations.
(1) Our systems are hosted on the servers of Contabo GmbH in Germany.
Contabo GmbH, Aschauer Straße 32a, 81549 Munich, Germany
https://contabo.com/de/legal/impressum/
(2) Our databases are hosted on the servers of MongoDB, Inc. in Germany.
MongoDB, Inc. 1633 Broadway, 38th Floor New York NY 10019 USA
https://www.mongodb.com/legal/terms-of-use
(3) The legal basis for data processing is Art. 6 Para.1 S.1 lit. a and b
GDPR. Our legitimate interest lies in the above-mentioned purposes of data
processing. If the user has given consent under data protection law, the
legal basis for data processing is Art. 6 Para.1 S.1 lit. a GDPR.
We secure our backend systems and other systems through suitable technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Despite regular controls, complete protection against all hazards cannot be 100% guaranteed. Our mobile applications use the industry standard SSL (Secure Sockets Layer) for encrypted communication. This ensures the confidentiality of your personal information over the Internet.
Our mobile application uses Firebase Analytics, a service provided by Google LLC ("Google"), to collect and analyze usage data to improve our services.
Firebase Analytics automatically collects certain information about your use of the app, including:
Important Notice: Our app collects and processes the Advertising ID through Firebase Analytics and potentially other third-party SDKs integrated into our application.
The Advertising ID is a unique, user-resettable identifier provided by your device's operating system. We use this identifier for:
We do not use the Advertising ID for personalized advertising or ad targeting.
You can control or reset your Advertising ID at any time:
Firebase Analytics data, including the Advertising ID, is processed by Google and may be transferred to and stored on servers located outside the European Economic Area (EEA), including in the United States. Google has implemented appropriate safeguards, including Standard Contractual Clauses (SCCs), to ensure GDPR compliance for data transfers.
Firebase Analytics data is retained for a maximum of 14 months, after which it is automatically deleted. You can request earlier deletion of your data by contacting us.
We process analytics data, including the Advertising ID, based on:
Our app uses the following third-party SDKs that may access the Advertising ID:
These SDKs may declare the com.google.android.gms.permission.AD_ID permission (Android) in their library manifests, which is automatically merged
with our app's manifest.
You can opt out of analytics data collection by:
For more information about how Google processes data through Firebase Analytics, please review:
This privacy policy is dated February 25, 2026. It is the current and valid version of our privacy policy. However, we would like to point out that from time to time, due to actual or legal changes, a revision of this privacy policy may become necessary.