Privacy Policy for the app “InstaPDF Scanner”
We inform you in accordance with Art. 12 et seq. GDPR about the processing of personal data when using this app.
1. Controller
Dr. Marc Kronberg
Leopoldsweg 22
61348 Bad Homburg
Germany
Email: marc.kronberg@krocon.de
Phone: +49 151 2012 9999
Authorized representative: Marc Kronberg
Privacy contact / DPO
If appointed: Marc Kronberg
Email: marc.kronberg@krocon.de
Scope: This policy applies to the mobile app InstaPDF Scanner for iOS/Android and any related web services.
2. Data categories processed
- Technical basics: device/OS information, app version, anonymous device IDs, IP address, timestamps, log files.
- Usage data: interactions, feature usage, session duration, in‑app events.
- Content data: user‑provided content (e.g., text, files, media) – only where required for functionality.
- Contact data: email, name – where provided by the user (e.g., account/support).
- Payment data: processed by app store providers (Apple/Google); we typically do not receive full payment details.
- Crash/diagnostics: crash logs, performance metrics to improve stability.
- Location data/permissions: only with consent and only for the respective feature (see section 4).
3. Purposes & legal bases (Art. 6 GDPR)
| Purpose | Legal basis | Interests/Details |
|---|---|---|
| Providing the app, security, bug fixing | Art. 6(1)(f) GDPR (legitimate interests) | Stable and secure operation; preventing abuse. |
| User account & support | Art. 6(1)(b) GDPR (contract) and/or (f) | Contract performance; handling inquiries. |
| Analytics/statistics | Art. 6(1)(a) GDPR (consent) | App optimization only after opt‑in; withdrawal anytime in app settings. |
| Push notifications | Art. 6(1)(a) GDPR (consent) | Opt‑in via system dialog; opt‑out anytime in system/app settings. |
| In‑app purchases/subscriptions | Art. 6(1)(b) GDPR | Handled by Apple App Store / Google Play; statutory retention obligations. |
| Legal compliance/defense | Art. 6(1)(c) & (f) GDPR | Compliance with legal duties; establishing/exercising/defending claims. |
Note Where multiple legal bases apply, we rely on the most appropriate one for the specific processing.
4. App permissions & device access
Only where required for specific features and after your consent:
- Camera/Photos: capture/attach images within the app.
- Location: functional location features (e.g., maps, location‑based content).
- Microphone: voice recording for [feature].
- Contacts/Calendar: only for import/sharing features.
- Motion/Sensors, Bluetooth, Notifications – where required.
You can revoke permissions anytime in your device settings.
5. Integrated services/SDKs
If used (examples – not exhaustive, please adapt):
- Analytics/Crash: [Firebase Analytics/Crashlytics], [Sentry], [AppCenter].
- Push: Apple Push Notification Service (APNs) / Firebase Cloud Messaging (FCM).
- Authentication: [Sign in with Apple/Google/Email].
- Payments: Apple App Store / Google Play Billing (independent controllers).
- Hosting/Backend: [Provider, region], possibly a content delivery network.
For providers outside the EEA, we ensure appropriate safeguards under Art. 44 et seq. GDPR (e.g., EU standard contractual clauses) or work with EEA‑based providers.
6. Recipients & processors
| Recipient/Category | Purpose | Location | Legal basis |
|---|---|---|---|
| Apple/Google | Store handling, payments | EU/International | Independent controllers |
7. Storage periods
We process personal data only for as long as necessary for the respective purposes. Statutory retention periods (e.g., commercial/tax law up to 10 years) remain unaffected. Afterwards, data are deleted or anonymised.
8. Children/Minors
Our app is not directed at children under 16. We do not knowingly process children’s data.
9. Your rights
- Access to personal data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure (Art. 17 GDPR) & Restriction (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to processing based on legitimate interests (Art. 21 GDPR)
- Withdraw consent at any time with effect for the future (Art. 7(3) GDPR)
To exercise your rights, please contact us using the details above. We handle requests in accordance with Art. 12 GDPR.
10. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). Competent is, in particular, the authority at your residence or at the controller’s seat. For Hesse (Germany): The Hessian Commissioner for Data Protection and Freedom of Information (HBDI), datenschutz.hessen.de.
11. Data security
We implement technical and organisational measures pursuant to Art. 32 GDPR (e.g., access controls, encryption, backup/recovery) and review them regularly.
12. Changes
We update this policy when functions, services or legal frameworks change. The current version is available here.
Effective date: