Last Updated: March 28, 2025
This privacy policy applies to the PinPoint mobile application (the "App") as well as the PinPoint website accessible through the App (the "Website"). Both are collectively referred to as "Services".
Regarding the Services, Christoph Heldt is the controller within the meaning of the General Data Protection Regulation ("GDPR").
Christoph Heldt
Industriestraße 1
97332 Volkach
Germany
Email: pinpointmailapp@gmail.com
This privacy policy informs you about how we collect and process personal data in connection with our Services.
By using our App, access to information (e.g., IP address) or storage of information (e.g., cookies) on your end devices may occur. This access or storage may be associated with further processing of personal data under the GDPR.
In cases where such access to information or storage of information is strictly necessary for the technically error-free provision of our Services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.
In cases where such processing serves other purposes (e.g., the needs-based design of our App), it is carried out on the basis of § 25 para. 1 TTDSG only with your consent pursuant to Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future.
Further information about the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our Website.
Registration with PinPoint is possible via email and password. We use the provided login credentials (email address, password) to create and allow you to manage a PinPoint account. We use the data to authenticate you during the login process. The data you provide during registration or login is used by us to (1) verify your authorization to use the PinPoint account, (2) implement the App's terms of use with all associated rights and obligations, and (3) be able to contact you to communicate technical or legal notices, updates, security messages, or other messages regarding the administration of your PinPoint account.
Your login data is processed only on PinPoint servers. To identify you, PinPoint generates a random user number that allows us to associate PinPoint activities (posts, replies, etc.) triggered from this device with an account. The user number does not allow any conclusions to be drawn about your identity or other personal data. The processed data is used only in case of legal necessity (e.g., criminal prosecution).
We associate the following data with your user number and store it:
Your interaction with the App, namely:
Technical data transmitted by your mobile device, namely:
We use your user number to connect activities in the App with your account and thus for identification purposes to implement your rights under the GDPR when you assert your data protection claims. We also use data you provide us when exercising your rights to document that we have implemented the GDPR requirements.
We use your user number to connect activities in the App with your account and thus for identification purposes to implement your rights under the GDPR when you assert your data protection claims. We also use data you provide us when exercising your rights to document that we have implemented the GDPR requirements.
We disclose personal data only when and to the extent required by law or based on a court or official order, except in the cases mentioned below. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR (legal obligation).
For registration with PinPoint and generation of your random user number, we use only the data provided to us through your registration (email address). We use your user number to connect activities in the App with your account and thus to enable the operation of the App. The legal basis for this is the contractual relationship between you and PinPoint under Art. 6 para. 1 sentence 1 lit. b GDPR.
If we specifically ask for your consent for individual data processing activities, we process the data on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke consents at any time with effect for the future.
We use your user number to connect activities in the App with your account and thus for identification purposes to implement your rights under the GDPR when you assert your data protection claims. We also use data you provide us when exercising your rights to document that we have implemented the GDPR requirements. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f and lit. c GDPR. Our legitimate interest lies in being able to prove that we have implemented your rights.
The aforementioned data is processed by us for the following purposes and as follows:
We use the advertising identifiers IDFA (for iOS devices) and AAID (for Android devices) (together the "Advertising Identifiers"). These advertising identifiers are non-personal, non-permanent identifiers on the mobile device. The advertising identifiers capture the user number and allow us to track how users connect with PinPoint.
We may share corresponding data with so-called advertising networks to deliver advertising in the App that is more relevant/specific to you. You can disable access to the advertising identifier in your device settings by turning off ad tracking on iOS (under "Settings") or resetting the AAID on Android (under "Settings").
The legal basis for using the advertising identifiers is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interests; the legitimate interest in using this data is that we can offer the App to users for free only if we are able to display relevant advertising in the App efficiently).
We analyze usage data to better understand our users' preferences. For this purpose, we use the following tool:
We use Google AdMob (an advertising service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) exclusively on the basis of your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. AdMob enables the display of personalized advertising in our App and the measurement of its performance.
Processed data (only with consent):
Purposes:
Consent information:
Data transfer to the USA:
Google also processes data in the USA. As the legal basis for this transfer, we use Art. 45 GDPR in conjunction with the EU-US Data Privacy Framework (DPF) (Google LLC is listed at https://www.dataprivacyframework.gov/). Additionally, we have agreed standard contractual clauses (SCCs).
Further information:
If you contact us via contact form, the information you provide in the contact form or your email will be stored by us for the purpose of processing the request and in case of follow-up questions. Providing an email address is required for contact. We will not disclose this data to anyone without your consent. The legal basis for processing the data is our legitimate interest in responding to your inquiry. Your data will be deleted after your request has been processed, unless statutory retention obligations prevent this. In the case of Art. 6 para. 1 sentence 1 lit. f GDPR, you can object to the processing of your personal data at any time.
In part, we use service providers who process personal data on our behalf to provide the technical platform for the Services. These service providers process the corresponding data exclusively according to our instructions (order processing). The legal basis for data processing described in this section 4 is Art. 6 para. 1 sentence 1 lit. b GDPR (lawfulness of processing) and Art. 28 GDPR (processor).
Unless a shorter storage period is specified in this privacy policy, we store personal data for as long as (i) this is necessary for the provision of the services to you and/or (ii) this is necessary with regard to the contractual relationship with you; thereafter, the data is stored only if and to the extent that we are obliged to do so by statutory retention obligations. If we no longer need the relevant personal data for the purposes described above, this personal data will be stored only for the duration of the respective statutory retention obligations and will not be processed for other purposes.
You have the following rights regarding your personal data against us:
You have the right to obtain information from us about which data we process concerning you in accordance with Art. 15 GDPR.
You have the right to rectification under Art. 16 GDPR of inaccurate or incomplete information, should the data concerning you be incorrect or incomplete.
You have the right to erasure of your personal data under the conditions of Art. 17 GDPR. Your claim to erasure may be excluded under this provision due to a conflicting interest.
You have the right to restriction of processing of your personal data under the conditions of Art. 18 GDPR.
You have the right to withdraw any consent given for the processing of your personal data at any time in accordance with Art. 7 para. 3 GDPR.
You have the right, under the conditions of Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us.
You have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data, insofar as this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for direct marketing purposes, you have a general right of objection without the requirement to specify a particular situation.
Controller within the meaning of the GDPR:
Christoph Heldt
Industriestraße 1, 97332 Volkach, Germany
Email: pinpointmailapp@gmail.com
Website: https://apps.soulstone.online/
How to reach us:
Note on the Data Protection Officer:
Since we do not carry out any special type or scope of data processing that makes the appointment of a data protection officer mandatory under Art. 37 GDPR, the controller (Christoph Heldt) is your direct contact for all data protection inquiries.
We place great importance on the security of all personal data associated with the App or its use. We have security measures in place to prevent loss, misuse and alteration of the data we store. Our security measures and privacy policy are reviewed regularly and updated and improved as appropriate. Only authorized employees have access to personal data. We have taken additional extensive precautions regarding the App and its use. Nevertheless, users should be aware that, despite all security measures, the exchange of information over the Internet can never be completely secure. We cannot guarantee the security of data transmitted via the App while it is being transmitted over the Internet.
Last Updated: March 28, 2025