Privacy Policy for the Use of the App "poii" and the Website poii.de

1. General Information and Controller

1.1 This Privacy Policy informs you about the processing of personal data by StepFormation GmbH, Bergstraße 39, 21259 Otter (hereinafter "we" or "poii").

1.2 The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

StepFormation GmbH
Bergstraße 39
21259 Otter
info@poii.de

1.3 If you have any questions about data protection, you can contact our Data Protection Officer at any time: info@poii.de

2. Collection and Processing of Personal Data

2.1 General Data Collection When Using the Platform

We process personal data when you use our app or website. This includes in particular:

• IP address and technical device information

• Time of access

• Operating system and browser type

• Duration of visit and user actions

2.2 Registration and Use of the App

During registration, we process the following personal data:

• Name or pseudonym

• Email address

• Password (encrypted)

2.3 Data Processing When Using poii App

While using poii, additional personal data may be processed, in particular:

• Uploaded content (e.g., reviews, POI recommendations, photos)

• Location data (optional, if activated)

2.4 Automated Data Collection Through Cookies and Analysis Tools for poii Website

We use cookies and tracking tools to analyze and improve the use of our platform. This includes in particular:

• Google Analytics (analysis of user behavior)

• Hostinger Web Services (https://www.hostinger.com/legal/cookie-policy)

More information about the cookies we use can be found in the Cookie Policy [https://www.hostinger.com/legal/cookie-policy].

3. Legal Basis for Data Processing

We process your data on the following legal bases:

• Art. 6(1)(a) GDPR (consent, e.g., for newsletters or tracking)

• Art. 6(1)(b) GDPR (contract performance, e.g., provision of the app)

• Art. 6(1)(f) GDPR (legitimate interest, e.g., security, fraud prevention)

4. Sharing of Data with Third Parties

4.1 Hosting and Technical Service Providers

Our website is hosted on Hostinger servers. Technical user data is processed in this context.

• Hostinger as the host of the website

• Amazon Web Services (AWS) as the host of the app

4.2 Third-Party Integrations

To optimize usage, we integrate third-party services, including:

• Google Analytics for analyzing user behavior (https://policies.google.com/privacy?hl=en-US)

4.3 Use of Firebase and Flutter

Our app poii was developed with the Flutter framework and uses various services from the Google Firebase platform. Firebase is a service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Firebase provides a variety of functions that we use for the provision and further development of the app, including:

• Firebase Authentication (for user login)

• Cloud Firestore (for storing content such as locations, bookmarks, etc.)

• Firebase Cloud Messaging (for push notifications)

• Firebase Analytics (for anonymized usage analysis)

• Firebase Hosting (for providing web content)

• Firebase Crashlytics (for error detection)

The use of these services is based on our legitimate interest (Art. 6(1)(f) GDPR) in a secure, stable, and efficient app infrastructure. In certain cases, the processing may also be based on your consent (Art. 6(1)(a) GDPR), such as for analytics functions or push notifications.

Data transfer to third countries:

Since Firebase is operated by Google, in exceptional cases, personal data may be transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

Storage duration:

The data processed via Firebase is only stored for as long as necessary for the respective purposes and as long as no legal retention obligations prevent this.

Further information on data processing by Google Firebase can be found at:

🔗 https://firebase.google.com/support/privacy

4.4. Use of Mapbox (Search Places API)

Our app poii uses the services of Mapbox Inc., 740 15th Street NW, 5th Floor, Washington, D.C. 20005, USA, for displaying locations as well as searching and geocoding addresses.

In particular, the following functions of the Mapbox API are used:

• Search Places API for location and address search (geocoding/reverse geocoding)

• Display of interactive maps and POIs

When using these services, information such as IP address, location data (if enabled), device used, and requests are transmitted to Mapbox servers.

Legal basis:

The processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the user-friendly presentation of content and enabling an efficient search function within the app.

Data transfer to third countries:

Mapbox processes data in the USA. Data is only transferred when necessary for using the API. Mapbox has committed to complying with common data protection standards. Further information about data protection at Mapbox can be found at:

🔗 https://www.mapbox.com/legal/privacy

4.5. Use of Google Maps Map Data

Parts of the poii app use services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for the visual presentation of map material and location information.

Processed data may include:

• IP address

• Location data (if enabled)

• Usage behavior related to the map function

Purpose of processing:

The integration of Google Maps allows us to display map material efficiently and visually appealing, especially for navigation or viewing POIs.

Legal basis:

The processing is carried out according to Art. 6(1)(f) GDPR based on our legitimate interest in a functional map display.

Data transfer to third countries:

Google may transfer data to the USA. Google is certified under the EU-U.S. Data Privacy Framework. Further information on data processing can be found in Google's privacy policy:

🔗 https://policies.google.com/privacy

4.6 Legal Obligations

We only share personal data if we are legally obligated to do so or if this is necessary to enforce our rights.

5. Storage and Deletion of Data

5.1 We store personal data only for as long as necessary for the respective processing purpose or as required by legal retention obligations.

5.2 Users can request the deletion of their account at any time. In this case, all personal data will be deleted within 30 days unless legal retention obligations prevent this.

6. User Rights

You have the following rights regarding the processing of your personal data:

• Right to information (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure ("right to be forgotten") (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object to processing (Art. 21 GDPR)

To exercise these rights, you can contact us at any time: info@poii.de

7. Data Security

We implement technical and organizational measures to protect your data against unauthorized access, loss, or misuse. Our app uses encryption technologies and secure server structures.

8. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy in case of changes to legal requirements or the platform.

Last updated: 30.06.2025