Privacy Policy
Last updated: December 29, 2024
Effective Date: December 29, 2024
Preamble
We, Niklas Amslgruber, Grünwalder Str. 272, 81545 München, Germany (hereinafter “we” or “us”) are the provider of the app “Travel Planner Guide - Triplix” (hereinafter “Triplix”), which you can download to your device. Triplix is a all-in one travel planner including checklists, expense tracking, document storage and a smart AI travel assistant.
The protection of your privacy when using Triplix is very important to us. Therefore, we would like to inform you with the following information about which personal data we process when you use Triplix and how we handle this data. In addition, we will inform you about the legal basis for processing your data and, insofar as processing is necessary to safeguard our legitimate interests, also about our legitimate interests. You can access this privacy policy at any time in the app Settings (Gear Icon -> Privacy Policy).
Controller
We are the controller within the meaning of the General Data Protection Regulation (“GDPR”). Contact details can be found in the imprint of our website. You can contact us via email at support {at} triplix {dot} app or via the postal address from the imprint.
Information on the Processing of Your Data
Certain information is already processed automatically as soon as you make use of Triplix. We have set out below, which personal data is specifically processed:
Data that is processed when downloading Triplix
When downloading Triplix, certain required information is transmitted to the Apple App Store, especially your username, your e-mail address, the customer number of your account, the time of the download, payment information and the individual device identification number (so-called IMEI) may be processed. This data is processed exclusively by the Apple App Store and is beyond our control.
Data Processed While using Triplix
When using Triplix you can add trips, activities, checklists, documents, expenses, notes, tasks, reminders, etc. In particular, your entries may also contain personal data such as names, addresses, e-mail addresses and telephone numbers, which we then process, in particular store. The legal basis for the above data processing is the fulfillment of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of Triplix.
Data Processed as a Part of the Triplix Newsletter
When registering for the Triplix Newsletter, we use your e-mail address to subscribe you to our newsletter. we process in particular the data that you entered when subscribing to the newsletter in Triplix, i.e. your email address. We process this data on your behalf in accordance with your instructions using the processors named in section 3 of the data protection declaration. we process the aforementioned data in order to be able to offer you the Triplix Newsletter functionally and contractually. The legal basis for the aforementioned data processing is the fulfillment of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the Triplix Newsletter.
Data Processed in the Context of the use of Triplix AI
As part of your use of Triplix AI, we process in particular the data that you enter in Triplix as part of AI instructions (so-called “AI Prompts”). We process this data on your behalf in accordance with your instructions. This may include, for example, new or existing activity entries, reminders, checklists, travel details, appointments and calendar events. We have no influence on the type of personal data you enter and the categories of data subjects. we process the aforementioned data in order to be able to offer you Triplix AI in a functional and contractual manner. The legal basis for the above data processing is the fulfillment of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the Triplix. Further details can be found in the data processing agreement concluded between you and us before using Triplix AI (DPA).
Data That is Collected When Visiting our website
Each time you access our website, the Internet browser used on your terminal device (computer, laptop, tablet, smartphone, etc.) automatically transmits information to the server of our website. This information is temporarily stored in a log file. The following data is collected without any action on your part and stored until it is automatically deleted the IP address of the requesting computer, as well as device ID or individual device identifier and device type; the name of the retrieved file and the amount of data transferred, as well as the date and time of retrieval the notification of successful retrieval; the requesting domain; the description of the type of Internet browser used and, if applicable, the operating system of your terminal device as well as the name of your access provider; your browser history data and your standard weblog information; your location data, including the location data of your terminal device; Please note that you can control or deactivate the use of location services in the settings menu of many terminal devices. The legal basis for the above processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in collecting the data is based on the following purposes: ensuring a smooth connection setup and convenient use of the website, evaluation of system security and stability, internal statistical purposes as well as advertising and marketing for our offers. Your IP address is only analyzed in the event of attacks on our network infrastructure and for statistical purposes.
Data That is Processed When Contacting us via our website
When contacting us (e.g. by contact form, email, telephone or via social media), the personal data requested by us or provided by you will be processed to process the contact request and its handling. We delete the inquiries, including the personal data associated with them, if they are no longer required. We review the necessity every two years; the statutory archiving obligations apply. The legal basis for the above data processing is a) the fulfillment of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of Triplix or b) our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the processing of inquiries or other contacts. Our interests outweigh your rights and interests in the protection of your personal data.
Disclosure and Transfer of Data
In addition to the cases explicitly mentioned in this privacy policy, your personal data will only be passed on without your express prior consent if this is permitted or required by law. In these cases, any disclosure of personal data is justified by the fact that a) the processing is necessary to fulfill a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with national legal requirements, or b) we have a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, we have a legitimate interest in disclosing this data to third parties (e.g. courts) if there are indications of abusive behavior or to enforce our terms of use, whereby in such a case your rights and interests in the protection of your personal data do not prevail.
we rely on external companies and external service providers (processors) to provide the services set out in Triplix in accordance with the contract. Our processors are strictly bound by our instructions and contractually obligated accordingly.
| Processor | Purpose of Processing | Level of Data Protection |
|---|---|---|
| Supabase Inc. | Forwarding of user requests to OpenAI and storage of newsletter email data | No adequate level of data protection, as processing outside the EU/EEA, guarantee of data protection compliance by concluding standard contractual clauses |
| iCloud, Apple Inc. | Synchronization of data entered by users of Triplix between different terminal devices | No adequate level of data protection, as processing outside the EU/EEA, guarantee of data protection compliance by concluding standard contractual clauses |
| OpenAI LP | Creation of recommendations for Triplix via the Triplix AI Assistant | No adequate level of data protection, as processing outside the EU/EEA No guarantee of data protection compliance |
| RevenueCat Inc. | Processing of in-app purchases and subscription management | No adequate level of data protection, as processing outside the EU/EEA, guarantee of data protection compliance by concluding standard contractual clauses |
| Sentry Software LLC | Error tracking and performance monitoring | No adequate level of data protection, as processing outside the EU/EEA, guarantee of data protection compliance by concluding standard contractual clauses |
| PostHog Inc. | Anonmoyous Analytics and usage tracking | No adequate level of data protection, as processing outside the EU/EEA, guarantee of data protection compliance by concluding standard contractual clauses |
The above processors have been carefully selected by us, are regularly reviewed and are contractually obliged to process all personal data exclusively in accordance with our instructions. Insofar as we also process (or have processed) data in countries outside the EU / EEA in accordance with the above list, we use the standard contractual clauses of the EU Commission or other suitable guarantees in accordance with Section 46 GDPR when structuring the contractual relationships with processors in order to ensure the protection of your personal rights in the context of these data transfers as well.
Duration of Data Retention
we delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it. Unless otherwise stated, we store your personal data for the duration of the usage or contractual relationship via the app plus a period of 30 days, during which we keep backup copies after deletion, unless this data is required for criminal prosecution or to secure, assert or enforce legal claims.
Your Rights as Data Subject
When processing your personal data, the GDPR grants you certain rights as a data subject. Right of access (Art. 15 GDPR) You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If this is the case, you have a right of access to this personal data and to the information listed in detail in Art. 15 GDPR. Right to rectification (Art. 16 GDPR) You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed. Right to deletion (Art. 17 GDPR) You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies. Right to restriction of processing (Art. 18 GDPR) You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing, for the duration of the examination by the controller. Right to data portability (Art. 20 GDPR) In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party. Right to withdraw consent (Art. 7 GDPR) If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 para. 3 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Right to object (Art. 21 GDPR) If data is collected on the basis of Art. 6 para. 1 lit. f GDPR (data processing to protect legitimate interests) or on the basis of Art. 6 para. 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. Unless otherwise described above, please contact the office named in the legal notice to assert your rights as a data subject.
Right to Appeal to a Supervisory Authority (Art. 77 GDPR)
In accordance with Art. 77 GDPR, you have the right to appeal a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to appeal a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Data security
we take technical and organizational measures to protect your data from unauthorized access as comprehensively as possible. We use an encryption process on our websites. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption.