Spielstand

Privacy Policy

Disclaimer:This is a machine translated version of the original privacy policy written in German that is provided for your convenience. As a result, there may be translation errors and subtle differences that might change the legal meaning of the terms used. Consequently, we do not consider this version to be legally binding. For a legally binding version, please refer to the original version written in German.

For the VitalizeU.DE Service and the Associated Applications

The VitalizeU.DE service and the associated applications collect and process your data in order to provide their functions. In addition to general usage data, this also includes personal data, such as your daily step count or, if you want to search for photos of other users or provide photos yourself, the exact location of your device at certain times.

In this privacy policy we describe which data is collected for what reason and how the collected data is used. In addition, we inform you about the various choices you have when using the website and describe their effects on data collection, processing and storage.

Version and change history

Version 1 – Created on 25.07.2024

Responsible and contact

The responsible party within the meaning of the  General Data Protection Regulation (GDPR) §4(7)  is the Chair of Networked Embedded Systems at the University of Duisburg-Essen. If you have any questions or comments about this declaration, please contact us at:

University of Duisburg-Essen
Networked Embedded Systems
Dr. Marcus Handte

Schützenbahn 70
45127 Essen

Telephone:  +49-201-183-2803
Email:  marcus.handte@uni-due.de

What data is collected and for what purpose?

  1. Data you give us:  The VitalizeU.DE mobile applications allow you to upload photos of places and search for places in photos of other users. To compare your location with the location where a photo was taken and to determine the location of photos that you choose to provide, we use the location functions of your device to determine your current location. When you initiate a comparison or upload a photo, the mobile applications transmit your location to the service. There, the location is processed and stored in order to carry out the comparison or to locate the photo you provided.
    In addition, the VitalizeU.DE mobile applications allow you to record your daily step count using platform-specific health applications in order to collect points and compare yourself with other users. On Android, we use Google Health Connect for this purpose. On iOS, Apple Health is used. If you grant the VitalizeU.DE mobile application permission to access your daily step count, the application regularly retrieves your step count via the programming interfaces of the respective health application and transfers it to the service. Your step count is stored there and converted into points. Other users can access the scores of the users with the highest values ​​via the leaderboard. You yourself can access your saved step counts and points via the mobile application at any time. In addition, the mobile applications offer you the option of deleting your device from the service. If you do this, the link between the device and the step count is deleted, which means that the step count can no longer be assigned to an individual device. If you uninstall the mobile application without deleting your device from the service, the device will be automatically deleted after 60 days without contact with the service.
    The processing of the data is necessary for the implementation of the respective functions of the service and is carried out on the basis of  GDPR §6(a)  with your consent.
  2. Data on the use of the service:  Both the web application and the mobile application communicate with the service via the HTTPS protocol. With each interaction, we save the connection and request data such as the time of the request, the current IP address of the requester, the URL accessed and the parameters contained in the request as well as the duration and results of the request. The purpose of this collection is the (possibly subsequent) detection, analysis and combating of attacks by automatic mechanisms as well as the correction of program errors and the improvement of the function and performance of the service and the applications. Accordingly, the collection is carried out in accordance with  GDPR §6(f) .
  3. Data about your mobile device:  When you use the mobile application on your mobile device for the first time, your device is automatically registered. During registration, we record and save the device model. The aim of the collection is to correct device-specific errors and to improve the function and performance of the service and applications. Accordingly, the collection takes place in accordance with  GDPR §6(f) .
    In order to be able to clearly identify your mobile device at a later date and to protect access to your own data (access control), we assign a random but unique number and an associated cryptographic key to each device when registering. The number and key are then sent to the service with each request from the device. This prevents another device from changing your data. This identification is necessary for the implementation of the service and is carried out on the basis of  GDPR §6(a).
    In addition, as part of some requests, we transmit the version of the mobile application that you have installed on your device. The purpose of this collection is to correct errors in the mobile applications and within the service implementation, as well as to statistically analyze the versions of the mobile applications used. For this reason, the collection is based on  GDPR §6(f) .

What alternatives are there and what effect do they have?

  1. Use with and without step count:  The VitalizeU.DE mobile applications allow you to record your daily step count with platform-specific health applications (Google Health Connect or Apple Health) to collect points for you and your team(s). To activate this function, you must allow the VitalizeU.DE application to access the respective health application. If you allow access, the VitalizeU.DE application regularly transfers your step count to the service in the background. To stop the regular transfer, you can simply revoke the corresponding access authorization via the respective health application. You can also use VitalizeU.DE without this authorization. In this case, you will not receive any points for your steps.
  2. Use with and without location and photos:  The VitalizeU.DE mobile applications allow you to upload photos that you have taken at a location using the application. You can also try to find the location of other users‘ photos. You get points for both uploading and finding photos. To determine the location of photos, the application needs access to the location functions of your device. To do this, you must grant the application the appropriate permission. To upload a photo, the application needs permission to access your camera. You can also use the VitalizeU.DE mobile applications without location and camera access. In this case, however, you cannot find locations or upload photos and therefore do not receive any points for them.

Where is the data stored and processed?

The data is currently stored and processed exclusively on servers in Germany at the University of Duisburg-Essen.

To whom will the data be passed on?

  1. Employees of the University of Duisburg-Essen:  We pass on the data you provide in an anonymized form to employees of the University of Duisburg-Essen. The aim of this is to statistically evaluate the data, for example to analyze the effectiveness of various game elements in increasing the activity level of university members.
  2. Other users of the applications: We make the photos you upload available to other users as daily targets in the VitalizeU.DE mobile applications. The photos used as targets on previous days can be accessed via the web application. The points you have collected can be accessed via both the web application and the mobile applications, provided you are one of the users with the highest scores on a day, week or month. Together with the score and the photos, we display the profile name and profile picture you have chosen via the mobile application. If your device is deleted, we remove the link between the profile and your points.
  3. Authorized bodies:  If we are legally obliged (e.g. by a valid court order) to release data to an authorized body, we will pass your data on to such a body and inform you (if this is legally and technically possible) about the release.

How long will the data be stored?

The storage period depends on the type and use of the data. Data on the use of the service is usually overwritten after a few days through regular rotation. This time may be longer in individual cases (e.g. when analyzing past attacks).

We store data about your device and your activity (ID, key, team membership, profile name and profile picture, assignment to step counts and points) until you request their deletion through the mobile application. If you delete the mobile application from your device without first requesting deletion or if you stop using the application and therefore no longer contact the service, we will also automatically delete this data after 60 days of inactivity. Please note that we only remove the link to the device for photos that you have uploaded so that we can continue to use the photos.

Regardless of the type of data, we try to keep the storage period as short as possible. However, we strive to operate the service in a way that protects all users‘ data from system failures and deliberate damage by third parties. We therefore use regular backups. Due to these measures, it may happen that unused data or data released for deletion is not immediately deleted from our computer and backup systems.

What rights can be asserted?

Your rights are described in detail in  Chapter 3 of the GDPR  and the rights to which you are entitled are not affected by this privacy policy. Your rights include, among others, the

  • Right to  confirmation and information  (GDPR §15), right to  rectification  (GDPR §16) and right to  erasure  (GDPR §17): You have the right at any time, within the framework of the applicable legal provisions, to obtain free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, a right to rectification, blocking or erasure of this data. Please contact the person responsible named above in this regard.
  • Right to  restriction  of processing (GDPR §18), right to  object  to processing (GDPR §21) and right to  withdraw  consent to data protection (GDPR §7): Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. An informal email notification is sufficient for withdrawal. However, the legality of the data processing carried out up to the time of withdrawal remains unaffected by the withdrawal.
  • Right to  data portability  (GDPR §20): You have the right to have data that we process automatically handed over to you or to third parties. The data will be provided in a machine-readable format. If you request that the data be transferred directly to another responsible party, this will only be done if this is technically feasible.
  • Right to  complain  to a supervisory authority (GDPR §77): As the person affected, you have the right to complain to the responsible supervisory authority in the event of a data protection violation. The responsible supervisory authority for data protection issues is the State Data Protection Commissioner for the federal state of North Rhine-Westphalia. You can find the contact details of the data protection officer  here .

If you have any questions, concerns or requests for information, please contact the person responsible mentioned above (Dr. Marcus Handte).

Information on Online Dispute Resolution

In accordance with Article 14 paragraph 1 of the ODR Regulation (EU Regulation No. 524/2013), the EU Commission provides an internet platform for online dispute resolution (so-called “ODR platform”). The ODR platform serves as a contact point for the out-of-court settlement of disputes. You can   access the ODR platform via this link .