Effective date: 10 November 2025
Controller: Blitzenergie GmbH, Friedrichstr. 161, 42551 Velbert, Germany (“we”, “us”, “our”).
Contact: info@blitzenergie-gmbh.de\
1. What this policy covers
This policy explains what personal data the App collects, how we use it, the legal bases we rely on, with whom we share it, how long we keep it, and the rights available to you under applicable law (including the EU/UK GDPR).
2. Data we collect
2.1 Data you provide
Account data: email address, password (hashed), profile details (e.g., display name).
Authentication data: when you sign in with third-party providers (e.g., Sign in with Apple and/or Google), we receive identifiers and the email you choose to share.
User content (optional): favorites, reviews, photos you upload, and any messages you send to support.
2.2 Data collected automatically
Approximate or precise location (with your consent): used to show nearby shops and relevant search results.
Device and usage data: app version, device model, OS version, language, time zone, in-app actions (e.g., screen views, taps).
Diagnostics: crash logs and performance data.
2.3 Data from permissions (optional)
Location: to display nearby results and maps.
Camera/Photos: if you upload shop images or a profile photo.
You can change permissions anytime in your device settings. Some features may be limited without certain permissions.
3. How we use your data (purposes & legal bases)
Provide core features (nearby search, maps, favorites, account): Contract (Art. 6(1)(b) GDPR).
Sign-in and authentication (email/password, Sign in with Apple/Google): Contract and legitimate interests in secure access.
Improve and secure the App (analytics, crash reporting, fraud prevention): Legitimate interests (Art. 6(1)(f)).
Communications (support responses, service notices): Contract and/or legitimate interests.
Consent-based features (location, camera/photos, any marketing where applicable): Consent (Art. 6(1)(a)).
Legal compliance (tax/audit/requests from authorities): Legal obligation (Art. 6(1)(c)).
We do not sell your personal data.
4. Third-party services (processors/sub-processors)
We use trusted providers to operate the App. They process data on our behalf under data-processing agreements:
Apple Sign in – authentication.
Firebase (Google) – authentication, cloud storage/database, analytics, crash reporting.
Maps/Places provider (e.g., Apple Maps or Google Maps) – map tiles, geocoding, place details.
Hosting and content delivery – to serve our website/support pages and media.
Each provider processes data only to deliver the relevant service and is bound by confidentiality and security obligations.
5. Data sharing
We share data only with:
Service providers listed above;
Authorities when required by law;
Business transfers: if we undergo a merger, acquisition, or asset sale, data may be transferred under safeguards.
We do not share your personal data with unrelated third parties for their own marketing.
6. International transfers
Where data is transferred outside your country (including to countries without an adequacy decision), we use appropriate safeguards such as Standard Contractual Clauses and complementary technical/organizational measures.
7. Data retention
We keep personal data only as long as necessary for the purposes above:
Account data: kept while your account is active.
Analytics/diagnostics: retained for a limited period (typically 14–24 months) and then aggregated or deleted.
Support communications: retained as needed to resolve the request and for compliance.
When you delete your account inside the App, we delete or irreversibly anonymize your personal data within 30 days, unless we must keep some data longer to comply with legal obligations.
8. Your rights (EU/UK and similar jurisdictions)
Subject to conditions and legal limits, you have the right to:
access, rectify, or erase your data;
restrict or object to processing;
data portability;
withdraw consent at any time (this does not affect prior processing);
lodge a complaint with your local supervisory authority.
To exercise these rights, contact info@blitzenergie-gmbh.de. We may need to verify your identity.
9. Children
The App is not intended for children under 16 (or the age required by your country). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to delete it.
10. Security
We use reasonable technical and organizational measures to protect your data (encryption in transit, access controls, least-privilege practices). No method of transmission or storage is 100% secure.
11. In-app account deletion
You can delete your account at any time: Settings → Account → Delete account. This immediately revokes access and schedules deletion of associated personal data as described in Section 7.
12. Changes to this policy
We may update this policy from time to time. We will post the new version in the App and update the “Effective date.” Material changes may be notified in-app or by email.
13. Contact
Controller: Blitzenergie GmbH
Address: Friedrichstr. 161, 42551 Velbert, Germany
Email: info@blitzenergie-gmbh.de