Bäume in Wien

English

Deutsch

English

Deutsch

Appearance

PRIVACY POLICY

Baumkataster - Vienna Tree Register App

Date: March 13, 2026 | Version: 1.1

1. RESPONSIBLE PARTY

Paul Niederle

Data Protection Officer: No Data Protection Officer has been appointed as there is no statutory obligation under Art. 37 GDPR.

2. WHAT DATA IS COLLECTED?

2.1 Location Data (GPS)

  • What: GPS coordinates, coarse location data
  • For what:
    • Displaying trees near you
    • Navigation to trees
    • Rally radius verification
    • AR Mode
  • Legal Basis: Art. 6(1)(a) GDPR (Consent)
  • Storage:
    • Temporarily in RAM
    • For Rally: Max. 6 months or until deletion
    • NOT permanently stored
  • Revocation: Device Settings → App Permissions

2.2 Camera and Photos

  • What: Photos of trees (EXIF data is removed)
  • For what:
    • Notes with images
    • Rally photo challenges
    • Achievements
  • Legal Basis: Art. 6(1)(a) GDPR (Consent)
  • Storage:
    • Locally on your device
    • Optional: Cloud (encrypted)
    • Photos remain private
  • Revocation: Device Settings

2.3 Device Information

  • What: Device ID (pseudonymized), OS version, App version, Device model
  • For what: Attribution, Error analysis, Compatibility
  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest)
  • Legitimate Interest: Processing is necessary to ensure the technical operation and error-free functioning of the app. A balancing test has been conducted – the data is pseudonymized and has no impact on user privacy.
  • Note: The Device ID is pseudonymized and cannot be directly linked to a natural person. It changes upon reinstallation.
  • Right to Object: You can object to this processing at any time (Art. 21 GDPR) by emailing support@treesinvienna.eu.

2.4 User Data

  • What: Notes, Favorites, Rally names, Achievements
  • Storage:
    • Locally in Room database
    • Optional: Cloud Sync (Supabase, EU)
  • Legal Basis: Art. 6(1)(b) GDPR (Performance of contract – data is necessary for providing app functionality)

2.5 Tree Register Data

  • Source: City of Vienna (data.wien.gv.at), CC BY 4.0
  • Content: Tree species, Location, Planting year etc.
  • Note: No personal data.

2.6 Early Access Registration

  • What: Email address, language preference
  • For what: Sending the Early Access link
  • Legal Basis: Art. 6(1)(a) GDPR (Consent)
  • Storage: Until app publication, then deleted
  • Revocation: At any time by emailing support@treesinvienna.eu

3. THIRD-PARTY DATA TRANSFER

3.1 Supabase (Cloud Backend)

  • Provider: Supabase Inc., Singapore
  • Server: EU (Frankfurt)
  • Data: Rally data, optionally notes/photos
  • Purpose: Cloud DB, Multiplayer, Sync
  • Security: TLS 1.3, Row Level Security
  • Guarantees: Data Processing Agreement (DPA) pursuant to Art. 28 GDPR
  • Privacy: Supabase Privacy
  • Note: Data processing takes place exclusively on servers within the European Union.

3.2 OpenStreetMap

  • Provider: OpenStreetMap Foundation, United Kingdom
  • Purpose: Map tiles
  • Data: IP address (temporary)
  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest – map display)
  • Privacy: OSM Privacy

3.3 City of Vienna

  • Purpose: Tree register download
  • Data: IP address (temporary)
  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest – data provision)
  • Website: data.wien.gv.at

3.4 Wikipedia (USA)

  • Provider: Wikimedia Foundation, Inc., USA
  • Purpose: Tree species info
  • Data: Anonymous API requests
  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest – information provision)
  • Guarantees: Adequacy decision / EU Standard Contractual Clauses
  • Privacy: Wikimedia Privacy
  • Note: No personal data is transmitted to Wikipedia.

4. INTERNATIONAL DATA TRANSFERS

Some third-party providers are located outside the EEA:

ProviderLocationGuarantee
SupabaseServers in EU (Frankfurt)DPA, EU servers
WikipediaUSAAdequacy decision / SCCs
OpenStreetMapUKAdequacy decision

5. STORAGE DURATION

Data TypeDuration
Location (temp)24h
Rally Data6 months
Notes/PhotosUntil deletion by user
Server Logs7 days
Early Access EmailsUntil app publication

Auto-Deletion: Inactive Rallies after 12 months.

6. YOUR RIGHTS (GDPR)

You have the following rights regarding your personal data:

  • Access (Art. 15): You may request information about your stored data.
  • Rectification (Art. 16): Directly in the app or by email.
  • Erasure (Art. 17): Settings → "Delete all data" or by email.
  • Restriction (Art. 18): You may request restriction of processing.
  • Data Portability (Art. 20): JSON export in app or by email request.
  • Objection (Art. 21): You may object to processing based on legitimate interests.
  • Revocation (Art. 7): Consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
  • Complaint (Art. 77): You have the right to lodge a complaint with the Austrian Data Protection Authority:

Austrian Data Protection Authority (Datenschutzbehörde) Barichgasse 40-42, 1030 Vienna Phone: +43 1 52 152-0 E-Mail: dsb@dsb.gv.at Website: dsb.gv.at

To exercise your rights, contact: support@treesinvienna.eu We will respond within 30 days (Art. 12(3) GDPR).

7. SECURITY

We implement the following technical and organizational measures for data protection (Art. 32 GDPR):

  • Encrypted transmission (HTTPS/TLS 1.3)
  • Access control (Row Level Security)
  • Pseudonymization (Device IDs)
  • Regular security updates
  • Minimal data storage (data minimization)

Note: Despite appropriate security measures, absolute security cannot be guaranteed.

8. CHILDREN & SCHOOLS

  • Minimum Age: All age groups (including school classes).
  • Consent: For users under 16 years of age, obtaining necessary consents is the responsibility of parents or the school (Art. 8 GDPR).
  • Recommendation for Teachers:
    • Use pseudonyms ("Team 1", not "Max Mustermann").
    • Obtain consent before Rally.
    • No photos of persons.
  • Note: Teachers act pedagogically. The app is only a technical platform.

App contains:

  • ❌ No Ads
  • ❌ No In-App Purchases
  • ❌ No Tracking
  • ❌ No Social Media

9. TRACKING & ANALYTICS

9.1 The App Itself

  • ❌ No Google Analytics
  • ❌ No Facebook SDK
  • ❌ No Firebase Analytics
  • ❌ No Advertising IDs
  • ❌ No Cookies

Local Statistics (device only): Visited trees, Achievements, Rally progress. Are NOT transmitted.

9.2 Website Analytics (Umami)

On our website treesinvienna.eu we use Umami Analytics — a privacy-friendly, open-source solution that we self-host.

What Umami collects:

DataDetails
Page viewsWhich pages are visited
Approximate countryDerived from IP range (IP is not stored)
Device typeDesktop / Mobile / Tablet
Browser & OSAggregated, anonymous
ReferrerWhich site you came from

What Umami does NOT collect:

  • ❌ No cookies
  • ❌ No IP address storage
  • ❌ No cross-site tracking
  • ❌ No personally identifiable data
  • ❌ No sharing with third parties

Operator: Umami is self-hosted at analytics.paulify.eu (server in the EU).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving our website). Since no personal data is processed, no consent is required.

Opt-Out: Since no personal data is collected, no specific opt-out is necessary. Alternatively, you can use a browser with the "Do Not Track" header enabled — Umami respects this.

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy as needed to adapt it to changes in law or changes in the app. The current version is always available at treesinvienna.eu/en/privacy.

For material changes, we will notify you within the app.

11. CONTACT

Privacy Inquiries: E-Mail: support@treesinvienna.eu Phone: +43 720 699 0677 Subject: "Privacy - Tree Register" Response: Within 30 days

Please provide:

  • If possible, the Device ID (optional, in app settings)
  • Type of request

12. SUMMARY

✅ What the App does:

  • Shows Trees (Open Data Vienna)
  • GPS only with permission
  • Local storage of favorites
  • Multiplayer Rallies (optional)

🔒 Privacy:

  • EU Servers (GDPR)
  • Encrypted
  • Pseudonymized
  • No Tracking
  • Deletable at any time

📱 Permissions:

  • Location: Map, Navigation
  • Camera: Photos (optional)
  • Internet: Maps, Rallies

All permissions are optional and revocable.

Thank you for your trust! 🌳