Privacy Policy
Barber-App Android

1. General information

Protecting your personal data is important to me. This privacy policy explains what personal data is processed when using the Barber-App for Android and its associated web features, for what purposes, and on what legal basis.

This privacy policy applies to all users of the Android version of the Barber-App and its associated web features, in particular for:

• Clients
• Barbers / hairdressers
• Salon members and salon administrators
• Users of public barber and salon web profiles

The Barber-App is used in particular for:

• Organising and booking hairdresser appointments
• Managing profiles, services, barber and salon information
• Communication between clients and hairdressers
• Displaying public barber and salon profiles on the website
• Managing reviews, vouchers, loyalty programmes and statistics
• Handling support requests and reports
• Managing notifications and security-related account processes

Personal data is not used for advertising or marketing profiling purposes.

2. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

3. Categories of personal data

Depending on how the app and website are used, the following personal data may be processed in particular:

3.1 Master data

• Name
• E-mail address

3.2 Account data

• User ID
• Role as client or hairdresser
• Login information
• Authentication status

3.3 Profile data

• City
• Address
• Postcode
• Bio
• Profile picture
• Gallery images
• Own website
• Profile visibility

3.4 Barber and service data

• Services offered
• Prices
• Duration
• Availability
• Barber information

3.5 Salon and team data

• Salon name
• Salon address and city
• Bio
• Join code
• Admin and member role
• Team assignments
• Salon-related opening hours
• Salon-related visibility information

3.6 Appointment and booking data

• Date, time, duration
• Selected service
• Price
• Appointment status
• Optional notes
• Client / hairdresser assignment
• Salon reference where applicable

3.7 Web booking data

• Name
• E-mail address
• Desired appointment and service
• Message
• Barber or salon reference

3.8 Communication data

• Chat messages
• Timestamps
• Delivery status and read status
• Image attachments in the chat

3.9 Image data

• Profile pictures
• Gallery / portfolio images
• Chat images

3.10 Review data

• Star rating
• Review text
• Name of the reviewing user
• Appointment reference

3.11 Voucher and loyalty programme data

• Voucher code and voucher value
• Expiry date
• Redeemed vouchers
• Loyalty programme configurations

3.12 Favourites data

• Saved favourite barbers

3.13 Support and report data

• Reason for report and description
• Chat / appointment / user reference
• Processing status
• Support responses

3.14 Technical data

• Device tokens for push notifications
• Notification settings
• App / widget data
• Technical error and system information
• Technical usage events
• Security-related metadata for sensitive account processes

3.15 Authentication data

• Data from Firebase Authentication
• Data from "Sign in with Google"

4. Purposes and legal bases for processing

Processing takes place exclusively to the extent necessary to provide the app and web features.

4.1 Registration, login and user account

Purpose: Registration, login, authentication, management of the user account

Legal basis: Art. 6(1)(b) GDPR

4.2 Appointment management and booking organisation

Purpose: Creating, displaying, updating and managing appointments and booking requests, synchronisation between clients and hairdressers or salons

Legal basis: Art. 6(1)(b) GDPR

4.3 Communication within the app

Purpose: Exchange of messages between clients and hairdressers, technical display of delivery or read status

Legal basis: Art. 6(1)(b) GDPR

4.4 Profile features and public barber and salon profiles

Purpose: Display and management of profile information, services, galleries, reviews, barber and salon information, and public web profiles

Legal basis: Art. 6(1)(b) GDPR

Where voluntary additional information is provided, e.g. bio, gallery, own website: additionally Art. 6(1)(a) GDPR

4.5 Reviews

Purpose: Creating, displaying and managing barber reviews in connection with appointments

Legal basis: Art. 6(1)(b) GDPR

4.6 Favourites

Purpose: Saving and displaying preferred barbers

Legal basis: Art. 6(1)(b) GDPR

4.7 Vouchers, loyalty programmes and barber offers

Purpose: Management of voucher codes, voucher values, expiry dates, redemptions and loyalty programme configurations

Legal basis: Art. 6(1)(b) GDPR

4.8 Push notifications

Purpose: Notifications about appointment changes, new messages, support responses and similar functional events

Legal basis: Art. 6(1)(b) GDPR

Where activation is voluntary: additionally Art. 6(1)(a) GDPR

4.9 Optional news and update notifications

Purpose: Sending optional news and update notifications to users who have expressly activated this feature

Legal basis: Art. 6(1)(a) GDPR

4.10 System e-mails and functional notifications

Purpose: Verification e-mails, appointment-related information, technical or functional notifications

Legal basis: Art. 6(1)(b) GDPR

4.11 Support, reports and abuse prevention

Purpose: Receiving and handling support requests and reports, abuse prevention, quality assurance, secure operation

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR

4.12 IT security, stability and error resolution

Purpose: Secure operation, error analysis, technical maintenance, protection against misuse

Legal basis: Art. 6(1)(f) GDPR

4.13 Product improvement within the technical scope

Purpose: Improving core features and usability of the app, to the extent that technical usage events are processed within the app or its associated systems

Legal basis: Art. 6(1)(f) GDPR

4.14 Salon, team and member management

Purpose: Creating, managing and displaying salons, team members, salon-related opening hours, join code processes and assignment of barbers to a salon

Legal basis: Art. 6(1)(b) GDPR

4.15 Account security and security-related processes

Purpose: Securing sensitive account processes, in particular re-authentication before security-relevant changes, password changes, e-mail changes, account deletion and sending security-related notifications. The timestamp, platform and device information may be processed in particular.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR

No use for advertising or marketing profiling takes place.

5. Login with e-mail or Google

The Barber-App for Android allows login via:

• E-mail address and password
• Sign in with Google

The information transmitted by the respective authentication service is processed, in particular user ID, display name and e-mail address.

Legal basis: Art. 6(1)(b) GDPR

6. Appointment management and bookings

In the context of appointment management and booking processing, the following data in particular is processed:

• Client / hairdresser / salon where applicable
• Date, time, duration
• Selected service
• Price
• Appointment status
• Optional notes
• Voucher information where applicable

This data is used exclusively for appointment organisation, synchronisation and communication between the parties involved.

7. Web bookings and public barber or salon web profiles

If booking requests are submitted via the website or a public barber or salon profile, the data provided is processed to assign and handle the request for the relevant barber or salon.

Public barber and salon web profiles may contain in particular:

• Name
• City and address
• Bio
• Services and prices
• Reviews
• Gallery / profile images
• Team members
• Publicly released website details where applicable
• Salon-related opening hours where applicable

Web booking requests can be displayed in the app and processed by the barber, or in a salon context assigned to the responsible team member and handled accordingly.

Legal basis: Art. 6(1)(b) GDPR

8. Communication within the app (chat)

The Barber-App offers an internal messaging system for communication between clients and hairdressers. The following data is processed:

• Message content
• Timestamps
• Image attachments where applicable
• Technical delivery and status information

The content is intended only for the users involved in the communication. No automatic content analysis for advertising or profiling purposes takes place.

Users can also report chat content or other content to support. In this case, the reason for the report, description, user identifiers involved, chat reference, support responses and processing status may be processed.

9. Profile pictures, gallery images and chat images

Users may voluntarily upload images, in particular:

• Profile pictures
• Gallery / portfolio images
• Chat image attachments

These images are used exclusively to provide the respective feature.

Legal basis: Art. 6(1)(b) GDPR

For voluntary additional profile and gallery information additionally: Art. 6(1)(a) GDPR

10. Push notifications and notification settings

For the technical delivery of push notifications, a device token is processed in particular, e.g. a Firebase Cloud Messaging token.

In addition, notification settings may be stored in the user account, in particular:

• Activation or deactivation of general push notifications
• Activation or deactivation of optional news and update notifications

This information is used exclusively for the technical delivery and management of the notifications requested by the user. No use for advertising profiling takes place.

Legal basis: Art. 6(1)(b) GDPR

Where optional news and update notifications are activated: additionally Art. 6(1)(a) GDPR

Note: Push notifications and news notifications can be changed or disabled at any time in the app or in the device settings.

11. Widgets (Android)

If widgets are used, certain summary data may be processed locally on the device or within the app/widget environment, e.g.:

• Upcoming appointments
• Number of appointments or booking requests
• Barber overviews

This data is used exclusively for the widget feature.

Legal basis: Art. 6(1)(b) GDPR

12. QR code, PDF and profile sharing features

The app may provide features for sharing barber or salon profiles, e.g.:

• Website links
• QR codes
• PDF creation and PDF sharing
• Sharing or saving profile information via Android sharing features

The released profile, barber or salon data is processed to enable the desired sharing or display.

Legal basis: Art. 6(1)(b) GDPR

13. Account security and security-related e-mails

For sensitive account processes, in particular password changes, e-mail changes or account deletion, additional confirmations, re-authentications and security-related e-mails may be used for security purposes.

The following data may be processed in particular:

• User identifier
• E-mail address
• Timestamp of the process
• Platform
• Device information

This processing is used exclusively to secure the user account and to maintain traceability of security-relevant processes.

14. Support, reports and local caching

Support requests and reports may be temporarily cached locally on the device to the technical extent required, until successful transmission is possible. This is used exclusively to ensure the reliable provision of the support feature.

Where support cases are processed, processing status, internal feedback and assignment information may also be processed.

15. Use of Firebase / recipients

For the technical operation of the Barber-App and its associated web features, services from Google Firebase are used in particular, e.g.:

• Firebase Authentication
• Cloud Firestore
• Firebase Cloud Messaging (FCM)
• Cloud Storage for Firebase
• Firebase Hosting where applicable
• Firebase Analytics within the technical scope where applicable

Where Google login is used, services in connection with Google Sign-In may also be used.

These services are used to provide the app and web features, in particular for:

• Authentication
• Database and synchronisation
• Push notifications
• Storage of images and attachments
• Technical functional and support processes

In addition, internal event and log data may be processed within the used backend and database structure to the technical extent required, where this is necessary for stability, support, security or improvement of core features.

Further information on data protection at Firebase: firebase.google.com/support/privacy
Privacy at Google: policies.google.com/privacy

16. Disclosure of data to third parties

Personal data is disclosed to third parties only:

• Where this is necessary for the technical operation of the app and website
• Where there is a legal obligation
• Or where express consent has been given

No disclosure for advertising or marketing purposes takes place.

17. Third-country transfers

When using Firebase / Google services, processing of personal data outside the European Economic Area cannot be excluded.

Where required, processing takes place on the basis of appropriate safeguards pursuant to Arts. 44 et seq. GDPR, in particular standard contractual clauses or other data protection mechanisms provided by the providers.

Information on the safeguards used can be requested at privacy@mvm-app.at, to the extent not already publicly provided by the respective provider.

18. Data security

To protect personal data, appropriate technical and organisational measures are used, in particular:

• Encrypted data transmission
• Access restrictions
• Authentication and authorisation concepts
• Secure cloud services
• Role and rule configurations

Despite all measures, absolute security cannot be guaranteed.

19. Retention and deletion

Personal data is stored only for as long as this is necessary to provide the app and website and the respective features, or as long as statutory retention obligations exist. As a general rule:

• Account data: until deletion of the account
• Appointment and booking data: for as long as required for functionality and traceability
• Chat data: for as long as the communication feature is provided or until deletion within the scope of technical possibilities
• Review data: for as long as the review and profile system is provided
• Image data: until removal by the user or deletion of the account
• Voucher and loyalty programme data: for as long as these features are actively used or required for administrative purposes
• Support and report data: for as long as required for handling and documenting the support case
• Technical usage and error data: only for as long as required for operation, security and improvement
• Salon and team data: for as long as the salon and team features are provided or until corresponding assignments are removed
• Notification settings and device tokens: for as long as required for the delivery or management of notifications
• Security-related process data: only for as long as required for carrying out, tracing and securing security-relevant account processes
• Locally cached support data: until successful transmission or removal within the scope of technical processes
• Backups: on a time-delayed basis within the scope of technical processes

Users may delete their account. In this case, personal data will be removed from active systems to the extent technically possible and where no legal obligations prevent this.

20. Rights of data subjects

Data subjects have in particular the following rights under GDPR:

• Right of access pursuant to Art. 15 GDPR
• Right to rectification pursuant to Art. 16 GDPR
• Right to erasure pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to object pursuant to Art. 21 GDPR where processing is based on Art. 6(1)(f) GDPR
• Right to withdraw consent with effect for the future pursuant to Art. 7(3) GDPR

Requests can be directed to: privacy@mvm-app.at

21. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates GDPR.

The competent supervisory authority in Austria is in particular the Austrian Data Protection Authority (www.dsb.gv.at).

22. Obligation to provide data and consequences of non-provision

Certain personal data is required to use core features of the app, e.g. login, appointment booking, communication, salon or barber management.

Without this data, individual features or the use of the app in general may be restricted or not possible.

23. No automated decision-making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.

24. Use by minors

Use of the Barber-App is only permitted for persons aged 14 and over. Use by children under the age of 14 is not intended.

25. Responsibility of barbers and salons

Where barbers or salons operate their own profiles via the platform and process client data in the context of their services, they may be independently responsible under data protection law for certain processing operations.

MVM-APP remains responsible for the technical provision of the app and website and the associated data processing within its own area of responsibility.

26. Changes to this privacy policy

This privacy policy may be updated if technical features, legal requirements or the app develop further.

The current version is available in the app or via the provided links.

27. Contact

Questions about data protection can be directed at any time to: