🔒 The key points at a glance
- Your data is processed exclusively to provide the app's functions — no advertising or marketing profiling.
- Services from Google Firebase and, where applicable, Apple/Google Sign-In are used.
- You have the right to access, rectification, erasure and objection under GDPR at any time.
- Controller: Samir Salimovic, Vienna. Contact: privacy@mvm-app.at
This privacy policy was originally written in German. In case of discrepancies between the German original and this translation, the German version shall prevail.
1. General information
Protecting your personal data is important to me. This privacy policy explains what personal data is processed when you use the Barber-App by MVM-APP, the purposes for which it is processed, and the legal basis for that processing.
This privacy policy applies to the use of the Barber-App and its associated web features and public barber profiles, in particular for:
- Clients
- Barbers / hairdressers
- Users of public barber web profiles
- Users of web booking requests
The Barber-App is used in particular for:
- Organising and booking hairdresser appointments
- Managing user profiles, barber profiles and services
- Communication between clients and barbers
- Displaying public barber profiles on the web
- Managing reviews, vouchers, loyalty programmes and barber statistics
- Handling support requests and reports
- Technical delivery of functional notifications and security information
Personal data is not used for advertising or marketing profiling purposes.
2. Controller
The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
3. Categories of personal data
Depending on how the app or website is used, the following personal data may be processed in particular:
Master data
- Name
- E-mail address
Account data
- User ID
- Role as client or barber / hairdresser
- Login status
- Login information
Authentication data
- Data from Firebase Authentication
- Login data when signing in with e-mail and password
- Data from "Sign in with Apple"
- Data from "Sign in with Google"
Profile data
- City
- Bio
- Profile picture
- Gallery or portfolio images
- Website details
- Profile visibility
- Salon or barber-related information
Barber and service data
- Services offered
- Prices
- Duration
- Availability
- Barber or salon information
Appointment and booking data
- Date
- Time
- Duration
- Selected service
- Price
- Status
- Notes
- Assignment between client and barber / hairdresser
- Voucher reference
Web booking data
- Name
- E-mail address
- Desired appointment
- Desired service
- Message
- Assignment to a barber or salon
Communication data
- Chat messages
- Sending and receiving timestamps
- Read status
- Delivery status
- Image attachments in the chat
Image data
- Profile pictures
- Gallery or portfolio images
- Salon logos
- Chat images
Review data
- Star rating
- Review text
- Name or profile reference of the reviewing user
- Reference to an appointment
Voucher and loyalty programme data
- Voucher code
- Voucher value
- Expiry date
- Redemptions
- Loyalty programme configurations
Favourites data
- Saved favourite barbers
Support and report data
- Reason for report
- Description
- User identifiers concerned
- Chat or content reference
- Support responses
- Processing status
Technical data
- Device tokens for push notifications, in particular FCM tokens
- App and widget-related technical data
- Error and system information
- Security and log data
- Internal technical usage events
Web usage data
- Language settings on the web
- Locally stored preferences, e.g. via localStorage
- Technical browser and request information to the extent required
4. Purposes and legal bases for processing
Processing takes place exclusively to the extent necessary to provide the app and web features.
4.1 Registration, login and user account
Purpose: Registration, login, authentication, account management and securing the user account
Legal basis: Art. 6(1)(b) GDPR
4.2 Login with e-mail, Apple or Google
The Barber-App allows login with an e-mail address and password, "Sign in with Apple" and "Sign in with Google". The information transmitted by the respective authentication provider is processed, in particular user ID, display name and e-mail address. With "Sign in with Apple", an anonymised relay address may be used.
Purpose: Carrying out the login and authentication
Legal basis: Art. 6(1)(b) GDPR
4.3 Appointment management and booking organisation
Purpose: Creating, displaying, updating and managing appointments and booking requests, synchronisation between clients and barbers / hairdressers
Legal basis: Art. 6(1)(b) GDPR
4.4 Communication within the app
Purpose: Exchange of messages between clients and barbers / hairdressers, display of technical delivery and read status, transmission of image attachments
Legal basis: Art. 6(1)(b) GDPR
4.5 Profile features and public barber profiles
Purpose: Display and management of profile information, barber profiles, salon information, services, prices, galleries, reviews and public web profiles
Legal basis: Art. 6(1)(b) GDPR
Where voluntary additional information is provided, e.g. bio, gallery, portfolio, website details or additional profile pictures:
Legal basis: Art. 6(1)(a) GDPR
4.6 Reviews
Purpose: Creating, displaying and managing reviews in connection with appointments and barber profiles
Legal basis: Art. 6(1)(b) GDPR
4.7 Favourites
Purpose: Saving and displaying preferred barbers
Legal basis: Art. 6(1)(b) GDPR
4.8 Vouchers, loyalty programmes and barber offers
Purpose: Management of voucher codes, voucher values, expiry dates, redemptions and loyalty programme configurations
Legal basis: Art. 6(1)(b) GDPR
4.9 Push notifications
Purpose: Technical delivery of functional notifications, in particular relating to appointment changes, new messages, support responses or similar app-related events
Legal basis: Art. 6(1)(b) GDPR
Where the activation of push notifications is voluntary: additionally Art. 6(1)(a) GDPR
Note: Push notifications can be disabled at any time in the device settings.
4.10 System and security e-mails
Purpose: Sending verification e-mails, security-related notifications, account or password-related messages and technical functional information
Legal basis: Art. 6(1)(b) GDPR
Where sending also serves to protect the user account and prevent misuse: additionally Art. 6(1)(f) GDPR
4.11 Support, reports and abuse prevention
Purpose: Receiving and handling support requests and reports, preventing misuse, enforcing operational security, quality assurance
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR
4.12 IT security, stability and error resolution
Purpose: Secure operation of the app and website, error analysis, technical maintenance, availability, protection against unauthorised access and misuse
Legal basis: Art. 6(1)(f) GDPR
4.13 Internal technical usage analysis and product improvement
To the technically necessary and proportionate extent, internal usage events may be processed in order to improve the core features, usability and stability of the app. No use for advertising or marketing profiling takes place.
Purpose: Technical analysis of the use of core features, improvement of product quality and optimisation of app functionality
Legal basis: Art. 6(1)(f) GDPR
5. Legitimate interests pursuant to Art. 6(1)(f) GDPR
Where processing is based on Art. 6(1)(f) GDPR, the legitimate interests consist in particular of:
- Ensuring secure, stable and functional app and web operation
- Detecting, preventing and investigating misuse or unlawful use
- Technical error analysis and system stability
- Securing user accounts and communication features
- Proportionate internal further development of the core product features
- Efficient handling of support and security cases
6. Appointment management and bookings
In the context of appointment management and booking processing, the following data in particular is processed:
- Client / barber / hairdresser
- Date
- Time
- Duration
- Selected service
- Price
- Appointment status
- Optional notes
- Voucher information where applicable
This data is used exclusively for appointment organisation, synchronisation and communication between the parties involved.
7. Web bookings and public barber web profiles
If booking requests are submitted via the website or a public barber profile, the data provided is processed to assign and handle the request for the relevant barber or salon.
Public barber web profiles may contain in particular:
- Name
- City
- Bio
- Services and prices
- Reviews
- Gallery and profile images
- Publicly released website details
- Further profile information released by the barber or salon
Note: Publicly released barber profiles and the information contained therein can be viewed on the internet by third parties.
Web booking requests can be displayed in the app and accepted, processed or declined by the barber.
Legal basis: Art. 6(1)(b) GDPR
8. Communication within the app (chat)
The Barber-App offers an internal messaging system for communication between clients and barbers / hairdressers. The following data is processed in particular:
- Message content
- Timestamps
- Image attachments
- Technical delivery and status information
The content is intended only for the users involved in the communication. No automatic content analysis for advertising or marketing profiling purposes takes place.
Users can also report chat content or other content to support. In this case, the reason for the report, description, user identifiers involved, chat reference, support responses and processing status may be processed.
9. Profile pictures, gallery images, salon logos and chat images
Users may voluntarily upload images, in particular:
- Profile pictures
- Gallery or portfolio images
- Salon logos
- Chat image attachments
These images are used exclusively to provide the respective feature.
Legal basis: Art. 6(1)(b) GDPR
For voluntary additional profile and gallery information additionally: Art. 6(1)(a) GDPR
10. Push notifications
A device token is processed for the technical delivery of push notifications, e.g. a Firebase Cloud Messaging token.
This token is used exclusively for the technical delivery of functional notifications and not for advertising profiling.
11. Widgets (iOS)
If widgets are used, certain summary data may be processed locally on the device or within the app/widget environment, e.g.:
- Upcoming appointments
- Number of appointments or booking requests
- Barber overviews
This data is used exclusively for the widget feature.
Legal basis: Art. 6(1)(b) GDPR
12. QR code, PDF and profile sharing features
The app may provide features for sharing barber or salon profiles, in particular:
- Website links
- QR codes
- PDF export of profile information
The released profile and barber data is processed to enable the desired sharing, display or export feature.
Legal basis: Art. 6(1)(b) GDPR
13. Web features, language settings and local storage
As part of the web features, technical settings, in particular the chosen language, may be stored locally in the browser, e.g. via localStorage.
This is used exclusively to provide the website features in a user-friendly way and to restore chosen display settings.
Legal basis: Art. 6(1)(f) GDPR
14. Recipients or categories of recipients
Personal data is only shared where this is necessary to provide the app and web features, where there is a legal obligation, or where consent has been given.
Recipients or categories of recipients may include in particular:
- Technical hosting, database and infrastructure service providers
- Authentication and push notification service providers
- E-mail service providers or SMTP/mail infrastructure used for system and security e-mails
- Support and security service providers where required
- Authorities or courts where legally required
15. Use of Firebase, Google, Apple and other technical services
For the technical operation of the Barber-App and its associated web features, services from Google Firebase are used in particular, for example:
- Firebase Authentication
- Cloud Firestore
- Cloud Functions
- Firebase Cloud Messaging (FCM)
- Cloud Storage for Firebase
- Firebase Hosting where applicable
Where Google login is used, Google services in connection with Google Sign-In are also used.
Where Apple login is used, services in connection with "Sign in with Apple" are used.
These services are used in particular for:
- Authentication
- Database and synchronisation
- Push notifications
- Storage of images and attachments
- Technical functional and support processes
- Sending security-related or functional communications
Further information on data protection at Firebase: firebase.google.com/support/privacy
16. Third-country transfers
When using Firebase, Google or Apple services and other technical infrastructure, processing of personal data outside the European Economic Area cannot be excluded.
Where personal data is transferred to third countries, this is done on the basis of the legal requirements of Arts. 44 et seq. GDPR, in particular on the basis of:
- An adequacy decision by the European Commission where available
- Standard contractual clauses
- Other appropriate safeguards of the respective provider
Information on the safeguards used can be requested at privacy@mvm-app.at, to the extent not already publicly provided by the respective provider.
17. Data security
To protect personal data, appropriate technical and organisational measures are used, in particular:
- Encrypted data transmission
- Access restrictions
- Authentication and authorisation concepts
- Role and rule configurations
- Secure cloud and backend services
- Technical measures to secure communication and account data
Despite all measures, absolute security cannot be guaranteed.
18. Retention and deletion
Personal data is stored only for as long as this is necessary to provide the app and website and the respective features, or as long as statutory retention obligations exist.
As a general rule:
- Account data: until deletion of the account, subject to statutory retention obligations
- Appointment and booking data: for as long as required for appointment management, traceability and legitimate operational purposes
- Chat data: for as long as the communication feature is provided or until deletion within the scope of technical possibilities
- Review data: for as long as the review and profile system is provided or until removal under the applicable rules
- Image data: until removal by the user or until deletion of the account
- Voucher and loyalty programme data: for as long as these features are actively used or required for administrative documentation
- Support and report data: for as long as required for handling, documentation and abuse prevention
- Technical error, security and usage data: only for as long as required for operation, security, abuse prevention and technical improvement
- Local web storage: until deletion by the user in the browser or until the setting is overwritten
- Backups: on a time-delayed basis within the scope of technical backup processes
Users may delete their account. In this case, personal data will be removed from active systems to the extent technically possible and where no legal or other obligations prevent this.
19. Rights of data subjects
Data subjects have in particular the following rights under GDPR:
- Right of access pursuant to Art. 15 GDPR
- Right to rectification pursuant to Art. 16 GDPR
- Right to erasure pursuant to Art. 17 GDPR
- Right to restriction of processing pursuant to Art. 18 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to object pursuant to Art. 21 GDPR where processing is based on Art. 6(1)(f) GDPR
- Right to withdraw consent with effect for the future pursuant to Art. 7(3) GDPR
Requests regarding these rights can be directed to: privacy@mvm-app.at
20. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates GDPR.
The competent supervisory authority in Austria is in particular:
Barichgasse 40–42
1030 Vienna, Austria
E-mail: dsb@dsb.gv.at
Website: www.dsb.gv.at
21. Obligation to provide data and consequences of non-provision
Certain personal data is required to use core features of the app, in particular for:
- Login
- Appointment booking
- Communication
- Barber and profile management
- Technical security features
Without this data, individual features or the use of the app in general may be restricted or not possible.
22. No automated decision-making
No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.
23. Use by minors
Use of the Barber-App is only permitted for persons who have reached the age of 14.
Where processing is based on consent and it concerns an offer of information society services directed directly at children, the validity of consent is governed by the applicable data protection regulations.
24. Responsibility of barbers / hairdressers / salons
Where barbers, hairdressers or salons operate their own profiles via the platform and process client data in the context of their own services, they may be independently responsible under data protection law for certain processing operations.
MVM-APP remains responsible for the technical provision of the app and website and the associated data processing within its own area of responsibility.
25. Changes to this privacy policy
This privacy policy may be updated if technical features, legal requirements or the Barber-App develop further.
The current version is available in the app or via the provided links.
26. Contact
Questions about data protection can be directed at any time to: