Data protection

Responsible body

beauQ UG (haftungsbeschränkt)
Theresienstieg 11
22085 Hamburg

Tel.: +49 (0)40 999 999 74

Managing Director: Oliver Krause
Commercial register Hamburg: HRB 141637
VAT registration number: DE 309 034 349

Name and address of the data protection officer

The data protection officer of the controller is:

Niko Rimarzik
beauQ UG (haftungsbeschränkt)
Theresienstieg 11
22085 Hamburg


Any data subject can contact our data protection officer at any time with any questions or suggestions regarding data protection.

What personal data is collected?

We collect, store and process various categories of personal data. Personal data is data that allows you to identify yourself (e.g., e-mail address, name, IP address, etc.). When you install and use this app, we collect the following personal information:

• Information about the user (name, first name, e-mail address, user name, password, IP address)
• Information about the device and its software (operating system, version)

The recording takes place for the following purpose:

• User authentication in the app
• Recording control results in the HACCP documentation
• Improving the user experience
• Personalized service
• Contact and communication

The collection of personal data by this app only takes place if we are legally entitled to do so or if you have expressly consented to the data collection.

Data collection in the context of the use of the app

Personal data may be collected in the context of the use of the app in particular in the following ways:

• You enter the data yourself (eg username and password, comments, free text fields, signature).
• Your information will be collected based on the access rights that this app requires and that you have given us (e.g., photos).

Data you enter yourself

If you write comments in our app, fill in free text fields or sign documentation results, the data entered by you will be stored with us. We will not share this information with third parties without your consent.

Offline usage

In the case of offline use of the app, all data collected during this period (eg results of the checks carried out) will be stored locally by the app on the respective device and transmitted in the event of an internet connection. The server infrastructure for HACCP24 will be exclusively in accordance with DIN ISO / IEC 27001 certified data center hosted in Germany.

Access rights of the app

To provide our services through the App, we require the access rights listed below that allow us to access certain features of your device.

Camera Access
The recording takes place for the following purpose:
Photographing control points or elements requiring documentation.

Memory access (device memory and SD card / read and write permissions)
The recording takes place for the following purpose:
In the case of offline use of the app, all usage data collected in this period (e.g., results of the controls performed) are temporarily stored by the App locally on the respective device.

Network Access
The recording takes place for the following purpose:
User authentication in the app. Transfer of controls, documentation results or photos.


This app uses encryption for security purposes and to protect the transmission of sensitive content, such as logging in with your user data or transmitting controls. This encryption is intended to prevent the data you transmit or receive from unauthorized third parties.

Liability for links

The beauQ UG (haftungsbeschränkt) declares hereby expressly that at the time of the link setting no illegal contents were recognizable on the sides to be linked. BeauQ UG (haftungsbeschränkt) has no influence on the current and future design, the contents or the authorship of the linked / linked pages. Therefore he dissociates himself hereby expressly from all contents of all linked / linked sides, which were changed after the link setting. This statement applies to all links and references within the own internet offer. For illegal, incorrect or incomplete contents and in particular for damages resulting from the use or disuse of such information, the provider of the page to which reference has been made, and not the one who only links to the respective publication, is liable.

Liability for content

As a service provider we are responsible according to § 7 Abs.1 TMG for own contents on these sides according to the general laws. According to § 8 to 10 TMG, however, we as a service provider are not obligated to monitor transmitted or stored third-party information or to investigate circumstances that indicate an illegal activity.

Obligations to remove or block the use of information under general law remain unaffected. However, liability in this regard is only possible from the moment of knowledge of a specific infringement. Upon notification of appropriate violations, we will remove this content immediately.

Legal basis of processing

Art. 6 I lit. A DS-GMO serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the provision of a service or consideration, the processing is based on Art. 6 I lit. b DS-GMO. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, DS-BER).

Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period required to achieve the purpose of the security or, if so required by the European directives and regulations or any other legislator in laws or regulations governed by the controller , was provided. If the purpose of the security is omitted or if a retention period prescribed by the European Directive and / or regulatory authority or any other relevant legislature expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Information, correction, restriction, data portability, deletion, blocking

At any time you have the right to free information about your stored personal data, their origin and recipient and the purpose of the data processing as well as a right to correction, limitation of processing, data portability, blocking or deletion of this data. For further information on personal data you can contact us at any time at the address given in the imprint.

Right to revoke a data protection consent

Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to revoke consent to the processing of personal data at any time. If the data subject wishes to assert their right to withdraw consent, they may, at any time, contact an employee of the controller.

Existence of automated decision-making

As a responsible company we refrain from automatic decision-making or profiling.

Right of appeal to the competent supervisory authority

We would like to point out that in the case of violations of data protection law, you have a right of appeal to the competent supervisory authority. As a rule, the supervisory authority responsible for data protection issues is the state data protection officer of the federal state in which our company is headquartered. A list of the Data Protection Officers and their contact details can be found on the following link:

Modification of this Privacy Policy

We reserve the right to change this Privacy Policy at any time in accordance with legal requirements.