The controller responsible for data processing is:
Marces Jonuscheit
Schlossergasse 56/1
89077 Ulm
Deutschland
E-Mail: medduell@gmail.com
Email address — provided during registration or via Apple/Google Sign-In
Username — chosen during registration
University — optional, for profile customization
Country — for game region assignment
Game language — for quiz question display
Score — results from quiz duels
Game statistics — games played, win rate, category performance
Avatar selection — chosen profile image from predefined options
FCM Token — for delivering push notifications
Device type and OS — for app compatibility
Authentication provider — Apple, Google, or anonymous login
No health data (Art. 9 GDPR). No location data. No contacts, photos, or media. No payment information. No
advertising identifiers (IDFA/GAID).
Data
Purpose
Legal Basis
Email, username
Account creation and
management
Art. 6(1)(b) GDPR (contract)
Data
Purpose
Legal Basis
University, country,
language
Matchmaking, game functionality
Art. 6(1)(b) GDPR (contract)
Score, game statistics
Core function (leaderboards,
history)
Art. 6(1)(b) GDPR (contract)
Avatar selection
Profile personalization
Art. 6(1)(b) GDPR (contract)
FCM Token
Push notifications
Art. 6(1)(a) GDPR (consent)
Technical data
App functionality,
troubleshooting
Art. 6(1)(f) GDPR (legit. interest)
Apple/Google Sign-In
Authentication
Art. 6(1)(b) GDPR (contract)
Services: Firebase Authentication, Cloud Firestore, Realtime Database, Cloud Messaging. Server location:
EU (europe-west1, Belgium). Legal basis: Data Processing Agreement (Art. 28 GDPR). US transfers: EU-US
Data Privacy Framework + Standard Contractual Clauses.
Service: Sign in with Apple. Apple transmits only an anonymized relay email or real email (user’s choice) plus
a unique identifier. Apple is certified under the EU-US Data Privacy Framework.
We do not sell, rent, or share your personal data with advertisers or other third parties.
Your data is primarily processed within the EU (Google Cloud europe-west1, Belgium). Where transfers to the
US occur, we rely on: (1) EU-US Data Privacy Framework, (2) Standard Contractual Clauses, (3) encryption in
transit and at rest.
Data
Retention Period
Account data
Until account deletion by user
Game data
Until account deletion
FCM Token
Until withdrawal of push consent or account deletion
Technical data
90 days (troubleshooting logs)
After account deletion, all personal data is permanently removed within 30 days, unless statutory retention
obligations apply.
Right of access (Art. 15): Request information about stored data.
Right to rectification (Art. 16): Correct inaccurate data.
Right to erasure (Art. 17): Delete your data. Available in-app.
Right to restriction (Art. 18): Restrict processing.
Right to data portability (Art. 20): Receive data in machine-readable format.
Right to object (Art. 21): Object to legitimate interest processing.
Right to withdraw consent (Art. 7(3)): Withdraw at any time.
To exercise your rights: medduell@gmail.com
You have the right to lodge a complaint with your national data protection authority.
UK GDPR and Data Protection Act 2018 apply. UK Representative under Art. 27 UK GDPR will be appointed
and listed here. Supervisory authority: ICO, Wycliffe House, Water Lane, Wilmslow SK9 5AF.
Swiss FADP (nDSG) applies. Supervisory authority: FDPIC, Feldeggweg 1, CH-3003 Bern.
Loi Informatique et Libertés applies. You may issue post-mortem data instructions. Supervisory authority: CNIL,
Paris.
LOPDGDD applies. Supervisory authority: AEPD, C/ Jorge Juan 6, 28001 Madrid.
MedDuell does not currently meet CCPA/CPRA thresholds. We voluntarily grant US users: right to know, right
to delete. We do not sell or share data for advertising.
MedDuell is designed for medical students and not intended for children under 17. We do not knowingly collect
data from children under 17.
The MedDuell iOS app does not use cookies or advertising tracking. No IDFA is collected. The FCM Token is
used solely for push notifications.
We may update this policy. The current version is always available in the app. Material changes will be
communicated via the app.
Marces Jonuscheit
Schlossergasse 56/1
89077 Ulm
Deutschland
E-Mail: medduell@gmail.com