The protection of your data is very important to Synaptikon GmbH (hereafter "Synaptikon" or "we/us"). The collection, processing and utilization of data stays in accordance with the strict requirements of GDPR in the EU and DSGVO in the Federal Republic of Germany under the principle of privacy by design, data avoidance, data transparency and data security.
With this privacy statement we would like to inform you transparently and comprehensively how we handle data.
I. Name and address of the responsible person and the company data protection officer
The person responsible within the meaning of the EU General Data Protection Regulation (GDPR/DSGVO) and other national data protection laws of the EU Member States as well as other data protection provisions is:
represented by the managing directors Rojahn Ahmadi and Jakob Futorjanski
Data Protection Officer is:
c / o Synaptikon GmbH
- Further contact options
II. General information on data processing
- Scope of processing of personal data
In principle, we collect and use personal data of our users and customers only insofar as this is necessary and permitted for the provision of a well-functioning website and our services, for contractual obligation with the customer and for marketing purposes within the scope of applicable law. The collection and use of personal data takes place only within the consent of the user or if the processing of that data is permitted by law.
- Disclosure of personal data to third parties
A transfer of personal data to third parties is strictly controlled and only possible in the cases specified in this Privacy Statement, to the service providers mentioned here or as far as you have given us in individual cases, your consent. Authorities or other state institutions are given information and personal data only in the context of statutory information obligations or on the basis of official or judicial decisions.
- Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO as legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.
- Data deletion and storage duration
Personal data of data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of data for conclusion of a contract or fulfillment of the contract.
III. Logfiles when visiting the website
(1) When you visit our websites, your browser automatically sends information to our server. This information is stored temporarily in a log file and is automatically deleted after six months.
The following information will be collected without your intervention and stored by us or on our behalf by external web hosting providers until automated deletion:
- IP address of the requesting computer,
- date and time of access,
- Name and URL of the retrieved file as well
- used browser and possibly the operating system of your computer.
The data mentioned are processed by us for the following purposes:
- ensuring a smooth connection of the website,
- ensuring comfortable use of our website,
- Evaluation of system security and stability.
(2) The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In no case we use the collected data for the purpose of drawing conclusions about you.
IV. Registration as a user at Synaptikon
- Description and scope of data processing
On our websites and the products offered there, you can register free of charge as part of the use of a so-called "Freemium account" or for a fee with the use of a "premium account". When registering for a free "freemium account", you enter your personal data in an input mask and submit it to us. The following data is collected, stored and processed:
- Username (mandatory)
- E-mail address (mandatory)
- self-selected password (mandatory)
In addition, you may voluntarily submit the following information to us to personalize your password-protected account and to compare your results obtained in our tests and exercises with the results of your respective peer group:
- Date of birth
- User Profile Photo
The password you have chosen will only be stored encrypted in the database. The clear recovery of the password from the encrypted data is not possible in principle, neither by Synaptikon nor by third parties.
When entering and transmitting this data, the following information is automatically collected:
- IP address / server logfile
- Time Zone
- Country from which you register
For “Premium” users further data is collected, stored and processed:
- Surname and first name (mandatory for payment procedures)
- Desired payment method and payment information (mandatory)
- Date and time of the upgrade of your Freemium account to a Premium account (automatically saved)
- Purposes of data processing
The truthful input of the above-mentioned mandatory information is required so that you can fully use the services provided by us and that we can duly fulfill and settle our obligations under the contracts concluded with you.
This personal data is also required by Synaptikon to provide you with all the benefits of using NeuroNation, to personalize the training and to optimally identify and offer evaluations and benchmarks. In addition, the data for processing and administration, to check the entered data for plausibility and age of the users required, i. E. to justify, formulate, process and modify the agreements you have concluded with us about the use of NeuroNation and to be able to process any inquiries.
- Payment for Premium Services
Synaptikon has contracted reliable and trusted payment service providers to process payments. These are depending on the desired payment method:
- Novalnet AG
- Stripe, Inc.
For the purpose of billing premium services, it is necessary that we provide the billing information to our payment service providers required for this purpose.
If you choose the payment method "direct debit / SEPA mandate" or "credit card", we will have to post Novalnet AG your name and address, IBAN and BIC or credit card number (including validity period) as well as the invoice amount, the currency and the transaction number. Novalnet AG may only use this information for the purpose of processing payments under this specific contractual agreement.
If other payment service providers are selected at the time of purchase, they will only receive the information they need for billing purposes.
When choosing the payment method "PayPal" or "Stripe", your payment data, your e-mail address as well as your existing account with one of these service providers will transfer your valid user ID to "PayPal" or "Stripe".
Stripe, Inc. is certified under the EU-US Privacy Shield Agreement and ensures compliance with European privacy legislation.
We urge the aforementioned payment service providers to treat your data confidentially and in accordance with the applicable data protection laws. We only pass data to the designated service providers for the purposes described here.
- Legal basis for data processing and transfer to payment service providers
The processing of data collected as part of the registration as well as the transfer of payment to external payment service providers serves the fulfillment of contracts of which you are a party or the implementation of pre-contractual activities. The legal basis for processing the data is Art. 6 para. 1 lit. b DSGVO.
- Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Even after conclusion of the contract, there may be a need to store and process personal data of the contracting party in order to fulfill contractual or legal obligations, e.g. for the processing of claims from the respective contract of use. In addition, the requirement of data storage for tax and / or commercial purposes must be observed. For tax purposes, storage periods of ten years apply (for invoices, books, records, accounting documents, etc.) or six years (for correspondence and other), § 147 Abs. 3 AO.
V. Processing of data during usage of our services by registered users
(1) For the continuous improvement of the services offered by us, Synaptikon collects data for statistical purposes during usage by registered users.
(2) Depending on the user's request, the data
- a) can be displayed in the profile so that they are visible to other users of our services or
- b) can only be visible to the respective user.
The default setting is set to <anonymous> so that only the respective user can view his data. Visibility settings can be managed by the user in the user profile.
These data include:
- User's performance ("Brainscore", "Exercise score", etc.)
- User Comments,
- Log files to exercises and visited pages,
- a) when was the user's last login,
- b) which pages has the user viewed.
V. Processing of anonymized data when using our services by registered users
To improve the content and user experience and to optimize the services we provide, we evaluate the points reached by the users at the individual exercises which are calculated after values ( "brain power") anonymously in the sections "brain comparison" and "best list " out. The age and gender of the users are included in this evaluation in anonymised form, provided that these data were provided at registration. A conclusion on your identity Synaptikon is not possible through this evaluation.
VII. Personal data of people with limited contractual capability
The services of NeuroNation can also be used by people with people with limited contractual capability, especially those who are at registration not yet 18 years old, when an effective consent of the parent or in other cases where the conclusion of contracts by law are permissible. Same data privacy rules apply here. If parent/legal guardian find out that a person with limited contractual capability provided data without their consent, please contact Synaptikon so that this data is deleted.
Synaptikon is entitled to demand the presentation of proof of legitimacy (for example a copy of the identity card) in order to verify legal representation by guardians. Upon presentation of a corresponding proof of legitimacy, Synaptikon will promptly delete the user account and all data.
On our websites we use so-called cookies. Cookies are small files that are stored in the Internet browser on the user's device. This cookie contains a characteristic string that allows a clear identification of the browser when the website is called up again. In the used cookies no personal data is stored, so that we cannot draw conclusions about your identity by means of cookies. Only pseudonymized information is generated.
We use "session-based", temporary cookies: these do not remain on your computer. If you leave our pages, the temporary cookie will also be discarded. With the help of the gathered information we can analyze usage patterns and structures of our website and optimize the website by improving the content or the personalization and simplifying the usage.
- Use of Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. (hereafter "Google"), for the purpose of designing and continuously optimizing our websites as required. Google is certified under the EU-US Privacy Shield Agreement and ensures compliance with European privacy legislation. When visiting the online portal, the following data will be collected and stored until automated deletion by Google without any action by the visitor as part of an automated procedure:
- the IP address of the requesting computer,
- the date and time of access,
- the name and URL of the retrieved file,
- the website from which the access was made,
- the operating system of the visitor's computer and the browser used by the visitor and other technical data,
- the visitor's internet access provider,
- Language settings,
- geographical location.
However, in the case of the activation of IP anonymization on the website of Synaptikon, the IP address of Google will be shortened beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
On behalf of Synaptikon, Google will use this information to evaluate the use of the online portal, to compile reports on website activity and to provide other services related to website and internet usage to Synaptikon. The IP address submitted by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google.
The user can prevent the storage of cookies by a corresponding setting of his web browser software. Synaptikon points out to the user, however, that the user may not be able to use all the functions of NeuroNation in full.
Furthermore, the user can prevent the collection of the data generated by the cookie and its use of NeuroNation (including the IP address) to Google as well as the processing of this data by Google by the user using the browser available under the following link:
Accordingly, the user has the opportunity to object to this data collection and use at any time. Google Analytics uses DoubleClick DART cookies and may use information about the user's visit to the NeuroNation website and other websites to display ads about products and services that interest users (interest-based ads). The information generated by the cookies about the use of NeuroNation, including the IP address, is transmitted to and stored by Google's servers. Google will also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google declares that it will never merge or associate your IP address with other Google data. Google participates in the Safe Harbor program of the European Union and the United States. The information transmitted as part of this service does not include the user's name, address, e-mail address or telephone number.
If the user does not wish to use DoubleClick DART cookies, they may disable them through the Ads Preferences Manager at http://www.google.com/settings/ads/onweb/?hl=en.
- Use of Google Adwords Conversion Tracking
To statistically record the use of our website and to evaluate our website for you and for marketing purposes, we also use Google conversion tracking. In doing so, Google Adwords will set a cookie (see paragraph 1) on your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Every Adwords customer receives a different cookie. Cookies cannot be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers hear the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.
If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com".
- Use of other analysis tools
In addition, we use the following additional web analytics services:
- - New Relic for optimizing our websites
- - Logentries, Logfiles, Firebase, Adjust and Google Tag Manager for statistical purposes
For this purpose, the providers of these analysis tools set cookies on users' devices, but do not store any personal data of users. We also use IP anonymization so that referencing a specific person is excluded. To disagree and remove cookies, please read the comments below under point 8.
- Use of the customer support platform "Zendesk"
- Legal basis for data processing
The legal basis for the processing of personal data using cookies, the analytics tools mentioned here and the customer support platform "Zendesk" is Art. 6 para. 1 lit. f DSGVO.
- Purposes of data processing
- Log Entries and User Log-In Information / Account Settings
- Applying language settings
The user data collected by technically necessary cookies will not be used by us to create user profiles. In the aforementioned purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f DSGVO.
Our legitimate interest in the processing of personal data through the use of Google Analytics, Google Adwords, the other analytics tools mentioned here as well as the customer support platform "Zendesk" within the meaning of Art. 6 para. 1 lit. f DSGVO consists in the optimization and improvement of our online offer.
- Duration of storage of cookies, objection and removal possibility
IX. E.Mail dispatch via "MailChimp" and "SendGrid"
- Description, scope and purpose of the data processing
In order to be able to inform you about the latest news about our platforms, services, styles and products that you might like, you can subscribe to a free newsletter on our websites.
The newsletters are distributed via MailChimp, a mailing product of the US company Rocket Science Group // 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA and SendGrid of SendGrid, Inc., 1801 California Street, Suite 5000, Denver, Colorado 80202 USA. MailChimp and SendGrid do not use the data of our newsletter recipients to write them down or to pass them on to third parties.
When registering for the newsletter, the following data from the input mask will be sent to us:
- E-mail address
In addition, the following data is collected upon registration:
- IP address of the calling computer
- Date and time of registration
- selected language
For the processing of the data, your consent to the Double-Opt-In procedure will be obtained during the registration process. After registration, you will receive an e-mail asking you to confirm your registration. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements.
The e-mail addresses of our newsletter recipients, as well as their other information described in these notes, are stored on the servers of MailChimp or SendGrid in the USA. MailChimp and SendGrid use this information to send and evaluate the newsletters on our behalf. Furthermore, these service providers may, according to their own information, use the data to optimize or improve their own services, e.g. for the technical optimization of the shipping and the presentation of the newsletter or for economic purposes, to determine from which countries the recipients come.
In order to sign up for the newsletter, we only need your e-mail address. Other voluntary information about you is only intended to personalize the newsletter.
- Legal basis for data processing
The legal basis for the processing of the data after the user signs up for the newsletter is Art. 6 para. 1 lit. a GDPR
- Duration of storage / revocation
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active. You can terminate the receipt of our newsletter at any time without giving reasons and revoke your consent to receive the newsletter. At the same time, your consent to their dispatch via MailChimp and SendGrid expires. You will find a link to unsubscribe at the end of every newsletter.
X. Use of Facebook and Google Plus Plugins
NeuroNation's online portal uses social plug-ins (hereafter "plug-ins") of Facebook social networks (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and Google Plus (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94943, USA).
When the user accesses a website of the NeuroNation online portal containing such a plugin, the user's web browser establishes a direct connection to the Facebook or Google servers. The content of the plugins is transmitted by Facebook or Google directly to the user's web browser and incorporated by the user into the website. NeuroNation therefore has no influence on the extent of the data collected by Facebook or Google with the help of this plugin, and informs the user according to his level of knowledge:
As soon as you call up one of our internet pages, which is provided with an activated plugin, a connection to the servers of the provider of the respective plugin is established. Both contents of the servers of the provider are loaded, as well as information transmitted to the provider. This information includes z. For example, your IP address and information about which page you have just visited. This happens regardless of whether you are logged in to the respective social network or not. If you are logged in to the respective network at the same time, the respective provider can identify you as a concrete user, because in addition to the address of the visited website, the date, time and browser-related information, your user ID will also be recorded. Logging out of the relevant network may prevent the assignment of the data to your user account. Alternatively, you can also prevent data transmission to the network by using special browser add-ons (eg Facebook blocker).
If you recommend content using the activated plugins, for example by clicking on a "Like" button, the corresponding information is transmitted directly to the respective social network and stored there as well. The data collected by the provider can be used to create usage profiles.
- Facebook at http://www.facebook.com/policy.php
- Google Plus at: https://www.google.com/intl/en/policies/privacy/
XI. Social media
In addition to our websites, we are also present in social networks.
XII. Rights of the person concerned
If you process personal data, you are i.S.d. DSGVO and you have the following rights to the person responsible:
- Right to information
According to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you can provide information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a The right to complain, the source of their data, if not collected from us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about their details.
Pursuant to Art. 16 GDPR, you may request the correction to be incorrect or to complete your personal data stored with us.
Pursuant to Art. 17 GDPR, you may request the deletion of your personal data held by us, unless such processing is for the purpose of exercising the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required.
- Restriction of processing
According to Art. 18 GDPR you can demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their deletion and we no longer need the data, but you assert this, Exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- Data transmission
According to Art. 20 GDPR you may request to receive your personal data provided to us in a structured, common and machine-readable format. You may also request the transfer to another person in charge.
According to Art. 7 para. 3 DSGVO, you can revoke your consent to data processing at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future.
- Right of appeal
According to Art. 77 DSGVO you can complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
- Right of objection
If your personal data are based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO are processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which must be implemented by us without stating a particular situation.
If you would like to exercise your right of revocation or objection, please send an e-mail to us at the o.g. Contact possibilities.
This Data Privacy Statement is prepared to support you, please refer to the German version for any specific requests: https://www.neuronation.com/lp/data_privacy?lang=de