I. General
Introduction
We take the protection of your personal data very seriously. We treat data confidentially and in accordance with the legal data protection regulations and this privacy policy.
This privacy policy applies to our mobile iOS and Android apps (hereinafter "APP") as well as to our WEB application (hereinafter WEB and APP together: "PRODUCT"), as you can use all platforms simultaneously with your NeuroNation account.
This document explains the type, purpose and scope of data collection in connection with the use of our products.
The following notes provide a simple overview of what happens to your personal data when you visit or use our PRODUCT. Personal data are all data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.
We would like to point out that data transmission over the Internet may have security gaps. It is not possible to completely protect data from access by third parties.
Responsible party
The responsible party for data processing in the context of this PRODUCT is:
Synaptikon GmbH
Friedrichstrasse 68
10117 Berlin, Germany
Email: info@neuronation.de
"Responsible party" is the party that collects, processes or uses personal data (e.g. names, email addresses etc.).
Data protection contact
If you have any general questions about data protection, you can contact our data protection officer, Mike Peter, at the following E-Mail address:
E-Mail: dpo@neuronation.de
General information on data retention for personal data
Subject to deviating or more specific information within this privacy policy, the personal data collected by this PRODUCT will be stored until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply. If there is a legal obligation to store the data or any other legally recognized reason for storing the data (e.g. legitimate interest), the personal data concerned will not be deleted until the respective reason for storage no longer applies.
Legal basis for the storage of personal data
The processing of personal data is only permitted if there is an effective legal basis for the processing of such data. If we process your data, this is regularly done on the basis of your consent in accordance with Article 6 (1) (a) General Data Protection Regulation (GDPR) (e.g. when you voluntarily provide your data in the registration form or in the contact form), for the purpose of fulfilling the contract in accordance with Article 6 (1) (b) GDPR (e.g. when using In-APP purchases or the use of other chargeable functions of the PRODUCT) or on the basis of legitimate interests according to Article 6 (1) (f) GDPR, which are always weighed against your interests (e.g. in the context of advertising measures). The relevant legal basis will be specified in a separate place in this privacy policy.
Encryption
This PRODUCT uses SSL or TLS encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as the operator, or communication between users or payment data (e.g. account number for direct debit authorization, Visa/MasterCard, direct debit). This encryption prevents the data you transmit from being read by unauthorized third parties.
On the WEB: You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser line.
Changes to this privacy policy
We reserve the right to change these data protection regulations at any time in compliance with legal requirements.
II. Your rights
General
The GDPR grants data subjects whose personal data are processed by us certain rights about which we would like to inform you at this point:
Revocation of your consent to data processing
Many data processing operations are only possible with your consent. We will expressly obtain this from you before we start processing the data. You can revoke this consent at any time. For this purpose, an informal notification by email to us is sufficient. The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation.
Right to object to data collection in special cases and in case of direct advertising (Article 21 GDPR)
If the data processing is carried out on the basis of Article 6 (1) (E) or (F) GDPR, you have the right at any time to object, for reasons arising from your particular situation, to the processing of personal data concerning you, which also applies to profiling based on these provisions.
The respective legal basis on which processing is based can be found in this privacy policy.
If you object, we will no longer process the personal data concerned unless we can prove that there are valid reasons for processing worthy of protection which outweigh your interests, rights and freedoms or which serve the processing of the assertion, exercise or defence of legal claims.
If your personal data are processed for the purpose of direct marketing, you have the right to object, at any time, to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing.
Right of appeal to a supervisory authority
In the event of violations of the GDPR, those affected have a right of appeal to a supervisory authority. This right of appeal is without prejudice to other administrative or judicial remedies.
Information, deletion and correction
You have the right to receive information free of charge at any time about your stored personal data, its origin and recipients and the purpose of data processing, as well as the right to correct or delete this data. You can contact us at any time by email for this purpose and for further questions on the subject of personal data.
Right to restricting of processing
You have the right to request that the processing of your personal data be restricted. For this purpose, you can contact us at any time by email. The right to limit processing exists in the following cases:
-
If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to demand the restriction of the processing of your personal data.
-
If the processing of your personal data was/is unlawful, you can demand the restriction of data processing instead of deletion.
-
If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
-
If you have lodged an objection in accordance with Article 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
Right to data portability
You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.
III. Access rights of the APP
In order to provide our services via the APP, we require the access rights listed below, which enable us to access certain functions of your device.
-
Wi-Fi connections
-
Receiving data from the Internet
-
Network access
-
Power saving mode (prevent the "sleep mode" from being activated on the device
-
Vibration control
Access to the device functions is required to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Article 6 (1) (f) GDPR, your consent within the meaning of Article 6 (1) (a) GDPR and/or - if a contract has been concluded - the fulfillment of our contractual obligations (Article 6 (1) (b) GDPR).
The data collected in this way will generally not be stored for longer than is necessary for the use of the corresponding functions, but at most until 24 hours after the uninstallation of the App.
IV. Collection of personal data in the context of the use of the PRODUCT
General
When you use our PRODUCT, we collect the following personal data from you, depending on availability:
-
Usage data
-
Metadata
-
IP address
-
Device identification
-
Email address
-
Time zone
-
Language
-
ID of social networks / external service providers when registering externally (if activated, see below for the individual service providers such as Facebook Connect, Google Account, Apple login)
-
Profile picture (if activated)
-
Age group
-
Mobile IDs (IDFA, IDFV, Android ID etc.)
The processing of this personal data is necessary to guarantee the functionalities of the PRODUCT. The legal basis for this data processing is our legitimate interest within the meaning of Article 6 (1) (f) GDPR, your consent within the meaning of Article 6 (1) (a) GDPR and/or - if a contract has been concluded - the fulfillment of our contractual obligations (Article 6 (1) (b) GDPR).
WEB: Cookies
Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage on your end device. They are either temporarily stored on your device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for the processing of payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping basket function) or to optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Article 6 (1) (f) GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of his services. If consent to the storage of cookies has been requested, the storage of the cookies in question will be carried out exclusively on the basis of this consent (Article 6 (1) (a) GDPR); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this privacy policy and, if necessary, request your consent.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser or the PRODUCT automatically sends to us. These are:
-
Operating system used
-
Hostname of the accessing computer
-
Time of the server request
-
IP address
-
WEB: Browser type and version
-
WEB: Referrer URL
This data is not merged with other data sources.
The collection of these data is based on Article 6 (1) (f) GDPR. The operator has a legitimate interest in the technically error-free display and optimization of his application - for this purpose the server log files must be recorded.
Registration in the PRODUCT
You can register in the PRODUCT to use additional features. We will use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise, we will refuse the registration.
In the event of important changes, for example in the scope of the offer or technically necessary changes, we will use the email address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if applicable, for the initiation of further contracts (Article 6 (1) (b) GDPR).
The data entered during registration is stored by us for as long as you are registered in this PRODUCT and is then deleted. Legal retention periods remain unaffected.
Registration with Facebook Connect
Instead of a direct registration you can register with Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
If you choose to register with Facebook Connect and click on the "Login with Facebook"/"Connect with Facebook" button, you will be automatically redirected to the Facebook platform. There you can log in with your usage data. This will link your Facebook profile with this PRODUCT or our services. This link gives us access to your data stored on Facebook. These are above all:
-
Facebook name
-
Facebook profile and cover picture
-
Email address stored on Facebook
-
Facebook ID
-
Country
-
Language
This data is used to set up, provision and personalize your account.
The registration with Facebook-Connect and the associated data processing procedures are based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time with effect for the future.
You can find further information in the Facebook terms of use and the Facebook data protection regulations. These can be found under:
https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/ .
Registration with Google Account
Instead of a direct registration you can register with your Google Account.
The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. However, according to Google, the data collected is also transferred to the USA and other third countries.
If you choose to register with your Google Account and click on the button, you will be automatically redirected to the Google platform. There you can log in with your usage data. This will link your Google Account with this PRODUCT or our services. This link gives us access to your data stored at Google. This is above all:
-
Email address
This data is used to set up, provision and personalize your account.
The registration with your Google Account and the associated data processing procedures are based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time with effect for the future.
You can find further information in the Google Terms of Use and the Google Privacy Policy. These can be found under:
https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de .
Registration with Apple
We offer you the possibility to register and log in via your Apple account using "Apple Login". When you register for the first time using the Apple ID, the app will ask you for your email address so that an account can be set up for you.
We will store your email address with us and will contact you at this address with instructions if necessary. While using the "Register with Apple ID" feature, Apple will not track you or create a profile of you. Apple collects only the information necessary to ensure that you can log in and manage your account.
As long as you remain logged on to your device, you will automatically remain logged on to our app. For more information about Apple login, please see:
https://support.apple.com/HT210318
APP: Registration with Kakao
Only available in the Korean version of the APP:
Instead of a direct registration you can register with your Kakao account.
The provider of this service is Kakao Corp ("Kakao"), 242, Cheomdan-ro, Jeju-si, Jeju-do, 63309, Korea. The data collected may be transferred to other third countries.
If you choose to register with your Kakao account and click on the button, you will be automatically redirected to the Kakao platform. There you can login with your usage data. This will link your Kakao account to this PRODUCT or our services. Through this link we get access to your data stored at Kakao. This is above all:
-
Email address
This data is used to set up, provision and personalize your account.
Registration with your Kakao account and the associated data processing operations are based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time with effect for the future.
You will find further information in the Kakao terms of use and the Kakao data protection regulations. You will find these under:
https://www.kakao.com/policy/privacy?lang=enund https://www.kakao.com/policy/terms?type=a&lang=en .
Request within the PRODUCT, by email or by phone
If you contact us (e.g. via contact form within the PRODUCT, by email, telephone or fax), your inquiry including all personal data resulting from it (e.g. name, inquiry) will be stored and processed by us for the purpose of processing your request. This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Article 6 (1) (a) GDPR) and/or on our legitimate interests (Article 6 (1) (f) GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us. The data sent to us by you via contact request will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected. We will not pass on your data without your consent.
Zendesk
We use the Zendesk ticketing system, a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, to process customer inquiries and for the support site. For this purpose, necessary data such as name, first name, postal address, telephone number, email address are collected through our PRODUCT to be able to answer your information request. For information on data processing by Zendesk, please refer to the Zendesk Privacy Policy at http://www.zendesk.com/company/privacy . If you have any questions, you can also contact Zendesk's Privacy Officer directly at privacy@zendesk.com.
We have signed a data processing agreement with Zendesk and fully implement the strict requirements of the European data protection authorities when using Zendesk. The legal basis for processing with Zendesk is, if you have given your consent, Article 6, 1, clause 1, a, if you have given your consent, otherwise b, if the processing of your inquiry is related to the preparation or execution of a contractual relationship, and f., if no contractual relationship exists, in which case our legitimate interest is to answer your inquiry.
Newsletter data
If you would like to receive the newsletter offered in our PRODUCT, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected. We use these data exclusively for sending the requested information and do not pass them on to third parties. The dispatch of the newsletter is based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time.
For the maintenance and analysis of our newsletters we use the following data through our service providers:
-
Opening of emails
-
Clicks on emails
-
Newsletter subscriptions
Google Ads / Google Admob
APP: If you use the free membership and activate the ad-supported version, if available, in the APP, you will see ads that are currently provided by Google Ads (Google Admob). Thereby advertising IDs are collected by Google Ads (Mobile advertiser ID, iOS IDFA, Android Advertising ID).
You can find more information here:
https://policies.google.com/technologies/ads?lang=de-DE&hl=de
WEB: Google Ads enables us to display ads in the Google search engine or on third party websites if the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be played out on the basis of user data available at Google (e.g. location data and interests) (target group targeting). We as the operator can evaluate this data quantitatively, for example by analyzing which search terms led to the playout of our ads and how many ads led to corresponding clicks.
The use of Google Ads is based on Article 6 (1) (f) GDPR. The operator has a legitimate interest in marketing his service products as effectively as possible.
Outbrain
We use services of Outbrain Inc., 39 West 13th Street, 3rd floor, New York, NY 10011 ("Outbrain"), which help to find users interesting content on our website and on websites of third parties. Outbrain's sponsored reading recommendations are determined on a purely pseudonymous basis. Every user can deactivate this process for Apple Devices and Android Devices.
More information about Outbrain's privacy can be found here. You can always object to tracking to show interest-based recommendations; Click on the "Decline" field (opt-out) under the Outbrain Privacy Policy.
The storage of "conversion cookies" and the data processing is based on Art. 6 (1) GDPR. We rely hereby on a legitimate interest in analysing user behavior in order to optimize both our website and advertising activities.
Taboola
We use technologies from Taboola Inc., 28 West 23rd St. 5th Fl, New York, NY 10010 ("Taboola"). Taboola uses cookies that determine what content you clicked on to discover our website and which of our pages you did visit. For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, IP address, browser, and access device information to Taboola. Every user can deactivate this process for Apple Devices and Android Devices. The Taboola cookie enables us to create pseudonymous usage profiles by collecting device-related data as well as log data and recommending content that suits your personal interests. So we can design our offer individually for you. These usage profiles do not allow you to draw conclusions about yourself.
For more information about Taboola and the ability to disable the Taboola cookie, see the Taboola Privacy Policy (opt-out information can be found under "Site Visitor Choices").
We have entered into a so-called "Data Processing Agreement" with Taboola, in which we commit Taboola to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
The storage of "conversion cookies" and the data processing is based on Art. 6 (1) GDPR. We rely hereby on a legitimate interest in analysing user behavior in order to optimize both our website and advertising activities.
Poptin
To enhance our marketing activities on our blog, we use the service provider Poptin (Poptin Ltd., Aluf Kalman Magen St 3, Tel Aviv-Yafo, Israel). The service delivers popups on our blog to better inform you about our offerings.
For marketing optimization purposes, Poptin collects, if not disabled by the user in the system settings of its device, the IP address, browser, and access device information to Poptin.
We have entered into a so-called "Data Processing Agreement" with Poptin, in which we commit to protect the data of our customers, to not disclose them to third parties, and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR.
Further information can be found in the privacy policy of Poptin: https://www.poptin.com/privacy-policy/
And their GDPR claims: https://www.poptin.com/gdpr/
The use of Poptin is based on Article 6 (1) (f) GDPR. The operator has a legitimate interest in marketing his service products as effectively as possible.
The data transfer to Poptin takes place on the basis of an adequacy decision pursuant to Art. 45 DSGVO: Israel is one of the so-called safe third countries.
Google Conversion-Tracking
This PRODUCT uses Google Conversion Tracking. The service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Conversion Tracking allows Google and us to see if the user has performed certain actions. For example, we can evaluate which buttons in our PRODUCT were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that can be used to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of Google Conversion Tracking is based on Article 6 (1) (f) GDPR. The operator has a legitimate interest in the analysis of user behavior in order to optimize both its web offering and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Article 6 (1) (a) GDPR; the consent can be revoked at any time.
More information on Google Conversion Tracking can be found in the Google Privacy Policy: https://policies.google.com/privacy?hl=de .
Hosting and Content Delivery Networks (CDN)
The web services belonging to this PRODUCT are hosted by an external service provider (Hoster). The personal data collected in this PRODUCT is stored on the hoster's servers.
The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Article 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Article 6 (1) (f) GDPR).
Our hoster will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions with regard to this data.
In order to ensure that the processing complies with data protection regulations, we have concluded a data processing agreement with our hoster.
Google Firebase
This service is provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of Google Firebase may require the transfer of your personal data to the USA.
Firebase is part of the Google Cloud Platform (Google Ireland Limited, Gordon House, Barrow Street, Sieblin 4, Ireland) and offers various services for web and app developers (https://firebase.google.com/terms/ ). Some Firebase services process personal data. In most cases, the personal data used is limited to so-called instance IDs, which are time-stamped. The instance IDs created by Firebase are only used once and therefore allow the assignment to certain events or processes. According to Google, the data collected in this process is not personal data.
In other cases, Google Firebase stores, among other things, the number and duration of sessions, operating systems, device models, region and a number of other data. A detailed overview of the data collected by Google Firebase can be found at: https://support.google.com/firebase/answer/6318039
For Analytics for Firebase Google uses not only the above mentioned instance ID, but also the advertising ID of the end device. You can change the usage of the Ad ID in the device settings of your mobile device.
Android: Settings > Google > Ads > Reset Ad ID
iOS: Settings > Privacy > Advertising > No Ad Tracking
We use Google Firebase above all:
-
to select configuration data necessary for operation and to transfer this data to end user devices
-
to analyze user behavior and solve problems in the user experience, for example by evaluating crash reports
-
to open newly installed apps on a specific page or in a specific context
-
to send push notifications or so-called in-app messages (notifications that are only displayed in the respective PRODUCT). You can disable and enable push notifications at any time through your device settings.
The paragraph at the top ("General information on data retention for personal data") applies to the storage period of data collected in this way. Personal data at Google Firebase is not stored longer than necessary for the purpose of the service (usually up to 14 months). Further information can be found under:
https://support.google.com/analytics/answer/7667196?hl=de-DE
Google Firebase is used to optimize this PRODUCT and to improve our offers. This represents a legitimate interest in the sense of Article 6 (1) (f) GDPR.
Further information about Google Firebase can be found at:
https://www.firebase.com/terms/privacy-policy.html
LINE
Instead of a direct registration you can register with your LINE account.
The provider of this service is LY Corporation (1-3, Kiochio, Chiyoda, Tokyo, Japan). The data collected may be transferred to other third countries.
If you choose to register with your LINE account and click on the button, you will be automatically redirected to the LINE platform. There you can login with your usage data. This will link your LINE account to this PRODUCT or our services. Through this link we get access to your data stored at LINE. This is above all:
-
Email address
This data is used to set up, provision and personalise your account.
Registration with your LINE account and the associated data processing operations are based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time with effect for the future.
You will find further information in the LINE terms of use and the LINE data protection regulations. You will find these under:
https://line.me/en/terms/policy/
https://terms.line.me/line_terms?lang=en
V. Data Analysis
General
If you access our PRODUCT, your behavior can be statistically evaluated with the help of certain analysis tools and analyzed for advertising and market research purposes or to improve our offers. When using such tools, we ensure that the legal data protection regulations are observed. When using external service providers (contract processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
Google Analytics
This PRODUCT uses Google Analytics. The service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the operator to analyze the behavior of users. In doing so, the operator receives various usage data, such as page impressions, length of stay, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or his terminal device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google on the use of this PRODUCT is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Article 6 (1) (f) GDPR. The operator has a legitimate interest in the analysis of user behavior in order to optimize both the offered PRODUCT and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Article 6 (1) (a) GDPR; the consent can be revoked at any time.
Data stored by Google at user and event level, which are linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID), are usually anonymized or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de
We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
IP anonymization for Google Analytics and Google Firebase
We have activated the IP anonymization function in this application. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this PRODUCT, Google will use this information to evaluate your use of the PRODUCT, to compile reports on the activities and to provide further services to the operator in connection with the use of the PRODUCT and the use of the Internet. The IP address transmitted by your device within the framework of Google Analytics is not combined with other data from Google.
You can find more information about this at: https://support.google.com/analytics/answer/2763052
WEB: Browser Plugin for Google Analytics
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de .
For more information on how Google Analytics handles user data, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de .
WEB: Google Optimize
We use the Google Optimize tool to understand which of the different versions of our PRODUCT are more helpful to users and which are not. Optimize uses Google Analytics cookies to target content variants to a user and a content experiment cookie to determine a user's participation in an experiment.
Information on data protection in this context can be found here:
http://policies.google.com/?hl=en and /support.google.com/optimize/answer/6292487?hl=en.
APP: Microsoft AppCenter
For maintenance reasons, the APP also collects data in the event of a crash by using Microsoft AppCenter ( http://appcenter.ms ). The service provider (Microsoft Corporation) requests the following information in the event of a crash:
-
Device type (manufacturer and version),
-
Operating system version,
-
App version and
-
Screen or function call (location, not location of the user) of the crash.
The storage of this separate data is done by Microsoft - we have no influence on the location. These data cannot be assigned by us to a single user within our own database and are physically completely separated.
Logentries
In order to guarantee the proper functioning of our PRODUCT, we use the services of Logentries. Logentries is a service of Rapid7 Ireland Limited, Windmill Lane, Dublin 2, Ireland. This service analyzes problems with the functions and informs us about the availability, stability, and security of our services. For this purpose, your IP address is transmitted to the service. You can find further information here: https://www.rapid7.com/privacy-policy/
New Relic
In order to guarantee the proper functioning of our PRODUCT, we use the services of New Relic. New Relic is a service of New Relic, Inc., 188 Spear Street, Suite 1000, San Francisco, CA 94105, USA. This service analyzes problems with the functions and informs us about the availability, stability, and security of our services. For this purpose, your IP address is transmitted to the service. You can find further information here: https://newrelic.com/termsandconditions/privacy
Newsletter data (Sendgrid, Iterable)
If you would like to receive the newsletter offered in our PRODUCT, we need your contact data (email address) as well as information that allows us to verify that you are the owner of the contact data provided and that you agree to receive the newsletter.
In case of using the APP, the contact data may additionally consist of device identifiers to be stored, if you wish us to contact you via push notification.
Further data will not be collected, or only on a voluntary basis. We use this data exclusively for sending the requested information.
The processing of the data provided is based exclusively on your consent (Article 6 (1) (a) GDPR). You can revoke your consent to the storage of the data, the contact data as well as their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter in the case of emails or via your profile settings in general. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you have provided us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected.
After you have been removed from the newsletter distribution list, your contact data may be stored in a blacklist by us or the newsletter service provider to prevent future newsletters from being sent. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements for sending newsletters (legitimate interest in the sense of Article 6 (1) (f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
We use "Sendgrid" for sending our newsletter. The service is provided by the company SendGrid, Inc., 1801 California Street, Suite 500, Denver, CO 80202, USA. Additionally we use "Iterable". The service is provided by Iterable, Inc. 71 Stevenson St, #300 San Francisco, CA 94105, USA.
SendGrid and Iterable are services that can be used to organize and analyze the sending of newsletters. If you provide contact information such as an email address, it will be stored on SendGrid and Iterable's servers in the USA.
With the help of SendGrid and Iterable we can analyze the sending of newsletters. This way we can determine whether a message has been opened and which links have been clicked on, if any. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). This information is used exclusively for statistical analysis of messages. The results of these analyses can be used to better identify delivery problems.
We have signed data processing agreements with Sendgrid and Iterable, and fully implement the strict requirements of the European data protection authorities in their use.
For more information, please refer to the privacy policy:
Sendgrid: https://www.twilio.com/legal/privacy
Iterable: https://iterable.com/trust/privacy-policy
Adjust
To optimize our marketing activities, we use the service provider Adjust (adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin). The data collected through Adjust informs, for example, about the download of the App, the online advertising channel through which the visit was generated, the time of the first use of the PRODUCT, the duration of the use and about especially used functions. For the analysis Adjust uses IP and Mac addresses of the users or similar IDs for mobile devices, which are however hashed after the collection and are used by Adjust exclusively in pseudonymized form. The data are stored on the servers of adjust GmbH in Germany.
Further information can be found in the privacy policy of Adjust: https://www.adjust.com/privacy-policy/ .
You can deactivate the tracking by Adjust at the following address:https://www.adjust.com/forget-device
We have concluded an agreement with adjust GmbH for order processing. The processing of your personal data, which are raised with the use of Adjust, takes place on the basis of your consent in accordance with Article 6 (1) (a) GDPR.
Iterable
To optimize our marketing activities, we use the service provider Iterable (Iterable, Inc., 5 New Street Square, London EC4A 3TW).
We use Iterable for the following purposes:
-
Marketing newsletters and marketing web push notifications.
-
Transactional emails (email validation, password recovery, payment completions / reminders).
-
Push notifications or so-called in-app messages (notifications that are only displayed in the respective PRODUCT).
You can disable and enable push notifications at any time through your device settings.
The use of Iterable is based on Article 6 (1) (a) GDPR, the processing of your personal data takes place on the basis of your consent.
Further information can be found in the privacy policy of Iterable: https://iterable.com/en-GB/trust/privacy-policy/#:~:text=INFORMATION%20COLLECTED%20BY%20ITERABLE&text=Iterable%20will%20not%20collect%20your,(other%20than%20our%20customers)..
VI. Plugins and Tools
WEB: Google Fonts
This PRODUCT uses so-called fonts, which are provided by Google, for the uniform representation of fonts. The Google fonts are installed locally. There is no connection to Google servers.
Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in the Google privacy policy: https://policies.google.com/privacy?hl=de .
VII. eCommerce and payment providers
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Article 6 (1) (b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data on the use of this PRODUCT (usage data) only to the extent necessary to enable or charge the user for the use of the service.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmission upon conclusion of contract for services and digital contents
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the credit institution commissioned with the handling of payments.
A further transmission of the data is not carried out or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Article 6 (1) (b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Chargebee
Through Chargebee we are better equipped to manage our customers' payments and subscriptions, for web and mobile (app & play stores) transactions. The provider of this subscription management service within the EU is CHARGEBEE B.V., Piet Heinkade 55, 1019GM Amsterdam, Netherlands (hereinafter “Chargebee”).
When paying via any of our payment providers, the information will be aggregated by Chargebee, and your payment details will be transmitted to Chargebee in order to process the payment. Details of this can be found in Chargebee’s Privacy Policy at the following link: https://www.chargebee.com/privacy/ .
The transmission of your data to Chargebee is based on Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b) GDPR (processing for the purpose of fulfilling a contract). You have the possibility to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.
WEB: Stripe
We offer payment via Stripe. Provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe").
When paying via Stripe, your payment details will be transferred to Stripe via an interface on our site in order to process the payment. Details of this can be found in Stripe's Privacy Policy at the following link: https://stripe.com/de/privacy.
The transfer of your data to Stripe is based on Article 6 (1) (b) GDPR (processing of contracts) and on our legitimate interest in using reliable and secure payment processes (Article 6 (1) (f) GDPR).
WEB: PayPal
We offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
If you choose to pay via PayPal, the payment data you enter will be transmitted to PayPal.
The transmission of your data to PayPal is based on Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b) GDPR (processing for the performance of a contract). You have the possibility to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.
WEB: Novalnet
We offer payment via Novalnet. Provider of this payment service is Novalnet AG, Zahlungsinstitut (ZAG), Feringastraße 4
85774 Unterföhring (hereinafter "Novalnet").
If you choose to pay via Novalnet, the payment data you enter will be transmitted to Novalnet. Details can be found in Novalnet's privacy policy under the following link: https://www.novalnet.de/datenschutz .
The transmission of your data to Novalnet is based on Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b) GDPR (processing for the purpose of fulfilling a contract). You have the possibility to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.
eCollect and PAIR Finance
For the collection of unpaid orders via the above services (Stripe, PayPal, Novalnet) we use eCollect and PAIR Finance.
eCollect’s privacy policy can be found here: https://ecollect.org/privacy-policy/
PAIR Finance’s privacy policy can be found here: https://www.pairfinance.at/en/data-protection/
The transmission of your data to these services is based on Article 6 (1) (a) GDPR (consent) and Article 6 (1) (b) GDPR (processing for the purpose of fulfilling a contract). You have the possibility to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.
Date: 2023-10-26