Privacy Policy NeuroNation MED

I. General



Introduction

We take the protection of your personal data very seriously. We treat data confidentially and in accordance with the legal data protection regulations and this privacy policy. 
This privacy policy applies to our mobile iOS and Android apps (hereinafter "PRODUCT").
This document explains the type, purpose and scope of data collection in connection with the use of our products.  
The following notes provide a simple overview of what happens to your personal data when you visit or use our PRODUCT. Personal data are all data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy listed below this text.
We would like to point out that data transmission over the Internet may have security gaps. It is not possible to completely protect data from access by third parties.  



Responsible party 

The responsible party for data processing in the context of this PRODUCT is: 
Synaptikon GmbH
Friedrichstrasse 68
10117 Berlin, Germany

"Responsible party" is the party that collects, processes or uses personal data (e.g. names, email addresses etc.).



Data protection contact 

You can reach out to us at:
Email: info@neuronation-med.com
Synaptikon GmbH
Friedrichstrasse 68
10117 Berlin, Germany 



General information on data retention for personal data 

Subject to deviating or more specific information within this privacy policy, the personal data collected by this PRODUCT will be stored until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply. If there is a legal obligation to store the data or any other legally recognized reason for storing the data (e.g. legitimate interest), the personal data concerned will not be deleted until the respective reason for storage no longer applies.  



Legal basis for the storage of personal data 

The processing of personal data is only permitted if there is an effective legal basis for the processing of such data. If we process your data, this is regularly done on the basis of your consent in accordance with Article 6 (1) (a) General Data Protection Regulation (GDPR) (e.g. when you voluntarily provide your data in the registration form or in the contact form), for the purpose of fulfilling the contract in accordance with Article 6 (1) (b) GDPR (e.g. when using In-APP purchases or the use of other chargeable functions of the PRODUCT) or on the basis of legitimate interests according to Article 6 (1) (f) GDPR, which are always weighed against your interests (e.g. in the context of advertising measures). The relevant legal basis will be specified in a separate place in this privacy policy.  



Encryption

This PRODUCT uses SSL or TLS encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as the operator, or communication between users. This encryption prevents the data you transmit from being read by unauthorized third parties. 



Changes to this privacy policy 

We reserve the right to change these data protection regulations at any time in compliance with legal requirements. 



II. Your rights 



General

The GDPR grants data subjects whose personal data are processed by us certain rights about which we would like to inform you at this point:



Revocation of your consent to data processing 

Many data processing operations are only possible with your consent. We will expressly obtain this from you before we start processing the data. You can revoke this consent at any time. For this purpose, an informal notification by email to us is sufficient. The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation.  



Right to object to data collection in special cases and in case of direct advertising (Article 21 GDPR)  

If the data processing is carried out on the basis of Article 6 (1) (E) or (F) GDPR, you have the right at any time to object, for reasons arising from your particular situation, to the processing of personal data concerning you, which also applies to profiling based on these provisions.
The respective legal basis on which processing is based can be found in this privacy policy. 
If you object, we will no longer process the personal data concerned unless we can prove that there are valid reasons for processing worthy of protection which outweigh your interests, rights and freedoms or which serve the processing of the assertion, exercise or defence of legal claims. 
If your personal data are processed for the purpose of direct marketing, you have the right to object, at any time, to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing.  



Right of appeal to a supervisory authority

In the event of violations of the GDPR, those affected have a right of appeal to a supervisory authority. This right of appeal is without prejudice to other administrative or judicial remedies.  



Information, deletion and correction 

You have the right to receive information free of charge at any time about your stored personal data, its origin and recipients and the purpose of data processing, as well as the right to correct or delete this data. You can contact us at any time by email for this purpose and for further questions on the subject of personal data. 



Right to restricting of processing 

You have the right to request that the processing of your personal data be restricted. For this purpose you can contact us at any time by email. The right to limit processing exists in the following cases: 
 - If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to demand the restriction of the processing of your personal data. 
 - If the processing of your personal data was/is unlawful, you can demand the restriction of data processing instead of deletion. 
 - If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion. 
 - If you have lodged an objection in accordance with Article 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data. 
If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.  


Right to data portability 

You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.  



III. Access rights of the PRODUCT 

In order to provide our services, we require the access rights listed below, which enable us to access certain functions of your device. 
 - Wi-Fi connections
 - Receiving data from the Internet
 - Network access
 - Power saving mode (prevent the "sleep mode" from being activated on the device 
 - Vibration control
Access to the device functions is required to ensure the functionality of the PRODUCT. The legal basis for this data processing is our legitimate interest within the meaning of Article 6 (1) (f) GDPR, your consent within the meaning of Article 6 (1) (a) GDPR and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR). 
The data collected in this way will generally not be stored for longer than is necessary for the use of the corresponding functions, but at most until 24 hours after the uninstallation of the App.

 

IV. Collection of personal data in the context of the use of the PRODUCT 



General

When you use our PRODUCT, we collect the following personal data from you, depending on availability: 
- Usage data 
- metadata
- IP address 
- device identifier
- email address
- language
- Age group
- Mobile IDs (IDFA, IDFV, Android ID etc.)
The processing of this personal data is necessary to guarantee the functionalities of the PRODUCT. The legal basis for this data processing is our legitimate interest within the meaning of Article 6 (1) (f) GDPR, your consent within the meaning of Article 6 (1) (a) GDPR and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR). 



Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser or the PRODUCT automatically sends to us. These are:
- Operating system used
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of these data is based on Article 6 (1) (f) GDPR. The operator has a legitimate interest in the technically error-free display and optimization of his application - for this purpose the server log files must be recorded. 


Registration in the PRODUCT

You can register in the PRODUCT to use additional features. We will use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse the registration.
In the event of important changes, for example in the scope of the offer or technically necessary changes, we will use the email address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if applicable, for the initiation of further contracts (Article 6 (1) (b) GDPR).
The data entered during registration is stored by us for as long as you are registered in this PRODUCT and is then deleted. Legal retention periods remain unaffected. 


Request within the PRODUCT, by email or by phone 

If you contact us (e.g. via contact form within the PRODUCT, by email, telephone or fax), your inquiry including all personal data resulting from it (e.g. name, inquiry) will be stored and processed by us for the purpose of processing your request. This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Article 6 (1) (a) GDPR) and/or on our legitimate interests (Article 6 (1) (f) GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us. The data sent to us by you via contact request will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected. We will not pass on your data without your consent. 

For data processing of emails we use the services of mailbox.org of Heinlein Support GmbH. These enable the receipt, processing and sending in case of customer requests, as well as the evaluation of the requests and their processing.
The privacy policy of mailbox.org can be found here: https://mailbox.org/en/data-protection-privacy-policy


Newsletter data

If you would like to receive the newsletter offered in our PRODUCT, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected. We use these data exclusively for sending the requested information and do not pass them on to third parties. The dispatch of the newsletter is based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time. 
For the maintenance and analysis of our newsletters we use the following data through our service providers:
- Opening of emails
- Clicks on emails
- Newsletter subscriptions



Hosting and Content Delivery Networks (CDN)

The web services belonging to this PRODUCT are hosted by an external service provider (Hoster). The personal data collected in this PRODUCT is stored on the hoster's servers. 
The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Article 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Article 6 (1) (f) GDPR).
Our hoster will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions with regard to this data.
In order to ensure that the processing complies with data protection regulations, we have concluded a data processing agreement with our hoster.
As hosters we use AWS Europe (Amazon Web Services EMEA SARL) and Host Europe GmbH. Personal data is encrypted when transferred. We store personal data encrypted in Germany.



V. Data Analysis 



General

If you access our PRODUCT, your behavior can be statistically evaluated with the help of certain analysis tools and analyzed for advertising and market research purposes or to improve our offers. When using such tools, we ensure that the legal data protection regulations are observed. When using external service providers (contract processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.  



Newsletter data

If you would like to receive the newsletter offered in our PRODUCT, we need your contact data (email address) as well as information that allows us to verify that you are the owner of the contact data provided and that you agree to receive the newsletter. 
The contact data may additionally consist of device identifiers to be stored, if you wish us to contact you via push notification. 
Further data will not be collected, or only on a voluntary basis. We use this data exclusively for sending the requested information.
The processing of the data provided is based exclusively on your consent (Article 6 (1) (a) GDPR). You can revoke your consent to the storage of the data, the contact data as well as their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter in the case of emails or via your profile settings in general. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you have provided us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected.
After you have been removed from the newsletter distribution list, your contact data may be stored in a blacklist by us or the newsletter service provider to prevent future newsletters from being sent. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements for sending newsletters (legitimate interest in the sense of Article 6 (1) (f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.



Date: 2020-11-25