Privacy policy for the enduco App
Preamble
This service (hereafter „App“) is provided by enduco GmbH (Feldmannstrasse 22a, 66119 Saarbrücken, Germany) (hereafter „we“ or „us“) as the person responsible in the sense of the Applicable data protection law.
As part of the App, we enable you to retrieve and display the following information:
- Tracking of athletic training incl. evaluation
- Creation of routes & routing/navigation
- Fatigue monitoring (monitoring of loading & unloading of athletic training)
- Season- & Training planning
- Manually update of training units
- Connecting Bluetooth sensors
- Connection to third party providers (receiving and sending of data after consent by the user.
When using the App, we process personal data about you. By personal data we mean all information relating to an identified or identifiable natural person. Because the protection of your privacy is important to us when using the App, we would like to inform you with the following details which personal data we process when you use the App and how we handle this data. In addition, we will inform you about the legal basis for processing your data and, if processing is necessary to safeguard our legitimate interests, also about our legitimate interests.
You can look up this data protection declaration at any time under the menu item „Profile – Data protection“ within the App.
- Information on the Processing of your Data
Certain information is already processed automatically when you use the App. We have listed the exact personal data that is processed for you below:
- Information collected during Downloading
When downloading the App, certain required information is transmitted to the App store you have selected (e.g. Google Play or Apple App Store), in particular the user name, e-mail address, customer number of your account, time of download, payment information and the individual device code can be processed. This data is processed exclusively by the respective App Store and is beyond our control.
Google Analytics for Firebase
(https://firebase.google.com/)
The collected data helps us to better understand the usage of the app and to improve the offer. All IP addresses are only stored in anonymized form. Therefore, the data obtained cannot be used to personally identify users.
Firebase Analytics uses an advertising ID. You can restrict this use in the device settings of your mobile device.
For Android: Settings > Google > Ads > Reset Advertising ID.
For iOS: Settings > Privacy > Advertising > No ad tracking.
More information about Google Firebase and privacy can be found here: https://www.google.com/policies/privacy/
Facebook SDK
We use the so-called Facebook Software Development Kit (Facebook SDK) of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA („Facebook“).
- The following data is used for this purpose:
- App ID,
- the app version,
- the information that the app was started.
Facebook SDK helps us improve the success of mobile app advertising campaigns delivered through Facebook. Facebook SDK also enables us to perform various evaluations on the installation of our app and the success of our advertising campaigns.
With the help of Facebook SDK, it is also possible for us to analyze individual activities of a user within the app in order to, among other things, more efficiently define target groups for our advertising campaigns more precisely and better.
Only pseudonymized data is transmitted to Facebook.
The purpose of collecting and using this data is to analyze our target group and optimize our advertising campaigns. The legal basis is Art. 6 para. 1f DSGVO (legitimate interest of us in analyzing user behavior in order to conduct individualized advertising campaigns) or Art. 6 para. 1a DSGVO (consent given by you).
Mixpanel
We use a product analytics tool called Mixpanel by Mixpanel, Inc, 405 Howard St., Floor 2, San Francisco, CA 94105, USA („Mixpanel“) in our APP. The Mixpanel tool allows us to evaluate the use of our website and the interaction of our visitors with the features of our website. The personal data collected by Mixpanel, such as, among other things, your IP address, may be transmitted to Mixpanel’s servers, possibly outside the EU such as the USA. Mixpanel will only process this personal data on our behalf.
You can object to the use of Mixpanel at any time. For more information, please visit https://mixpanel.com/optout/. For more information, please see Mixpanel’s privacy policy at https://mixpanel.com/legal/privacy-overview/.
Mixpanel is certified under the EU-US Privacy Shield based on an adequacy decision of the EU Commission and thus commits to comply with EU data protection requirements. The transfer of data to Mixpanel in connection with the Mixpanel tool is based on Art. 45 and 28 GDPR.
We also use the Mixpanel tool to analyze the use of our offer and to continuously develop our offer in terms of user-friendliness. The basis for the use of the Mixpanel tool is Art. 6 para. 1 p. 1 lit. f) DSGVO. Our legitimate interest is to ensure the best possible user experience through continuous optimization and development of our offer.
AppsFlyer
(https://www.appsflyer.com)
The collected data helps us to better understand the usage of the app and to improve the offer. All IP addresses are only stored in anonymized form. Therefore, the data obtained cannot be used to personally identify users.
https://www.appsflyer.com/product/gdpr-ccpa
- Information that is collected automatically
This data is automatically transmitted to us, but is not stored, (1) to provide you with the Service and related features; (2) to improve the features and functionality of the App; and (3) to prevent and correct misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App, or (2) we have a legitimate interest in being able to guarantee the functionality and error-free operation of the App and to be able to offer a service in line with the market and interests, which in this case outweighs your rights and interests in the protection of your personal data pursuant to Art. 6 para. 1 lit. f) GDPR.
1.3 Creation of a user account (registration) and Login
If you create a user account or register, we use your access data (e-mail address, password, first name, last name) to grant you access to your user account and to administer it („mandatory data„). Mandatory data within the scope of registration are marked with an asterisk and are required for the conclusion of the user contract. If you do not enter this data, you will not be able to create a user account.
In addition, you can provide the following voluntary information during the registration process: gender, weight, date of birth, height, resting heart rate, maximum heart rate, profile picture.
We use the mandatory information to authenticate you when you log in and to follow up requests to reset your password. We will process and use the information you provide during registration or login to (1) verify your right to manage your user account; (2) enforce the App’s Terms of Use and all related rights and obligations; and (3) contact you to send you technical or legal notices, updates, security alerts, or other communications relating to user account management.
We use voluntary information in order to display it within the App according to your settings and to make it available to other users of the App at your request, as well as to carry out calculations regarding its performance status.
This data processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you as the data subject and us pursuant to Art. 6 Para. 1 lit. b) GDPR for the use of the App, or (2) we have a legitimate interest in ensuring the operability and error-free operation of the App, which in this case outweighs your rights and interests in the protection of your personal data pursuant to Art. 6 Para. 1 lit. f) GDPR.
- Using the App
Within the App you can enter, manage and edit various information, tasks and activities. This information includes, in particular, data about your physical constitution and training behavior. The App also requires the following authorizations:
- Internet access: This is required to store your entries on our servers.
- Camera access: This is required so that you can take photos of your documents and save them in the App and on our servers.
- Location access: This is required to enable routing and navigation and to evaluate routes.
The processing and use of usage data takes place to provide the service. This data processing is justified by the fact that the processing is necessary for the fulfilment of the contract between you as the data subject and us pursuant to Art. 6 Para. 1 lit. b) GDPR for the use of the App.
- Transmission and Transfer of Data
Your personal data will only be passed on without your express prior consent in addition to the cases explicitly mentioned in this data protection declaration if this is legally permissible or necessary. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.
2.1
The data provided by you during registration will be passed on within our group of companies [enduco] for internal administration purposes, including joint customer service within the framework of what is necessary.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not prevail.
2.2
If it is necessary to clarify an illegal or abusive use of the App or for legal prosecution, personal data will be passed on to the law enforcement authorities or other parties as well as to injured third parties or legal advisors. However, this only hAppens if there are indications of unlawful or abusive conduct. A transfer may also take place if this serves to enforce terms of use or other legal claims. We are also legally obliged to provide information to certain public bodies upon request. These are criminal prosecution authorities, authorities that prosecute fine-proven administrative offences, and the tax authorities.
Any disclosure of personal data is justified by the fact that (1) the processing is necessary to fulfil a legal obligation which we have assumed pursuant to Art. 6 Para. 1 lit. f) GDPR in conjunction with Art. 6 Para. 1 lit. f) GDPR. (2) we have a legitimate interest in passing on the data to the named third parties if there are indications of abusive conduct or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR does not prevail.
2.3.
For the provision of our services, we are referred to contractually affiliated companies as well as external companies and service providers:
Any transfer of personal data is justified by the fact that (1) we have a legitimate interest in transferring the data for administrative purposes within our group of companies and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not outweigh and (2) we have carefully selected, regularly reviewed and contractually obligated our external companies and external services within the scope of Art. 28 para. 1 GDPR as contract processors to process all personal data exclusively in accordance with our instructions.
2.4
As we continue to develop our business, the structure of our business may change by changing its legal form, establishing, acquiring or selling subsidiaries, businesses or parts thereof. In such transactions, customer information may be shared with the part of the business to be transferred. Whenever we disclose personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and Applicable data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances where necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 Para. 1 lit. f) GDPR does not predominate.
- Data Transfers to third Countries
We also process data in countries outside the European Economic Area („EEA“). In order to guarantee the protection of the personal rights of the users also in the context of these data transfers, we make use of the standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c) GDPR when drafting the contractual relationships with the recipients [service providers] in third countries. You can request these documents from us using the contact options listed below.
- Purpose Changes
Your personal data will only be processed for purposes other than those described if this is permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data were originally collected, we will inform you of these other purposes prior to further processing and provide you with all further relevant information.
- Period of Data Storage
We will delete or make anonymous your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the App plus a period of 60 days, during which we store backup copies after deletion, provided that this data is not required any longer for criminal prosecution or to secure, enforce or enforce legal claims.
Specific information in this data protection declaration or legal procedures for the storage and deletion of personal data, in particular those that we have to store for tax reasons, remain unaffected.
6. Your Rights as a Data Subject
6.1 Right to Information
You have the right to obtain from us at any time upon request information on the personal data processed by us concerning you in the scope of Art. 15 GDPR. For this purpose, you may submit an Application by post or by e-mail to the address given below.
6.2 Right to rectify inaccurate Data
You have the right to demand from us the immediate correction of the personal data concerning you, if these should be incorrect. To do so, please contact us at the addresses given below.
6.3 Right to Deletion
You have the right, under the conditions described in art. 17 GDPR, to request us to delete your personal data. In particular, these conditions provide for a right of deletion if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or in cases of unlawful processing, the existence of an objection or the existence of a duty to delete under Union law or the law of the Member State to which we are subject. For the period of data storage, please see Section 5 of this data protection declaration. To exercise your right to deletion, please contact the addresses below.
6.4 Right to Limitation of Processing
You have the right to demand from us the restriction of processing in accordance with Art. 18 GDPR. This right exists in particular if the correctness of the personal data is disputed between the user and us, for the period of time which the verification of the correctness requires, as well as in the case that
the user demands a limited processing in the case of an existing right to deletion instead of deletion; furthermore in the case that the data is no longer necessary for the purposes pursued by us, but the user needs it for the assertion, exercise or defence of legal claims and if the successful exercise of an objection between us and the user is still disputed. To exercise your right to limit the processing, please contact us at the addresses below.
6.5 Right to data Transferability
You have the right to receive from us the personal data concerning you which you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data transfer, please contact the addresses below.
7. Right of Objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which takes place, among other things, on the basis of Art. 6 para. 1 lit. e) or f) GDPR, pursuant to Art. 21 GDPR. We will stop processing your personal data unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
8. Right of Appeal
They also have the right to address complaints to the competent supervisory authority. The competent supervisory authority is:
Independent Data Protection Centre Saarland
Monika Grethel
The State Commissioner for Data Protection and Freedom of Information
Fritz-Dobisch-Straße 12
66111 Saarbrücken, Germany
Phone: 0049 681 94781-0
Telefax: 0049 681 94781-29
E-Mail: poststelle@datenschutz.saarland.de
9. Contact
If you have any questions or comments regarding our handling of your personal data or if you would like to exercise the rights mentioned under numbers 6 and 7 as a data subject, please contact enduco GmbH at the following contact details:
If you have any questions or comments about the practical handling and operation of the App or if you have support questions, please contact [Monday to Friday from 9.00-17.00 h (except on public holidays)]:
10. changes to this privacy policy
We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update changes in the collection, processing or use of your data. The current version of the data protection declaration is always available under „Profile – Data protection“ within the App.
Saarbrücken, 09.11.2021