§ 1 General
(1) We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this data protection notice. This data protection notice applies to our mobile app HEAT MVMNT, which you can install on your mobile device. It explains the type, purpose and scope of the collection and use of personal data when using the app. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behavior. We would like to point out that data transmission over the Internet can have security gaps. Complete protection of data against access by third parties is not possible.
(2) The controller pursuant to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is
ALH Unity GmbH
Lindenstraße 9-11
67433 Neustadt
Germany
Phone: +49 6321 9540707
Email: [email protected]
(3) Unless otherwise stated or specified in this privacy policy, the personal data collected by this app will be stored until you request deletion, revoke your consent to storage or the purpose for storing the data no longer applies. If there is a legal obligation to store the data or another legally recognized reason for storing the data (e.g. legitimate interest), the personal data in question will not be deleted until the respective reason for storage no longer applies.
(4) The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. If we process your data, this is usually done on the basis of your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a GDPR (e.g. when using the push function), for the purpose of fulfilling the contract in accordance with Art. 6 Paragraph 1 Clause 1 Letter b GDPR (e.g. when using in-app purchases or other paid app functions), to fulfill a legal obligation in accordance with Art. 6 Paragraph 1 Clause 1 Letter c GDPR (e.g. keeping invoices) or due to legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f GDPR, which are always weighed against your interests (e.g. when determining commission in connection with affiliate links). The relevant legal bases will be specified separately in this data protection notice if necessary.
(5) For security reasons and to protect the transmission of confidential content, this app uses encryption for all external communication (e.g. search queries). This encryption prevents the data you transmit from being read by unauthorized third parties.
(6) When you contact us by email, we will store your email address and, if you provide them, your name and telephone number in order to answer your questions. We will delete the data collected in this context once storage is no longer required or restrict processing if there are statutory retention periods.
(7) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
(8) We reserve the right to change this privacy policy at any time in compliance with legal requirements.
§ 2 Your Rights
(1) Below we will explain your rights as a data subject in accordance with Art. 15 GDPR. You can exercise these rights at any time and contact us directly. If you assert these rights against us, we will examine them in detail, taking into account the associated legal requirements and conditions. We may ask you for further information about this. We will explain the results of our examination and our approach to fulfilling your request in detail. It is possible that we will not be able to fully comply with your wishes in the way you wish. This should not stop you from asserting your rights against us or from asking us about them. We will be happy to answer all your questions.
(2) Right to information
You have the right to request information from us at any time as to whether and which data relating to you is being processed by us. This also includes information on the purposes of the processing, if applicable, on recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data if we have not collected it directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us. We reserve the right to charge a reasonable administration fee for the creation of subsequent copies.
(3) Right to rectification
You have the right to request that we correct any inaccurate data that we have stored about you. This also includes the right to have incomplete personal data completed.
(4) Right to erasure
You have the right to request that we delete data that we have stored about you. If we have published data about you, this also includes our obligation, within the framework of the “right to be forgotten” pursuant to Art. 17 Para. 2 GDPR, to forward all links to this data as well as copies or replications of this data to other persons responsible for processing this published personal data, taking into account available technology and the implementation costs, regarding your request for deletion.
(5) Right to restriction of processing
You have the right to request that we restrict the processing of data that we have stored about you. After that, processing of this data is only possible with your consent or for a few legally specified purposes.
(6) Right to object to processing
If we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary in particular to fulfil a contract with you, which we will explain in the description of the functions below. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we do. If you have a justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the contact methods listed under Section 1 No. (2).
(7) Right to revoke consent under data protection law
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the admissibility of the processing of your personal data after you have expressed it to us.
(8) Right to data portability
You have the right to receive data concerning you that you have made available to us from us in a structured, common and machine-readable format for the purpose of transmitting it to another controller. At your request and taking into account the existing technical possibilities, this also includes the direct transmission from us to the other controller.
(9) Right to complain to a supervisory authority
You have the right to complain to a data protection supervisory authority at any time about our processing of data concerning you.
§ 3 Collection of personal data when using our mobile app
(1) When you download the mobile app, the required information is transferred to the App Store, in particular your user name, email address and customer number of your account, time of download, payment information and the individual device ID. We have no influence on this data collection and are not responsible for it. We only process the data to the extent that it is necessary for downloading the mobile app to your mobile device.
(2) When using the mobile app, we collect the personal data described below in order to enable convenient use of the functions and to ensure the stability and security of our app. The legal basis for this is our legitimate interest within the meaning of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR:
· Usage data
· IP address
· Device identification (IMEI number)
· Your subscriber number (IMSI)
· Your mobile phone number (MSISDN)
· The MAC address (for WLAN use)
· The name of your mobile device
We only store this data for as long as it is needed to fulfil the respective function or for other technical reasons. If we store individual data for longer, this is done anonymously or in the manner described below.
(3) Certain access authorizations are required for the functions of the app. Some of these accesses may be related to the processing of personal data. The legal basis for this data processing is your consent within the meaning of Art. 6 Para. 1 lit. a GDPR:
· Access to the calendar function: This access allows you to read, add and change calendar appointments and details as well as send emails to appointment participants.
If personal data is stored as part of this access, we only store this data for as long as it is required to fulfil the respective function or for other technical reasons. For device access, we require your consent, which you give when activating the respective access. This consent is voluntary and can be revoked by you at any time by deactivating the respective access in the settings of your device.
Special forms of use
1. Evaluation function
(1) You can submit reviews for the products shown in our app by clicking on the “Cop / Drop” buttons. The reviews are saved based on your consent (Art. 6 Para. 1 Clause 1 lit. a GDPR). The rating is assigned to your device so that you can change it later if necessary. It is not possible for other users to assign the rating.
2. Push function
(1) You can activate the receipt of so-called push notifications for the app. For this purpose we use the “CleverPush” service, which is operated by CleverPush GmbH, Brauhausstraße 15A, 22041 Hamburg, Germany. You will receive information about releases, special offers and other news from the sneaker world via our push notifications.
(2) To register for push notifications, you must confirm the request from your device to receive notifications. This process is documented and saved by CleverPush. For this purpose, the time of registration and a push token or device ID are saved. This data is used on the one hand to send you push notifications and on the other hand as proof of your registration. The legal basis for this processing is your consent and thus Art. 6 Para. 1 Clause 1 Letter a of GDPR.
(3) CleverPush also statistically evaluates our push notifications. CleverPush can thus recognize whether and when our push notifications were displayed and clicked. This enables us to determine which push notifications the recipients are interested in in order to tailor future messages to the presumed interests of all recipients and thus increase interest in our offer. The legal basis for the processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. A push token or device ID is only assigned to a specific person if we are legally obliged to do so, to defend against claims against us, if this is required as evidence, and to possibly prosecute violations of the law.
(4) You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time with effect for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. Furthermore, you can object to the use of personal data described above at any time on the basis of Art. 6 Paragraph 1 Clause 1 Letter f. Please revoke your consent for this purpose. You can revoke the consent in the settings provided for receiving push notifications in the settings of your device.
(5) Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your data will therefore be stored as long as the subscription to our push notifications is active.
(6) To speed up the retrieval of content (e.g. images) and to ward off attacks, CleverPush uses the services of cloudflare.com, an offer from Cloudflare, Inc. 101 Townsend St., San Francisco, CA 94107, USA, as part of order processing based on the standard contractual clauses. CleverPush does not store any data on Cloudflare’s servers that contain personal data, but only general content such as text or images. When you retrieve this content, the device you are using establishes a connection to Cloudflare and this results in the IP address of the device you are using being processed.
3. Calendar function
(1) You can use the calendar function to enter release dates in the calendar you use on your device. We use calendar access exclusively for this purpose and do not access any other information entered in your calendar.
(2) To use the calendar function, you must actively grant the app access to the calendar (see § 3). This is done by positively answering the corresponding question of the operating system used by your device or by subsequently activating it in the app settings of your device. The legal basis for this data processing is therefore your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. You can revoke your consent at any time for the future by deactivating the access authorization in the app settings.
4. Search function
(1) We use the services of everysize GmbH, Schellengasse 2, 74072 Heilbronn, Germany, for our search function. For this purpose, we transmit your search query to everysize. With this data, everysize in turn carries out a search in all connected online shops and returns the search result to our app. This data processing is absolutely necessary to provide the service you have requested.
(2) If you switch to the connected shop via a search result, we and everysize receive a commission from the shop operator (“affiliate link”). Information from us or everysize is stored for proof and analysis purposes (manufacturer, sneaker model, price, shoe size, partner shop, source of the link to the shop (app / link), landing page, identification ID, pseudonymized IP address). This is the basis for both our business model and that of everysize. Without this monetization, we and everysize would not be able to offer you our service free of charge. The legal basis for the data processing associated with this is the legitimate interest of us and everysize in accordance with Art. 6 Para. 1 Clause 1 Letter f of GDPR.
data analysis and advertising
When you access our app, your behavior can be statistically evaluated using certain analysis tools and analyzed for advertising and market research purposes or to improve our offerings. When using such tools, we ensure compliance with the statutory data protection regulations. When using external service providers (contract processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
1. Google Analytics for Firebase
(1) We use Google Analytics for Firebase (hereinafter Firebase Analytics) to analyze user behavior. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Firebase Analytics includes various functions that enable us to analyze your in-app behavior. In this way, we can, for example, analyze your screen views, button presses, in-app purchases or the effectiveness of advertising measures. We can also determine which functions within our app are used frequently or rarely. For these purposes, Firebase Analytics stores the number and duration of sessions, operating systems, device models, region and a range of other data. The use of Firebase Analytics may require the forwarding of your personal data to the USA. A detailed overview of the data collected by Firebase Analytics can be found at https://support.google.com/firebase/answer/6318039?hl=de .
(2) Firebase Analytics is used to optimize this app and improve our offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Further information on the Firebase platform and data protection can be found at https://www.firebase.com/terms/privacy-policy.html . Google LLC has submitted to the EU-US Data Privacy Framework. Information on the Data Privacy Framework status of Google LLC can be found at https://www.dataprivacyframework.gov/s/participant-search .
2. Google Firebase Crashlytics
(1) We use Google Firebase Crashlytics (hereinafter Crashlytics) to analyze and process errors that occur in our app. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Crashlytics is a real-time crash reporter that we can use to track, prioritize and resolve stability issues in the app. If the app crashes, Crashlytics creates a mini dump of device information relevant to error analysis. The use of Crashlytics may require the forwarding of your personal data to the USA. Examples of the data collected and transferred by Crashlytics can be found at https://firebase.google.com/support/privacy?hl=de#crash-stored-info . Further information about Crashlytics can be found at https://firebase.google.com/docs/crashlytics?hl=de .
(2) Crashlytics is used solely to improve the stability of our app. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The data collected is only stored for the period of error processing and then deleted in accordance with data protection regulations. Further information on the Firebase platform and data protection can be found at https://www.firebase.com/terms/privacy-policy.html . Google LLC has submitted to the EU-US Data Privacy Framework. Information on the Data Privacy Framework status of Google LLC can be found at https://www.dataprivacyframework.gov/s/participant-search .
3. Adjust
(1) Our app uses the Adjust framework to evaluate and improve the efficiency of our campaigns. Adjust allows us to track where you downloaded our app from and via which link. This enables us to better understand which marketing and advertising campaigns we use to reach new prospects for our app. Adjust also analyzes your use of our app, i.e. which functions you use and how often, and which buttons you click. We use this information to better understand and further improve how our users use the app. The legal basis for this data processing is our legitimate interest in accordance with Art. 6 Para. 1 Clause 1 Letter f of GDPR.
(2) The data collected is generally evaluated anonymously by linking it to the advertising ID of your device. You have the option of deactivating tracking using Adjust via the following website: https://www.adjust.com/forget-device/ .
(3) Adjust is a product of Adjust GmbH, Saarbrücker Straße 37A, 10405 Berlin, Germany. We have concluded a contract with this service provider to protect your data to the extent required by data protection law. Further information on data protection and data security in connection with the use of the Adjust Framework can be found at https://www.adjust.com/security/ .
4. Advertising or AD ID
(1) For advertising purposes, we use an advertising ID (Android) or AD ID (iOS). This is a unique, but non-personalized and non-permanent identification number for a specific device, which is provided by the respective operating system. We use this ID to provide you with personalized advertising and to evaluate your usage. We do not link this ID to personal data from your device.
(2) You can deactivate personalized advertising for advertising and tracking in the respective device settings of the operating system of your device. We can then only carry out the following measures: measuring your interaction with banners by counting the number of times a banner is displayed without clicking on it (“frequency capping”), click rate, determining unique use (“unique user”) as well as security measures, combating fraud and troubleshooting. You can also reset the advertising or AD ID at any time in the device settings. A new ID will then be created that will not be merged with the previously collected data. We would like to point out that you may not be able to use all the functions of our app if you restrict the use of the advertising or AD ID.
Other third-party services
1. Integration of DatoCMS
(1) This app displays content that is managed in DatoCMS, a so-called headless content management system. This content is located on servers of the provider of DatoCMS, which is why calls to these servers occur with the associated data transfers.
(2) The use of DatoCMS is necessary for technical reasons in order to be able to show you the content you have requested. The legal basis for the use is our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
(3) The provider of DatoCMS is Dato Srl, Via Francesco Botticini 3, 50143 Florence, Italy. Information on data protection from Dato Srl can be found at https://www.datocms.com/legal/privacy-policy .
2. Integration of the web analysis service Sentry
(1) We use the web analysis service Sentry from the provider Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA, to identify errors and problems that occur when using our app and, as a result, to increase the stability of our app. Sentry serves exclusively these purposes and does not process data for any other purposes. The legal basis for data processing is our legitimate interest in accordance with Art. 6 (1) (f) GDPR. The data collected, such as information about the end device, the function called or the time of the error, are effectively anonymized immediately after collection (IP anonymization) and are therefore not further processed on a personal basis. If the data is no longer required for further error analysis, it is deleted immediately. You can find more information on this in Functional Software’s data protection information: https://sentry.io/privacy/ .
(2) Functional Software is a member of the EU-US Data Privacy Framework and has subjected itself to the associated data protection requirements regarding the processing of personal data of EU citizens in the USA. According to the adequacy decision of the EU Commission, an appropriate level of data protection within the meaning of Art. 45 Para. 2 GDPR is guaranteed and data transfer to the USA is permitted. Details can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000YdenAAC&status=Active .