Privacy Policy

Last updated: 8th April, 2022

With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we  process for what purposes and to what extent in the context of the provision of our service (application or website).

The terms used are not gender-specific.

Summary of Contents

  • Introduction
  • Overview of processing
  • Relevant legal bases
  • Security measures
  • Collection of personal data
  • Transmission of personal data
  • Deletion of data
  • Registration, login and user account
  • Community Features
  • Single sign-on sign-on
  • Plugins and embedded functions as well as content
  • Use of cookies
  • Rights of data subjects
  • Changes and updates to the Privacy Policy
  • Contact

 

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  1. Personal data (e.g. name, age)
  2. Contact data (e.g. e-mail, telephone numbers)
  3. Content data (e.g. entries in online forms, community functions)
  4. Usage data (e.g. interest in content, access times)
  5. Meta/communication data (e.g. device information, IP addresses)

Categories of data subjects

  1. Users (e.g. website visitors, users of apps, online services)

Purposes of processing

  1. Provision of contractual services and customer service
  2. Security measures
  3. Management and response to requests
  4. Profiles with user-related information
  5. Registration procedure
  6. Provision of our service and user-friendliness.

Relevant legal basis

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. If, in addition, more specific legal bases are decisive in individual cases, we will inform you of these in the data protection declaration.

  1. Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) – The data subject has given his or her consent to the processing of the personal data concerned for a specific purpose or several specific purposes.
  2. Performance of the contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit.b. GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
  3. Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.

Security measures

In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as the access, input, disclosure, ensuring availability and separation thereof. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): In order to protect your data transmitted via our service, we use SSL encryption. You can recognize such encrypted connections by the prefix ‘https://’ in the address bar of your browser.

Collection of personal data

The user provides data to the service directly in the service’s interface. The submission of personal data by the user is optional, meaning that the user is not required to provide it in order for the service to function.

Transmission of personal data

The data provided by the user as part of using the service is only used for the service’s functionality, personalization and analytics. It is not transmitted to third parties for marketing or advertising purposes nor shared with any data brokers.

As part of our processing of personal data, we may be required to transmit or share the data to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of the processing of this data has ceased to exist or they are not necessary for the purpose).

If the data is not deleted because it is necessary for other and legally permissible purposes, their processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

Our data protection information may also contain further information on the storage and deletion of data that takes precedence over the respective processing.

Registration, login and user account

Users can create a user account. As part of the registration, the users will be provided with the necessary mandatory information and processed for the purpose of providing the user account on the basis of contractual fulfillment of obligations. The processed data includes, in particular, the login information (user name, password and an e-mail address).

As part of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests as well as those of the users in a protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by e-mail about processes that are relevant to their user account, such as technical changes.

Further information on processing, procedures and services:

  1. Registration with pseudonyms: Users may use pseudonyms as user names instead of real names.
  2. Setting the visibility of profiles: Users can use settings to determine to what extent their profile is visible or accessible to the public or only to certain groups of people.
  3. Deletion of data after termination: If users have terminated their user account, their data will be deleted with regard to the user account, subject to legal permission, obligation or consent of the users.
  4. No obligation to store data: It is the responsibility of users to back up their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

Community Functions

The community functions provided by us allow users to enter into conversations with each other or otherwise in an exchange with people they choose to connect with on our service. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our conditions and guidelines as well as the rights of other users and third parties.

Further information on processing, procedures and services:

  1. Setting the visibility of contributions: The visibility of user-created content is limited to the persons they connect with or the groups they are a part of on the service. There is no public visibility of user-created content. The users can further restrict the visibility through the use of settings to determine to what extent the contributions and content they create are visible or accessible to persons they connect with or groups they are a part of.
  2. Storage of data for security purposes: The contributions and other inputs of the users are processed for the purposes of the community and conversation functions and, subject to legal obligations or legal permission, are not released to third parties. An obligation to surrender may arise in particular in the case of illegal contributions for the purposes of legal prosecution. We would like to point out that in addition to the content of the contributions, their time and the IP address of the users are also stored. This is done in order to be able to take appropriate measures to protect other users and the community.
  3. Protection of own data: Users decide for themselves which data they disclose about themselves within our oService. For example, when users provide information about themselves or participate in conversations. We ask users to protect their data and to publish personal data only with caution and only to the extent necessary.
  4. User Control: Users can stop receiving messages and updates from specific contacts by disconnecting with them. Users can also report contacts to us if offensive content is shared. When a contact is reported, the last five messages sent to the user by the reported contact are shared with us, along with the user ID of the reported contact, information about when the content was shared, and the type of content (image, video, text, etc.). The reported contact is not notified.

Single sign-on sign-on

“Single sign-on” or “Single sign-on registration or “Authentication” refers to procedures that allow users to log in to a provider of single sign-on procedures (e.g. a social network), including our Service, with the help of a user account. The prerequisite for single sign-on authentication is that the users are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose, or are already logged in to the single sign-on provider and confirm the single sign-on registration via button.

Authentication is carried out directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID (so-called “user handle”) that can no longer be used by us for other purposes. Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the selected data releases in the context of authentication and also on which data users have released in the privacy or other settings of the user account with the single sign-on provider. It can be different data depending on the single sign-on provider and the choice of users, usually it is the e-mail address and the user name. The password entered as part of the single sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us.

Users are requested to note that their information stored by us can be automatically matched with their user account with the single sign-on provider, but this is not always possible or actually takes place. If, for example, the e-mail addresses of the users change, they must change them manually in their user account with us.

If agreed with the users, we can use the single sign-on registration within the framework of or before the fulfilment of the contract, if the users have been asked to do so, within the framework of consent and otherwise use it on the basis of the legitimate interests on our part and the interests of the users in an effective and secure registration system.

Should users decide that they no longer want to use the linking of their user account with the single sign-on provider for the single sign-on procedure, they must cancel this connection within their user account with the single sign-on provider. If users wish to delete their data with us, they must cancel their registration with us.

Further information on processing, procedures and services:

  1. Apple Single Sign-On: authentication service; Service providers: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA;  Website: https://www.apple.com/de/;  Privacy Policy: https://www.apple.com/legal/privacy/de-ww/.
  2. Google Single Sign-On: authentication service; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;  Website: https://www.google.de;  Privacy Policy: https://policies.google.com/privacy;  Possibility of objection (opt-out): Settings for the display of advertisements: https://adssettings.google.com/authenticated.

Plugins and embedded functions as well as content

We integrate functional and content elements into our service that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “Content”).

The integration always requires that the third-party providers of this content process the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the presentation of this content or functions. We endeavor to use only such content whose respective providers use the IP address only to deliver the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and the operating system, to referring websites, the time of visit and other information on the use of our service as well as be combined with such information from other sources.

Information on legal basis: If we ask the users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, the data of the users will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Further information on processing, procedures and services:

  1. YouTube videos: video content; Service providers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;  Website: https://www.youtube.com;  Privacy Policy: https://policies.google.com/privacy;  Possibility of objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content or the functions used in an online offer. Cookies can also be used for various purposes, e.g. for the purposes of the functionality, security and comfort of online offers as well as the preparation of analyses of visitor flows.

Notes on consent: For the usage of our website, we use cookies in accordance with the statutory provisions. Therefore, we obtain prior consent from users, unless this is not required by law. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

Information on data protection legal bases: If the users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.B. in the business operation of our service and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. For which purposes the cookies are processed by us, we clarify in the course of this data protection declaration or in the context of our consent and processing processes.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

  1. Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed the device (e.g. browser or mobile application).
  2. Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used to measure reach. If we do not provide users with explicit information on the type and storage period of cookies (e.g. as part of obtaining consent), users should assume that cookies are permanent and the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to the processing in accordance with the legal requirements of Art. 21 GDPR (further information on the objection can be found in the context of this data protection declaration). Users can also declare their objection using the settings of their browser.

Further information on processing, procedures and services:

  1. Processing of cookie data on the basis of consent: We use a procedure for cookie consent management, in the context of which the consent of the users to the use of cookies, or the processing and providers mentioned in the context of the cookie consent management procedure, can be obtained and managed and revoked by the users. In this case, the declaration of consent is stored in order not to have to repeat its request again and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. A pseudonymous user identifier is formed and stored at the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used.

Rights of data subjects

As a data subject, you are entitled to various rights under the GDPR, which result in particular from Articles 15 to 21 GDPR:

  1. Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
  2. Right of revocation for consents: You have the right to revoke your consent at any time.
  3. Right to information: You have the right to request confirmation as to whether the data in question is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with the legal requirements.
  4. Right to rectification: In accordance with the legal requirements, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
  5. Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data concerning you be deleted immediately or, alternatively, to demand a restriction of the processing of the data in accordance with the legal requirements.
  6. Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request their transmission to another controller.
  7. Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data infringes the provisions of the GDPR.

Changes and updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.B. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that the addresses may change over time and ask you to check the information before contacting us.

Contact

If you have any questions about this privacy policy, please contact us at: info@weohealth.app