DATA POLICY
USING OUR MOBILE APP:
§ 1 General
(1) We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this data protection notice. This data protection notice applies to our mobile app HEAT MVMNT, which you can install on your mobile device. It explains the type, purpose and scope of the collection and use of personal data when using the app. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. We would like to point out that data transmission over the Internet may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
(2) The controller pursuant to Art. 4 (7) of the UK General Data Protection Regulation (GDPR) is
ALH Unity GmbH
Lindenstraße 9-11
67433 Neustadt
Germany
Phone: +49 6321 9540707
E-mail: info@heat-mvmnt.de
(3) Unless otherwise stated or specified within this privacy policy, the personal data collected by this app will be stored until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. If there is a legal obligation to store the data or another legally recognised reason for storing the data (e.g. legitimate interest), the personal data in question will not be deleted before the respective reason for storing the data no longer applies.
(4) The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. If we process your data, this is regularly done on the basis of your consent in accordance with Art. 6 (1a) GDPR (e.g. when using the push function), for the purpose of contract fulfilment in accordance with Art. 6 (1b) GDPR (e.g. when using in-app purchases or other paid app functions), to fulfil a legal obligation in accordance with Art. 6 (1c) GDPR (e.g. storage of invoice documents) or on the basis of legitimate interests pursuant to Art. 6 (1f) GDPR, which are always weighed against your interests (e.g. when determining commission in connection with affiliate links). The relevant legal bases will be specified separately in this data protection notice.
(5) For reasons of security and to protect the transmission of confidential content, this app uses encryption for all external communication (e.g. search queries). This encryption prevents the data you transmit from being read by unauthorised third parties.
(6) When you contact us by e-mail, we will store your e-mail address and, if provided by you, your name and telephone number in order to answer your questions. We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations.
(7) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. In doing so, we will also state the specified criteria for the storage period. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. If our service providers or partners are based in a country outside the European Union (EU), we will inform you of the consequences of this circumstance in the description of the offer. Data transfers from the UK to the EU are generally permitted on the basis of an adequacy decision made by the UK government.
(8) We reserve the right to amend this data protection notice at any time in compliance with legal requirements.
§ 2 Your rights
(1) In the following, we will inform you about your rights as a data subject in accordance with Art. 15 GDPR. You can exercise these rights at any time by contacting us directly. If you assert these rights against us, we will examine them in detail, taking into account the associated legal requirements and conditions. We may request further information from you for this purpose. We will explain the results of our review and our approach to fulfilling your request in detail. It is possible that we will not be able to fully fulfil your wishes in the manner you have requested. This should not prevent you from asserting your rights against us or asking us about them. We will be happy to answer any questions you may have.
(2) Right of access
You have the right to request information from us at any time as to whether and which of your personal data is being processed by us. This also includes information on the purposes of the processing, any recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data if we have not collected it directly from you. In addition, you have the right to a one-off copy of your personal data stored by us free of charge. We reserve the right to charge a reasonable administrative fee for the creation of the following copies.
(3) Right to rectification
You have the right to request that we rectify any inaccurate personal data that we have stored about you. This also includes the right to have incomplete personal data completed.
(4) Right to erasure
You have the right to request that we erase data that we have stored about you. If we have published data about you, this also includes our obligation to forward all links to this data and copies or replications of this data to other controllers responsible for processing this published personal data
within the scope of the "right to be forgotten" in accordance with Art. 17 (2) GDPR, taking into account available technology and implementation costs.
(5) Right to restriction of processing
You have the right to request that we restrict the processing of data that we have stored about you. This data can then only be processed with your consent or for a few legally defined purposes.
(6) Right to object to the processing
Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising via the contact channels listed under § 1 (2).
(7) Right to withdraw consent under data protection law
If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.
(8) Right to data portability
You have the right to receive from us personal data that you have provided to us in a structured, commonly used and machine-readable format for the purpose of transfer to another controller. At your request and taking into account the available technical possibilities, this also includes the direct transfer from us to the other controller.
(9) Right to lodge a complaint with the Commissioner
You have the right to lodge a complaint with the Commissioner about our processing of your personal data at any time.
§ 3 Collection of personal data when using our mobile app
(1) When you download the mobile app, the required information is transmitted to the App Store, in particular your user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.
(2) When using the mobile app, we collect the personal data described below to enable convenient use of the functions and to ensure the stability and security of our app. The legal basis for this is our legitimate interest within the meaning of Art. 6 (1f) GDPR:
· Usage data
· IP address
· Device identification (IMEI number)
· Your subscriber number (IMSI)
· Your mobile phone number (MSISDN)
· The MAC address (for WLAN use)
· The name of your mobile device
We only store this data for as long as it is required for the fulfilment of the respective function or for other technical reasons. If we store individual data for longer, this is done anonymised or in the manner described below.
(3) Certain access authorisations are required for the functions of the app. Some of these access authorisations may involve the processing of personal data. The legal basis for this data processing is your consent within the meaning of Art. 6 (1a) GDPR:
· Access to the calendar function: This access allows you to read, add and change calendar appointments and details as well as send e-mails to appointment participants.
If personal data is stored as part of this access, we only store this data for as long as it is required to fulfil the respective function or for other technical reasons. For device access, we require your consent, which you give by activating the respective access. These consents are voluntary and can be revoked by you at any time by deactivating the respective access in the settings of your device.
Special forms of utilisation
1. Evaluation function
(1) You can submit ratings for the products displayed in our app by clicking on the "Cop / Drop" buttons. The ratings are stored on the basis of your consent (Art. 6 (1a) GDPR). The assignment of the rating is assigned to your end device so that you can change it later if necessary. It is not possible for other users to assign the rating.
2. Push function
(1) You can activate the receipt of so-called push notifications for the app. For this purpose, we use the "CleverPush" service, which is operated by CleverPush GmbH, Brauhausstraße 15A, 22041 Hamburg, Germany. You will receive information about releases, special promotions and other news from the sneaker world via our push notifications.
(2) To register for the push notifications, you must confirm the request from your end device to receive the notifications. This process is documented and saved by CleverPush. The time of registration and a push token or device ID are saved for this purpose. This data is used on the one hand to send you the push notifications and on the other hand as proof of your registration. The legal basis for this processing is your consent and thus Art. 6 (1a) GDPR.
(3) CleverPush also analyses our push notifications statistically. CleverPush can thus recognise whether and when our push notifications have been displayed and clicked on. This enables us to determine which push notifications are of interest to recipients in order to tailor future messages to the presumed interests of all recipients and thus increase interest in our offer. The legal basis for processing is Art. 6 (1f) GDPR. A push token or device ID is only assigned to a specific person if we are legally obliged to do so, for the defence of claims against us, if this is required as evidence, and for the possible prosecution of violations of the law.
(4) You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Furthermore, you can object to the use of personal data described above on the basis of Art. 6 para. 1 sentence 1 lit. f at any time. Please withdraw your consent for this purpose. You can revoke your consent in the setting provided for this purpose for receiving push notifications in the settings of your end device.
(5) Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Your data will therefore be stored for as long as the subscription to our push notifications is active.
(6) To speed up the retrieval of content (e.g. images) and to defend against attacks, CleverPush uses the services of cloudflare.com, an offer from Cloudflare, Inc. 101 Townsend St., San Francisco, CA 94107, USA, as part of order processing on the basis of the standard contractual clauses. CleverPush does not store any data on Cloudflare's servers that contains personal data, but only general content such as text or images. When you access this content, the end device you are using establishes a connection to Cloudflare and the IP address of the end device you are using is processed as a result.
3. Calendar function
(1) You can use the calendar function to enter release dates in the calendar you use on your end device. We use the calendar access exclusively for this purpose and do not access any other information entered in your calendar.
(2) To use the calendar function, you must actively grant the app access to the calendar (see § 3). This is done by positively answering the corresponding question of the operating system used by your end device or by subsequent activation in the app settings of your end device. The legal basis for this data processing is therefore your consent in accordance with Art. 6 (1a) GDPR. You can revoke your consent for the future at any time by deactivating the access authorisation in the app settings.
4. Search function
(1) We use the services of everysize GmbH, Schellengasse 2, 74072 Heilbronn, Germany for our search function. For this purpose, we transmit your search query to everysize. With this data, everysize in turn carries out a search in all connected online shops and returns the search result to our app. This data processing is absolutely necessary to provide the service you have requested.
(2) If you switch to the linked shop via a search result, we and everysize receive a commission ("affiliate link") from the shop operator. Information is stored by us or everysize for verification and analysis purposes (manufacturer, sneaker model, price, shoe size, partner shop, source of the link to the shop (app/link), target page, identification ID, pseudonymised IP address). Both our business model and that of everysize are based on this. Without this monetisation, we and everysize would not be able to offer you our services free of charge. The legal basis for the associated data processing is the legitimate interest of us and everysize in accordance with Art. 6 (1f) GDPR.
Data analysis and advertising
When you access our app, your behaviour may be statistically evaluated with the help of certain analysis tools and analysed for advertising and market research purposes or to improve our offers. When using such tools, we ensure compliance with the statutory data protection regulations. When using external service providers (processors), we ensure through appropriate contracts with the service providers that the data processing complies with UK data protection standards.
1. Google analytics for firebase
(1) We use Google Analytics for Firebase (hereinafter referred to as Firebase Analytics) to analyse user behaviour. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Firebase Analytics includes various functions that enable us to analyse your in-app behaviour. In this way, we can, for example, analyse your screen views, button clicks, in-app purchases or the effectiveness of advertising measures. We can also determine which functions within our app are used frequently or rarely. For these purposes, Firebase Analytics stores, among other things, the number and duration of sessions, operating systems, device models, region and a range of other data. The use of Firebase Analytics may require the transfer of your personal data to the USA. You can find a detailed overview of the data collected by Firebase Analytics at https://support.google.com/firebase/answer/6318039?hl=de.
(2) Firebase Analytics is used to optimise this app and to improve our services. This constitutes a legitimate interest within the meaning of Art. 6 (1f) GDPR. Further information on the Firebase platform and data protection can be found at https://www.firebase.com/terms/privacy-policy.html . Google LLC has submitted to the EU-US Data Privacy Framework. Information on the Data Privacy Framework status of Google LLC can be found at https://www.dataprivacyframework.gov/s/participant-search .
2 Google Firebase Crashlytics
(1) We use Google Firebase Crashlytics (hereinafter Crashlytics) to analyse and process errors that occur in our app. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Crashlytics is a real-time crash reporter that allows us to track, prioritise and resolve app stability issues. In the event of a crash of the app, Crashlytics creates a mini-dump of device information relevant for error analysis. The use of Crashlytics may require the transfer of your personal data to the USA. Examples of the data collected and transferred by Crashlytics can be viewed at https://firebase.google.com/support/privacy?hl=de#crash-stored-info. Further information about Crashlytics can be found at https://firebase.google.com/docs/crashlytics?hl=de .
(2) Crashlytics is used exclusively to improve the stability of our app. This constitutes a legitimate interest within the meaning of Art. 6 (1f) GDPR. The data collected in the process is only stored for the duration of the error processing and then deleted in accordance with data protection regulations. Further information on the Firebase platform and data protection can be found at https://www.firebase.com/terms/privacy-policy.html . Google LLC has submitted to the UK Extension to the EU-US Data Privacy Framework. Information on the UK Extension to the EU-US Data Privacy Framework status of Google LLC can be found at https://www.dataprivacyframework.gov/s/participant-search .
3. Adjust
(1) Our app uses the Adjust framework to evaluate and improve the efficiency of our campaigns. Adjust allows us to track from where and via which link you have downloaded our app. This allows us to better understand which marketing and advertising campaigns we use to reach new interested parties for our app. Adjust also analyses your use of our app, i.e. which functions you use how often and which buttons you click. We use this information to better understand and further improve the use of the app by our users. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1f) GDPR.
(2) The data collected is always analysed anonymously by linking it to the advertising ID of your end device. You have the option of deactivating tracking via Adjust on the following website: https://www.adjust.com/forget-device/ .
(3) Adjust is a product of Adjust GmbH, Saarbrücker Straße 37A, 10405 Berlin, Germany. We have concluded a contract with this service provider to protect your data to the extent required by data protection law. Further information on data protection and data security in connection with the use of the Adjust Framework can be found at https://www.adjust.com/security/ .
4. Advertising or AD-ID
(1) For advertising purposes, we use an advertising ID (Android) or AD-ID (iOS). This is a unique, but non-personalised and non-permanent identification number for a specific end device, which is provided by the respective operating system. We use this ID to provide you with personalised advertising and to evaluate your usage. We do not link this ID with personal data of your end device.
(2) You can deactivate personalised advertising and tracking in the respective device settings of your operating system. We can then only carry out the following measures: Measurement of your interaction with banners by counting the number of times a banner is displayed without being clicked on ("frequency capping"), click rate, detection of unique usage ("unique user") as well as security measures, fraud prevention and troubleshooting. You can also reset the advertising or AD ID at any time in the device settings. A new ID will then be created that will not be merged with the previously collected data. We would like to point out that you may not be able to use all the functions of our app if you restrict the use of the advertising or AD ID.
Other third-party services
1. Integration of DatoCMS
(1) This app displays content that is managed in DatoCMS, a so-called headless content management system. This content is located on servers of the provider of DatoCMS, which is why these servers are accessed with the associated data transfers.
(2) The use of DatoCMS is necessary for technical reasons in order to be able to display the content you have requested. The legal basis for the use is our legitimate interest pursuant to Art. 6 (1f) GDPR.
(3) The provider of DatoCMS is Dato S.r.l., Via Francesco Botticini 3, 50143 Florence, Italy. Information on Dato S.r.l.'s data protection can be found at https://www.datocms.com/legal/privacy-policy .
2. Integration of the web analysis service Sentry
(1) We use the web analysis service Sentry from the provider Functional Software, Inc, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA, to identify errors and problems that occur when using our app and subsequently to increase the stability of our app. Sentry exclusively serves these purposes and does not process any data for other purposes. The legal basis for data processing is our legitimate interest pursuant to Art. 6 (1f) GDPR. The data collected, such as information on the end device, the function called up or the time of the error, is effectively anonymised immediately after collection (IP anonymisation) and thus not processed further in a personalised manner. If the data is no longer required for further error analysis, it is deleted immediately. Further information on this can be found in Functional Software's privacy policy: https://sentry.io/privacy/ .
(2) Functional Software is a member of the UK Extension to the EU-US Data Privacy Framework and has submitted to the associated data protection requirements regarding the processing of personal data of UK citizens in the USA. According to the adequacy decision of the UK government, an adequate level of data protection within the meaning of Art. 45 para. 2 GDPR is thus guaranteed and data transfer to the USA is permitted. You can find details on this at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000YdenAAC&status=Active .