Privacy policy

The protection of your personal data is a top priority for us, so we will use your data under the strictest compliance with current regulations on data protection. From 25 May 2018 the provisions of the General Regulation on Data Protection of the European Union (here in after RGPD) will be applicable at European level. Therefore, we would like to inform you in detail about how Parenting Online SL with CIF B88596283 with its headquarters in C/ Gil Imon 5 – 28005 Madrid processes personal data in accordance with this new regulation (see Arts. 13 ff. RGPD). Please read our privacy policy carefully. If you have any questions or comments about our privacy policy, you can always contact us at the email address below.

1.Introduction

The information on data protection below informs you of the form and scope of the processing of personal data by Parenting Online SL with CIF B88596283 with headquarters in C/ Gil Imon 5 – 28005 Madrid (hereinafter “Ama Clinics”, “we”, “our”, “our” or “our”). Personal data is information that can be attributed directly or indirectly to you. The use of our app, products, services, technologies or functions and all corresponding pages, applications and services (collectively referred to as “offering”) is subject to this privacy policy.

By registering as a new user or, in the case of existing customers, by means of a corresponding declaration, you consent to this privacy policy and explicitly authorise the processing, use and publication of your personal data as described here.

Data processing by Ama Clinics can basically be divided into two categories:

To make or prepare the contract, all the data necessary for the execution of a contract with Ama Clinics will be processed. If the execution of the contract also concerns external service providers, such as payment services, optimization services, hosting, etc., your data will be transmitted to them as required.

When you access our offer, there is an exchange of various information between your device and our server or the server of the services used by us. This exchange may also include personal data. The information collected in this way is used, among other things, to further optimize our offer.

According to the provisions of the RGPD, you enjoy different rights that you can assert before us. These include the right to object to certain data processing, in particular for advertising purposes. The possibility of opposing is typographically highlighted. You will find more information about your rights below in a separate section and additionally in the different descriptions of each data processing.

Our offer is only available to persons who have reached the age of sixteen. If you have not yet reached this minimum age, you may only use our offer if your parents have given their explicit consent and you have provided proof of such consent.

If you have any questions about our privacy policy, you can contact our data protection officer at any time: hola@amaclinics.com

2.  Name and contact details of the data controller and the data protection representative

This privacy policy will apply to the processing of data by Ama Clinics as responsible according to the RGPD for the following offer: www.AmaClinics.com and the Ama Clinics app. You can contact them at the indicated address or at the e-mail address hola@Amaclinics.com . As representative in the European Union, Matthieu Heusch has been appointed with NIE X1984745Y in accordance with Art. 3 par. 2 in relation to Art. 27 par. 1 and 3 RGPD.

3. Purposes of data processing, legal basis and legitimate interests pursued by us or a third party as well as categories of recipients

3.1. Access to our offer

When you access our offer, especially our website or app, the app or browser used on your device will automatically send information to our servers, which will be temporarily stored in a log file. The following information will be collected without your intervention and stored in the log file until it is automatically or manually deleted:

IP address of the device used

Date and time of access

Name and URL of the accessed file, web page or app from which it is accessed (URL referer)

Unequivocal identifier of the browser you are using

Name of your internet provider

The processing of such data shall be carried out in accordance with Art. 6 par. 1 letter f RGPD. Our legitimate interest derives from the purposes of data collection indicated below. In this regard, we would like to emphasize that the data collected do not allow us to deduce your identity and that we will not try to do so either. We will use the IP address of your device and the other data indicated for the following purposes:

To ensure a smooth connection

Ensure comfortable use of our offer

Assess the safety and stability of the system

Other administrative purposes

The data will be stored in compliance with the legal storage periods and then automatically deleted. We also use cookies, tracking tools, segmentation procedures and interfaces with other services, e.g. social networks, payment platforms or app store providers, for our offer. The procedures and how your data is used for this purpose are detailed in section 4.

3.2. Conclusion, execution and termination of the contract

Data processing at the conclusion of the contract

We understand our offer mainly as health personnel specialized in pregnancy and early childhood: with explanations of what happens when a woman becomes pregnant and the options she can take, as well as practical guides for pregnancy nutrition with exercises, proposals for recipes and many more information about health, fitness and nutrition. In this sense, we will deal with the necessary data for the conclusion, execution and termination of a contract. These include in particular

E-mail address and telephone number

First and last name, if any

Billing and payment data

Data entered by you and generated by the use of our offer, such as sex, age, height, weight, city, postal code, mutual or health insurance company to which you belong, etc.

The legal basis for this is Art. 6 par. 1 letters a and b RGPD and Art. 9 par. 2 letter a RGPD. If we do not use your contact details for customer service (see section 3.3 for further details), we will keep the data collected for the execution of the contract until the end of the contract or the prescription of possible contractual guarantee rights. After this period has expired, we will keep the personal data required by law for the legally prescribed period. During this period (normally six to ten years from the conclusion of the contract), the data will only be processed again in the event of inspection by the tax authorities.

We may contact you by email or telephone to better understand the type of offer and recommendations you would like to receive.

3.3. Data processing for customer service

3.3.1. Information purposes

If you have subscribed to our offer, you will appear as an existing customer. In this case, we will use your contact data to send you information, for example about new, extended or improved functions as well as products and services.

3.3.2. Improvement of service and offer

We may contact you by email or telephone to better understand the type of offer and recommendations you would like to receive, and to conduct surveys in order to improve our services and offers.

3.3.2. Interest-adjusted advertising

So that you only receive information that is of your supposed interest, we categorize and complete your customer profile with additional information. Both statistical information and information about you (such as master data or basic data of your customer profile) will be used for this purpose. The aim is to optimize our offer according to your real or perceived personal interests and/or needs and to make recommendations to you accordingly without bothering you with unnecessary offers.

The legal basis for such processing is Art. 6 par. 1 letters b and f RGPD and Art. 9 par. 2 letter a RGPD. Such processing of existing customer data for own advertising purposes is considered a recognised legitimate interest according to recital 47 of the RGPD.

3.3.4. Customer support

Zendesk

To process service, support and other user’s inquiries, we use according to Art. 6 ap. 1 letter b RGPD the Zendesk Inc. ticketing system, 1019 Market St, San Francisco, CA 94103, USA. (“Zendesk”). If you ask a support question through one of our channels (contact form, live chat, e-mail, etc.), the following data -depending on the content and channel selected- will be processed through Zendesk servers:

The data you have entered

Name

E-mail address

Browser information

IP address

Zendesk is certified according to the Privacy Shield Framework, so it complies with the European standards of data processing on demand according to the law. You will find additional information about data processing by Zendesk in Zendesk’s privacy statement at http://www.zendesk.com/company/privacy. In case of any doubt, you can directly contact Zendesk’s Data Protection Officer: privacy@zendesk.com

3.3.5. Sending the bulletin

In relation to our offer, we offer interested customers the possibility to subscribe to our newsletter. We will keep the data collected in this procedure exclusively for documentation and demonstration purposes. The data includes in particular

E-mail address provided

IP address of the device used

Date and time of discharge

Form of treatment

Date, time and content of confirmation message

IP address of device used for confirmation

Date and time of your confirmation

The legal basis is Art. 6 par. 1 letter a RGPD. We will keep these data until the end of the contractual relationship, as this allows us to prove the legality of the sending of the newsletter. Once the contractual relationship has ended, we will keep the personal data required by law for the legally established periods. During this period (normally ten years from the conclusion of the contract), the data will be processed again only in the event of a review by the tax authorities. You may object at any time to the consent given with effect for the future. To do so, simply click on the unsubscribe button in the respective e-mail message or send a short notification by e-mail. To do so, you must use the contact options of our data protection officer.

3.3.6. Right of opposition

You may object to the processing of data for the above purposes at any time and free of charge, separately for each communication channel and with effect for the future. To do so, all you need to do is send an e-mail to the contact indicated in section 1.

Once you have objected, we will block the contact address concerned for any further processing of advertising data. We will process your objection as quickly as possible and apply the appropriate blocking measures without delay once the check has been completed. Please note that in exceptional cases, information or product recommendations may be sent even after your objection has been received. This is for purely technical reasons and does not mean that we do not apply your objection. Thank you very much for your understanding.

4. Processing of data to present our offer

Below we inform you of the data processing required to present you with our offer:

4.1. Online presence and website optimisation

We will not sell or rent your data to third parties for their advertising purposes without your explicit consent. In order to be able to offer our customers the best possible product, to improve the quality of our offer from time to time and to protect the interests of our customers, we will, under certain circumstances, provide certain data to third parties; however, this will always be done within strict limitations, which are detailed below:

4.1.1. Cookies: general information

On our website we use cookies in accordance with Art. 6 par. 1 letter f RGPD. Our interest in optimising our offers is considered legitimate according to the above-mentioned provision. Cookies are small files automatically created by your browser that are saved on your device (laptop, tablet, mobile phone, etc.) when you use our offers. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malicious software. Information related to the device used will be stored in the cookie. However, this does not mean that we have direct knowledge of your identity. The use of cookies serves to make our offer more convenient for you. In this regard, we use session cookies to detect whether you have previously visited certain pages on our website or whether you have previously logged in with your customer account. When you use our offer again at a later date, the cookies will make it possible to detect that you have visited us before and what information you have provided and what settings you have made so that you do not have to do so again. In addition, to make it easier for the user, we use temporary cookies that will be stored for a certain period on your device and will be automatically deleted once you leave our offer.

If you already have a customer account and have logged in, the information stored in the cookies will be assigned to your customer account.

We also use cookies to collect statistics on the use of our offers and to evaluate them for the purpose of optimizing your use, as well as to show you information that fits your profile. These cookies allow us to automatically detect that you have visited us before so that you can log in again. These cookies will be automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can set your browser in such a way that no cookies are stored on your computer or that a warning is always displayed before a new cookie is created. However, a complete deactivation of cookies may prevent access to all the functions of our offer. The duration of the storage of cookies depends on the purpose of their use and varies from case to case.

4.1.2. MixPanel

In order to be able to design our conversion funnel according to our needs and to optimise it continuously, we use the services of the external supplier MixPanel in accordance with Art. 6 par. 1 letter a RGPD. We use MixPanel to guide our e-mail campaigns, push notifications and address our registered users according to their needs. For this purpose we provide the following data to MixPanel , in case you create an Ama Clinics account through our conversion funnel:

Name

E-mail address

Phone

Time Zone

Device information (screen resolution, browser information, operating system)

IP address

Location

Language used

Health Insurance

You can object to the processing of these data at any time by clicking on the unsubscribe button in the newsletter or by informing us that you do not wish your data to be processed in the future. Please use the contact options of our data protection officer for this purpose.

4.1.3. Facebook Pixel

In order to be able to use our campaigns on Facebook in a targeted manner as well as to optimise them and measure their conversion, we use in accordance with Art. 6 par. 1 letter f RGPD an individualised user tracking pixel from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). This pixel is integrated into the code of our website. This allows us to ensure that ads that we initiate on Facebook are only shown to Facebook users who have shown an interest in our offer. In this way, we want to ensure that our Facebook ads respond to the potential interest of the respective user without causing them any inconvenience. This also allows us to track Facebook users once they have seen or clicked on one of our ads on Facebook. This helps us measure the conversion of each campaign for statistical or marketing purposes and for settlement. The following information will be processed in this use:

Time stamp

URL

Information about the campaign (especially print specification, form field, activated button)

Such data collected will remain anonymous to us and will not allow us to identify the user. Processing for advertising purposes based on behaviour and interests is considered a recognised legitimate interest of ours in accordance with recital 47 of the RGPD. The data will be kept in compliance with the legal storage periods and will be deleted at the end of these periods.

If, after placing the pixel, you access your Facebook account or visit our website having previously registered, it is possible that these data will be saved and processed by Facebook, which we want to inform you about here. Facebook may link this data to your Facebook account and also use it for its own advertising purposes in accordance with Facebook’s data usage guidelines: https://www.facebook.com/about/privacy/. You can find more information about the Facebook Pixel here. You may allow Facebook and its business partners to serve ads on and off Facebook. You can object to this special data processing at any time by changing your settings on Facebook or by informing us that you do not wish to receive such processing in the future. Please use the contact options of our Data Protection Officer for this purpose. Please note that the declared opposition is only valid for the device you are using. For more information, see the Privacy Policy and Information to Protect Your Privacy on Facebook.

4.1.6. Campaigns on Facebook Lookalike

For target group-optimized targeting of our Facebook campaigns and to measure their conversion, we use in accordance with Art. 6 ap. 1 letters a and f RGPD the option to create Facebook Lookalike Audiences, a service offered by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). More information about the Facebook Lookalike campaigns can be found on Facebook: https://www.facebook.com/business/help/365463786964246

This treatment carried out for advertising purposes based on behaviour and interests is considered a recognised legitimate interest of ours in accordance with recital 47 of the RGPD. If you are part of the Facebook Lookalike Audiences, we will transmit your email address and device ID to Facebook. You can object to this special processing of data at any time by changing your settings on Facebook: https://www.facebook.com/settings/?tab=ads or by informing us that you do not want such processing in the future. Please use the contact options of our Data Protection Officer for this purpose.

4.1.6. Pinterest label

In order to be able to use, further optimise and measure the conversion of our campaigns on Pinterest, we use in accordance with Art. 6 par. 1 letter f RGPD a Pinterest label, which is an individualised code fragment from Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”) integrated into our website. This allows us to ensure that ads on Pinterest initiated by us are only viewed by Pinterest users who have shown interest in our offering. In this way, we want to ensure that our Pinterest advertisements meet the potential interest of the respective user without causing them any inconvenience. This also allows us to follow up with Pinterest users once they have seen or clicked on one of our Pinterest ads. This will help us measure the conversion of each campaign for statistical or marketing purposes and for settlement. The following information will be processed in such use:

Device information (e.g. type, brand)

Operating system used (e.g. iOS 11)

IP address of the device used

Time to access our offer

Type and content of the campaign

Reaction to the campaign (e.g. click on a button)

Such data collected will remain anonymous to us and will not allow us to identify the user. Processing for advertising purposes based on behaviour and interests is considered a recognised legitimate interest of ours in accordance with recital 47 of the RGPD. The data will be kept in compliance with the legal storage periods and will be deleted at the end of these periods.

If after visiting our website you access your Pinterest account or visit our website in registered mode, these data may be saved and processed by Pinterest, which we would like to inform you about here. Pinterest may link this data to your Pinterest account and also use it for its own advertising purposes. You can find more information in the Pinterest privacy policy: https://policy.pinterest.com/de/privacy-policy. You can object to this special data processing at any time by deactivating the settings under “Personal Settings” in your Pinterest account https://help.pinterest.com/de/articles/edit-your-settings#Web or by activating the “Do not track” function in your browser.

4.1.7. Taboola

We use in accordance with Art. 6 ap. 1 letter f RGPD an individualized pixel from Taboola Inc., Oneustonsq, 40 Melton Street, 13th Floor, London, NW1 2FD OR 28 West 23rd St. 5th fl., New York, NY 10010 (“Taboola”). This allows us to optimize our marketing campaigns, i.e. to individualize them as much as possible according to different personal interests. This allows us to target our communication according to behavior and interests. In short, it allows us to measure the conversion of each campaign. For this purpose, the following information is processed:

Device information (operating system, browser version)

IP address (short) of the device used

Browser type

Taboola gathers this information in a user profile using pseudonyms. These user profiles are not cross-referenced with data about the owner of the pseudonym and do not allow the deduction of your personal data. This treatment for an optimization based on behaviors and interests of our offer and marketing campaigns is considered our legitimate interest. The data will be stored in compliance with the legal retention periods and will be automatically deleted at the end of these periods. You can find more information about Taboola data protection at: https://www.taboola.com/privacy-policy. Naturally, you can oppose at any time to such treatment by clicking on the following opt-out link:https://www.taboola.com/privacy-policy#optout

4.1.8. Google Analytics

For the purpose of a design adapted to the needs and a continuous optimization of our offer, we use in accordance with Art. 6 par. 1 letter f RGPD the analysis service Google Analytics of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google creates pseudonymous user profiles using cookies. The information generated by cookies about your use of this website, such as

browser type and version

operating system used

Referrer URL (page visited before accessing this one)

host name of the accessing computer (IP address)

server inquiry time

will be transmitted to a Google server in the USA, where they will be saved. The information will be used to evaluate the use of the offers, to generate reports on the activities and to provide additional services related to the use of the offer for marketing and customized design purposes. If necessary, this information will also be passed on to third parties, if this is required by law or if the data is processed on behalf of third parties. Under no circumstances will your IP address be crossed with other Google data. The IP addresses will be made anonymous, which will prevent an allocation (so-called IP masking).

You can prevent the installation of cookies in advance by configuring your browser software accordingly or oppose further processing by means of cookies by clicking on the opt-out link; however, we would like to inform you that in this case you may not be able to use all the functions of our offer. You can also prevent the collection of data generated by cookies in connection with your use of our offer (including your IP address) and the processing of such data by Google by downloading and installing this browser plug-in. For mobile devices we recommend the use in private mode. You can find more information on data protection in connection with Google Analytics on the Google Analytics website.

4.1.9. Google Tag Manager

Through Google Tag Manager we manage web tags (web page codes), which facilitate the management and development of our offer and shorten your loading time. Google Tag Manager is limited to implementing web page codes. Therefore, Google Tag Manager does not install cookies or collect personal data. The tool is limited to integrating website codes that we have installed elsewhere, through which data is collected. In this way, the tool serves only to facilitate the adjustment of each code, but does not access the data processed by it. In this privacy statement we inform you about all tags integrated through this procedure. You can find more information about Google Tag Manager and the usage policy on Google’s pages.

4.1.10. Stripe Payment Platform

In order to fulfil the contract and in particular to process payments, we will, in accordance with Art. 6 par. 1 letters a and b RGPD, provide your name and e-mail address to our payment service provider Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”). Through the use of the Stripe library, information entered in the order process (e.g. address, bank details, credit card number, invoice amount, currency and transaction number) will not be processed by us but will be transmitted directly to Stripe by your browser. Stripe will use the data exclusively to execute and manage the payment, transmitting it securely through the SSL encryption process. Stripe is certified according to PCI DSS. Stripe transmits, processes and stores personal data outside the European Union. This link provides detailed information on Stripe’s data protection provisions.

4.2. Mobile application / app

4.2.1. Adjust

In order to optimise our app and design it to suit the needs, as well as for our own marketing purposes, we use the evaluation and usage analysis tool Adjust from Adjust GmbH, Saarbrücker Str. 36, 10405 Berlin (“Adjust”). We use Adjust to understand through which channels our users reach us and install our app. When you click on a link managed by Adjust, you will be directed to the desired app store via an Adjust server. Adjust will process for us the anonymized IP and Mac addresses as well as the corresponding installation and event data. Neither we nor Adjust will be able to identify an individual. The information collected is only used for the above-mentioned evaluation purposes, in particular to analyse the function and use of the app, and to generate anonymised evaluations and graphs on the number of visits, the number of pages viewed per user, etc.

4.2.2. Apple Health Kit and Google Fit

To optimize fitness monitoring and health management, you have the possibility to use for the Apple Health Kit or Google Fit app the data collected by our services through the interface of the different providers. This is only possible if you explicitly consent to the process through your device settings. If you consent, we will store the following personal information on our servers:

Start time of the given steps

Steps given measured in meters

Number of steps taken

How health data is used in the Apple HealthKit app or the Google Fit app is beyond our reach and perception. You can object to this data processing at any time by turning off the feature in your device settings. For this reason, we recommend that you review Apple’s or Google’s privacy policy before you activate each feature.

4.2.3. Sentry

We want to offer our users the best possible customer experience, so we continuously improve and develop our app through updates. We thoroughly test each version before releasing it. Even so, it is not possible to exclude in advance with certainty all malfunctions, caused for example by programming errors. That’s why we use Sentry, an error analysis tool from Functional Software Inc, 132 Hawthorne St, San Francisco, CA 94107, USA. (“Sentry”). In order to improve the accessibility and technical stability of our app by monitoring system stability and detecting code errors, we may automatically send the following information to Sentry in the event of a software error:

Device information (type, brand, operating system, version and browser type)

IP address of the device used

Name

Time when the error occurred

The legal basis for the above-mentioned treatments is Art. 6 par. 1 letter f RGPD. No evaluation will be carried out for advertising purposes. The data will be collected anonymously, used in a non-personalized manner and then deleted. This analysis will help us to further improve our app and correct undetected code errors. Such processing is in our legitimate interest since the data is used exclusively for error identification and analysis. More information about Sentry’s data processing and operation is available in the Sentry privacy statement: https://sentry.io/privacy/

If personal data are processed in this way, you may object to their processing at any time, informing us that you do not wish your data to be processed in the future. Use the contact options of our data protection delegate for this purpose.

4.2.4. Snowplow

For the sake of a design adapted to the needs and a continuous optimization of our offer, we use according to Art. 6 par. 1 letter f RGPD the open source analysis service Snowplow. This is installed on our own servers. Therefore, only the following data will be provided to our hosting service:

Device information (e.g. type, brand, operating system, browser version and type, etc.)

Operating system used (e.g. iOS 11)

Name of supplier (e.g. Vodafone)

Events recorded in the app that indicate use of certain features, such as your personal training plan, activity logs, recipe requests or duration of use

Such treatment to optimize our offer is considered our legitimate interest. The data will be stored in compliance with the legal storage periods and will be automatically deleted at the end of these periods. You may oppose such processing at any time by informing us that you do not wish your data to be processed in the future. Please use the contact options of our data protection officer for this purpose.

4.2.5. Amplitude

For the sake of continuous optimisation and design in line with the needs of our app, we use in accordance with Art. 6 par. 1 letter f RGPD the Amplitude Analysis Tool from Amplitude Analytics Inc., 501 2nd Street Suite 100, San Francisco, California 94107, USA. (“Amplitude”). This tool helps us to better understand the usage behavior of our users and to draw conclusions regarding additional optimization needs. To do so, we use the Amplitude library, which treats the following data:

Device information (type, brand, operating system)

IP address of the device used

Name of supplier (e.g. Vodafone)

Interaction with the app

Name

Email address

Age

Weight

Height

Sex

This allows us to generate usage profiles that we will use exclusively for the above-mentioned purposes. Amplitude is certified according to the Privacy Shield Framework and therefore complies with the European standards for data processing on demand in accordance with the law. You may object to such data processing at any time by informing us that you do not wish your data to be processed in the future. Please use the contact options of our data protection officer for this purpose. You will find additional information about data processing by Amplitude in the privacy statement of Amplitude at https://amplitude.com/privacy. If you have any questions, please contact Amplitude’s data protection officer directly: contact@amplitude.com.

4.2.6. Cloudinary

In order to manage the photos you upload through the app in an optimized way and to present them in your profile, we use according to Art. 6 par. 1 letter a and Art. 9 par. 2 letter a RGPD the cloud-based optimization tool of Cloudinary Ltd., 111 W Evelyn Ave, Suite 206, Sunnyvale, CA 94086, USA. (“Cloudinary”). When a photo is uploaded through the app, that photo will be saved to Cloudinary’s servers. Cloudinary is certified according to the Privacy Shield Framework and therefore complies with European standards for the processing of data on demand in accordance with the law. In addition, Cloudinary provides us with a contractual guarantee that we will have exclusive access to such data. You may object to such processing at any time by informing us that you do not wish your data to be processed in the future. Please use the contact options of our data protection representative for this purpose. You will find additional information about data processing and the protection of your privacy on the Cloudinary website: http://cloudinary.com/privacy and http://cloudinary.com/tos.

4.2.8. Automatic notifications via MixPanel

In order to be able to design and continuously optimize our offer tailored to each individual user, we use the services of the external provider MixPanel for the correct orientation of the automatic notifications. MixPanel is a technical support tool to which we transmit or which automatically transmits to us the following information

Type of device (e.g. iPhone 8)

IP address

Location

Language used

Time Zone

Operating system used (e.g. iOS 11)

E-mail address

Age

Status data of your possible subscription

City

Zip Code

Type of mutual or health insurance subscribed

App-generated events, performance parameters, performance and usage data

By allowing the app to send you automatic newsletters, you consent to the processing of the above data in the manner described here. Therefore, the processing will be carried out according to Art. 6 par. 1 letter a RGPD. You can object to the processing of your data at any time by deactivating the automatic notifications in the configuration of your device or by informing us that you do not wish your data to be processed in the future. Use the contact options of our data protection delegate for this purpose.

5. Target group outside the European Union

As indicated in sections 3.4 and 3.5, the data may also be provided to recipients based outside the European Union or the European Economic Area. This is especially the case for processing indicated by means of analysis and segmentation technologies that may result in a transmission of data to the servers of service providers. Other recipients may be associated service providers that we need to provide our services, for example hosting, CRM tools or analysis services. Such servers may be located outside the European Union, in particular in the United States. We will take particular care that such service providers ensure data protection levels equivalent to those of the RGPD and that the rules in force are respected. Thus, we will only cooperate with service providers certified according to the EU-US Privacy Shield. For this certificate, the European Commission has verified under file number C(2016) 4176 the adequacy of the level of data protection as provided for in Art. 45 RGPD. These certified service providers thus comply with the European standards for data processing in accordance with the law. We have also collected contractual guarantees from all service providers based in other European Union countries to the extent that they will ensure compliance with such EU rules and the rights of data subjects, for example in accordance with the standard contractual clauses of the European Commission.

6. Your rights

6.1. Summary

In addition to the right to object at any time to the consents you have given us, you also have the following rights, provided the respective legal conditions are met:

Right to information about your personal data held by us according to Art. 15 RGPD

In case of transfers according to Art. 46, 47 or 49 par. 1 no. 2 RGPD, right to information or reference to adequate or appropriate guarantees and possibility to obtain a copy of them or to dispose of them

Your personal data stored by us according to Art. 15 RGPD

Right to rectify incorrect data or to complete correct data according to Art. 16 RGPD

Right to delete your data stored by us according to Art. 17 RGPD

Right to limit the processing of your data according to Art. 18 RGPD

Right to the portability of data according to Art. 20 RGPD

6.2. Right of opposition

Under the conditions of Art. 21 par. 1 RGPD, the data subject may object to the processing of data on grounds arising from his/her particular situation.

The above right of general objection is valid for all the purposes of processing described in this privacy policy and pursued according to Art. 6 par. 1 letter f RGPD. In contrast to the special right of objection to the processing of data for advertising purposes (see section 3.3), we are only obliged under the GPRS to apply this general right of objection if you give us reasons of particular importance (e.g. danger to life or limb). You also have the option of addressing the supervisory authority.

7. Data security

For our infrastructure and the processing of your data we apply maximum levels of information security. For example, we use computer protection mechanisms such as firewalls and data encryption. For our buildings and data we have installed physical access controls. Access to our customers’ personal data is only permitted to those employees who need it to perform their duties.

In addition, all the data you provide personally, including your payment details, will be transmitted using the usual secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used in online banking, for example. You can recognize a secure SSL connection, among other things, by the S added to the http (i.e. https://…) in the address bar of your browser or the lock symbol at the bottom of your browser.

We also apply appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, total or partial loss and unauthorized access by third parties. Our security measures are continuously checked in accordance with technological progress, regularly adapted to the relevant risk and improved if necessary.

Version: 1.0

Effective date: 15 March 2020