The recent updates due to the new EU General Data Protection Regulation (GDPR), effective as of May 25, 2018:
- make it easier for you to understand which data we collect and how we use it
- give you increased control over your data
- and provide a detailed explanation of your rights as a user.
User Provided Information
The Application obtains the information you provide when you download and register the Application. Registration with us is optional. However, please keep in mind that you may not be able to use some of the features offered by the Application unless you register with us.
a) Mandatory Information: You have to provide us with certain information in order to register with us:
- email address and password
b) Optional Information: Certain information is optional during registration and can also be added or deleted later on by you, such as:
- your first and last name
- profile picture
- height and weight
c) information you provide us when you contact us for help;
d) Health & Fitness Activity Information
- fitness activities: e.g. start time, duration, calories, heart rate;
- public profile (photo, first name, last name, email)
You become visible in the Application with the data in your public profile. This information helps other users to find you in the Application. At the same time, other users can see your first and last name (if provided), or your email address, your profile photo and they can recognize you using this information if necessary.
f) Friendship Information
- sent friendship requests: time, user;
- accepted friendship requests: time, user;
g)Payment and Subscription Information. We use payment providers (e.g. Apple, Google,) to process payments. Although we do not store any credit card information ourselves, we store a payment ID number that is given out by the respective provider and can be allocated to a person by that payment provider, as well as duration of your subscription, price, currency, VAT (based on country info), and payment provider.
Automatically Collected Information
In addition, the Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.
Registration via Facebook
If you register an account via social login, we will receive the following information:
Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): First and last name, email address, gender, birthdate, profile picture;
Import Fitness Activity Information from Connected Accounts
Apple HealthKit. We use Apple’s (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”) HealthKit framework, which provides a central repository for health and fitness data on iPhone and Apple Watch and – with the user’s explicit consent – lets apps communicate with the HealthKit store to access and share this data. We process the following Data, obtained through the HealthKit framework and the Apple CoreMotion processor, for the purposes described below and with explicit consent by the user: workouts, calories, distance, duration, and heart rate. New data attributes may be added to the HealthKit framework, which will be portrayed in the Product and which you have to consent to. Zero one GmbH does not use information gained through the HealthKit framework for advertising or similar services. You can always stop the Application from accessing your data by changing the settings of your mobile device.
Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.
We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Google Marketing Services
On our apps we use the marketing and re-marketing services of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) that allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through (re-)marketing ads and products are displayed to users relating to an interest established by activity on other apps within the Google Network. For these purposes, a code is used by Google when our app is accessed and what are referred to as (re-)marketing tags are incorporated into the app. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains. This file records which apps users have visited, which content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring apps, the length of the visit as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated.
All user data will only be processed as pseudonymous data. Google does not store any names or email addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.
One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.
The legal basis for the use of this service is Article Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google: http://www.google.com/ads/preferences. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Fabric Data Collection Policies
Identifiable data collected
Fabric services process some of your end users’ personal data to provide the service to you. The chart below has examples of how various Fabric services use and handle end-user personal data.
Effective with SDK versions 1.3.7 on iOS or 1.4.2 on Android and higher.
Personal Data collected:
For versions prior to 1.3.7 on iOS and 1.4.2 on Android:
How data helps provide the service:
Personal Data collected:
How data helps provide the service:
Personal Data collected:
How data helps provide the service:
Information on the rights of data subjects
Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.
Information on the option to lodge a complaint
You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.
Information on withdrawal of consent
You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.
Right in the event that data is processed for direct marketing purposes
You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.
Information on right to object in the case of balance of interests
If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.
You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. You can also request to opt-out via email, at email@example.com.
We will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate. If you’d like us to delete User Provided Data that you have provided via the Application, please contact us at firstname.lastname@example.org and we will respond in a reasonable time. Please note that some or all of the User Provided Data may be required in order for the Application to function properly.
We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at email@example.com. We will delete such information from our files within a reasonable time.
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
The controller and data protection officer of data processing is Zero One GmbH, Tewaagstr. 4, 44141 Dortmund, Germany. You can contact us via email at firstname.lastname@example.org.