Eine schwangere Frau sitzt am Tisch und hat ein Handy und einen Laptop auf dem Tisch vor sich.

Data Protection for the Keleya App
In addition to our online offer, we provide you with a mobile app that you can download to your mobile device.

In the following we inform about the collection of personal data when using our mobile app.

Personal data is any data referring to your person, e.g. name, address, email addresses, user behavior.

Below we explain how we handle your data when you use the Keleya app.

1. Name and contact information of the controller
Keleya Digital-Health Solutions UG
Volksdorfer Strasse 25
c/o A. Leuchte
22081 Hamburg, 
Germany
Tel.: +49 (0)177 863 9959
Email: info@keleya.de
Website: keleya.de/en

2. Name and contact information of the data protection officer:
You can reach our data protection officer under datenschutz@keleya.de or our postal address with the recipient-addition “the data protection officer”.

3. Collection and storage of personal data and the nature and purpose of their use when using the Keleya app
a) Downloading the Keleya app over the App-Store
Downloading the Keleya mobile app will transfer certain information to the App Store, in particular your account username, email address and account number, time of download, payment information and unique device code. We have no influence on this data collection and are not responsible for it. We only process the data as far as necessary for downloading the mobile app to your mobile device.

b) Installing the app on your device – Data collection in log files
The following information is recorded without your intervention in so-called log files and stored until automated deletion:

  • Language and version of the operating system
  • Used platform (iOS or Android)

The data mentioned is processed by us for the following purposes:

  • Ensuring a smooth connection setup of the app,
  • ensuring comfortable use of our app,
  • evaluation of system security and stability, as well as
    for further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

c) Registration of your Keleya user account
You can create a Keleya user account via our login system. For registration we need at least the following data:

  • Nickname (pseudonym)
  • Email address
  • Password

Before registration is complete, you must confirm that you have read our privacy policy and accept our terms and conditions. In the Keleya app, further data will be requested during the “Onboarding”. This will be described below.

Legal bases for processing are Art. 6 para. 1 p. 1 lit. c and f GDPR, the processing serves the fulfillment of the contract and the preservation of the legitimate interests of the person responsible or a third party.

d) Registration and login with your Facebook user account
Facebook is a social network of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor,
Dublin 2 Ireland).

If you have a Facebook user account, you can also register and log in to your personal Keleya
account using your Facebook login details. To register and use Facebook, Facebook's Privacy Policy
applies, which you can access at https://de-de.facebook.com/about/privacy.
You can register or sign up for a Keleya account using Facebook by clicking the Facebook logo button
as you sign up. You will then be redirected to Facebook. If you are already logged in to Facebook at
this time, Facebook receives your request through you clicking on the button that you want to sign up
for the Keleya account with the help of Facebook. If you are not logged in to Facebook at this time,
you will be asked by Facebook to log in to Facebook by either entering your login details or to register
as a new Facebook user. In any case, the input of your Facebook login details takes place directly on
Facebook’s server. Neither Keleya as a company nor we as its employees will know your Facebook
login details.
Subsequently, Facebook asks whether you want to register with the help of Facebook for the services
of Keleya. Only if you actively agree to this will Facebook grant Keleya access to your name, gender,
email address, profile picture, Facebook profile ID, a link to your Facebook profile, your age group,
your country and your time zone. The Keleya app will only store your name, gender and email address
in order to create your personal Keleya account or update your existing one. Any further information
Keleya receives from your Facebook user account will be discarded. If you do not share your email
address on Facebook with Keleya, you will not be able to sign in with your Facebook account.
If you are using an e-mail address for which you already have a personal Keleya account with
password to log in with your Facebook account, you will be asked by Keleya to enter your Keleya
password so that your existing Keleya account can be linked to your Facebook user account. This will
enable your continued access to all your activities and benefits from your existing Keleya account.
If you decide to register or log in to Keleya using your Facebook login details, Facebook will be made
aware of your request by clicking on the button marked with the Facebook logo. In addition, Facebook
adds a cookie to your browser when you click on the Facebook logo button. With this text file,
Facebook can collect more information about you and your surfing habits. The information generated
by the cookie is regularly transmitted to a Facebook server, which may be located in the United
States. There, this information is stored and possibly merged with your Facebook profile data. User
profiles that are created by Facebook may go beyond what you yourself have disclosed about yourself
on Facebook. For more information, please refer to the Facebook Privacy Policy (https://de-
de.facebook.com/about/privacy).

Your data stored on the Keleya app and / or with us will not be passed on to Facebook at any time,
neither trough the Keleya application nor through us as its employees.
If you would like to disconnect your personal Keleya account from your Facebook account, you can do
so at any time in the settings of your personal Keleya account. If you do not have a Keleya password
yet, you will be asked by Keleya to create one to continue accessing your Keleya account.

Deleting your Facebook account will not affect the existence of your personal Keleya account.

e) Registration and login with your Google user account

If you have a Google Account, you can register and sign up for a Keleya account with your Google
account login details. Google's registration and use of Google Inc. (1600, 1600 Amphitheater Parkway,
Mountain View, CA 94043, USA) is governed by Google's Privacy Policy and Terms of Use and can
be found at http://www.google.com/intl/ de / policies /.

You can register or sign up for a Keleya account using Google by clicking the Google logo button as
you sign up. You will be redirected to Google. If you are already signed in to Google at this point,

Google will be informed of your request to log in with Google for the services of Keleya by you clicking
on the Google logo button to sign up. If you are not logged in to Google at this time, Google will ask
you to sign in to Google either by providing your login details or registering as a new Google user. In
any case, the input of your Google login details takes place directly on Google’s server. Neither
Keleya as a company nor we as its employees will know your Google login details.
Subsequently, Google asks whether you want to register with the help of Google for the services of
Keleya.
Only if you actively agree to this, will Keleya receive your name, email address, profile photo, and
country from Google. The Keleya application stores only your name and email address to create your
personal Keleya account or update your existing one. Any further information that Keleya receives
from your Google account will be discarded.

If you are using an e-mail address for which you already have a personal Keleya account with
password to log in with your Google account, you will be asked by Keleya to enter your Keleya
password so that your existing Keleya account can be linked to your Google user account. This will
enable your continued access to all your activities and benefits from your existing Keleya account.
If you choose to sign up for or log in to Keleya using your Google credentials, Google will be notified of
your preference by you clicking on the Google logo button. Google also adds a cookie in your browser
when you click the Google logo button. Google can use this text file to collect more information about
you and your browsing habits.
The information generated by the cookie is regularly transmitted to a Google server, which may be
located in the United States. There, this information is stored and possibly merged with your Google
profile data.
User profiles that are created by Google may go beyond what you yourself have disclosed about
yourself on Google. For more information, see the Google Privacy Policy
(http://www.google.com/intl/en/policies/).
Your data stored on the Keleya app and / or with us will not be passed on to Google at any time,
neither trough the Keleya application nor through us as its employees.
If you would like to disconnect your personal Keleya account from your Google account, you can do so
at any time in the settings of your personal Keleya account. If you do not have a Keleya password yet,
you will be asked by Keleya to create one to continue accessing your Keleya account.

Deleting your Google account will not affect the existence of your personal Keleya account.

f) Use of motivational short messages via push notifications
When you start using our mobile app, you have the option to enable push notifications. Push notifications are text messages that appear on the display with your consent. Through these we will inform you about news, or send you texts that serve your motivation.

If you use the push services, your device will be assigned an Apple Device Token or a Google Registration ID. These are encrypted, anonymized device IDs. A conclusion on the individual user is excluded.

The purpose of their use by us is solely to provide the push services. If you do not give permission, we will not use this data.

To unsubscribe from the push services later, you can use the opt-out option in your settings. These can be found in the settings of the respective favorites.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR, the processing serves to protect the legitimate interests of the person in charge or a third party.

g) Subscription to our newsletter
If, according to Art. 6 para. 1 sentence 1 lit. a GDPR, you have expressly consented, we use your email address to regularly send you our free newsletter.

The following data is transmitted here:

  • Nickname specified by the user
  • Birth date specified by the user
  • Email address specified by the user

In addition, the following data is collected upon registration:

  • Date and time of registration

We use the MailChimp® tool from The Rocket Science Group, LLC to send the newsletter.

MailChimp uses the data according to the contract exclusively for sending the newsletter. Apart from this, we do not pass on data to third parties in connection with data processing for sending the newsletter.

An un-subscription is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your request for un-subscription to info@keleya.de by email.

h) Use of our contact form
For questions of any kind, we offer you the opportunity to contact us via a form in the app.

The data processing for the purpose of contacting us is in accordance with Art. 6 para. 1 p. 1 lit. a GDPR based on your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request made by you.

i) Purchase and renewal of subscriptions
If you purchase additional subscriptions from us via the Keleya app or renew them through the Keleya app, the related data will be stored with us for the purpose of fulfilling the contract.

This data is used on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

The relevant data will be stored with us as long as necessary for processing and fulfillment of the contract.

j) Further active use of the Keleya app
If you actively use the Keleya app, we process further personal data, in particular

  • Your activities in the app, e.g. frequency or duration of use
  • Food and fitness preferences and symptoms you specify
  • Optionally specified by you:
    • food intolerances specified by you
    • profile photo submitted by you

This data is required by us to offer you all the features of our mobile app.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR – the processing serves to safeguard the legitimate interests of us as the responsible party.

4. Disclosure of data
We only disclose your personal data to third parties under certain conditions. Below we inform you about these prerequisites.


Consent
If, according to Art. 6 para. 1 sentence 1 lit. a GDPR, you have given an express consent to this, we pass your personal data to third parties.

Representation of legal rights
According to Art. 6 para. 1 sentence 1 lit. f GDPR, we may disclose your personal data to third parties if this is necessary for the assertion, exercise or defense of legal claims. There must also be no reason to believe that you have an overriding interest in protecting your data from being shared.

Legal obligation
We will pass on your personal data if a legal obligation under Art. 6 para. 1 sentence 1 lit. c GDPR is present.

Contract
If the disclosure of your personal data is permitted by law and this is necessary for the execution of a contractual relationship with you, we may pass on your data to third parties.

5. Analysis tools by Google
The tracking measures listed below and used by us are based on Art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure needs-based design and the ongoing optimization of our app. In addition, we use the tracking measures to statistically record the use of our app and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision.

We use a set of Google services for our analysis and marketing purposes (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – henceforth “Google”). Through these tools, data about your usage behavior are collected in various ways and statistically evaluated. We also use your information to show you personalized advertising using Google’s services. By using our app, you agree to this. The various services, your options to revoke your consent in a simple way, and other important information will be explained in the following.

For more information on how Google handles the data we submit, please visit: https://www.google.com/intl/en/policies/privacy/partners/

The information generated by Google Tools is usually transmitted to and stored by Google on servers in the United States. Google and its affiliates are certified under the EU-US Privacy Shield.

a) Google Analytics
In our app and on our website we use Google Analytics; a web analytics program from Google. Google Analytics uses cookies that are stored on your device and allow for an analysis of your use. In addition, the IP anonymization process activated by us also triggers Google’s collection of IP addresses beforehand within the European Union. Google will use this information on our behalf to evaluate the use of our services by you and other users and to provide us with relevant reports and other services. The IP address provided by Google Analytics for your device will not be connected with other data provided by Google. A transfer of the data by Google to third parties will take place only due to legal regulations or in the context of contract data processing.

You can prevent the collection and processing of the information generated by the Google cookies by setting an opt-out cookie or by deactivating Google Analytics in the menu of your device. Alternatively, a browser plug-in can be installed which you can find here: https://tools.google.com/dlpage/gaoptout/.

For more information on how Google uses cookies, please refer to the Google Privacy Policy (https://www.google.com/intl/en/policies/privacy/).

b) Firebase
Firebase is a Google subsidiary based in San Francisco, CA. We use the Firebase SDK and Google Analytics for Firebase in our Keleya app. This tool makes it possible to use the same functions in an app as it does for websites with Google Analytics. It uses technologies that work similar to cookies, especially the respective advertising IDs.

We collect information about your usage behavior in the Keleya app. We use this data to make statistical evaluations, to test our offers, and to improve them.

We also use this information for personalized advertising. In addition, we use Firebase to deliver push messages or so-called in-app messages (messages that are only displayed inside the app). In this case, the mobile terminal is assigned a pseudonymized push reference, which serves as the destination for the push messages or in-app messages. The push messages can be deactivated in the settings of the mobile device at any time and can also be reactivated.

If you do not want this kind of data to be collected, you can prevent this via the device settings of your mobile device (opt-out). How you can prevent this data collection on an Android device for example, is explained here: https://www.google.com/policies/technologies/ads/.

On an iOS device, you can find the according options under Settings> Privacy> Advertising.

c) Crashlytics
We also use Crashlytics to analyze the application stability of our Keleya app. Crashlytics is a subsidiary of Google. Crashlytics provides real-time reporting of errors and crashes, simplifying maintenance of the application. None of your personal data will be transmitted, only crash reports with information on codes and device information, such as: Device type and operating system version. Any conclusions about the users are not possible.

The diagnostic information is subject to Crashlytics’ privacy policy, which can be found at the following link: http://try.crashlytics.com/terms/.

6. Rights of persons affected
As subject of the data processing, you have the following rights:

Information
According to Art. 15 GDPR, you are entitled to request information about your personal data processed by us.

In particular, you can request information about

  • the processing purposes,
  • the category of personal data,
  • the categories of recipients to whom your information has been disclosed,
  • the planned storage period,
  • the right to rectification, cancellation, limitation of processing or opposition,
  • the existence of a right of appeal,
  • the source of your data, if it was not collected from us, as well as
  • the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;

Correction
According to Art. 16 GDPR, you have the right to demand:

  • Immediate correction of incorrect personal data stored with us
  • immediate completion of your personal data stored with us;

Deletion
According to Art. 17 GDPR, you are entitled to demand the deletion of your personal data stored by us, unless the processing is needed

  • to exercise the right to freedom of expression and information,
  • to fulfill a legal obligation,
  • for reasons of public interest or
  • to assert, exercise or defend legal claims;

Restriction
According to Art. 18 GDPR, you are entitled to demand the restriction of the processing of your personal data, insofar as

  • the accuracy of the data is disputed by you,
  • the processing is unlawful, but you reject its deletion and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims, or
  • you filed an objection against the processing in accordance with Art. 21 GDPR;

Data portability
According to Art. 20 GDPR, you have the right to receive your personal data provided to us in a structured, standard and machine-readable format or to request the transfer to another person responsible;


Revocation
According to Art. 7 para. 3 GDPR, you have the right to revoke your once given consent at any time. Thereafter we may not continue the data processing based on this consent for the future.


Complaint
According to Art. 77 GDPR you are entitled to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work, or our company headquarters.

7.Transmission to third countries
Our service providers also process data in countries outside the European Economic Area (“EEA”). In order to ensure the protection of your personal rights also in the context of these data transfers, we use the standard contractual clauses of the EU Commission in structuring the contractual relationships with the recipients in third countries in accordance with Art. 46 para. 2 lit. c GDPR. For the U.S., the European Commission has decided by decision on 12.07.2016, that under the regulations of the EU-U.S. Privacy Shield an appropriate level of data protection exists (adequacy decision, Art. 45 GDPR). Further information – including the certification of the service providers we use – is available at https://www.privacyshield.gov. We use only U.S. service providers who are certified under the EU-U.S. Privacy Shield.

8.Decision making
In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to justify and implement the business relationship. If we use these procedures in individual cases, we will inform you about this and about your respective rights separately, as far as this is prescribed by law.

9.Right of objection
If your personal data, based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, is processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection that is implemented by us without specifying any particular situation on your part.

If you would like to exercise your right of revocation or objection, please send an email to info@keleya.de.

10. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11.Updating and changing this privacy policy
This privacy policy is currently valid and is valid as of May 2018.

Due to the further development of our Keleya app or our offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be viewed at any time in the Keleya app. You can get it on the Keleya website keleya.de/app/privacy and print it out.