Data protection declaration for the website www.keleya.de
In the following we inform you about the processing of your personal data when using our keleya products.
Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
“Responsible” within the meaning of the EU General Data Protection Regulation and other national data protection laws as well as other data protection regulations are those who process personal data.
Name and contact details of the person responsible for processing
57 / 5,000 Translation results Translation result Victoria Engelhardt, Julia Neumann (Managing Directors)
Keleya Digital-Health Solutions GmbH
Tel.: +49 (0) 176 470 740 00
Name and contact details of the data protection officer
You can reach our data protection officer at firstname.lastname@example.org or at our postal address with the addition “the data protection officer”.
Collection and storage of personal data and the type and purpose of their use
Calling up the website keleya.de
When you visit our website www.keleya.de, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
IP address of the requesting computer,
date and time of access,
name and URL of the retrieved file,
Website from which access is made (referrer URL),
Browser used and, if applicable, the operating system of your computer as well as
the name of your access provider.
The data mentioned are processed by us for the following purposes:
Ensuring a smooth connection establishment of the website,
Ensuring comfortable use of our website,
Evaluation of system security and stability as well as for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In keinem Fall verwenden wir die erhobenen Daten zu dem Zweck, Rückschlüsse auf Ihre Person zu ziehen.
Download the keleya apps from the App Store
When downloading the mobile keleya apps, certain information is transferred to the Apple App Store or Google Play Store, i.e. in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.
Installing the app on your device – data collection in log files
The following information is recorded in so-called log files without your intervention and stored until it is automatically deleted:
Language and version of the operating system
Platform used (iOS or Android)
The aforementioned data will be processed by us for the following purposes:
Ensuring a smooth connection establishment of the app,
Ensuring comfortable use of our app,
Evaluation of system security and stability as well as for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
Registration of your keleya user account
You can create a keleya user account via our login system. For the registration we need at least the following data:
The legal basis for processing is Art. 6 para. 1 p. 1 lit. c and f DSGVO, the processing serves the performance of the contract and the protection of the legitimate interests of the controller or a third party.
Use of motivational text messages via push notifications in the keleya apps.
At the beginning of using our mobile apps, you have the option to enable push notifications. Push notifications are short messages that are shown on the display with your consent. In it you will be informed by us about news or you will be sent texts that will serve your motivation.
In case of using Push Services, your device will be assigned a Device Token from Apple or a Registration ID from Google. These are encrypted, anonymized device IDs. It is not possible to draw conclusions about the individual user.
The purpose of their use by us is solely to provide the Push Services. If you do not give permission, we will not use this data.
To unsubscribe from push messages later, you can use the unsubscribe option in your settings. You can find these under the settings of the respective favorites.
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f DSGVO, the processing serves the legitimate interests of the controller or a third party.
Sign up for our newsletter
Unless you have objected, we will use your email address to send you updates on the current week of pregnancy and tips for your personal pregnancy and advertisements for similar articles or services. You can object to this use of your contact address at any time by clicking on the unsubscribe link at the end of each newsletter or by sending a notification to email@example.com .
The following data will be transmitted:
Nickname given by the user
Calculated or actual date of birth given by the user.
E-mail address provided by the user
Symptoms tracked by the user
In addition, the following data is collected during registration:
Date and time of registration
Operating system used (iOS or Android)
Country of origin of the application
We use the tool of the company Sendinblue GmbH for sending the newsletter.
Sendinblue uses the data in accordance with the contract exclusively for sending the newsletter. We do not otherwise pass on any data to third parties in connection with the data processing for sending the newsletter.
Purchase of subscriptions and their renewal
If you purchase further subscriptions from us via the keleya apps or extend such subscriptions via the keleya apps, the related data will be stored by us for the purpose of fulfilling the contract.
This use of data is based on Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.
The relevant data will be stored by us for as long as it is required for processing and fulfillment of the contract.
Further active use of the keleya apps
If you actively use the keleya apps, we will process further personal data, in particular
Your activities in the respective app, e.g. frequency or duration of use
Preferences and symptoms you specify
Optional to be specified by you:
Food intolerances that you have indicated
This data is necessary for us to be able to offer you all the functions of our mobile app.
The legal basis for this is Art. 6 para. 1 p. 1 lit. f DSGVO – the processing serves to protect the legitimate interests of us as the controller.
Purchase of premium services via keleya.de website
These are provided by the payment service provider Stripe Payments Europe, Ltd.
The payment services for the Contractor are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively referred to as the “Stripe Services Agreement” ). In addition to these COMPANY Terms and Conditions, Customer/Customer accepts Stripe’s “Stripe Services Agreement” terms and conditions relating to the Payment Services.
Purchase keleya online courses (web-based)
We also offer online courses for purchase through our website. For this purpose, we use the service elopage (elopage GmbH, Kurfürstendamm 182, 10707 Berlin, Germany). Once you click on one of these product buttons for courses, you will leave our website and be redirected to our individual elopage sales page.
We have concluded a corresponding contract with elopage GmbH as our order processor in accordance with Art. 28 DSGVO. The legal basis for the processing of personal data when forwarding from our website to the sales page via elopage results in the present case from Art. 6 para. 1 p. 1 lit. b).
Participation in user surveys
We use the survey service Typeform (TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, 1-2, Spain) to improve our users’ experience with attractively designed surveys and to request contact information through the registration form. The legal basis for the use of Typeform is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO for the collection of input data and your consent pursuant to Art. 6 para. 1 lit. f). Typeform collects access data (IP address) and input data. We collect the data you enter in the form and technical data that we need for the technical functioning and maintenance of our service.
Registration and billing via insurance
Through our insurance partners, you have the option of using keleya’s services and having the costs covered directly by your insurance company.
When you register, we process data that is relevant for the verification of a benefit claim and billing, such as:
First and last name
Date of birth
Insured person number
Calculated date, or date of birth of the child
As part of the verification and billing process, we transmit this data in encrypted form to the respective insurance partner that you specified during registration for verification. For this purpose, we use the respective servers of the insurance companies or the billing software of the DMRZ (Deutsches Medizinrechenzentrum GmbH, Wiesenstr. 21, D-40549 Düsseldorf). We have concluded a corresponding contract with the insurance partners and the DMRZ as our order processors in accordance with Art. 28 DSGVO.
Contacting Customer Support
If you contact keleya Customer Support at firstname.lastname@example.org we will process personal data such as:
Name or alias (optional)
We use the tool of the company Zendesk Inc. for processing customer requests.
In accordance with the contract, Zendesk uses the data exclusively for processing tickets in the support system. We do not otherwise disclose any data to third parties in connection with data processing for customer inquiries. Zendesk also has no connection to our keleya databases, so no data we collect related to app use or other interactions is shared with the provider.
We have worked with Zendesk Inc. as our processor concluded a corresponding contract in accordance with Art. 28 DSGVO.
We will only disclose your personal data to third parties under certain conditions. In the following we inform you about these requirements.
If you want to use the data according to Art. 6 para. 1 p. 1 lit. a DSGVO have given express consent to do so, we will share your personal data with third parties.
Origin of the data
In principle, we collect the data from the data subject. In certain cases, we also receive data because you have consented to its transfer to us.
We store personal data only as long as we are entitled to do so and the purpose of processing has not ceased to apply. The respective statutory retention period applies to the duration of the storage of personal data. After expiry of the deadline, the corresponding data will be routinely deleted, provided that they are no longer required for the fulfillment or initiation of the contract.
Existence of automated decision making
We do not use automatic decision-making or profiling.
Representation of legal claims
According to Art. 6 para. 1 p. 1 lit. f DSGVO, we may disclose your personal data to third parties if this is necessary for the assertion, exercise or defense of legal claims. There must also be no reason to assume that you have an overriding interest worthy of protection in your data not being passed on.
We pass on your personal data if there is a legal obligation according to Art. 6 para. 1 p. 1 lit. c GDPR exists for this purpose.
If the disclosure of your personal data is permitted by law and this is necessary for the processing of a contractual relationship with you, we may disclose your data to third parties for this purpose.
Third party websites
Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we thereby obtain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO required.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO carried out. With the tracking measures used, we want to ensure that our products are designed to meet the needs of our customers and are continuously optimized. On the other hand, we use the tracking measures to statistically record the use of our products and to evaluate them for the purpose of optimizing our offer for you. These interests are to be considered legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
For the purpose of demand-oriented design and continuous optimization of our products, we use Google Analytics, a web analytics service provided by Google, Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see under item 4) are used. The information generated by the cookie about your use of this website such as
operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
Time of the server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. In no case will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de) or deactivate Google Analytics in the menu of your end device.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set that prevents future collection of your data when visiting this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de), for example.
Google Adwords Conversion Tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In the process, Google Adwords sets a cookie (see section 4) on your computer if you have accessed our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords client’s website and the cookie has not yet expired, Google may
and the customer recognize that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked through the websites of Adwords customers. The information collected using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords clients will learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
Google Dynamic Remarketing
If you do not want to receive personalized ads, you can set an opt-out cookie:
You can block personalized ads by installing an appropriate browser plug-in, which you can find here:
You can also block personalized ads from Google and other ad networks by opting out on the following page:
Facebook Pixel (Facebook Custom Audiences)
Furthermore, we use the so-called “Facebook Pixel” from Facebook (Facebook Inc.,, 1601 S California Ave, Palo Alto, California 94304, USA) on our website. As a result, interest-based advertisements (“Facebook Ads”) can be displayed to users of our website when they visit the Facebook social network or other websites that also use this method. be Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data that is collected through the use of this tool by Facebook and therefore inform you according to our state of knowledge: By integrating the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or called up the corresponding web page of our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP address and other identifying features.
With the use of the Facebook pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offering. With the help of the Facebook pixel, we therefore want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, we can use the Facebook pixel to track the effectiveness of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad. The legal basis for the use of the Facebook pixel is Art. 6 para. 1 lit. F GDPR.
You can object to the use of the Facebook pixel at any time by using the following opt-out option:
Third party vendor information can be found here: http://www.facebook.com/policy.php ; more information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo .
For our keleya apps, we use AppsFlyer, an analytics service provided by AppsFlyer Ltd. The information generated by AppsFlyer about the use of the keleya apps is usually transmitted to a server outside Germany and stored there. In the code of the keleya apps, we have enabled IP anonymization so that the IP address of users is shortened before it is stored by AppsFlyer Ltd. On our behalf, Google and AppsFlyer Ltd. will use the anonymous information to evaluate the use of the keleya Apps and to compile reports for us about your activities in the keleya Apps. In your device’s privacy settings, you can further restrict the way AppsFlyer works. You can also send an e-mail to email@example.com if you do not want to allow AppsFlyer. You can find more information about privacy at Appsflyer here: https://www.appsflyer.com/de/trust/privacy/ .
Payment service provider
Provision of the payment service by Stripe Payments Europe, Ltd.
The payment services for purchases made through our website are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are governed by the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively referred to as the “Stripe Services Agreement”). In addition to these keleya Terms and Conditions, Customer accepts Stripe’s “Stripe Services Agreement” terms and conditions relating to the Payment Services.
Provision of the payment service by PayPal (Europe) S.à r.l. et Cie, S.C.A.
If the data subject selects “PayPal” as a payment option during the ordering process in our online store, data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process the data on its behalf.
The data subject has the possibility to revoke the consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.
Data subject rights
You have the following rights as a data subject of the data processing:
In accordance with Art. 15 DSGVO, you are entitled to request information about your personal data processed by us.
In particular, you can request information about
the purposes of processing,
the category of personal data,
the categories of recipients to whom your data have been or will be disclosed,
the planned storage period,
the existence of a right to rectification, erasure, restriction of processing or opposition,
the existence of a right of appeal,
the origin of their data, if this data was not collected by us, as well as
about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
In accordance with Art. 16 of the GDPR, you have the right to request the following:
immediate correction of incorrect personal data stored by us
immediate completion of your personal data stored by us;
Pursuant to Art. 17 DSGVO, you are entitled to request the deletion of your personal data stored by us unless the processing
to exercise the right to freedom of expression and information,
to fulfill a legal obligation,
for reasons of public interest or
is necessary for the assertion, exercise or defense of legal claims;
Pursuant to Art. 18 DSGVO, you are entitled to request the restriction of the processing of your personal data to the extent that
the accuracy of the data is disputed by you,
the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims, or
you have objected to the processing pursuant to Art. 21 DSGVO;
In accordance with Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
Pursuant to Art. 7 para. 3 DSGVO, you have the right to revoke your consent at any time. Thereafter, we may no longer continue the data processing that was based on this consent for the future.
According to Art. 77 DSGVO, you are entitled to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Transfer to third countries
We create an appropriate level of data protection when transferring data to third countries by adhering to the EU Commission’s standard contractual clause in accordance with. Art. 46 par. 2 lit. c DSGVO serve. We do not use these standard contractual clauses if an adequacy decision of the EU Commission exists for the respective third country, i.e. that an adequate level of data protection already exists for these third countries.
Right of objection
If your personal data is collected on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation on your part.
If you wish to exercise your right of revocation or objection, simply send an e-mail to firstname.lastname@example.org .
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Only employees who are obligated in accordance with the provisions of Article 32 in conjunction with. Article 5 of the General Data Protection Regulation (GDPR). After completion of the ordered services, the data of the participants will be deleted in such a way that it is not possible to restore the data.