In the following we inform you about the processing of your personal data when using our keleya products.

Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

“Responsible” within the meaning of the EU General Data Protection Regulation and other national data protection laws as well as other data protection regulations are those who process personal data.

1. Name and contact details of the person responsible for processing

57 / 5,000 Translation results Translation result Victoria Engelhardt, Julia Neumann (Managing Directors)

Keleya Digital-Health Solutions GmbH

Max-Beer-Straße 25

10119 Berlin,

Germany

Tel.: +49 (0) 176 470 740 00

E-Mail: info@keleya.de

Webseite: https://keleya.de

2. Name and contact details of the data protection officer

You can reach our data protection officer at datenschutz@keleya.de or at our postal address with the addition “the data protection officer”.

3. Collection and storage of personal data and the type and purpose of their use

1. Calling up the website keleya.de

When you visit our website www.keleya.de, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

• IP address of the requesting computer,

• date and time of access,

• name and URL of the retrieved file,

• Website from which access is made (referrer URL),

• Browser used and, if applicable, the operating system of your computer as well as

• the name of your access provider.

The data mentioned are processed by us for the following purposes:

• Ensuring a smooth connection establishment of the website,

• Ensuring comfortable use of our website,

• Evaluation of system security and stability as well as for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In keinem Fall verwenden wir die erhobenen Daten zu dem Zweck, Rückschlüsse auf Ihre Person zu ziehen.

2. Download the keleya apps from the App Store

When downloading the mobile keleya apps, certain information is transferred to the Apple App Store or Google Play Store, i.e. in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.

3. Installing the app on your device – data collection in log files

The following information is recorded in so-called log files without your intervention and stored until it is automatically deleted:

• Language and version of the operating system

• Platform used (iOS or Android)

The aforementioned data will be processed by us for the following purposes:

• Ensuring a smooth connection establishment of the app,

• Ensuring comfortable use of our app,

• Evaluation of system security and stability as well as for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

4. Registration of your keleya user account

You can create a keleya user account via our login system. For the registration we need at least the following data:

• Nickname (Pseudonym)

• E-mail address

• Password

Before the registration is complete, you must confirm that you have read our privacy policy and accept our general terms and conditions. Further data is then requested in the keleya apps in the course of “onboarding”. This is described below.

The legal basis for processing is Art. 6 para. 1 p. 1 lit. c and f DSGVO, the processing serves the performance of the contract and the protection of the legitimate interests of the controller or a third party.

5. Use of motivational text messages via push notifications in the keleya apps.

At the beginning of using our mobile apps, you have the option to enable push notifications. Push notifications are short messages that are shown on the display with your consent. In it you will be informed by us about news or you will be sent texts that will serve your motivation.

In case of using Push Services, your device will be assigned a Device Token from Apple or a Registration ID from Google. These are encrypted, anonymized device IDs. It is not possible to draw conclusions about the individual user.

The purpose of their use by us is solely to provide the Push Services. If you do not give permission, we will not use this data.

To unsubscribe from push messages later, you can use the unsubscribe option in your settings. You can find these under the settings of the respective favorites.

The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f DSGVO, the processing serves the legitimate interests of the controller or a third party.

6. Sign up for our newsletter

Unless you have objected, we will use your email address to send you updates on the current week of pregnancy and tips for your personal pregnancy and advertisements for similar articles or services. You can object to this use of your contact address at any time by clicking on the unsubscribe link at the end of each newsletter or by sending a notification to info@keleya.de .

The following data will be transmitted:

• Nickname given by the user

• Calculated or actual date of birth given by the user.

• E-mail address provided by the user

• Symptoms tracked by the user

In addition, the following data is collected during registration:

• Date and time of registration

• Operating system used (iOS or Android)

• Country of origin of the application

We use the tool of the company Sendinblue GmbH for sending the newsletter.

Sendinblue uses the data in accordance with the contract exclusively for sending the newsletter. We do not otherwise pass on any data to third parties in connection with the data processing for sending the newsletter.

7.  Purchase of subscriptions and their renewal

If you purchase further subscriptions from us via the keleya apps or extend such subscriptions via the keleya apps, the related data will be stored by us for the purpose of fulfilling the contract.

This use of data is based on Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.

The relevant data will be stored by us for as long as it is required for processing and fulfillment of the contract.

8. Further active use of the keleya apps

If you actively use the keleya apps, we will process further personal data, in particular

• Your activities in the respective app, e.g. frequency or duration of use

• Preferences and symptoms you specify

• Optional to be specified by you:

• Food intolerances that you have indicated

• 
  

This data is necessary for us to be able to offer you all the functions of our mobile app.

The legal basis for this is Art. 6 para. 1 p. 1 lit. f DSGVO – the processing serves to protect the legitimate interests of us as the controller.

9. Purchase of premium services via keleya.de website

These are provided by the payment service provider Stripe Payments Europe, Ltd.

The payment services for the Contractor are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively referred to as the “Stripe Services Agreement” ). In addition to these COMPANY Terms and Conditions, Customer/Customer accepts Stripe’s “Stripe Services Agreement” terms and conditions relating to the Payment Services.

10. Purchase keleya online courses (web-based)

We also offer online courses for purchase through our website. For this purpose, we use the service elopage (elopage GmbH, Kurfürstendamm 182, 10707 Berlin, Germany). Once you click on one of these product buttons for courses, you will leave our website and be redirected to our individual elopage sales page.

All functions on the sales page as well as the entire downstream sales processing are carried out via elopage. You can find the privacy policy of elopage at https://elopage.com/privacy . We have a separate privacy policy on our elopage sales website, which you should also read.

We have concluded a corresponding contract with elopage GmbH as our order processor in accordance with Art. 28 DSGVO. The legal basis for the processing of personal data when forwarding from our website to the sales page via elopage results in the present case from Art. 6 para. 1 p. 1 lit. b).

11. Participation in user surveys

We use the survey service Typeform (TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, 1-2, Spain) to improve our users’ experience with attractively designed surveys and to request contact information through the registration form. The legal basis for the use of Typeform is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO for the collection of input data and your consent pursuant to Art. 6 para. 1 lit. f). Typeform collects access data (IP address) and input data. We collect the data you enter in the form and technical data that we need for the technical functioning and maintenance of our service.

The personal data are processed by Typeform. You can learn more about Typeform’s privacy policy here: https://admin.typeform.com/to/dwk6gt. The deposited data will be stored on the servers of TYPEFORM S.L. until the purpose for processing ceases to apply or the consent for processing has been revoked. You can request information about the personal data in question. You also have the right to rectification, erasure, restriction of processing, objection and data portability. Your given consent to the processing can be revoked at any time with effect for the future. To do so, please send us an e-mail.

12. Registration and billing via insurance

Through our insurance partners, you have the option of using keleya’s services and having the costs covered directly by your insurance company.

When you register, we process data that is relevant for the verification of a benefit claim and billing, such as:

• First and last name

• Date of birth

• Insured person number

• Calculated date, or date of birth of the child

As part of the verification and billing process, we transmit this data in encrypted form to the respective insurance partner that you specified during registration for verification. For this purpose, we use the respective servers of the insurance companies or the billing software of the DMRZ (Deutsches Medizinrechenzentrum GmbH, Wiesenstr. 21, D-40549 Düsseldorf). We have concluded a corresponding contract with the insurance partners and the DMRZ as our order processors in accordance with Art. 28 DSGVO. 

Information on the DMRZ privacy policy can be found here: https://www.dmrz.de/datenschutzerklaerung . 

13. Contacting Customer Support

If you contact keleya Customer Support at info@keleya.de we will process personal data such as:

• Mail address

• Name or alias (optional)

We use the tool of the company  Zendesk Inc. for processing customer requests.

In accordance with the contract, Zendesk uses the data exclusively for processing tickets in the support system. We do not otherwise disclose any data to third parties in connection with data processing for customer inquiries. Zendesk also has no connection to our keleya databases, so no data we collect related to app use or other interactions is shared with the provider.

We have worked with Zendesk Inc. as our processor concluded a corresponding contract in accordance with Art. 28 DSGVO. 

4. Data sharing

We will only disclose your personal data to third parties under certain conditions. In the following we inform you about these requirements.

1. Consent

If you want to use the data according to Art. 6 para. 1 p. 1 lit. a DSGVO have given express consent to do so, we will share your personal data with third parties.

2. Origin of the data

In principle, we collect the data from the data subject. In certain cases, we also receive data because you have consented to its transfer to us. 

3. Storage duration

We store personal data only as long as we are entitled to do so and the purpose of processing has not ceased to apply. The respective statutory retention period applies to the duration of the storage of personal data. After expiry of the deadline, the corresponding data will be routinely deleted, provided that they are no longer required for the fulfillment or initiation of the contract.

4. Existence of automated decision making

We do not use automatic decision-making or profiling.

5. Representation of legal claims

According to Art. 6 para. 1 p. 1 lit. f DSGVO, we may disclose your personal data to third parties if this is necessary for the assertion, exercise or defense of legal claims. There must also be no reason to assume that you have an overriding interest worthy of protection in your data not being passed on.

6. Legal obligation

We pass on your personal data if there is a legal obligation according to Art. 6 para. 1 p. 1 lit. c GDPR exists for this purpose.

7. Contract

If the disclosure of your personal data is permitted by law and this is necessary for the processing of a contractual relationship with you, we may disclose your data to third parties for this purpose.

5. Third party websites

We occasionally provide links to third party websites. Although we select them carefully, we do not assume any guarantee or liability for the correctness and completeness of the contents and the data security of the websites of third parties. This privacy policy also does not apply to linked third-party websites. We are not responsible for the privacy practices or the content of other websites.

6. Cookies

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

Information is stored in the cookie that arises in each case in connection with the specific end device used. However, this does not mean that we thereby obtain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO required.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

7. Analysis tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO carried out. With the tracking measures used, we want to ensure that our products are designed to meet the needs of our customers and are continuously optimized. On the other hand, we use the tracking measures to statistically record the use of our products and to evaluate them for the purpose of optimizing our offer for you. These interests are to be considered legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

1. Google Analytics

For the purpose of demand-oriented design and continuous optimization of our products, we use Google Analytics, a web analytics service provided by Google, Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see under item 4) are used. The information generated by the cookie about your use of this website such as

• Browser type/version,

• operating system used,

• Referrer URL (the previously visited page),

• Host name of the accessing computer (IP address),

• Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. In no case will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de) or deactivate Google Analytics in the menu of your end device.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set that prevents future collection of your data when visiting this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de), for example.

2. Google Adwords Conversion Tracking

In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In the process, Google Adwords sets a cookie (see section 4) on your computer if you have accessed our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords client’s website and the cookie has not yet expired, Google may

and the customer recognize that the user clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. Cookies can therefore not be tracked through the websites of Adwords customers. The information collected using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords clients will learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain. Google’s privacy policy on conversion tracking can be found here ( https://services.google.com/sitestats/de.html ).

3. Google Dynamic Remarketing

In addition, we use the functions of Google Dynamic Re-Marketing on our website. This technology allows us to serve automatically generated, audience-based ads after your visit to our website. The ads displayed are based on products and services that you have clicked on or viewed during your last visit to our website. Google uses cookies to create interest-based ads. If you do not wish to receive user-related ads from Google, you can deactivate the ads by making the appropriate settings on Google.

If you do not want to receive personalized ads, you can set an opt-out cookie:

https://www.google.de/settings/ads/onweb#display_optout .

You can block personalized ads by installing an appropriate browser plug-in, which you can find here:

https://support.google.com/ads/answer/7395996?hl=de .

You can also block personalized ads from Google and other ad networks by opting out on the following page:

http://www.youronlinechoices.com/de/praferenzmanagement/ .

4. Facebook Pixel (Facebook Custom Audiences)

Furthermore, we use the so-called “Facebook Pixel” from Facebook (Facebook Inc.,, 1601 S California Ave, Palo Alto, California 94304, USA) on our website. As a result, interest-based advertisements (“Facebook Ads”) can be displayed to users of our website when they visit the Facebook social network or other websites that also use this method. be Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data that is collected through the use of this tool by Facebook and therefore inform you according to our state of knowledge: By integrating the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or called up the corresponding web page of our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP address and other identifying features.

With the use of the Facebook pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offering. With the help of the Facebook pixel, we therefore want to ensure that our Facebook ads  correspond to the potential interest of the users and do not have a harassing effect. Furthermore, we can use the Facebook pixel to track the effectiveness of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad. The legal basis for the use of the Facebook pixel is Art. 6 para. 1 lit.  F GDPR.

You can object to the use of the Facebook pixel at any time by using the following opt-out option:

Third party vendor information can be found here: http://www.facebook.com/policy.php ; more information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo .

5. Appsflyer

For our keleya apps, we use AppsFlyer, an analytics service provided by AppsFlyer Ltd. The information generated by AppsFlyer about the use of the keleya apps is usually transmitted to a server outside Germany and stored there. In the code of the keleya apps, we have enabled IP anonymization so that the IP address of users is shortened before it is stored by AppsFlyer Ltd. On our behalf, Google and AppsFlyer Ltd. will use the anonymous information to evaluate the use of the keleya Apps and to compile reports for us about your activities in the keleya Apps. In your device’s privacy settings, you can further restrict the way AppsFlyer works. You can also send an e-mail to privacy@appsflyer.com if you do not want to allow AppsFlyer. You can find more information about privacy at Appsflyer here: https://www.appsflyer.com/de/trust/privacy/ .

6. Apptweak

For our keleya apps, we also use the services of the company AppTweak (AppTweak S.A, Rue des Pères Blancs, 4, 1040 Brussels, Belgium) to optimize our ads in the app stores. You can find the provider’s privacy policy here: https://www.apptweak.com/privacy .

8. Payment service provider

1. Provision of the payment service by Stripe Payments Europe, Ltd.

The payment services for purchases made through our website are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are governed by the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively referred to as the “Stripe Services Agreement”). In addition to these keleya Terms and Conditions, Customer accepts Stripe’s “Stripe Services Agreement” terms and conditions relating to the Payment Services.

2. Provision of the payment service by PayPal (Europe) S.à r.l. et Cie, S.C.A.

If the data subject selects “PayPal” as a payment option during the ordering process in our online store, data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill its contractual obligations or to process the data on its behalf.

The data subject has the possibility to revoke the consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.

PayPal’s applicable privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full can be accessed.

9. Data subject rights

You have the following rights as a data subject of the data processing:

1. Information

In accordance with Art. 15 DSGVO, you are entitled to request information about your personal data processed by us.

In particular, you can request information about

• the purposes of processing,

• the category of personal data,

• the categories of recipients to whom your data have been or will be disclosed,

• the planned storage period,

• the existence of a right to rectification, erasure, restriction of processing or opposition,

• the existence of a right of appeal,

• the origin of their data, if this data was not collected by us, as well as

• about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

2. Correction

In accordance with Art. 16 of the GDPR, you have the right to request the following:

• immediate correction of incorrect personal data stored by us

• immediate completion of your personal data stored by us;

3. Deletion

Pursuant to Art. 17 DSGVO, you are entitled to request the deletion of your personal data stored by us unless the processing

• to exercise the right to freedom of expression and information,

• to fulfill a legal obligation,

• for reasons of public interest or

• is necessary for the assertion, exercise or defense of legal claims;

4. Restriction

Pursuant to Art. 18 DSGVO, you are entitled to request the restriction of the processing of your personal data to the extent that

• the accuracy of the data is disputed by you,

• the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims, or

• you have objected to the processing pursuant to Art. 21 DSGVO;

5. Data portability

In accordance with Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;

6. Revocation

Pursuant to Art. 7 para. 3 DSGVO, you have the right to revoke your consent at any time. Thereafter, we may no longer continue the data processing that was based on this consent for the future.

7. Complaint

According to Art. 77 DSGVO, you are entitled to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

10. Transfer to third countries

We create an appropriate level of data protection when transferring data to third countries by adhering to the EU Commission’s standard contractual clause in accordance with. Art. 46 par. 2 lit. c DSGVO serve. We do not use these standard contractual clauses if an adequacy decision of the EU Commission exists for the respective third country, i.e. that an adequate level of data protection already exists for these third countries.

11.  Right of objection

If your personal data is collected on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation on your part.

If you wish to exercise your right of revocation or objection, simply send an e-mail to info@keleya.de .

12. Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Only employees who are obligated in accordance with the provisions of Article 32 in conjunction with. Article 5 of the General Data Protection Regulation (GDPR). After completion of the ordered services, the data of the participants will be deleted in such a way that it is not possible to restore the data.

13.  Actuality and change of this privacy policy

This privacy policy is currently valid and has the status September 2022.

Due to the further development of our keleya apps or our offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be viewed at any time in the keleya apps. You can find them on the keleya website https://keleya.de/datenschutz/ and print it out.