In the following, we inform you about the processing of your personal data when using our keleya products.

Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

“Controllers” in the sense of the EU General Data Protection Regulation and other national data protection laws as well as other data protection regulations are those who process personal data.



  1. Name and contact details of the controller

Victoria Engelhardt, Julia Neumann (Directors).


Keleya Digital-Health Solutions GmbH Max-Beer-Straße 25

10119 Berlin, Germany


Tel.: +49 (0)30 22184335

E-Mail: Website:


  1. Name and contact details of the data protection officer

You can reach our data protection officer at or our postal address with the addition of “the data protection officer”.

  1. Collection and storage of personal data as well as type and purpose of their use

    1. Calling up the website

When you access our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:

  • IP address of the requesting computer,

  • Date and time of access,

  • Name and URL of the accessed file,

  • website from which the access was made (referrer URL),

  • browser used and, if applicable, the operating system of your computer as well as

  • the name of your access provider.

  • The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection setup of the website,

  • Ensuring a comfortable use of our website,

  • Evaluation of system security and stability as well as for other administrative purposes.

The  legal  basis  for  the  data  processing  is  Art.  6  para.  1  p.  1  lit.  f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.


  1. Downloading the keleya apps via the app store.

When downloading the mobile keleya apps, certain information is transferred to the Apple App Store or Google Play Store, i.e. in particular username, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile app to your mobile device.


  1. Installing the app on your device – data collection in log files

The following information is collected without your intervention in so-called log files and stored until automated deletion:

  • Language and version of the operating system

  • Platform used (iOS or Android).

  • The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection setup of the app,

  • Ensuring a comfortable use of our app,

  • Evaluation of system security and stability as well as for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows  from  the  purposes  for  data  collection  listed  above.  In  no  case  do  we  use  the collected data for the purpose of drawing conclusions about your person.


  1. Registration of your keleya user account

You can create a keleya user account via our login system. For registration we need at least the following data:

  • Nickname (pseudonym)

  • E-mail address

  • Password

Before  registration is complete, you must confirm that you have read our privacy policy and  accept  our  terms  and  conditions.  In  the  keleya  apps,  further  data  will  then  be requested during the “onboarding” process. This is described below.

The legal basis for the processing is Art. 6 (1) p. 1 lit. c and f DSGVO, the processing serves the fulfillment of the contract and the protection of the legitimate interests of the controller or a third party.



  1. Use of motivational text messages via push notifications in the keleya apps.

At  the  beginning  of  using  our  mobile  apps,  you  have  the  option  to  activate  push notifications. Push notifications are short messages that are shown on the display with your consent. In them, we will inform you about news or send you texts that serve to motivate you.

In the case of using the push services, your device is assigned a device token from Apple or a registration ID from Google. These are encrypted, anonymized device IDs. An inference to the individual user is excluded.

The  purpose  of  their  use  by us is solely to provide the push services. If you do not give permission, we will not use this data.

To  unsubscribe  from  the  push  messages  at  a  later  date, you can use the unsubscribe option in your settings. You can find this under the settings of the respective favorites.

The  legal  basis  for  the  processing  is  Art.  6  (1)  p.  1 lit. f DSGVO, the processing serves to protect the legitimate interests of the controller or a third party.


  1. Sign up for our newsletter

Unless  you  have  objected,  we  will  use  your  email  address to send you updates on the current week of pregnancy and tips for your personal pregnancy and advertising for similar articles or services. You can object to this use of your contact address at any time by clicking on the unsubscribe link at the end of each newsletter or by sending a notification to


The following data will be transmitted:

  • Nickname given by the user

  • Calculated or actual date of birth given by the user

  • E-mail address given by the user

  • Symptoms tracked by the user

  • In addition, the following data is collected during registration:

  • Date and time of registration

  • Operating system used (iOS or Android)

  • Country of origin of the registration


We use the tool of the company Sendinblue GmbH for sending the newsletter.

Sendinblue uses the data in accordance with the contract exclusively for sending the newsletter. We do not otherwise pass on any data to third parties in connection with the data processing for sending the newsletter.


  1. Purchase of subscriptions and their renewal

If you purchase further subscriptions from us via the keleya apps or extend such subscriptions via the keleya apps, the related data will be stored by us for the purpose of fulfilling the contract.

This use of data is based on Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.

The related data will be stored by us as long as it is necessary for processing and fulfillment of the contract.


  1. Further active use of the keleya apps

If you actively use the keleya apps, we will process further personal data, in particular

  • Your activities in the respective app, e.g. frequency or duration of use

  • Preferences and symptoms indicated by you

  • Optional information provided by you: Food intolerances indicated by you.

This data is necessary for us to be able to offer you all the functions of our mobile app.

The legal basis for this is Art. 6 (1) p. 1 lit. f DSGVO – the processing serves to protect the legitimate interests of us as the controller.


  1. Purchase of premium services via website

These are provided by the payment service provider Stripe Payments Europe, Ltd.

The  payment  services  for  the  Contractor  are  provided  by  Stripe  Payments  Europe,  Ltd (hereinafter referred to as “Stripe”) and are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively referred to as the “Stripe Services   Agreement”   ).   In   addition   to   these   COMPANY   Terms   and   Conditions, Customer/Customer accepts Stripe’s “Stripe Services Agreement” terms and conditions relating to the Payment Services.


  1. Purchase of keleya online courses (web-based)

We  also  offer  online  courses  for  purchase via our website. For this purpose, we use the service elopage (elopage GmbH, Kurfürstendamm 182, 10707 Berlin, Germany). As soon as you click on one of these product buttons for courses, you will leave our website and be redirected to our individual elopage sales page.

All functions on the sales page as well as the entire downstream sales processing are carried     out     via     elopage.     You     can     find     elopage’s     privacy     policy     at  .  We  have  a  separate  privacy  policy  on our elopage sales website, which you should also read.

We have concluded a corresponding contract with elopage GmbH as our order processor in accordance with Art. 28 DSGVO. The legal basis for the processing of personal data when forwarding from our website to the sales page via elopage results in the present case from Art. 6 para. 1 p. 1 lit. b).


  1. Participation in user surveys

We  use  the  survey  service  Typeform  (TYPEFORM  S.L.,  Carrer  Bac  de  Roda,  163,  08018 Barcelona, 1-2, Spain) to improve our users’ experience with attractively designed surveys and to request contact information via the registration form. The legal basis for the use of

Typeform  is your consent pursuant to Art. 6(1)(a) DSGVO for the collection of input data and your consent pursuant to Art. 6(1)(f). Through Typeform, access data (IP address) and input data are collected. We collect the data you enter in the form and technical data that we need for the technical functioning and maintenance of our service.

The personal data is processed by Typeform. You can learn more about Typeform’s privacy policy here: The deposited data will be stored on the servers of TYPEFORM S.L. until the purpose for processing ceases to apply or the consent for processing has been revoked. You may request information about the personal data in question.  You  also  have  the  right  to  rectification,  erasure,  restriction  of  processing, objection and data portability. Your given consent to processing can be revoked at any time with effect for the future. To do so, please send us an e-mail.


  1. Registration and billing via insurance

Through our insurance partners, you have the option of claiming services from keleya and having the costs covered directly by your insurance company.

When you register, we process data that is relevant for checking a claim for benefits and billing, such as:

  • First and last name

  • Date of birth

  • Insurance number

  • Calculated date, or date of birth of the child

We transmit this data in encrypted form to the respective insurance partner you specified during  registration  for  verification  and  billing.  For  this  purpose,  we  use  the  respective servers of the insurance companies or the billing software of the DMRZ (Deutsches Medizinrechenzentrum  GmbH,  Wiesenstr.  21,  D-40549  Düsseldorf).  We  have concluded a corresponding contract with the insurance partners and the DMRZ as our order processors in accordance with Art. 28 DSGVO.

Information on the privacy policy of the DMRZ can be found here:


  1. Contacting Customer Support

When you contact keleya Customer Support at, we process personal data such as:

  • Mail address

  • Name or Alias (Optional)

We use the tool of the company Zendesk Inc. for processing customer requests.

In accordance with the contract, Zendesk uses the data exclusively for processing tickets in the support system. We do not otherwise disclose any data to third parties in connection with data processing for customer inquiries. Zendesk also has no connection to our keleya databases,  so  no  data  we  collect  in  connection  with  app  use  or  other  interactions  is shared with the provider.

We  have  concluded  a  corresponding  contract  with  Zendesk  Inc.  as  our  processor  in accordance with Art. 28 DSGVO.


  1. Data sharing

We  only  pass  on  your  personal  data  to  third  parties  under  certain  conditions.  In  the following, we inform you about these conditions.


  1. Consent

If  you  have  given  your  express  consent  to  do  so  in  accordance  with Art. 6 (1) p. 1 lit. a DSGVO, we will pass on your personal data to third parties.


  1. Origin of the data

We generally collect the data from the data subject. In certain cases, we also receive data because you have consented to the transfer to us.


  1. Storage period

We store personal data only as long as we are entitled to do so and the purpose of processing has not ceased to apply. The respective statutory retention period applies to the duration of the storage of personal data. After expiry of the period, the corresponding data  is  routinely  deleted,  provided  that  it  is  no  longer required for the fulfillment of the contract or the initiation of the contract.


  1. Existence of an automated decision-making process

We do not use automated decision-making or profiling.

  1. Representation of legal claims

According  to  Art.  6  para. 1 p. 1 lit. f DSGVO, we may disclose your personal data to third parties if this is necessary for the assertion, exercise or defense of legal claims. There must also be no reason to assume that you have an overriding interest worthy of protection in not having your data passed on.


  1. Legal obligation

We pass on your personal data if there is a legal obligation to do so according to Art. 6 para. 1 p. 1 lit. c DSGVO.


  1. Contract

WIf the disclosure of your personal data is permitted by law and this is necessary for the processing of a contractual relationship with you, we may disclose your data to third parties for this purpose.


  1. Third party websites

We occasionally provide links to third party websites. Although we select these carefully, we do not assume any guarantee or liability for the correctness and completeness of the contents and the data security of the third-party websites. This privacy policy also does not apply to linked third-party websites. We assume no responsibility for the data protection provisions or the content of other websites.


  1. Cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

In the cookie, information is stored that arises in each case in connection with the specific end  device  used.  This  does  not  mean,  however,  that  we  gain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you.  For  example,  we  use  so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.


In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our  services,  it  is  automatically  recognized  that  you  have  already been to our site and which entries and settings you have made so that you do not have to enter them again.


On  the  other  hand,  we  use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically  recognize  that  you  have  already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time.


The data processed by cookies is necessary for the aforementioned purposes to protect our  legitimate  interests  and  those  of  third  parties  in  accordance  with  Art. 6 (1) p. 1 lit. f DSGVO.


Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie  is  created.  However,  the  complete  deactivation  of  cookies  may  mean  that  you cannot use all the functions of our website.


  1. Analyse Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1)

p. 1 lit. f DSGVO. With the tracking measures used, we want to ensure a demand-oriented design  and the continuous optimization of our products. On the other hand, we use the tracking measures to statistically record the use of our products and to evaluate them for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.


  1. Google Analytics

For the purpose of demand-oriented design and ongoing optimization of our products, we use    Google    Analytics,    a    web    analytics    service    provided    by    Google    Inc. (  (Google  Ireland  Limited,  Gordon  House,  Barrow Street, Dublin 4, Ireland; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see under point 4) are used. The information generated by the cookie about your use of this website such as.

  • Browser type/version,

  • operating system used,

  • Referrer URL (the previously visited page),

  • Host name of the accessing computer (IP address),

  • time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third  parties  if  this  is  required  by  law or if third parties process this data on our behalf. Under  no  circumstances  will  your  IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (  or  disabling  Google  Analytics  in  the menu of your terminal device .

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie  will  be  set,  which  prevents  the  future  collection  of  your  data  when  visiting  this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics help (


  1. Google Adwords Conversion Tracking

In order to statistically record the use of our website and to evaluate it for the purpose of optimizing  our  website for you, we also use Google Conversion Tracking. In this process, Google Adwords sets a cookie (see section 4) on your computer if you have accessed our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google can

and the customer can recognize that the user clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. Cookies can therefore not be tracked across Adwords customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie  required  for  this  –  for  example,  via a browser setting that generally disables the automatic  setting  of  cookies.  You  can  also  disable  cookies  for  conversion  tracking  by setting  your  browser  to  block  cookies  from  the  “”  domain. Google’s privacy policy on conversion tracking can be found here (


  1. Google Dynamic Remarketing

In  addition,  we  use  the  Google  Dynamic  Re-Marketing  functions  on  our  website.  This technology  allows  us  to  serve automatically generated, audience-based ads after your visit to our website. The ads displayed are based on products and services that you clicked on or viewed during your last visit to our website. Google uses cookies to create interest-based ads. If you do not want to receive user-based ads from Google, you can disable the ads by making the appropriate settings on Google.

If you do not want to receive personalized ads, you can set an opt-out cookie:

You can block personalized ads by installing an appropriate browser plug-in, which can be found here:

You can also block personalized ads from Google and other ad networks by opting out at:


  1. Facebook Pixel (Facebook Custom Audiences)

Furthermore, we use the so-called “Facebook Pixel” from Facebook (Facebook Inc.,, 1601 S California Ave, Palo Alto, California 94304, USA) on our website. This enables interest-based advertisements (“Facebook Ads”) to be displayed to users of our website when they visit the Facebook social network or other websites that also use this method. Through the Facebook  pixel,  your  browser  automatically  establishes  a  direct  connection  with  the Facebook server. We have no influence on the scope and further use of the data collected

by Facebook through the use of this tool and therefore inform you according to our state of knowledge:   Through   the   integration   of   the   Facebook   pixel,   Facebook   receives   the information that you have clicked on an ad from us or called up the corresponding web page of our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will learn and store your IP address and other identifiers.


With  the  use  of  the  Facebook  pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offer. With the help of the Facebook pixel, we therefore want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore,  with  the  help  of  the  Facebook  pixel,  we  can  track  the  effectiveness  of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad. The legal basis for the use of the Facebook Pixel is Art. 6 para. 1 lit.  F DSGVO.

You can object to the use of the Facebook Pixel at any time by using the following opt-out option:


Information of the third-party provider can be found here:; further information on data collection:, as well as


  1. Appsflyer

For our keleya Apps, we use AppsFlyer, an analytics service provided by AppsFlyer Ltd. The information generated by AppsFlyer about the use of the keleya Apps is usually transmitted to a server outside Germany and stored there. In the code of the keleya Apps, we have activated IP anonymization so that the IP address of users is shortened before it is stored by  AppsFlyer  Ltd.  On  our  behalf,  Google  and  AppsFlyer  Ltd.  will  use  the  anonymous information to evaluate the use of the keleya Apps and to compile reports for us about your activities in the keleya Apps. You can further restrict the way AppsFlyer works in your device’s privacy settings. You can also send an email to if you do not  want to allow AppsFlyer. For more information about Appsflyer’s privacy, please visit:

  1. Apptweak

For our keleya apps, we also use the services of the company AppTweak (AppTweak S.A, Rue des Pères Blancs, 4, 1040 Brussels, Belgium) to optimize our ads in the app stores. The privacy policy of the provider can be found here:


  1. Payment service provider

    1. Provision of the payment service by Stripe Payments Europe, Ltd.

The payment services for purchases made through our website are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are governed by the Stripe Connected  Account  Agreement,  which  includes  the  Stripe Terms of Service (collectively referred  to  as  the  “Stripe  Services  Agreement”).  In  addition  to  these  keleya  Terms  and Conditions,  Customer  accepts  Stripe’s  “Stripe  Services Agreement” terms and conditions relating to the Payment Services.


  1. Provision of the payment service by PayPal (Europe) S.à r.l. et Cie, S.C.A.

If the data subject selects “PayPal” as a payment option during the ordering process in our online  store,  data  of  the  data  subject  will  be  automatically  transmitted  to  PayPal.  By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.

The data subject has the possibility to revoke the consent to the handling of personal data at  any  time  vis-à-vis  PayPal.  A  revocation  does  not  affect  personal  data  that  must necessarily be processed, used or transmitted for (contractual) payment processing.

The applicable data protection provisions of PayPal can be found at


  1. Data subject rights

You have the following rights as a data subject:

  1. Information

In  accordance  with  Art.  15  DSGVO,  you  are  entitled  to  request  information  about  your personal data processed by us.

In particular, you can request information about


  • dThe purposes of the processing,

  • the category of personal data,

  • the categories of recipients to whom your data have been or will be disclosed,

  • the planned storage period,

  • the  existence  of  a  right  to  rectification,  erasure,  restriction  of  processing  or objection,

  • the existence of a right of appeal,

  • the origin of your data, if it has not been collected by us, as well as

  • about  the  existence  of  automated  decision-making  including  profiling  and,  if applicable, meaningful information about its details;

  1. Correction

In accordance with Art. 16 of the GDPR, you have the right to request the following:

  • immediate correction of incorrect personal data stored by us

  • immediate completion of your personal data stored by us;

  1. Deletion

Pursuant to Art. 17 DSGVO, you are entitled to request the deletion of your personal data stored with us, unless the processing

  • to exercise the right to freedom of expression and information,

  • to fulfill a legal obligation,

  • for reasons of public interest, or

  • is necessary for the assertion, exercise or defense of legal claims;

  1. Restriction

Pursuant to Art. 18 DSGVO, you are entitled to request the restriction of the processing of your personal data insofar as

  • the accuracy of the data is disputed by you,

  • the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims, or

  • you have objected to the processing in accordance with Art. 21 DSGVO;

  1. Data protability

Pursuant to Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;


  1. Revocaion

In accordance with Art. 7 (3) DSGVO, you have the right to revoke the consent you have given us at any time. Thereafter, we may no longer continue the data processing based on this consent for the future.


  1. Complaint

According to Art. 77 DSGVO, you are entitled to complain to a supervisory authority. As a rule,  you  can  contact  the  supervisory  authority  of  your  usual  place  of  residence  or workplace or our company headquarters for this purpose.


  1. Transfer to third countries

We create an adequate level of data protection for the transfer of data to third countries by using the standard contractual clause of the EU Commission pursuant to Art. 46 para. 2 lit. c DSGVO. We do not use these standard contractual clauses if an adequacy decision of the  EU  Commission  exists  for  the  respective  third country, i.e. that an adequate level of data protection already exists for these third countries.


  1. Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1)

p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation on your part.

If   you   would   like   to   exercise   your   right   of   revocation   or   objection,  an  e-mail  to is sufficient.

  1. Data security

We use appropriate technical and organizational security measures to protect your data against  accidental  or  intentional  manipulation,  partial  or  complete  loss,  destruction  or against  unauthorized  access  by  third  parties.  Our  security  measures  are  continuously improved in line with technological developments.

Only employees who have been trained in accordance with the provisions of Article 32 in conjunction  with.  Article  5  of  the  General  Data  Protection  Regulation  (DSGVO).  After completion of the commissioned services, the data of the participants will be deleted in such a way that a recovery of the data is not possible.


  1. Actuality and change of this privacy policy

This privacy policy is currently valid and has the status September 2022.

Due to the further development of our keleya apps or our offers or because of changed legal or regulatory requirements, it may become necessary to change this data protection declaration. The current privacy policy can be viewed at any time in the keleya Apps. You can access and print it on the keleya website