In the following, we inform you about the processing of your personal data when using our keleya products.
Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
“Controllers” in the sense of the EU General Data Protection Regulation and other national data protection laws as well as other data protection regulations are those who process personal data.
Name and contact details of the controller
Victoria Engelhardt, Julia Neumann (Directors).
Keleya Digital-Health Solutions GmbH Max-Beer-Straße 25
10119 Berlin, Germany
Tel.: +49 (0)30 22184335
Name and contact details of the data protection officer
You can reach our data protection officer at email@example.com or our postal address with the addition of “the data protection officer”.
Collection and storage of personal data as well as type and purpose of their use
Calling up the website keleya.de
When you access our website www.keleya.de, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
IP address of the requesting computer,
Date and time of access,
Name and URL of the accessed file,
website from which the access was made (referrer URL),
browser used and, if applicable, the operating system of your computer as well as
the name of your access provider.
The aforementioned data is processed by us for the following purposes:
Ensuring a smooth connection setup of the website,
Ensuring a comfortable use of our website,
Evaluation of system security and stability as well as for other administrative purposes.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
Downloading the keleya apps via the app store.
When downloading the mobile keleya apps, certain information is transferred to the Apple App Store or Google Play Store, i.e. in particular username, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile app to your mobile device.
Installing the app on your device – data collection in log files
The following information is collected without your intervention in so-called log files and stored until automated deletion:
Language and version of the operating system
Platform used (iOS or Android).
The aforementioned data is processed by us for the following purposes:
Ensuring a smooth connection setup of the app,
Ensuring a comfortable use of our app,
Evaluation of system security and stability as well as for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
Registration of your keleya user account
You can create a keleya user account via our login system. For registration we need at least the following data:
The legal basis for the processing is Art. 6 (1) p. 1 lit. c and f DSGVO, the processing serves the fulfillment of the contract and the protection of the legitimate interests of the controller or a third party.
Use of motivational text messages via push notifications in the keleya apps.
At the beginning of using our mobile apps, you have the option to activate push notifications. Push notifications are short messages that are shown on the display with your consent. In them, we will inform you about news or send you texts that serve to motivate you.
In the case of using the push services, your device is assigned a device token from Apple or a registration ID from Google. These are encrypted, anonymized device IDs. An inference to the individual user is excluded.
The purpose of their use by us is solely to provide the push services. If you do not give permission, we will not use this data.
To unsubscribe from the push messages at a later date, you can use the unsubscribe option in your settings. You can find this under the settings of the respective favorites.
The legal basis for the processing is Art. 6 (1) p. 1 lit. f DSGVO, the processing serves to protect the legitimate interests of the controller or a third party.
Sign up for our newsletter
Unless you have objected, we will use your email address to send you updates on the current week of pregnancy and tips for your personal pregnancy and advertising for similar articles or services. You can object to this use of your contact address at any time by clicking on the unsubscribe link at the end of each newsletter or by sending a notification to firstname.lastname@example.org.
The following data will be transmitted:
Nickname given by the user
Calculated or actual date of birth given by the user
E-mail address given by the user
Symptoms tracked by the user
In addition, the following data is collected during registration:
Date and time of registration
Operating system used (iOS or Android)
Country of origin of the registration
We use the tool of the company Sendinblue GmbH for sending the newsletter.
Sendinblue uses the data in accordance with the contract exclusively for sending the newsletter. We do not otherwise pass on any data to third parties in connection with the data processing for sending the newsletter.
Purchase of subscriptions and their renewal
If you purchase further subscriptions from us via the keleya apps or extend such subscriptions via the keleya apps, the related data will be stored by us for the purpose of fulfilling the contract.
This use of data is based on Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.
The related data will be stored by us as long as it is necessary for processing and fulfillment of the contract.
Further active use of the keleya apps
If you actively use the keleya apps, we will process further personal data, in particular
Your activities in the respective app, e.g. frequency or duration of use
Preferences and symptoms indicated by you
Optional information provided by you: Food intolerances indicated by you.
This data is necessary for us to be able to offer you all the functions of our mobile app.
The legal basis for this is Art. 6 (1) p. 1 lit. f DSGVO – the processing serves to protect the legitimate interests of us as the controller.
Purchase of premium services via keleya.de website
These are provided by the payment service provider Stripe Payments Europe, Ltd.
The payment services for the Contractor are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively referred to as the “Stripe Services Agreement” ). In addition to these COMPANY Terms and Conditions, Customer/Customer accepts Stripe’s “Stripe Services Agreement” terms and conditions relating to the Payment Services.
Purchase of keleya online courses (web-based)
We also offer online courses for purchase via our website. For this purpose, we use the service elopage (elopage GmbH, Kurfürstendamm 182, 10707 Berlin, Germany). As soon as you click on one of these product buttons for courses, you will leave our website and be redirected to our individual elopage sales page.
We have concluded a corresponding contract with elopage GmbH as our order processor in accordance with Art. 28 DSGVO. The legal basis for the processing of personal data when forwarding from our website to the sales page via elopage results in the present case from Art. 6 para. 1 p. 1 lit. b).
Participation in user surveys
We use the survey service Typeform (TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, 1-2, Spain) to improve our users’ experience with attractively designed surveys and to request contact information via the registration form. The legal basis for the use of
Typeform is your consent pursuant to Art. 6(1)(a) DSGVO for the collection of input data and your consent pursuant to Art. 6(1)(f). Through Typeform, access data (IP address) and input data are collected. We collect the data you enter in the form and technical data that we need for the technical functioning and maintenance of our service.
Registration and billing via insurance
Through our insurance partners, you have the option of claiming services from keleya and having the costs covered directly by your insurance company.
When you register, we process data that is relevant for checking a claim for benefits and billing, such as:
First and last name
Date of birth
Calculated date, or date of birth of the child
We transmit this data in encrypted form to the respective insurance partner you specified during registration for verification and billing. For this purpose, we use the respective servers of the insurance companies or the billing software of the DMRZ (Deutsches Medizinrechenzentrum GmbH, Wiesenstr. 21, D-40549 Düsseldorf). We have concluded a corresponding contract with the insurance partners and the DMRZ as our order processors in accordance with Art. 28 DSGVO.
Contacting Customer Support
When you contact keleya Customer Support at email@example.com, we process personal data such as:
Name or Alias (Optional)
We use the tool of the company Zendesk Inc. for processing customer requests.
In accordance with the contract, Zendesk uses the data exclusively for processing tickets in the support system. We do not otherwise disclose any data to third parties in connection with data processing for customer inquiries. Zendesk also has no connection to our keleya databases, so no data we collect in connection with app use or other interactions is shared with the provider.
We have concluded a corresponding contract with Zendesk Inc. as our processor in accordance with Art. 28 DSGVO.
We only pass on your personal data to third parties under certain conditions. In the following, we inform you about these conditions.
If you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a DSGVO, we will pass on your personal data to third parties.
Origin of the data
We generally collect the data from the data subject. In certain cases, we also receive data because you have consented to the transfer to us.
We store personal data only as long as we are entitled to do so and the purpose of processing has not ceased to apply. The respective statutory retention period applies to the duration of the storage of personal data. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment of the contract or the initiation of the contract.
Existence of an automated decision-making process
We do not use automated decision-making or profiling.
Representation of legal claims
According to Art. 6 para. 1 p. 1 lit. f DSGVO, we may disclose your personal data to third parties if this is necessary for the assertion, exercise or defense of legal claims. There must also be no reason to assume that you have an overriding interest worthy of protection in not having your data passed on.
We pass on your personal data if there is a legal obligation to do so according to Art. 6 para. 1 p. 1 lit. c DSGVO.
WIf the disclosure of your personal data is permitted by law and this is necessary for the processing of a contractual relationship with you, we may disclose your data to third parties for this purpose.
Third party websites
In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been to our site and which entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1)
p. 1 lit. f DSGVO. With the tracking measures used, we want to ensure a demand-oriented design and the continuous optimization of our products. On the other hand, we use the tracking measures to statistically record the use of our products and to evaluate them for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
For the purpose of demand-oriented design and ongoing optimization of our products, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see under point 4) are used. The information generated by the cookie about your use of this website such as.
operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de) or disabling Google Analytics in the menu of your terminal device .
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).
Google Adwords Conversion Tracking
In order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In this process, Google Adwords sets a cookie (see section 4) on your computer if you have accessed our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google can
and the customer can recognize that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked across Adwords customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
Google Dynamic Remarketing
If you do not want to receive personalized ads, you can set an opt-out cookie: https://www.google.de/settings/ads/onweb#display_optout.
You can block personalized ads by installing an appropriate browser plug-in, which can be found here:
You can also block personalized ads from Google and other ad networks by opting out at: http://www.youronlinechoices.com/de/praferenzmanagement/.
Facebook Pixel (Facebook Custom Audiences)
Furthermore, we use the so-called “Facebook Pixel” from Facebook (Facebook Inc.,, 1601 S California Ave, Palo Alto, California 94304, USA) on our website. This enables interest-based advertisements (“Facebook Ads”) to be displayed to users of our website when they visit the Facebook social network or other websites that also use this method. Through the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected
by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or called up the corresponding web page of our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will learn and store your IP address and other identifiers.
With the use of the Facebook pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offer. With the help of the Facebook pixel, we therefore want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad. The legal basis for the use of the Facebook Pixel is Art. 6 para. 1 lit. F DSGVO.
You can object to the use of the Facebook Pixel at any time by using the following opt-out option:
Information of the third-party provider can be found here: http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.
For our keleya Apps, we use AppsFlyer, an analytics service provided by AppsFlyer Ltd. The information generated by AppsFlyer about the use of the keleya Apps is usually transmitted to a server outside Germany and stored there. In the code of the keleya Apps, we have activated IP anonymization so that the IP address of users is shortened before it is stored by AppsFlyer Ltd. On our behalf, Google and AppsFlyer Ltd. will use the anonymous information to evaluate the use of the keleya Apps and to compile reports for us about your activities in the keleya Apps. You can further restrict the way AppsFlyer works in your device’s privacy settings. You can also send an email to firstname.lastname@example.org if you do not want to allow AppsFlyer. For more information about Appsflyer’s privacy, please visit: https://www.appsflyer.com/de/trust/privacy/.
Payment service provider
Provision of the payment service by Stripe Payments Europe, Ltd.
The payment services for purchases made through our website are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are governed by the Stripe Connected Account Agreement, which includes the Stripe Terms of Service (collectively referred to as the “Stripe Services Agreement”). In addition to these keleya Terms and Conditions, Customer accepts Stripe’s “Stripe Services Agreement” terms and conditions relating to the Payment Services.
Provision of the payment service by PayPal (Europe) S.à r.l. et Cie, S.C.A.
If the data subject selects “PayPal” as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
PayPal may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.
The data subject has the possibility to revoke the consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.
The applicable data protection provisions of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Data subject rights
You have the following rights as a data subject:
In accordance with Art. 15 DSGVO, you are entitled to request information about your personal data processed by us.
In particular, you can request information about
dThe purposes of the processing,
the category of personal data,
the categories of recipients to whom your data have been or will be disclosed,
the planned storage period,
the existence of a right to rectification, erasure, restriction of processing or objection,
the existence of a right of appeal,
the origin of your data, if it has not been collected by us, as well as
about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
In accordance with Art. 16 of the GDPR, you have the right to request the following:
immediate correction of incorrect personal data stored by us
immediate completion of your personal data stored by us;
Pursuant to Art. 17 DSGVO, you are entitled to request the deletion of your personal data stored with us, unless the processing
to exercise the right to freedom of expression and information,
to fulfill a legal obligation,
for reasons of public interest, or
is necessary for the assertion, exercise or defense of legal claims;
Pursuant to Art. 18 DSGVO, you are entitled to request the restriction of the processing of your personal data insofar as
the accuracy of the data is disputed by you,
the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims, or
you have objected to the processing in accordance with Art. 21 DSGVO;
Pursuant to Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
In accordance with Art. 7 (3) DSGVO, you have the right to revoke the consent you have given us at any time. Thereafter, we may no longer continue the data processing based on this consent for the future.
According to Art. 77 DSGVO, you are entitled to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Transfer to third countries
We create an adequate level of data protection for the transfer of data to third countries by using the standard contractual clause of the EU Commission pursuant to Art. 46 para. 2 lit. c DSGVO. We do not use these standard contractual clauses if an adequacy decision of the EU Commission exists for the respective third country, i.e. that an adequate level of data protection already exists for these third countries.
Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1)
p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation on your part.
If you would like to exercise your right of revocation or objection, an e-mail to email@example.com is sufficient.
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Only employees who have been trained in accordance with the provisions of Article 32 in conjunction with. Article 5 of the General Data Protection Regulation (DSGVO). After completion of the commissioned services, the data of the participants will be deleted in such a way that a recovery of the data is not possible.