Data Protection for the Keleya App

Data Protection for the Keleya App

In addition to our online offer, we provide you with a mobile app that you can download to your mobile device.

In the following we inform about the collection of personal data when using our mobile app.

Personal data is any data referring to your person, e.g. name, address, email addresses, user behavior.

Below we explain how we handle your data when you use the Keleya app.

1. Name and contact information of the controller:

Keleya Digital-Health Solutions GmbH

Max-Beer-Straße 25

10119 Berlin

Tel.: +49 (0)30 22184335



2. Name and contact information of the data protection officer:

You can reach our data protection officer under or our postal address with the recipient-addition “the data protection officer”.

3. Collection and storage of personal data and the nature and purpose of their use when using the Keleya app

a) Downloading the Keleya app over the App-Store

Downloading the Keleya mobile app will transfer certain information to the App Store, in particular your account username, email address and account number, time of download, payment information and unique device code. We have no influence on this data collection and are not responsible for it. We only process the data as far as necessary for downloading the mobile app to your mobile device.

b) Installing the app on your device – Data collection in log files

The following information is recorded without your intervention in so-called log files and stored until automated deletion:

  • Language and version of the operating system
  • Used platform (iOS or Android)

The data mentioned is processed by us for the following purposes:

  • Ensuring a smooth connection setup of the app,
  • ensuring comfortable use of our app,
  • evaluation of system security and stability, as well as
    for further administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

c) Registration of your Keleya user account

You can create a Keleya user account via our login system. For registration we need at least the following data:

  • Nickname (pseudonym)
  • Email address
  • Password

Before registration is complete, you must confirm that you have read our privacy policy and accept our terms and conditions. In the Keleya app, further data will be requested during the “Onboarding”. This will be described below.

Legal bases for processing are Art. 6 para. 1 p. 1 lit. c and f GDPR, the processing serves the fulfillment of the contract and the preservation of the legitimate interests of the person responsible or a third party.

d) Linking to a Facebook profile

You can link the Keleya app to your Facebook profile. In the registration process, simply select “Login with Facebook”. Then you will be redirected to Facebook. Here you will find an overview of which Facebook data we have access to. We save your email address used on Facebook. Should the occasion arise, we may use this to contact you. We also save that you have logged in via Facebook.

The legal basis for processing the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policy ( of Facebook.

e) Registration with a Google account

You have the option to sign into the Keleya app through your Gmail/Googlemail account.

The legal basis for processing the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

For the purpose and scope of the data collection and the further processing and use of the data by Google, as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policy ( of Google.

f) Use of motivational short messages via push notifications

When you start using our mobile app, you have the option to enable push notifications. Push notifications are text messages that appear on the display with your consent. Through these we will inform you about news, or send you texts that serve your motivation.

If you use the push services, your device will be assigned an Apple Device Token or a Google Registration ID. These are encrypted, anonymized device IDs. A conclusion on the individual user is excluded.

The purpose of their use by us is solely to provide the push services. If you do not give permission, we will not use this data.

To unsubscribe from the push services later, you can use the opt-out option in your settings. These can be found in the settings of the respective favorites.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR, the processing serves to protect the legitimate interests of the person in charge or a third party.

g) Subscription to our newsletter

If, according to Art. 6 para. 1 sentence 1 lit. a GDPR, you have expressly consented, we use your email address to regularly send you our free newsletter.

The following data is transmitted here:

  • Nickname specified by the user
  • Birth date specified by the user
  • Email address specified by the user

In addition, the following data is collected upon registration:

  • Date and time of registration

We use the MailChimp® tool from The Rocket Science Group, LLC to send the newsletter.

MailChimp uses the data according to the contract exclusively for sending the newsletter. Apart from this, we do not pass on data to third parties in connection with data processing for sending the newsletter.

An un-subscription is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your request for un-subscription to by email.

h) Use of our contact form

For questions of any kind, we offer you the opportunity to contact us via a form in the app.

The data processing for the purpose of contacting us is in accordance with Art. 6 para. 1 p. 1 lit. a GDPR based on your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request made by you.

i) Purchase and renewal of subscriptions

If you purchase additional subscriptions from us via the Keleya app or renew them through the Keleya app, the related data will be stored with us for the purpose of fulfilling the contract.

This data is used on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

The relevant data will be stored with us as long as necessary for processing and fulfillment of the contract.

i.2) Purchase of premium services via website

In this case, the payment services for the user are provided by Stripe Payments Europe, Ltd (hereinafter referred to as “Stripe”) and are subject to the Stripe Connected Account Agreement (Stripe Connected Account Agreement), which includes the Stripe Terms of Service (summarized under the Collective term “Stripe Services Agreement”). In addition to the Company’s present terms, the customer accepts Stripe’s “Stripe Services Agreement” terms regarding payment services.

j) Further active use of the Keleya app

If you actively use the Keleya app, we process further personal data, in particular

  • Your activities in the app, e.g. frequency or duration of use
  • Food and fitness preferences and symptoms you specify
  • Optionally specified by you:
    • food intolerances specified by you
    • profile photo submitted by you

This data is required by us to offer you all the features of our mobile app.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR – the processing serves to safeguard the legitimate interests of us as the responsible party.

4. Disclosure of data

We only disclose your personal data to third parties under certain conditions. Below we inform you about these prerequisites.


If, according to Art. 6 para. 1 sentence 1 lit. a GDPR, you have given an express consent to this, we pass your personal data to third parties.

Representation of legal rights

According to Art. 6 para. 1 sentence 1 lit. f GDPR, we may disclose your personal data to third parties if this is necessary for the assertion, exercise or defense of legal claims. There must also be no reason to believe that you have an overriding interest in protecting your data from being shared.

Legal obligation

We will pass on your personal data if a legal obligation under Art. 6 para. 1 sentence 1 lit. c GDPR is present.


If the disclosure of your personal data is permitted by law and this is necessary for the execution of a contractual relationship with you, we may pass on your data to third parties.

5. Analysis tools by Google

The tracking measures listed below and used by us are based on Art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure needs-based design and the ongoing optimization of our app. In addition, we use the tracking measures to statistically record the use of our app and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision.

We use a set of Google services for our analysis and marketing purposes (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – henceforth “Google”). Through these tools, data about your usage behavior are collected in various ways and statistically evaluated. We also use your information to show you personalized advertising using Google’s services. By using our app, you agree to this. The various services, your options to revoke your consent in a simple way, and other important information will be explained in the following.

For more information on how Google handles the data we submit, please visit:

The information generated by Google Tools is usually transmitted to and stored by Google on servers in the United States. Google and its affiliates are certified under the EU-US Privacy Shield.

a) Google Analytics

In our app and on our website we use Google Analytics; a web analytics program from Google. Google Analytics uses cookies that are stored on your device and allow for an analysis of your use. In addition, the IP anonymization process activated by us also triggers Google’s collection of IP addresses beforehand within the European Union. Google will use this information on our behalf to evaluate the use of our services by you and other users and to provide us with relevant reports and other services. The IP address provided by Google Analytics for your device will not be connected with other data provided by Google. A transfer of the data by Google to third parties will take place only due to legal regulations or in the context of contract data processing.

You can prevent the collection and processing of the information generated by the Google cookies by setting an opt-out cookie or by deactivating Google Analytics in the menu of your device. Alternatively, a browser plug-in can be installed which you can find here:

For more information on how Google uses cookies, please refer to the Google Privacy Policy (

b) Firebase

Firebase is a Google subsidiary based in San Francisco, CA. We use the Firebase SDK and Google Analytics for Firebase in our Keleya app. This tool makes it possible to use the same functions in an app as it does for websites with Google Analytics. It uses technologies that work similar to cookies, especially the respective advertising IDs.

We collect information about your usage behavior in the Keleya app. We use this data to make statistical evaluations, to test our offers, and to improve them.

We also use this information for personalized advertising. In addition, we use Firebase to deliver push messages or so-called in-app messages (messages that are only displayed inside the app). In this case, the mobile terminal is assigned a pseudonymized push reference, which serves as the destination for the push messages or in-app messages. The push messages can be deactivated in the settings of the mobile device at any time and can also be reactivated.

If you do not want this kind of data to be collected, you can prevent this via the device settings of your mobile device (opt-out). How you can prevent this data collection on an Android device for example, is explained here:

On an iOS device, you can find the according options under Settings> Privacy> Advertising.

c) Crashlytics

We also use Crashlytics to analyze the application stability of our Keleya app. Crashlytics is a subsidiary of Google. Crashlytics provides real-time reporting of errors and crashes, simplifying maintenance of the application. None of your personal data will be transmitted, only crash reports with information on codes and device information, such as: Device type and operating system version. Any conclusions about the users are not possible.

The diagnostic information is subject to Crashlytics’ privacy policy, which can be found at the following link:

6. Rights of persons affected

As subject of the data processing, you have the following rights:


According to Art. 15 GDPR, you are entitled to request information about your personal data processed by us.

In particular, you can request information about

  • the processing purposes,
  • the category of personal data,
  • the categories of recipients to whom your information has been disclosed,
  • the planned storage period,
  • the right to rectification, cancellation, limitation of processing or opposition,
  • the existence of a right of appeal,
  • the source of your data, if it was not collected from us, as well as
  • the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;


According to Art. 16 GDPR, you have the right to demand:

  • Immediate correction of incorrect personal data stored with us
  • immediate completion of your personal data stored with us;


According to Art. 17 GDPR, you are entitled to demand the deletion of your personal data stored by us, unless the processing is needed

  • to exercise the right to freedom of expression and information,
  • to fulfill a legal obligation,
  • for reasons of public interest or
  • to assert, exercise or defend legal claims;


According to Art. 18 GDPR, you are entitled to demand the restriction of the processing of your personal data, insofar as

  • the accuracy of the data is disputed by you,
  • the processing is unlawful, but you reject its deletion and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims, or
  • you filed an objection against the processing in accordance with Art. 21 GDPR;

Data portability

According to Art. 20 GDPR, you have the right to receive your personal data provided to us in a structured, standard and machine-readable format or to request the transfer to another person responsible;


According to Art. 7 para. 3 GDPR, you have the right to revoke your once given consent at any time. Thereafter we may not continue the data processing based on this consent for the future.


According to Art. 77 GDPR you are entitled to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work, or our company headquarters.

7. Transmission to third countries

Our service providers also process data in countries outside the European Economic Area (“EEA”). In order to ensure the protection of your personal rights also in the context of these data transfers, we use the standard contractual clauses of the EU Commission in structuring the contractual relationships with the recipients in third countries in accordance with Art. 46 para. 2 lit. c GDPR. For the U.S., the European Commission has decided by decision on 12.07.2016, that under the regulations of the EU-U.S. Privacy Shield an appropriate level of data protection exists (adequacy decision, Art. 45 GDPR). Further information – including the certification of the service providers we use – is available at We use only U.S. service providers who are certified under the EU-U.S. Privacy Shield.

8. Decision making

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to justify and implement the business relationship. If we use these procedures in individual cases, we will inform you about this and about your respective rights separately, as far as this is prescribed by law.

9. Right of objection

If your personal data, based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, is processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection that is implemented by us without specifying any particular situation on your part.

If you would like to exercise your right of revocation or objection, please send an email to

10. Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. Updating and changing this privacy policy

This privacy policy is currently valid and is valid as of May 2018.

Due to the further development of our Keleya app or our offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be viewed at any time in the Keleya app. You can get it on the Keleya website and print it out.