Preamble
This service (hereinafter referred to as "App") is provided by IOTIS GmbH, Uellendahler Str. 353, 42109 Wuppertal, Germany hereinafter referred to as "we" or "us") as the responsible party within the meaning of the applicable data protection law.
When you use the app, we process personal data about you. Personal data means any information relating to an identified or identifiable natural person. Because protecting your privacy when using the app is important to us, we would like to inform you in the following which personal data we process when you use the app and how we handle this data. In addition, we will inform you about the legal basis for the processing of your data and, insofar as the processing is necessary to protect our legitimate interests, also about our legitimate interests.
You can access this privacy policy at any time under the menu item "Settings - Privacy Policy" within the app.
1. INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA
Below you will find detailed information about how we process your personal data through the APP.
1.1 INFORMATION ALREADY COLLECTED AUTOMATICALLY WHEN USING THE APP
As part of your use of the app, we automatically collect certain data that is required for the use of the app. This includes: internal device ID, APP ID, device name, version of your operating system, time of access, last time of access, language info.
This data is automatically transmitted to us in order to (1) provide you with the service and the associated functions; (2) improve the functions and performance features of the app; and (3) prevent and eliminate misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you as a data subject and us pursuant to Art. 6 (1) lit. b) DSGVO for the use of the App, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f) DSGVO.
1.2 INFORMATION COLLECTED BY THE RESPECTIVE APP STORE
When downloading the app, certain required information is transmitted to the app store selected by you (e.g. Google Play or Apple App Store), in particular the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control. This also applies to the user's subsequent logins via the respective app store.
1.3 CREATION OF A USER ACCOUNT AND REGISTRATION
1.3.1 USER ACCOUNT AND LOGIN VIA OUR APP
(1) When you create a user account or register, we use your access data (e-mail address, password and nickname) to grant you access to your user account and to manage it ("mandatory data"). We need this mandatory data to conclude the user contract with you. If you do not provide this data, you will not be able to create a user account.
(2) We use the mandatory information to authenticate you when you log in and to follow up on requests to reset your password. We process and use the information you provide during registration or login to (1) verify your eligibility to manage the User Account; (2) enforce the App's Terms of Use and any rights and obligations related thereto; and (3) contact you to send you technical or legal notices, updates, security messages, or other messages relating to, for example, the management of the User Account.
(3) Some voluntary information (profile image, nickname) can be displayed within the app in accordance with the settings you have made and to make it available to other app users at your request.
(4) This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 (1) lit. b) DSGVO for the use of the App, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f) DSGVO.
2. Use of the app
Within the app, you can enter, manage and edit various information, tasks and activities. If you allow access to this data, the mobile app will only access your data and transfer it to our server to the extent necessary to provide the functionality. Your data will be treated confidentially by us and will be deleted if you revoke the rights to use it or if it is no longer required to provide the services and there are no legal retention obligations. This data is used to set up, provide and personalize your account as well as to use the services provided on the basis of the usage agreement concluded with us for the provision of the contractual service. The legal basis for this is your consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual measures (Art. 6 para. 1 p. 1 lit. b. DSGVO) and legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO). These are the data listed below in items 1.3.1 to 1.3.4:
2.1 Profile data
You can create a profile with corresponding image files and thereby decide with which profile files you will be displayed in the APP also to third APP users. Furthermore, data on the player position (goalkeeper, defense, midfield, striker, universal player), date of birth, gender, height, weight, strong foot, favorite club, favorite player, shirt number, training goal can be specified for this.
This data can be changed or completely deleted by you at any time via the app.
2.2 Permissions to use the functions of the app
The app also requires the following permissions:
- Internet access: This is required to save your entries on our servers and to download the and to download the exercises if necessary.
- Camera access: This is required so that you can make videos and store them in the app and on our servers and share them with third parties. Camera access is also required to create the avatar.
- Location services: Optionally, location services can be enabled to locate the user's country and city
- Connection with IOTIS products: Must be enabled to use the devices paired via Bluetooth or WLAN for the performance data collection and analysis functions available in the APP.
- If you want to receive push notifications, e.g. regarding certain performance data of other participants or new content, even if you are not in our app, you have to allow us to do so. We ask for this when you first install (Android) or use (iOS) the app. Additional push notifications for other services are optional. If you want to interact with us through the app (sweepstakes, uploads, etc.) you must grant the app access to certain features of your smartphone. We will inform you about the services that our app offers in detail under the menu item "Help". All notifications or access options can be subsequently turned on or off in the settings menu. We use the services Firebase Cloud Messaging from Google (Android) and Apple Push Notifications (iOS) for push notifications. In the process, Firebase and Apple generate a calculated key that is composed of the app's identifier and its device identifier. This key is stored on our push platform by with your chosen settings to provide you with the content according to your preferences. The Firebase or Apple servers cannot draw any conclusions about the requests of users or determine any other data related to a person. Firebase and Apple serve solely as intermediaries.
2.3 Collection and evaluation of the generated performance data
When the app is connected to an IOTIS product, performance data is recorded during the execution of the exercises intended for this purpose ("Exercices") and stored and retrievable in an overview ("Exercice History") that can be accessed via the app. The performance data recorded here includes, in particular, the start of the Exercise, which Exercises are performed, high scores, etc. Furthermore, the collected performance data is used to be recorded in a rating system ("star rating").
This data can be changed or completely deleted by you at any time.
2.4 Publication or disclosure of profile and performance data
If you want to display the profile and performance data you have created or generated to individual third parties or to all app users, you can do so using the function available for this purpose within the app, such as the share function provided at certain locations. You can use this to send certain content to individual third parties via a messenger service of your choice or via e-mail. The use of these functions is voluntary and only possible under consideration of the terms of use and data protection of the respective service. Please note that we have no influence on the data processing of the third-party service you have chosen. However, if you choose to publish this data within the app to other app users, you can change this at any time by making the appropriate settings so that the data is no longer displayed to other users.
3. Use of offers outside the app/ IOTIS webshop
When calling up certain content within the app, such as with regard to the webshop, you will be redirected to our website. You will be informed of this before calling up the website. For information on the processing of personal data on our website, please visit https://app.iotis.tech
4. Contact form from Typeform
For our contact form we use the service Typeform of the provider TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (hereinafter also referred to as Typeform). This enables us to provide you with a simple means of contact.
We pass on the following personal data to Typeform: e-mail address, name
Typeform is the recipient of your personal data and acts for us as a processor within the meaning of Art. 28 DSGVO. The data is stored exclusively for the purpose of transmitting requests and responding to them. The mandatory data are used for the assignment and the response to your request. Notwithstanding this, you can also send us your inquiries by e-mail to the e-mail address stated in the imprint.
In addition, Typeform collects the following personal data using cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data is collected, such as the date and time when you used the contact form. Typeform needs this data to ensure the display of the contact form and its functionality. This corresponds to Typeform's legitimate interest (pursuant to Art. 6 para. 1 lit. f DSGVO) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b DSGVO). For more information, please visit: https://help.typeform.com/hc
For more information on objection and removal options vis-à-vis Typeform, please visit: https://admin.typeform.com/to
The legal basis for this processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the specified contact options. Your data will be processed as long as a corresponding consent exists. By declaring the revocation, the legality of the processing carried out so far is not affected.
Your data will be deleted after one month, unless legal requirements make further storage necessary.
5. Disclosure and transmission of data
In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.
5.1 Legal requirements
If it is necessary to clarify illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.
Any disclosure of the personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) DSGVO in conjunction with. national legal requirements to disclose data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) DSGVO do not override.
5.2 Use of external companies
We rely on the following third-party companies and external IT service providers to provide our service, which we describe below:
5.2.1 Azure Cloud from Microsoft
We use the cloud provider Microsoft Azure Cloud for the storage, processing and management of the APP data. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Since Microsoft also processes the data collected from you in the USA, among other places, we would like to point out that according to the case law of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA, since US authorities have far-reaching access options to this in certain cases.
Microsoft uses so-called standard contractual clauses in accordance with Article 46 (2) and (3) of the GDPR as the basis for data processing for recipients located in third countries or for data transfers to such countries. Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries. Through these clauses, Microsoft, as a U.S. company, undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses at: https://eur-lex.europa.eu/eli
For more information about Microsoft's standard contractual clauses, please visit: https://learn.microsoft.com/en-us
With regard to data processing by Microsoft, please note:
https://privacy.microsoft.com
5.2.2 Firebase From Google
We use Firebase as Authentication, Messaging and Analytics Service. The service provider is the American company Google LLC, 1600 Amphitheatre Parkway in Mountain View, California.
Since Google also processes the data collected from you in the USA, among other places, we would like to point out that according to the case law of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA, since US authorities have far-reaching access options to this in certain cases.
On June 4, 2021, the European Commission approved new versions of the Standard Contractual Clauses that Google incorporates into its contracts with Firebase customers for relevant data transfers. Google is committed to providing a legal basis for data transfers in compliance with applicable data protection laws (Source: https://firebase.google.com/support/privacy?hl=de#international_data_transfers)
With regard to data processing and security by Google, please note:
https://firebase.google.com/support/privacy
5.2.3 Use of other IT service providers
It is also necessary for the performance of certain work on the APP that we have to commission other third-party companies or service providers with this. Any transfer of personal data is justified by the fact that we have carefully selected them as order processors within the scope of Art. 28 (1) DSGVO, regularly checked them and contractually obliged them to process all personal data exclusively in accordance with our instructions.
5.3 Restructuring under company law
As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) DSGVO are not overridden.
6. Changes of purpose
Processing of your personal data for purposes other than those described above will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes prior to further processing and provide you with all other relevant information.
7. Data storage period
We delete or anonymize your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app plus a period of 7 days, during which we keep backup copies after deletion, unless this data is needed longer for criminal prosecution or to secure, assert or enforce legal claims. Specific statements in this privacy policy or legal requirements for the retention and deletion of personal data, in particular those that we must retain for tax law reasons, remain unaffected.
8. Your rights as a data subject
8.1 Right of information
You have the right to receive from us at any time upon request information about the personal data processed by us that concerns you within the scope of Art. 15 DSGVO. For this purpose, you can submit a request by mail or e-mail to the address below.
8.2 Right to correct incorrect data
You have the right to demand that we correct the personal data concerning you without delay if it is incorrect. To do so, please contact us at the addresses below.
8.3 Right of deletion
You have the right to request that we delete the personal data concerning you under the conditions described in Art. 17 DSGVO. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an erasure obligation under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see Section 7 of this Privacy Policy. To exercise your right to erasure, please contact us at the contact addresses below.
8.4 Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 DSGVO. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires, as well as in the event that the user requests limited processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact addresses below.
8.5 Right to data portability
You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 DSGVO. To exercise your right to data portability, please contact us at the contact addresses below.
8.6 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1)(e) or (f) DSGVO, in accordance with Article 21 DSGVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
8.7 Right of appeal
You also have the right to contact the competent supervisory authority in the event of complaints. The competent supervisory authority is: The State Commissioner for Data Protection of North Rhine-Westphalia, Bettina Gayk, P.O. box 20 04 44, 40102 Düsseldorf, Phone: +49 (0)221 / 38424-0, Fax: +49 (0)221 / 38424-999, E-Mail: [email protected], Internet: https://www.ldi.nrw.de/
9. Contact
If you have any questions or comments about our handling of your personal data, or if you would like to exercise the rights as a data subject set out in section 8, please contact us using the following contact details: [email protected]
10. Changes to this privacy policy
We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing or use of your data. The current version of the privacy policy is always available under "Settings - Privacy Policy" within the app.