Privacy Policy

Innothenics UG (haftungsbeschränkt)

Latest version from 2021-01-13



Content

1. Collection and processing of personal data
2. Access data
3. Thenics Sign Up
4. Google and Apple Sign Up
5. Firebase
6. Youtube
7. RevenueCat
8. Access permissions
9. Cookies
10. SSL or TLS encryption
11. Contradicting advertising mails
12. Rights of the user
13. Contact and Responsible




Our website and the apps are provided to you by Innothenics UG (limited liability). Protecting your personal data is taken very seriously by us, so we treat your personal data confidentially and according to legal regulations.
This privacy policy should inform you in detail about the scope and purpose of the collection and use of personal data.

We reserve the right to change or adapt this privacy policy at any time in accordance with applicable data protection regulations. Thus, we advice to review this page periodically for changes.





1. Collection and processing of personal data

Personal data includes all information which can determine your person and which can be traced back to you (e.g. your name or e-mail address). Definitions of the terms used (e.g. "personal data" or "processing") can be found in Art. 4 DSGVO.

Personal data that you provide to us will be used only if it is necessary for the performance and processing of our services. Legal basis therefore is our legitimate interest pursuant to Art. 6 DSGVO. Your data is kept secure and will not be disclosed to third parties.

We do not pass on your personal data without your express consent, but we cannot rule out the possibility that this data may be viewed in the event of unlawful conduct. If you send us personal data by e-mail - i.e. outside of this website - we cannot guarantee the secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by e-mail.

If we store data from you, the data is stored for as long as it is necessary to fulfill our services, or until you delete your account/data, or retention periods make storage necessary.

The use of our website is basically possible without providing any personal information. However, in order to improve our online services, we store your access data to this website (without personal reference). More details on that in the following chapter.





2. Access data

We, the website operator or page provider, collect data on access to the website/app on basis of our legitimate interest (see Art. 6 Para. 1 lit. f. DSGVO) and store these as 'server log files'. The information is used by us to determine the attractiveness of our offers and to improve their performance or content if necessary and to make them even more interesting for you. We do not use this data to identify individual users. The following data is logged in this way:



Data Purpose
Visited website Evaluation according to devices to ensure optimized presentation of the website
Time and date of access Clarification and prevention in cases of fraud
Browser used Evaluation according to devices to ensure optimized presentation of the website
Operating system used Evaluation according to devices to ensure optimized presentation of the website
Device model or manufacturer (of smartphone, tablet, …) Evaluation of device manufacturers and types of mobile devices for statistical purposes
IP address used Clarification and prevention in cases of fraud


The data is stored indefinitely if feasible and for security reasons, e.g. to clarify cases of misuse. Furthermore it is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.





3. Thenics Sign Up

You can create a Thenics account, in order to use all of our services. The registration will require personal data, which is exclusively used and needed for the respective services.

In the event of important changes, for example for technical reasons, we will inform you by e-mail. The message will be sent to the e-mail address provided during registration.

The data entered during registration will be processed on the basis of your consent (Art. 6 para. 1 lit. a DSGVO).

We store the data collected during registration for the period that you are registered on our website/app. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.

You have the right to revoke given consents. For more details about your rights, please refer to chapter „Rights of the user & Responsible“.

We are using the Firebase Authentication service to authenticate your account. It provides added security and prevents abuse during sign-up and authentication. Data can be transfered to third country = USA, but is under EU-US Privacy shiled guarantee according to Art. 44ff DSGVO. More details on Firebase can be found in the respective chapter.

During the registration we require the following data. All mandatory information must be provided, otherwise we will refuse the registration. In addition, you must read our privacy policy and accept our terms and conditions. The data is deleted 30 days after account deletion.



Data Purpose

E-Mail address

Account identification

Password

Account identification

Name

Direct approach

Lastname

Direct approach

IP address used

Clarification and prevention in cases of fraud



4. Google and Apple Sign Up

You can also create your Thenics account via Apple or Google Sign Up. Therefore just click on the Google/Apple Button during registration. You will be redirected to Apple/Google, where you will need to sign in with your account. There it will be shown which data we request (public data: first name, last name and e-mail address). This information is necessary to create an identifiable and secure Thenics account for you.



Your Apple/Google profile and your Thenics account will be linked via your email address. We store your e-mail address and will contact you at it if necessary.

In case of Apple Sign In, you can also choose to hide your true e-mail address. In this case an unique random e-mail address will be generated for you and linked with your Thenics account.

We will not share any information obtained from your Apple/Google account without your consent. Important: We do not learn your Apple/Google credentials at any point and have no way of posting to your Apple/Google profile without your permission.

More details on this ability to sign in can be found on Apples privacy settings: https://www.apple.com/privacy/ and https://support.apple.com/en-us/HT210699

Same for Google, look up Google’s Privacy Notice: https://policies.google.com/privacy and Terms of Use: https://policies.google.com/terms



Data Purpose

E-Mail address

Account identification

Password

Account identification

Name

Direct approach

Lastname

Direct approach



5. Firebase

We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to store your personal workout data within the Thenics app.

Furthermore we use Firebase to analyze your user behavior. The information we collect is used to monitor your interaction with our website and apps. It is used to optimize the user experience, for example by evaluating crash reports. The data collected is not personal data and we do not take any action to personalize it.

We currently use the following Firebase services:

Firebase Authentication
Purpose: Creating and authenticating your Thenics account
Data: E-Mail address, First name, Last name, Password
Place of processing: USA

Cloud Firestore
Purpose: Cloud Firestore is a database, where your user data is saved
Data: Workout data (e.g. skill level and history)
Place of processing: Europe

Cloud Storage
Purpose: If you upload photos to Thenics, they will be saved with Cloud Storage
Data: Profile picture or photos for the journey
Place of processing: Europe

Google and Firebase Analytics
Purpose and data: Google and Firebase Analytics collects data to provide analysis and attribution information. The type of data collected varies by device and by environment. Google and Firebase Analytics stores ID-related data for 60 days and collects reporting and campaign data indefinitely, unless the Firebase customer changes the Analytics data storage settings or deletes the project. An instance ID is used to track events and also the advertising ID of the device. You can change the use of the ad ID in the device settings of your mobile device. Android: Settings > Google > Ads > Reset Ad ID iOS: Settings > Privacy > Ads > No Ad Tracking.
Place of processing: Europe

Firebase Cloud Messaging
Purpose and data: If you give us your consent, we can send you push messages with Firebase Cloud Messaging on your mobile iOS device, even if our app isn’t opened. On Android push notifications are automatically allowed. On both OS you are able to manually deactivate push notifications in your settings. Firebase Cloud Messaging uses instance IDs to determine to which devices messages should be delivered. Firebase stores instance IDs until the Firebase customer initiates the deletion of the ID using an API call. The data is deleted from both live servers and all backup systems within 180 days of the call.
Place of processing: Europe

Firebase uses this data on our behalf for the above purposes. The legal basis for the use of Google Analytics is § 15 Abs.3 TMG resp. Art. 6 Abs. 1 lit. f DSGVO.

More details on Firebase privacy: https://firebase.google.com/support/privacy





6. Youtube

We use YouTube services from YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, to link-out to relevant videos. We are not responsible for the content on YouTube. Also be aware that when you open a screen with a video, a connection to YouTube is made, which informs about the visited page. If you are logged in to your YouTube account, these information can be assigned to your personal profile. To prevent this, log out beforehand.

Details on YouTube's privacy policy: https://policies.google.com/privacy?hl=en



7. RevenueCat

We use RevenueCat services from RevenueCat, Inc., 633 Taraval St. Suite 101, San Francisco, CA, 94116, US, to process and manage your purchases and subscription within our services. This means, whenever you purchase products/subscriptions from our services, we will get some information from the respective app store (Google Play Store or Apple App Store). This data contains information about the purchase (e.g. product data, price, purchase date, subscription duration and status, ...) and is shared with RevenueCat, in order to manage our service delivery on these purchases. Important notice: Personal data about your payment (e.g. your credit card details, etc.) is not shared with us from the app store, nor do we share any personal data from you.

Details on RevenuCats's privacy policy: https://www.revenuecat.com/privacy

Details on RevenuCats's privacy policy: https://www.revenuecat.com/privacy



8. Access permissions

The following permissions are needed to use all functions of our app. The permissions will be requested before usage and you are able to manually revoke them within your mobile OS settings.
Permission Purpose

Camera

Taking photos for profile and journey

Photo library

Selecting photos for profile and journey

Push notifications

Getting information via push notifications

Mobile data/WLAN (provided by operating system)

Saving workout and user data. Loading new content



9. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device. They help us to make our site more user-friendly, effective and safe.

Most cookies are 'session cookies', which are deleted automatically at the end of your browser session. Other cookies remain stored until you delete them. With them we can recognize your browser on the next visit.

You can configure your browser to monitor, restrict or prevent cookies or even automatically delete them when closing the browser. Please note that deactivated cookies can result in a limited functionality of this website.



10. SSL or TLS encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as a site operator. You can recognize an encrypted connection by the 'https://' address line of your browser and by the lock symbol in the browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.



11. Contradicting advertising mails

We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. Innothenics expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.



12. Rights of the user

Our users may exercise their right of objection and object to the processing of their personal data at any time. (Art. 21 DSGVO)

Right to information, correction, blocking, deletion
As a user, you have the right to request free information about which personal data about you has been stored. You also have the right to correct incorrect data and to limit the processing of your personal data, if applicable. Unless your request conflicts with a legal obligation to store data (e.g. data retention), you have a right to delete your data. Data stored by us will be deleted if they are no longer needed for their intended purpose and there are no legal retention periods. If deletion cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted. In this case, the data will be blocked and not processed for other purposes. (Art. 15-18 DSGVO)

Right of appeal to the competent supervisory authority
If you are concerned that the processing of your data is violated against data protection law or in any other ways, please feel free to contact us. Furthermore, you have the right to contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The information is provided in a machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible. (Art. 20 DSGVO)



13. Contact and Responsible

If you have any questions about the privacy policy or want to make use of your rights as user, don’t hesitate to contact us:



Innothenics UG (haftungsbeschränkt)
Gutenbergstr. 10
70736
Fellbach
info@thenics.de