PLEASE READ THIS POLICY CAREFULLY BEFORE USING RINTEZ HEALTHCARE (RINTEZ LTD) SERVICES.
You must be 16 years or older to use our Services.
Protecting your data, privacy and personal data (as defined under Article 4(1) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”)) is very important to Rintez LTD (“us”, “our” or “we”). It is vitally important to us that our customers (the “users”) feel secure when using the Services.
This privacy policy (the “Privacy Policy”, together with our Terms & Conditions at rintez.com/terms-and-conditions, our Cookie Policy at rintez.com/cookie-policy and any other documents referred therein), sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read this Privacy Policy carefully to understand the types of data we collect from you, how we use it, the circumstances under which we will share it with third parties, and your rights in relation to your personal data.
When using “Rintez” through our mobile application (“App”), when and where available, our web-based application (“Web-embed”) our screening tool (“Screening Tool”), or accessing our website Rintez.com (“Website”) or any service and/or product we may provide you (Website together with the App, the Web-embed, the Screening Tool and any of our product and services, the “Services”), you will be asked to indicate your acknowledgment of, and where applicable, give your consent to the practices described in this policy.
Our Website may contain links to third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data. Please check these policies before you submit any personal data to such third-party websites.
- Who we are
This Privacy Policy applies to any personal data processed by 2 Ireton Avenue, Leicester, England, LE4 9EU, being the data controller (as defined under Article 4(7) GDPR) of all processing activities in connection with the Services.
Questions, comments and requests regarding this Privacy Policy are welcome and should be addressed to [email protected]. Our data protection officer is Willy Weiss.
- General overview of our data processing in connection with the Services
We may collect and process the following data about you:
Information that you provide to us. You will be asked to provide us with your information when you:
- fill in forms on our Website or App, or correspond with us by phone, email or otherwise;
- register to use our Services, subscribe to our newsletter, promotional emails or other marketing materials;
- use the Services;
- report a problem with our Services; or
- complete any surveys we ask you to fill in that we use for research purposes (although you do not have to respond to these if you do not want to).
The information you will be asked to provide us for these purposes may include your name, gender, date of birth, email address, phone number, symptoms of your illness, potential causes of your illness symptoms, health insurance, medical history, any allergies you have, or further information required to verify your identity.
Information we collect about you. Although we will not use it to identify you, we may collect the following data during each of your visits to the Website and App:
- Usage data: technical information about your device, incl. device-specific information such as your hardware model, operating system version, unique device identifiers, and mobile network information; details of your visits to the Website and App, including the full Uniform Resource Locators (“URL”) clickstream to, through and from our Website and App (including date and time); details of conditions and symptoms searched.
- Analytics data: your IP address, operating system and browser type; information about which app store you downloaded our App from; length of visits to certain pages, and page interaction information (such as scrolling, finger gestures, clicks, and mouse-overs).
If you are using our Services on behalf of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data. For the avoidance of any doubt, any reference in this Privacy Policy to “your data” shall include data about other individuals that you have provided us with.
- Specific processing activities, type and purpose of their use
3.1 When you use our Website
- Types of data: IP address of the requesting device, date and time of access, name and URL of the requested file, Website from which access is obtained (“Referrer URL”), browser used and, where applicable, your device’s operating system and the identity of your access provider.
- Uses of that data: We use the above data to provide you with access to our Website, ensure that the Website can establish an internet connection smoothly and is easy to use; to analyze the system security and stability, as well as for additional administrative purposes.
- Use justification: Legitimate interests (Article 6 (1) (f) GDPR). Our legitimate interest is based on the data collection purposes listed above. We do not use the data collected for the purpose of identifying you. You are not obliged to provide the above personal data. However, you will not be able to access the Website if such personal data are not provided.
- Storage duration: Your data is removed after 14 days, unless any security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full.
3.2 When you register a user account in our App
- Types of data: Email address and password, user ID, device ID, profile name, gender, date of birth, health insurance (optional), general data about your health (optional) such as smoking, increased blood pressure, diabetes, and pregnancy status, date and time of registration.
- Uses of that data: We use the above data to provide you with a user account and access to our Services. We use the general health data for the basic analysis. It is not possible to access our Services if the (non-optional) data are not provided.
- Use justification: Contract performance (Article 6 (1) (b) GDPR / consent (Article 9 (2) (a) GDPR).
- Storage duration: Your data is deleted or irreversibly anonymized (and cannot be associated with a specific natural person) when you request deletion of your account or when you delete your account in the App. If your account is inactive for more than 24 months, we will contact you to check whether you wish to continue using our Services. If you then leave your user account unused for another 12 months, we will delete your account and anonymize your data (such that it cannot be associated with a specific natural person).
3.3 Google Login
- Types of data: Google ID, email (if provided in Google account), and phone number (if provided in Google account) and time and date of the login.
- Uses of that data: If you choose to use and login with Google we will receive the data listed above from Google with your approval to populate your user data in the App, and to verify your identity. Please note that if you use the Google login, Google will also process your data (login). We are not responsible for this data processing.
- Use justification: Legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is to provide users who do not have an email account or who wish to log in with their Google account the option to use our Services.
- Storage duration: The storage duration of your data for this purpose corresponds to the period of processing in accordance with Section 3.2. Data processed by Google, which we do not control if you choose to use Google login, may remain in Google’s servers. Should you delete your Google account and wish to use the App, you will be directed to sign-in with an email or other login procedure.
3.4 Create a case
- Types of data: Profile name for the assessment case and related personal health data required to provide the assessment such as illness symptoms, potential causes of illness symptoms, allergies, pregnancy status, relevant and/or related medical history, and time and date of assessment.
- Uses of that data: To provide you with our Services, for example but not limited to, suggest possible causes for the given symptoms (assessment), track your symptoms, or communicate results from laboratories.
- Use justification: Consent (Article 9 (2) (a) GDPR). You may revoke/withdraw your consent at any time. However, it is not possible to provide you with our Services (i.e. the assessment) without your consent.
- Storage duration: Your data is deleted or irreversibly anonymised (and cannot be associated with a specific natural person) when you request deletion of your user account, or the deletion of a specific case or if you delete your account or a case in the App.
3.5 Analysis of case information to guarantee high quality and safety standards of our medical reasoning system
- Types of data: Rintez account ID (when applicable), profile ID (when applicable), case ID, time and date of assessment, geographic location of assessment, data provided in a case (personal health data required to provide the assessment such as age, gender, illness symptoms, potential causes of illness symptoms, allergies, pregnancy status, and relevant and/or related medical history), feedback text, assessment result, and data related to software and hardware (such as version numbers, operating system, and device ID).
- Uses of that data: To guarantee high quality and safety standards of our Services, it is important to review the quality of the assessment results (the “Analysis”). The safety and quality staff (the “Medical Experts”) use pseudonymized data and, when applicable, aggregated data to evaluate the assessment results and determine if any improvement is needed in order for our medical reasoning system and any medical product we develop to meet the highest quality and safety standards.
- Use justification: The processing is required to comply with the necessary standards of quality and safety of our Services which qualify as a medical device under medical device regulations and as provided in the following legal texts (Sec. 22 (1) no. 1 c) BDSG, Art. 9(2)(i) GDPR), on the basis of Post-Market Surveillance obligations under Sec. 6 (1),(2) MPG in connection with Annexes X, VII, (4) of the EU Medical Devices Directive (93/42/EC) (or directly applicable from 26.05.2020 at the latest, but to be considered as already applicable to ensure high standards of quality and safety of our medical reasoning system, Art. 83 et seq. and Annex III of the EU Medical Devices Regulation (2017/745/EU)).
- Storage duration: The storage duration of your data for this purpose corresponds to the period of processing in accordance with Section 3.2. When you request deletion of a specific case or if you delete a case in the App, your case data will no longer be used for this purpose.
3.6 Assessment of suitability for clinical research and invitation
- Types of data: Email address, profile name, date of birth, illness symptoms, potential causes of illness symptoms, medical history, allergies, time and date of assessment, and other data that you have provided to us.
- Uses of that data: We use the above data to assess your suitability for clinical research and to invite you to partake in clinical research with one of our clinical research partners that may be of interest to you and/or referral to centers for follow-up diagnostics. For the avoidance of doubt, we do not pass on any personal data to our clinical research partners without your consent.
- Use justification: Consent (Article 9 (2) (a) GDPR).
- Storage duration: The storage duration of your data for this purpose corresponds to the period of processing according to Section 3.2. When you request deletion of a specific case or if you delete a case in the App, your case data will no longer be used for this purpose.
3.7 Use of health data for statistical and research purposes
- Types of data: Rintez account ID (when applicable), case ID, profile ID (when applicable), age, gender, illness symptoms, location, risk factors, assessment results such as potential causes of illness symptoms, medical history, allergies, time and date of assessment, and other relevant and related health data that you may have provided us.
- Uses of that data: We process pseudonymized data to carry out aggregate statistics on the geographical prevalence of certain types of illness symptoms and conditions and present such summarized statistics to our partners on an irreversibly anonymized basis.
- Use justification: The processing is necessary for statistical purposes and we only provide our partners with anonymized and summarized statistics from which the identification of a specific natural person is impossible. Our legitimate interest in processing data for these purposes is to support progress in medical research in line with our entrepreneurial goals which is also in the public interest to improve healthcare. You may, for reasons arising from your particular situation, object to such a processing at any time by sending an e-mail to [email protected] (you can find more information in Section 8).
- Storage duration: The storage duration of your data on the basis of which we create the statistics corresponds to the period of processing according to Section 3.2. When you request deletion of a specific case or if you delete a case in the App, your case data will no longer be used for this purpose. The statistics are anonymous.
3.8 Use of health data for public health purposes
- Types of data: Rintez account ID (when applicable), profile ID (when applicable), case ID, device ID, age, gender, illness symptoms, location, risk factors, assessment results such as potential causes of illness symptoms, medical history, allergies, time and date of assessment, and other relevant and related health data that you may have provided us.
- Uses of that data: We process pseudonymized health data for public health purposes (as defined by GDPR recital 54) such as analyzing case data regarding public health trends, rare diseases and threats and to identify factors that could improve public health such as finding out about the prevalence of specific conditions, the attributes of specific conditions and get insights in specific aspects of assessments. We share and present the results as summarized statistics to our partners on an irreversibly anonymized basis. We may also process such types of data to provide you with the best guidance possible by, for example, directing you to the most appropriate care facility and to reduce unnecessary care for overburdened health systems.
- Use justification: The processing is necessary for reasons public interest in the area of public health. Our legitimate interest in processing data for these purposes is to support public health progress by protecting against serious cross- border threats to health. You may, for reasons arising from your particular situation, object to such a processing at any time by writing us here (you can find more information in Section 8).
- Storage duration: The storage duration of your pseudonymized data on the basis of which we create the statistics corresponds to the period of processing according to Section 3.2. When you request deletion of a specific case or if you delete a case in the App, your case data will no longer be used for this purpose.
3.9 Direct marketing for our own similar products and services
- Types of data: Email address, profile name, gender preference.
- Uses of that data: To receive direct marketing (products and services) or communication about any survey that we believe will be of interest to you. You can modify your marketing settings at any time by using the link at the bottom of each marketing email, or by sending your un- subscription request by e-mail to [email protected].
- Use justification: Legitimate interest (Article 6 (1) (f) GDPR).
- Storage duration: The storage duration of your data for this purpose corresponds to the period of processing in accordance with Section 3.2.
3.10 Provide safer services by monitoring App usage
- Types of data: Symptoms of your disease, possible causes of your disease symptoms, user ID (when applicable), age, gender, location (country), IP address, device ID.
- Uses of that data: We use a limited set of usage data (including personal health data) to monitor usability to ensure that our App complies with high safety and security standards required for medical devices and to optimize the general functionality of our App.
The data collected in this context is not used to link any usage profiles with your personal data. Your personal data will be transmitted and stored into our servers, held exclusively within European Union, which are certified under the EU/US Privacy Shield (adequacy decision of the European Commission). - Use justification: Consent (Article 9 (2) (a) GDPR). You can customize your tracking settings at any time in the privacy settings in the App.
- Storage duration: Your data will be stored until it is no longer required for the purpose for which it was collected. The storage duration of your data for this purpose corresponds to the period of processing in accordance with Section 3.2. When you request deletion of a specific case or if you delete a case in the App, your case data will no longer be used for this purpose.
3.11 Help people around the world with attribution and performance metrics
- Types of data: Advertiser ID, download and installation of the App on your mobile device, information on how you found out about us (e.g. via social media or an online article), whether your registration and the creation of a new case with us was successful, and your rating of our App on the App Stores, time and date.
- Uses of that data: you use our App, we only use the information (which does not include personal health data) to optimize our marketing initiatives and help people around the world get access to our App. We only use pseudonymized usage data that we collect through our contract processor adjust GmbH (Saarbrücker Str. 37a, 10405 Berlin, Germany) to provide us with insights on how we can potentially provide our Services to people around the world who are not using them yet, at the right time, and with the right language. We will never share your personal health information for this purpose with advertisers nor third parties, nor will we use this information to show you any advertising.
- Use justification: Consent (Article 6 (1) (a) GDPR).
- Storage duration: Your data will be stored until it is no longer required for the purpose for which it was collected. The storage duration of your data for this purpose corresponds to the period of processing in accordance with Section 3.2.
3.12 Monitor usage to ensure proper use, functioning, maintenance and improvement of the medical reasoning system and related Services
- Types of data: Device ID, IP address, operating system and browser type, length of visits to certain pages, and page interaction information such as scrolling, finger gestures, clicks, and mouse-overs, time and date.
- Uses of that data: We use a limited set of usage data (which does not include personal health data) to ensure the proper use, functioning, maintenance and improvement of our Services for all users.
- Use justification: Legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is based on the aforementioned use of that data purposes. Under no circumstances will we use the collected data to determine your identity. We may send you transactional emails (e.g. account creation verification email, reset password email, double opt-in email regarding the newsletter subscription, welcome email) and process the page interaction accordingly, to ensure proper reception and assess the service in order to improve it. You may, for reasons arising from your particular situation, object to such a legitimate processing at any time by writing us by e-mail to [email protected] (you can find more information in Section 8).
- Storage duration: Your data will be stored until it is no longer required for the purpose for which it was collected. The storage duration of your data for this purpose corresponds to the period of processing in accordance with Section 3.2.
3.13 Performance reports
- Types of data: Error, crash reports, and IP address, time and date.
- Uses of that data: We use the above data (which does not include personal health data) to ensure the functionality of our Services. Our Services cannot function properly without this processing.
- Use justification: Legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is based on the aforementioned use of that data purposes. Under no circumstances will we use the collected data to determine your identity.
- Storage duration: Your data is removed after 14 days, unless a security-relevant event occurs (for example, a Distributed Denial of Service attack). If a security-relevant event occurs, log files of the servers are stored until the security-relevant event has been completely eliminated and clarified.
3.14 Feedbacks / Surveys
- Types of data: feedback text, email address (optional), data provided in the case (only if you provide us with your email address which allows us to identify you, only for the purposes listed below).
- Uses of that data: We use the feedback you may provide us (optional) to analyze whether you are satisfied or dissatisfied with our products and Services, and to assess your general experience with it. This is a fundamental resource for us to improve your user experience and adjust our actions to your needs. We may also use the feedback you may provide us (optional) to guarantee high quality and safety standards of our Services, as described in Section 3.5 above.
- Use justification: Legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is based on the aforementioned use of that data purposes. Under no circumstances will we use the collected data to determine your identity // Your feedback may be processed to comply with the necessary standards of quality and safety of our Services which qualify as a medical device under medical device regulations, as explained in Section 3.5 above.
- Storage duration: Your data will be stored until it is no longer required for the purpose for which it was collected. The storage duration of your data for this purpose corresponds to the period of processing in accordance with Section 3.2.
- Cookies and tracking on our Website
Our Website uses so-called “cookies”. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s device (computer, tablet, or phone). We use the term “cookies” to refer to all tools that collect data on our Website (e.g. IP addresses, place and time of the visit of the users). The user’s data collected in this way is pseudonymized. The data is not stored together with the user’s other personal data. This processing is carried out on a legal basis or, where required by law, based on your consent.
For detailed information on our user tracking and the cookies we use, the purposes for which we use them and to manage your Cookie preferences see our Cookie Policy.
- Where do we store your personal data
The personal data that we collect from you is stored in the European Union on our servers, located in Europe. This data may, however, be processed by sub-processors operating outside of the European Economic Area (“EEA”) based on a data processing agreement if the additional requirements of Art. 44 et seq. GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 GDPR).
Sensitive information between your browser and our Website is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.
Please contact us if you would like further details on the specific safeguards applied to the export of your personal data outside the EEA.
- Disclosure of your personal data
6.1 We use technical service providers to operate and maintain our Services, who act as our processors based on a data processing agreement.
Service providers who process personal data on our behalf outside the EEA (or “third countries”) will only be used if the recipient has received a European Commission decision on appropriateness or suitable or appropriate guarantees for this third country. In addition, we do not transfer your personal data to third parties – with the exception of the purposes listed below.
- Use justification: The legal basis for the transfer of personal data to the processor and the processing by the processor depends on the legal basis on which we, as data controllers, rely (see Section 3 above).
6.2 If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
- Use justification: Legitimate interest, Article 6 (1) (f) GDPR (to sell our business or assets)/ where required by applicable law: Consent, Article 9 (2) (a) GDPR (for personal health data).
6.3 If we or, substantially, all of our assets are acquired by a third party, personal data about our users will be one of the transferred assets.
- Use justification: Legitimate interest, Article 6 (1) (f) GDPR (to sell our Company or assets)/ where required by applicable law: Consent, Article 9 (2) (a) GDPR (for personal health data).
6.4 If we are required on the basis of EU law or the law of a Member State to disclose or share your personal data.
- Use justification: Legal obligation, Article 6 (1) (c) GDPR.
6.5 We may disclose certain data to organizations involved in clinical trials and other types of research where you have explicitly authorized us to do so.
- Use justification: Consent, Article 9 (2) (a) GDPR.
6.6 If you use our Services through a Web-embed application located in the US, we may disclose certain data to the partner that hosts the Web-embed application, as required on the basis of the US Health Insurance Portability and Accountability Act (“HIPAA”) or any other applicable laws.
- Use justification: Legal obligation, Article 6 (1) (c) GDPR.
6.7 you use our Screening Tool, we may disclose certain data to the partner that hosts the Screening Tool, if it is necessary for the performance of a task carried out in the public interest, and always in compliance with applicable laws (e.g. including but not limited to GDPR and the German Infection Protection Act (“IFSG”)).
- Use justification: Legal obligation, Article 6 (1) (c) GDPR / Public interest, Article 6 (1) (e) GDPR.
- How long do we retain your personal data
We will hold the above data for as long as it is necessary in order to provide you with the Services, deal with any specific issues that may arise or, otherwise, as it is required by law or by any relevant regulatory body. Specific storage periods for the respective processing activities are detailed in Section 3 above.
Once your account is terminated, we will delete the personal data relating to your account within 1 month.
If you were a user of the UK Rintez Medic services, your consultation details may be retained by us for a period up to 10 years according to the UK Records Management Code of Practice Retention Schedule, or if otherwise required by Care Quality Commission (“CQC”).
If your personal data is used for two different purposes, we will retain it until the purpose with the longest period expires, but we will stop using it for the purpose with the shorter period as soon as the shorter period expires.
We restrict access to your personal data to the persons who need to use it for the relevant purpose(s). Our retention periods are based on reasonable business needs, and your personal data that is no longer needed is either irreversibly anonymized (and the anonymized data may be retained) or securely destroyed.
- Your rights
Under GDPR you have various rights in relation to your personal data (as listed below).
All of these rights can be exercised by sending us an e-mail to [email protected].
Verification: in order to verify your request, we will take reasonable steps such as asking you to send us a confirmation from the email address associated with your account, so that we can verify that you are the owner of this email account. If there is no email address associated with your account, we may ask you for proof of ID.
- Right to withdraw consent: You have the right to withdraw your consent at any time by notifying us by email to the following address: [email protected]. By withdrawing your consent, the lawfulness of the processing based on consent up until the point of withdrawal will not be affected.
- Right to object: You have a right to object under the conditions of Article 21 DSGVO. Below you will find more detailed information:
— Right to object where the processing is based on legitimate interests: As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
— Right to object where we process your personal data for statistical purposes: If we process your personal data for statistical purposes pursuant to Article 9 (2) (j) DSGVO, Section 27 (1) BDSG, you have the right to object to such processing for reasons arising from your particular situation. In the event of such an objection, we will no longer process the personal data concerned for this purpose unless the processing is necessary to fulfil a task in the public interest, or the discontinuation of processing is likely to make it impossible or seriously impair the realization of statistical purposes and the continuation of processing is necessary for the fulfilment of statistical purposes.
— Right to object to direct marketing: Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.
To exercise your rights of objection, you may contact us at any time by sending an e-mail to [email protected]. - Right to be informed: As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 GDPR. This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 (1) GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
- Right to erasure / “Right to be forgotten”: As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 GDPR. This means that you generally have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 (1) GDPR applies. You can do this by deleting your account at any time. If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 (2) of the GDPR. The right to erasure (“right to be forgotten”) does not by exception apply if the processing is necessary for one of the reasons listed in Article 17 (3) GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 (3) (b) and (e) GDPR).
- Right to restriction of processing: As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 GDPR. This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 (1) GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 (1) (a) GDPR). Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 No. 3 GDPR).
- Right to data portability: As a data subject, you have a right to data portability under the conditions provided in Article 20 GDPR. This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) GDPR or on a contract pursuant to Article 6 (1) (a) GDPR and the processing is carried out by automated means (Article 20 (1) GDPR). In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 (2) GDPR).
- Right to Rectification: As a data subject, you have the right to rectification under the conditions provided in Article 16 GDPR. This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.
- Right to complain: As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 GDPR.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use our Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.
- Privacy information for California residents
If you are a California resident, California law requires us to provide you with some additional information regarding your rights with respect to your “personal information” (as defined in the California Consumer Privacy Act (hereinafter the “CCPA”) that came into force on January 1st, 2020).
We did not during the preceding 12 months, do not currently, and will not in the future sell or transfer your personal data to third parties (and will never do it without providing a right to opt out).
We may transfer your personal data to third party processors in order to achieve the purposes of the processing listed in Section 3 above, but only with the third-party processors with whom we have a data protection agreement in place.
CCPA provides Californian consumers the following rights (which does not interfere with GDPR):
- Right to request disclosure of any personal information we collected (Article (1798.100) (a) CCPA). This means in particular that you have the right to request disclosure of the categories of personal information we collected from you, together with the categories of sources from which it was collected, the purpose of the collection, the categories of third parties with whom we shared your personal information, and the specific pieces of personal information that have been collected (Article 1798.110 (a) CCPA).
- Right to request deletion of any personal information that we collected from you (Article (1798.105) CCPA). This means that after we have verified your request to delete your personal information, we shall delete it from our records and direct any service providers to delete your personal information from their records, except when Article 1798.105 (d) CCPA is applicable (e.g. in case the personal information is necessary to provide the Services, to detect security incidents, to identify and repair errors that impair existing intended functionality of the App, to engage statistical research in the public interest, or to comply with a legal obligation).
Is you find any concerns regarding this Privacy Statement please fell free to contact us by sending an e-mail to [email protected].