Twenty Billion Neurons GmbH (“Company”, “We”, “Us”, “Our”) is responsible for the data processing within the Service. Our full contact details are:
Twenty Billion Neurons GmbH
Stralauer Allee 2
phone: +49 30 5564 3880
You can reach our data protection officer at: firstname.lastname@example.org.
Naturally, using our App is voluntary. However, when you do use it, App you are required to provide us with some Personal Information. For instance, registration of a user account for the App requires you to provide some personal information. Furthermore, the provision of some information is technically required for the App to function. As a result, you will be unable to access and use it in case of your refusal.
As a user of our Service, you are not subject to any automated decision-making according to Art. 22 GDPR.
2. PERSONAL INFORMATION WE PROCESS
Personal information is information that we can relate to you or that we or our service providers and affiliates could combine with other information to relate to you (“Personal Information”).
The Personal Information we collect will depend on how you interact with the App and any surveys or communications sent between you and us. The App is focused on collecting information:
- About how you use and interact with the App, when you access or use the App in anyway;
- About the performance of our App including video or audio recordings of your workouts that we can use to train and improve our algorithm; and/or
- On your experience with the App, and/or our website through surveys or communications with you.
2.1 Personal Information necessary for performing our services
Our primary purpose in collecting Personal Information is to provide you with a secure, smooth, efficient user experience,
We may use your Personal Information to:
- Provide you with the services of the App;
- Authenticate you when you sign into your account;
- Prevent loss or fraud;
- Create a data set for training our algorithms;
- Prevent potentially prohibited or illegal activities and enforce our Terms and Conditions of Use;
We process Personal Information of you in order to fulfill our duties and exercise our rights under the agreement when you register for our App. To use the App, you must create an account. When you create an account, we collect Personal Information about you, including:
- Contact information, such as your full name, email address, phone number, and other similar information and other information you provide in your account
- Payment data (only when you register a fee-based account)
- You age, height, and weight; and/or
- Your fitness goals
- Your exercise results
- Other personal data on the pages or services you access, your location, mobile network information, device type, standard web log data, and Internet protocol address; and any other Personal Information that you choose to submit to us.
Our Service operates by creating and analyzing audio and video recordings of you through your mobile device. These audio and video recordings will only be stored and processed in your mobile device as long as you use our App and are logged into your account. The recordings will be deleted as soon as you log off.
The legal basis for this data processing is the necessity for the performance of a contract (e.g. the user agreement) with you according to Art. 6 Ssec. I b) GDPR.
We may use these technologies to recognize you as a customer; customize the Service, content, advertising, marketing, and targeting; measure promotional effectiveness. In this respect, we use the following tools:
Authenticate by Google
You can register to our service using “Authenticate by Google”, a service of Google Ireland Ltd. , Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
When you register with Google, you will be redirected to a Google page, embedded in our App, where you can log in directly with your Google account data. If you register or login with Google, the following personal data will be transmitted to us by Google: first name, last name and email address. Google can also inform you which of your data will be transmitted, for which you can give your consent or refuse it. We use the information transmitted by Google to identify you and to verify the authenticity of the information you provide. No personal data will be transmitted by Google to us without your consent. Conversely, Google can determine via your registration via Google that and when you have registered with us.
The data collected during registration will be stored by us as long as you are registered on our website and will subsequently be deleted. Legal retention periods remain unaffected.
The login to your account can also be done via an existing account at the social media platform Facebook of Facebook Inc. 1601 S. California Ave Pal Alto, CA 94304 USA (“Facebook”). If you select this option, you will be redirected to the Facebook page where you can log in with the username and password of your Facebook account. Your registration will enable our App to exchange data with Facebook. We only have limited influence on the extent of the data exchange. We only use the necessary data to identify you as a user.
The legal basis for the processing of personal data when using the Authenticate or Facebook Connect registration is Art. 6 para. 1 lit. a GDPR (your consent).
2.3 Integration with music apps
If you have an account with the music streaming services „Spotify“ by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden or „Apple Music“ by Apple, Inc., 1 Apple Park Way Cupertino, California, 95014-0642, United States you can connect our App to these services so that you can listen to your music during your workout. In this case, we will transfer your email-address to the streaming service. The service provider will in turn request you to log onto your user account with the streaming service. If you log on, we will get access to some of the personal information in your user account such as albums, songs, artists, playlists, music videos, stations, ratings, charts, recommendations, and the user’s most recently played content. We will process this data only to execute the playback of your music in our App.
The legal basis for this data processing is your consent according to Art. 6 Ssec. 1 a) GDPR.
2.3 Additional Data Processing
We may also process Personal Information in order to provide you with a customized user experience, and to refine, test, and improve our App. We may use your Personal Information to:
- Customize, measure, and improve the Service;
- Create a data set for training our algorithms;
- Deliver targeted marketing, service update notices, promotional offers, and campaign updates based on your communication preferences;
- Compare information for accuracy, compile it with other information for completeness, and verify it with third parties;
- Send you things in the mail, such as for a campaign or promotion you opted into; and
- Carry out other purposes that are disclosed to you and to which you consent.
We may combine all the Personal Information we collect in order to understand your interests better and to analyze customer trends.
For the above-mentioned use of your date for direct communication with you about our products and services, we will specifically ask you for your consent. Insofar, this consent is the legal basis for the data processing according to Art. 6 Ssec. 1 a) GDPR.
In all other instances, we process your Personal Information based on our legitimate interest to improve our Service and to provide you with information about additional services we think might interest you according to Art. 6 Ssec. 1 f) GDPR.
2.4 Data Processing for the establishment, exercise or defence of and against legal claims
We may process your Personal Information in order to collect a debt from you; to establish, exercise, defend our claims against you or to defend against claims by you in judicial or extrajudicial proceedings.
Our legal basis to do so is our legitimate interest according to Art. 6 Ssec. 1 f) GDPR.
2.5 Data Processing as required by law
We may process your Personal Information if it is necessary where we have reason to believe that it is necessary for an investigation or decision to investigate a breach of the laws of Germany, the European Union, or a foreign jurisdiction, and we are legally permitted to do so. We also may disclose your Personal Information where we are required by law to do so, especially disclose it to an authority. In this case we process your Personal Information on the legal basis of Art. 6 Ssec. 1 c) GDPR.
2.6 Data processing through cookies and other technological means
When you use our App, we may collect Personal Information that is automatically sent to us by the App. This information may include your numerical IP address. We may also collect other information, such as the device you use, which pages you view, and the files you request.
We use “cookies” and other similar technologies. Unless described below, these devices are necessary to provide the service to you, e. g. facilitate the log in to our service, ensure its functionality as well as the security of your account; mitigate risk and prevent fraud; and promote trust and safety across our Service. To this end, we may store cookies in your device for the duration of your session (“session cookie”) or for a longer period (“permanent cookie”). You can disable cookies on your device, e.g. in the menu of your browser. However, if you do so, you may be unable to access our service or individual features of it.
As far as these cookies and other technological means are necessary to provide the Service to you, our legal basis for processing your Personal Information is the necessity for the performance of a contract (e.g. the user agreement) with you according to Art. 6 Ssec. I b) GDPR.
3. HOW COMPANY DISCLOSES PERSONAL INFORMATION
3.1 Third Parties
We may transfer or provide access to your Personal Information to third party service providers that assist us with the data processing detailed above. Some of our third-party affiliates may be in Canada, USA and other third countries. We use the following service providers:
- Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland (Google Firebase as App backend)
- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (Hosting of Web Application)
- Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (Hosting of GPU Machines)
- Twenty Billion Neurons Inc., 310 Spadina Avenue, Suite 301, Toronto, Ontario, M5T 2E7, Canada (Development and Support Services)
- Stripe, Inc., 510 Townend Street, San Francisco, CA 94103, USA
- Google, Microsoft Corporation and Stripe, Inc. are certified under the EU-US Privacy Shield, the EU Commission has issued an adequacy decision according to Art. 45 GDPR for private sector controllers in Canada. As such, an adequate level of protection is ensured.
Where these affiliates do not pose a data controller according to Art. 28 GDPR, they may combine the Personal Information we provide with other information that they have collected from you. We require that our service providers and/or third-party affiliates use the same standards we use in safeguarding your Personal Information. However, if your Personal Information is used or stored outside of European Union, it might also be subject to the laws of the country in which it is used or stored.
3.2 Sale of Data
We may share or sell aggregated, non-personally identifiable (anonymized) information with or to our service providers and third-party affiliates. We may also share anonymized information publicly, for example to show trends about the general use of the Service.
4. HOW DO WE PROTECT PERSONAL INFORMATION
The security of your Personal Information is important to us. We protect your Personal Information by maintaining physical, organization, and technological safeguards appropriate to the sensitivity of such Personal Information. Personal Information may only be accessed by persons within our organization who require such access to provide you with the services indicated above.
Although we take precautions against possible breaches of our security systems, no company can fully eliminate the risks of unauthorized access to your Personal Information and no website is completely secure. We cannot guarantee that unauthorized access, hacking, data loss or breaches of our security systems will never occur. Accordingly, you should not transmit Personal Information to us using our Service if you consider that information to be sensitive.
5. RETENTION OF PERSONAL INFORMATION
We delete personal data as soon as the legal basis for its processing expires. If there are several legal bases for a situation, the deletion occurs with the expiration of the last legal basis, for instance, after fulfillment of all legal storage obligations. We process Personal Information based on
- your consent until it is revoked or becomes invalid,
- the necessity for the performance of a contract or to take steps prior to entering into a contract until the contract or the preliminary negotiations are terminated
- our legitimate interest until it is fulfilled or expires
- a legal obligation until it is fulfilled or expires.
6. THIRD-PARTY WEBSITES
7. RIGHTS AS DATA SUBJECT
If your personal data is processed, you are a data subject within the meaning of Art. 4 para. 1 GDPR. As data subject, you have the following rights regarding your personal data. To exercise these rights, please contact us using the contact details above.
7.1 Right of access by the data subject according to Art. 15 GDPR
You have a right of access concerning your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.
7.2 Right to rectification according to Art. 16 GDPR
You have the right to request the immediate correction of inaccurate personal data and the completion of incomplete personal data.
7.3 Right to erasure according to Art. 17 GDPR
You have the right to request the erasure of your personal data if one of the grounds mentioned in Art. 17 GDPR applies, if there is no longer a legal basis for the processing.
7.4 Right to restriction of processing according to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if one of the grounds mentioned in Art. 18 GDPR applies, at your request instead of deleting the data.
7.5 Right to data portability according to Art. 20 GDPR
You have the right to request all personal data stored by us about you in a structured, commonly used and machine-readable format or to transmit this data to another controller without obstruction by the controller to whom the personal data was made available.
7.6 Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR
According to Art. 77 GDPR, you have the right to file a complaint with the supervisory authority responsible for you.
7.7 Right to object and right to withdraw consent
Where the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or to withdraw your consent at any time. Your objection or withdrawal only has an effect for the future. Where the cookies used offer their own technical options for deactivation, this is explained above. You may contact us at any time to exercise your right of objection or revocation. If you object to processing based on our legitimate interest, we may, in cases other than direct marketing, nevertheless continue processing if we can prove compelling reasons worthy of protection which outweigh your interests, rights and freedoms.
HOW TO CONTACT US
c/o HK2 Comtection GmbH
Hausvogteiplatz 11 A
Telephone: +49 (0)30 27 89 00 – 180