App Privacy Statement

It is essentially possible to use our HypnoBox App without providing any personal data. However, processing personal data may be necessary if you wish to use special services via our App. If processing of personal data is necessary, but there is no legal basis for this processing (e.g. for performance of a contractual agreement), we will ask for your agreement.

We will provide notification to inform you about which data we collect from you, how we use it and how you can object to the use of your data.

Who is responsible for data collection and processing?

HypnoBox GmbH
Edisonstraße 63/Aufgang E
12459 Berlin
Germany

collects and processes your data as the data controller.

If you have any questions or suggestions concerning data protection in our App, please contact us: info@hypnobox.com

What data do we collect and why?

We only collect and process your data for specific purposes. This can be out of technical necessity, or due to contractual requirements or explicit user requests.
For technical reasons, certain data (e.g. IP address) must be collected and stored when you use our App.
We require personal data from you to perform the usage contract. This data is required, e.g. to carry out payment transactions.

Access rights

Certain access rights are necessary for technical reasons, to enable the App to function.

Legal basis for data processing
If we obtain your agreement to process your personal data, this will be the legal basis pursuant to Article 6(1)(a) GDPR.

When processing personal data that is required to perform the contract with you, Article 6(1)(b) GDPR will be the legal basis. Article 6(1)(b) GDPR also applies to processing that is necessary to execute pre-contractual measures, for example in cases of enquiries about our services.

If we are subject to a legal obligation that necessitates processing of personal data, e.g. to fulfil tax obligations, processing is based on Article 6(1)(c) GDPR.

In order to continually improve our offer, e use technical options, such as cookies, to collect usage data. The legal basis for this is Article 6(1)(f) GDPR.

Newsletter
If you subscribe to our newsletter, you are giving your consent pursuant to Article 6(1)(a) GDPR. The following mandatory information will be required:

  • Email address
  • First name and last name
  • Gender
  • IP address
  • Registration time and date

In this case, we may use your email for promotional purposes.
When you subscribe to the newsletter we will save the IP address of the terminal device you were using at the time of registration, as well as the date and time of registration. Collection of this data is necessary in order to be able to trace (possible) misuse of the email address of the person concerned at a later point in time. It is therefore for our legal protection.
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of your newsletter.
If you object to use of your data for promotional purposes, your data will only be used, in anonymised form, for the purposes of statistical evaluation.

For how long is your data stored?

We only store your data for as long as is required to fulfil the purpose for which it was collected (e.g. in the context of a contractual relationship) or for as long as this is required by law. In the context of a contractual relationship, we store your data at least until completion of the contract. The data will then be kept for the duration of the statutory retention periods.

Are cookies used?

We use cookies in our App for analysis purposes. Cookies are small text files in which data can be saved on your terminal device. It is generally possible to use the App without cookies.

Are analysis tools used?

In order to continually improve your experience, we collect statistics about use of the App. We do this using analysis tools.
We use the tracking measures listed below. These measures are taken on the basis of Article 6(1)(f) GDPR. We intend the tracking measures used to ensure requirements-based design and on-going optimisation of our App. We also use tracking measures to capture statistics about use of our App and to evaluate them, in order to optimise our offer for you. This is to be regarded as a legitimate interest within the meaning of the aforementioned regulation.

Your ability to object You can object to collection of your data for the purposes of analysis by deactivating the “App use statistics” switch in the “Permissions” column. This deactivates the following analysis tools.

Google Firebase
Our Apps use technology from Google Firebase (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”). Firebase is part of the Google Cloud Platform and offers numerous services for developers. You can find a list of them here: https://firebase.google.com/terms/. Some Firebase services process personal data. In most cases, personal data is limited to “instance IDs” that are given a time stamp. “Instance IDs” issued by Firebase are unique and therefore allow different events or processes to be linked. This data is neither data that we can identify personally, nor do we endeavour to personalise it subsequently. We process this consolidated data to analyse and optimise user behaviour, such as evaluation of crash reports. For the current Firebase Privacy Regulations, please see https://firebase.google.com/support/privacy.

In addition to the “instance ID” described above, Google also uses the advertising ID of the terminal device for Firebase Analytics. You can restrict use of the advertising ID in the device settings of your mobile device.

For Android: Settings > Google > Advertisements > Reset advertising ID
For iOS: Settings > Privacy > Advertising > No ad tracking

AppsFlyer

The HypnoBox App uses the “AppsFlyer” app usage and analysis tool, a product provided by AppsFlyer Ltd. When a customer installs the HypnoBox App, AppsFlyer saves installation and event data from the customer’s iOS or Android app.

We have a legitimate interest in information about the success of marketing efforts. Using the AppsFlyer service, we measure the success of our campaigns. AppsFlyer provides us with the information in an aggregated form. In order to trace the use of a mobile app, we forward information about downloads and installations as well as “in-app events”, such as in-app purchases, to AppsFlyer. AppsFlyer obtains information from the data that is transmitted by the SDKs (Software Development Kit) in a mobile end user application to the servers. The data collected by the SDK contains information, such as IP addresses (anonymized), browser, platform, SDK version, anonymized user ID, time stamp, developer key, usage version, device identifiers (such as Identifier for Advertisers), Google advertising ID, device model, device manufacturer, operating system version, in-app events, and network status. The end user data collected by the AppsFlyer platform is merely representative for us to analyze our applications.

You can object to the collection and storing of data by AppsFlyer at any time with effect for the future by deactivating general tracking in the app settings of the HypnoBox App.

Use of third parties as service providers and processing in countries outside the European Economic Area

The servers of some of the service providers we use are located in the US and in other countries outside the European Union. Companies in these countries are subject to privacy laws that does not protect personal data to the same extent as is the case in the Member States of the European Union. If your data is processed in a country that does not have a data privacy level that is recognized as being congruent to the European Union, we will ensure that your personal data is appropriately protected by implementing contractual regulations or other recognized tools.

What are the rights of users of the HypnoBox App?

  • You can request information about the data that is saved about you.
  • You can request correction, deletion and restriction of the processing (blocking) of your personal data, provided that this is permitted by law and possible within the framework of the existing contractual relationship.
  • You have the right to lodge complaints with a regulatory authority. The regulatory authority responsible for  Kiez Hypnose Berlin is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin/Germany
    Tel.: +49 (0)30 13889-0, Fax: +49 (0)30 2155050, email: mailbox@datenschutz-berlin.de
  • You have the right to portability of the data that you have provided us with on the basis of an agreement or a contract (data portability).
  • If you have given us your agreement to data processing, you can withdraw this agreement at any time, in the same way as you give the agreement. Withdrawal of the agreement does not affect the legitimacy of processing that has been done on the basis of the agreement prior to its withdrawal.
  • You can object to data processing for reasons that arise from your particular situation if data processing is done on the basis of a legitimate interest.
  • You can object to being approached for advertising purposes at any time, with effect for the future (objection to advertising).

Sending a letter by post is all that is required to exercise your rights:

HypnoBox GmbH
Edisonstraße 63/Aufgang E
12459 Berlin

info@hypnobox.com
Tel: + 49 30 91701944

As of: March 2019