Privacy statement for the Heart Rhythm Apps
Data protection declaration for Heart Rhythm ‘s online services
Heart Rhythm (hereinafter referred to as the “Service”) protects the personal data of its members to the best of its knowledge and in accordance with the highest current security standards. All communication via the Service app is via an Internet connection secured by SSL encryption. Please note that user names can be pseudonyms and we do not use clear/real names.
The following regulations inform you comprehensively about the type and scope of data collection through our app.
1. Personal Related Data
In the basic EU data protection regulation (GDPR), personal data are defined as follows:
All information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
2. Data erasure and storage time
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3. Collection and processing of personal data
We only collect personal data if you provide it to us voluntarily, for example if you register with us or contact us.
We only use the personal data you provide to the extent that your data is necessary for the performance of our services.
After deletion of your account, your data will be blocked for further use, unless you have given your separate consent for further use. After expiry of the statutory periods, this data will be deleted unless you have expressly consented to further use.
4. Log Files
Service creates so-called backups (data backup) to back up the data, which are overwritten after approx. four weeks and thus finally deleted. If these backups contain log files, these are also deleted. If a user profile is completely deleted, the log files are also deleted. Service uses the log data (logs) anonymously, i.e. without assignment or references to the user’s person, for statistical evaluations. For example, Service can find out on which days and at what times Service offers are particularly popular and how much data volume is generated. In addition, Service can use the log files to detect possible errors, e.g. incorrect links or program errors, and thus use the log files for the further development of the websites. Service does not link the page views and uses stored in the server log to individual persons. However, Service reserves the right to subsequently check the log files via the last known IP address of such users who, due to certain facts, are suspected of using Service’s websites and/or Service’s services in violation of the law or the contract. This serves primarily to protect the members of Service and the security of their personal data.
5. Registry
By registering and subsequently concluding a contract, the user agrees that his personal data will be collected, stored and processed in accordance with this data protection declaration of the General Terms and Conditions of Service. The user must expressly declare this consent upon registration by confirming it in a field provided for this purpose; the consent is recorded by Service, as is the entire registration process. If the user gives his consent, he can revoke it at any time with effect for the future in text form (e-mail, fax, letter).
6. Necessary information at registration (required fields)
6.1 During the free registration the users must provide the following information:
– User name (pseudonym)
– Gender
– Date of birth
– E-mail address
– Password
– Place of residence, postcode, country (or current location)
6.2 If you make in-app purchases through Service, this will be done through external payment providers. We do not collect and process any payment data. Payment data is entered and processed directly by the payment providers. Only technical data (including the transaction ID) is exchanged between us and the payment providers to validate the purchases.
6.3 Third parties can only see the following information from the mandatory data provided during registration in the user’s “profile”:
– Username
– Gender
– Age (calculated from the date of birth)
– Location
– Place of residence
All other mandatory information (date of birth, e-mail address, password, postcode) cannot be viewed by third parties.
7. Voluntary information
7.1 In addition to the mandatory information, each registered member may, at his or her own discretion, provide numerous voluntary information about himself or herself and post one or more profile pictures. Although this voluntary information is not required for using Service, it does increase the attractiveness of your own profile and thus the opportunity to come into contact with other members. A profile picture is necessary to make contact in the form of e.g. messages. Each member is free to decide which additional personal data he wishes to disclose about himself and make available to other users. Voluntary information that the member can enter in the profile includes, for example:
– Marital status
– Sexual orientation
– Children, desire to have children
– Nationality
– Smoker
– Education
– Occupation
– Music
– Activity
– Religion
7.2 The Member may also provide free descriptions of him/herself and any likes or dislikes, upload photos, etc.
8. Intended purpose
The purpose of collecting, storing, processing and using the personal data mentioned in the above paragraphs is to enable the operation and maintenance and improvement of Service‘s online services.
9. Contact
You have the possibility to contact us with questions, wishes and suggestions. You can do this via e-mail. The information you provide will be stored for the purpose of processing your contact. In addition, the data collected in this way is compared with data that may otherwise be collected by us if you have given us your prior consent, which you can revoke at any time with effect for the future. To exercise your right of revocation, please contact the office named at the end of this declaration.
10. Creation of usage profiles
10.1 In order to continually improve Service’s services, e.g. to set up new categories or offers, Service may analyze the behavior of its users in the network and create anonymous user profiles for this purpose. The evaluation of these user profiles is not personal, i.e. the identity of the user remains unknown.
10.2 Service may create pseudonymized user profiles (user name) for the purposes of advertising, market research or the demand-oriented design of telemedia. The user can object to the creation of pseudonymized user profiles at any time with effect for the future by notification in text form (letter, fax, e-mail) to the body designated at the end of this declaration.
Service reserves the right to delete the user account when exercising its right of revocation.
10.3 Service guarantees that the anonymized or pseudonymized user profiles cannot be combined with the users’ personal data, both from a technical, personnel and organizational point of view.
11. Advertising and data transmission to third parties
Service places advertisements from third parties, which may also be tailored to the presumed special interests of the users. When such “personalized” advertising is placed, only irreversibly anonymous data is used. The anonymized data processed for this purpose are not (no longer) personal and therefore do not allow any conclusions to be drawn about the identity of the person concerned. Service may transmit such anonymous data to its own media partners. In these cases too, Service does not provide its partners with any information that could enable the members to be identified.
12. Entitlements
We need these access options and information on the technical functionality of our app and to provide the services offered with the app. We ask for permission to access the individual functions and information during the installation process and will only access these functions if you agree to release them. Depending on the operating system, you can also manually revoke access rights in the settings. Please refer to the manufacturer’s instructions to find out how this works. Please note, however, that you can only use the app to a limited extent or not at all without appropriate approvals.
Before using the app for the first time, the following permissions are requested from iOS and Android for the following purpose:
Permission
Purpose
Photos, Media, files
Take photos and upload
Location
Display of members nearby, entering the place of residence
Identity
Facilitating registration
Contacts
Create support request, resume the user account
Phone status
Determine if a call is coming
Storage
Retrieve photos from storage media
WLAN- and network connections
Retrieving member date
Device ID & Caller ID
Determine if the user is authentic
Vibration alarm control
Vibration on incoming notification
Turn off sleep state
Prevents the phone from being idle while a notification arrives
Before using the app for the first time, the following permissions are may requested from iOS and iOS for the following purpose:
Permission
Purpose
Camera access
Take photos and upload
Location
Display of members nearby, entering the place of residence
Mobile data
Exchange of content, communication
Background App Refresh
Location update in the background
Notification
Notifications such as e.g. new message
The provider (Apple Inc. or Google Inc.) may collect, process and use data subject to the terms of use of your smartphone. Please note the corresponding data protection declarations/settings of the provider.
13. Website optimization tools
In collecting personal data using website optimization tools, we refer to our legitimate interest pursuant to Article 6 (1) (f) GDPR in conjunction with Recital No. 47. Direct mail usually represents a legitimate interest. Your interests, fundamental rights and freedoms do not outweigh our interest in advertising, as we provide you with comprehensive information about data collection within the framework of our data protection declaration and you have the option of opting out (via link or browser settings) at any time. In addition, we only use pseudonymous tracking.
14. Google Firebase Analytics and Crashlytics
Our app uses Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland. Firebase Analytics is a service that allows you to collect and analyze app usage data from your smartphone.
For this purpose, data is encrypted and made anonymous during the use of the app. At Android we do not transmit the Advertising ID.
To analyze the general user behavior with regard to efficiency and similar approaches and to draw conclusions on the continuous improvement of the app in the course of the evaluation. For more information on how Google uses your information, please see the company’s privacy statement https://policies.google.com/?hl=en-US
Our app also uses Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irland). This analysis program uses IP addresses of users for analysis purposes, but these are only used anonymously. It is not possible to draw conclusions about a specific person. Crashlytics provides us with real-time evaluations of system crashes, making it easier for us to maintain and improve the apps.
For more information, please visit https://www.google.com/analytics/terms/us.html or https://support.google.com/analytics/answer/6004245?hl=en, as well as in the Privacy Policy of Google.
15. Apps Flyer
Our app uses the Appsflyer technology of AppsFlyer Inc. (111 New Montgomery Street, San Francisco, California 94105). For this purpose, different session and interaction data are collected and stored. This information is needed to improve the content and usability of the app. The session and interaction data is only processed pseudonymously. For more information about AppsFlyer’s data processing, please refer to the provider’s privacy policy at https://www.appsflyer.com/privacy-policy/.
You can object to tracking via AppsFlyer at any time with effect for the future here: https://www.appsflyer.com/optout. Apart from that AppsFlyer is Privacy-Shield-certified.
16. Facebook Custom Audiences
As part of the usage-based online advertising, the product Custom Audiences from your website by Facebook (Facebook Custom Audiences 1601 S. California Avenue, Palo Alto, CA, 94304, USA) is also used on the website. Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which can be transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set. Information about your activities on the website (e.g. surfing behavior, visited sub-pages, etc.) is recorded.
For more information about the purpose and scope of data collection and the further processing and use of the data, as well as the privacy settings, please see Facebook’s Privacy Policy.
You can deactivate the remarketing function “Custom Audiences” here https://www.facebook.com/settings/?tab=ads#_=_. You have to be logged in to Facebook.
17. Data security
17.1 The constantly updated firewalls, SSL encryption and other security systems used by Service are intended to protect users as far as possible from viruses, worms, Trojans, etc. and also from illegal external access (hackers). Service will maintain an adequate level of protection and constantly adapt the security technologies used to the current state of technical development. However, users should be aware that constantly emerging viruses, worms, Trojans and other means of attacking secure data systems of Internet services cannot guarantee 100% protection against such attacks.
17.2 Service is not responsible for virus protection outside the Service network. Service is also not responsible for damage to or destruction of user data. Service will prosecute any attack discovered by hackers, etc. under civil and, if applicable, criminal law.
18. Rights of the parties concerned
If personal data are processed by you, you are affected in the sense of GDPR and you have the following rights against the person responsible:
18.1 Right to information under Article 15 GDPR: You can ask us to confirm whether personal data concerning you will be processed by us. Once we have processed your data, you have further rights to information as set out in Article 15 of the GDPR.
18.2 Right to correction: If the information we have collected from you is incorrect or incomplete, you may immediately request us to correct it in accordance with Article 16 of the GDPR.
18.3 Right to limitation of processing: Under the conditions of Article 18 of the GDPR, you may also request that the processing of personal data concerning you be restricted. After the restriction, your data may only be processed with your consent or for the purpose of asserting, exercising or defending rights, or for the protection of the rights of another natural or legal person, or on grounds of an important public interest of the Union or a Member State. We will inform you before the restriction is lifted.
18.5 Right to cancellation: If one of the reasons in Article 17 para. 1 GDPR applies, you can request us to delete your personal data immediately, unless there is an exception to the deletion obligation in accordance with Article 17 para. 3 GDPR. Insofar as the user changes or corrects the information provided by him and thereby deletes old entries, these data previously entered by him will be irreversibly and completely deleted. An application for correction or deletion is not necessary in this respect. Notwithstanding this, the user has the right at any time to demand the correction of inaccurate data stored about him at Service. The easiest way for the user is to change his entries himself. If the user finally deletes his entire profile and thus terminates his membership with Service, all data previously entered by him in his profile will be completely deleted. Excluded from the deletion are the duration of the membership, if necessary the reason for the termination of the membership as well as anonymous statistical data about the previous user behaviour. Irrespective of this, the user has the right at any time to request the deletion of all personal data collected by him which is stored about him at Service. The easiest option for the user is to delete his entries himself, even in this case.
18.6 Right to information: If you have exercised your right to correct, delete or restrict processing against us, we are obliged under Article 19 GDPR to inform all recipients of your personal data of this, unless the notification is impossible or involves disproportionate effort. They also have the right to be informed of the recipients. The person responsible shall have the right to be informed of such recipients.
18.7 Right to data transferability: In addition, according to Article 20 GDPR, you have the right to receive personal data concerning you from us in machine-readable format and to transmit the data to another person responsible without obstruction, provided that the requirements of Article 20 Para. 1 lit.a GDPR are met, or to obtain that your personal data are transmitted directly by us to another person responsible, provided that this is technically feasible and no freedoms and rights of other persons are impaired thereby. This right shall not apply to the processing of personal data necessary for the performance of a task in the public interest or for the exercise of official authority.
18.8 Right of objection: You have the right to object at any time to Service’s processing of your personal data in accordance with Art. 6 para. 1 letter f GDPR. We will no longer process your personal data, unless there are grounds for processing worthy of protection overriding your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
18.9 Right to revoke the data protection declaration of consent: You have the right to revoke your data protection declaration of consent with declaration to Service at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
18.10 Right of appeal to the supervisory authority: They shall at all times, without prejudice to any other administrative or judicial remedy, have the right of appeal to a supervisory authority, in particular in the Member State of their place of residence, of work or of the place of suspected infringement, if you consider that the processing of personal data concerning them is contrary to this Regulation.
18.11 If the user requests the modification, correction or deletion of his personal data, this can be done by letter or e-mail. The demand is to be addressed to:
LETTER: Tenancy 8, Eden House, Eden Island, Mahe, Seychelles
E-MAIL: ifrant01@gmail.com
To avoid unjustified requests, the request must contain at least the following information / documents:
– Username
– E-Mail-Address (if available)
– Name, Surname
– Postal address
– Copy of identity card (valid identity card)
Service points out that deleted data may also be retrievable for up to 72 hours due to caching systems and the interposition of proxy servers.
18.12 In the event of misuse of Service services by users, Service is entitled to temporarily block or completely delete individual data and content posted by users or the entire profile of the responsible user. If a profile is blocked, the user concerned is denied access to his profile and all data stored under it with the exception of age, gender, city and profile picture data.
19. Changes to this Privacy Policy
This data protection declaration is constantly being adapted in the course of the further development of the Internet or our offer. Changes will be announced on this page in due time. In order to keep up to date with the current status of our data usage regulations, this page should be accessed regularly.
20. Data Protection Officer
We are also at your disposal in case of requests for information, applications or complaints:
LETTER: Tenancy 8, Eden House, Eden Island, Mahe, Seychelles
E-MAIL: ifrant01@gmail.com
21. Contact details of the person responsible:
Address: Tenancy 8, Eden House, Eden Island, Mahe, Seychelles
Management: HeartRhythm