Privacy policy app

I. General information

We take the protection of your personal data very seriously and treat it confidentially and in accordance with legal data protection regulations as well as this Privacy Policy. This Privacy Policy applies to our iPhone and Android “Move it Mama” mobile app (hereafter referred to as the “APP”). This Privacy Policy explains the nature, purpose and scope of data collection and processing in the context of using the APP. We point out that data transmission over the Internet can involve security vulnerabilities. It is not possible to completely protect your data against third-party access.

Within the framework of the APP, we allow you to access the following features and information and enable them to be displayed: the possibility of a non-exclusive, non-commercial, non-transferable and non-sublicensable right, which is limited to a term to be agreed, to use certain fitness videos, in return for payment of a specific fee or otherwise.

When you use the APP, we process personal data about you. Personal data is understood as any information relating to an identified or identifiable natural person. Because protecting your privacy while using the APP is important to us, we want to use the information below to help you understand what personal information we process when you use the APP, and how we use this data. In addition, we will inform you of the legal basis for processing your data and, to the extent that processing is necessary to safeguard our legitimate interests, we will also inform you of our legitimate interests.

You can access this Privacy Policy at any time under the “Privacy” menu item within the APP.

II. Data controller

The data controller responsible for data processing within the scope of the APP is:

MO BIG GmbH

Drosselweg 14,

45739 Oer-Erkenschwick

Email: info@moveimama.de

Website: www.moveitmama.de

III. Information about the processing of your data

Certain information is already processed automatically as soon as you use the APP. We have listed the exact personal data that we process below for you:

III. I Information that is collected during download

When downloading the APP, certain required information will be transmitted to the app store you have selected (e.g., Google Play or the Apple App Store); in particular, your username, email address, customer account number, the time of download, the payment information, and any individual device code may be processed. This data is processed exclusively by the app store in question, and this is beyond our control.

III.II Information collected automatically

As part of your use of the APP, we automatically collect certain information that is required in order to use the APP. This includes: your whereabouts, your IP address, your device and mobile advertising ID, your user ID, the model/type of mobile device you are using, the version of the operating system on the mobile device you are using, the time you registered with us via the APP, the time of access and the time you logged in with us on or via the APP, the identity of your mobile operator, and transaction data, such as contract histories.

This information is automatically transmitted to us, but not stored, (i) in order to provide you with the services of our APP and the associated features, (ii) to improve the features and performance elements of the APP, (iii) to prevent and eliminate abuse and malfunctions, and (iv) for advertising/marketing purposes.

This data processing is justified by the fact that (1) the processing is necessary to fulfil the contract relating to the use of the APP between you as data subject and us, pursuant to art. 6 para. 1 (b) GDPR, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the APP and offering a market- and interest-based service which, here, outweighs your rights to, and interests in, the protection your personal data within the meaning of art. 6 para. 1 (f) GDPR, or (3) you have expressly given your consent pursuant to art. 6 para. 1 (a) GDPR.

III.III Creation of a user account (registration) and login

When you create a user account, we use your access data (first name, surname, date of birth, email address, password) to grant you access to your user account and to manage it. This information provided during registration is required in order to conclude a contract with us. If you do not provide this information, you will not be able to create a user account.

If you log in with your user account, we use your access data (email address, password) to grant you access to your user account (“Access Data”).

We use this Access Data to authenticate you at login and to follow up on requests to reset your password.

The data you enter during the registration process or login is processed and used by us (1) to verify your authorisation to manage the user account; (2) to enforce the terms of use of the APP and all associated rights and obligations; and (3) to contact you in order to be able to send you technical or legal notices, updates, security alerts or other messages concerning, for example, the management of your user account.

This data processing is justified by the fact that (1) the processing is necessary to fulfil the contract relating to the use of the APP between you as data subject and us, pursuant to art. 6 para. 1 (b) GDPR, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the APP which, here, outweighs your rights to, and interests in, the protection your personal data within the meaning of art. 6 para. 1 (f) GDPR.

III.IV Use of the APP

Various information must be entered, managed and processed within the context of the APP. Specifically, this information includes your date of birth and your training status/progress.

This data is processed and used to provide the service.

The APP also requires internet access. This is required to save your entries on our servers and to allow you to use certain fitness videos.

IV. Data sharing and transfer

In addition to in the cases explicitly mentioned in this Privacy Policy, your personal data will only be shared without your express prior consent if this is permitted or required by law. This may be the case, for example, when processing is required to protect vital interests of the user or other natural person.

IV.I

If required to investigate the unlawful or improper use of the APP or for prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, as appropriate, to injured third parties or legal advisers. This only happens when there are indications of illegal or abusive conduct. You personal data may also be shared if this serves to enforce of terms of use or other legal claims. We are also required by law to provide information to certain public authorities upon request. These include law enforcement agencies, authorities enforcing civil penalties and fines, and the tax authorities.

Any transfer of personal data is justified by the fact that (i) the processing is necessary to fulfil a legal obligation to which we are subject, in accordance with art. 6 para. 1 (f) in conjunction with national laws governing the transfer of data to law enforcement agencies, or (ii) we have a legitimate interest in disclosing the data to the named third parties in the event of indications of abusive behaviour or to enforce our terms of use, other terms or legal claims, and your rights to, and interests in, the protection your personal data within the meaning of art. 6 para. 1 (f) GDPR do not outweigh this.

IV.II

We rely on the following third-party companies and external service providers in order to provide our service:

RevenueCAT, Facebook, Firebase, Trello

Any transfer of personal data is justified by the fact that (i) we have a legitimate interest in disclosing the data for administrative purposes and your rights to, and interests in, the protection your personal data within the meaning of art. 6 para. 1 (f) GDPR do not outweigh this, (ii) we have carefully selected and regularly reviewed our third-party companies and external service providers and have contractually obligated them to process all personal data in accordance with our instructions, and (iii) you have consented to this sharing of your data pursuant to art. 6 para. 1 (a) GDPR.

IV.III

As our business continues to evolve, it is possible that the structure of our company may change in that its legal form is changed or subsidiaries or parts or components of the company are founded, bought or sold. In the event of such transactions, customer information is passed on along with the part of the company that is changing hands, where applicable. In the event of any disclosure of personal data to third parties in the scope described above, we will ensure that this is done in accordance with this Privacy Policy and applicable data protection law.

Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting the legal form of our company to the economic and legal circumstances, as appropriate, and your rights to, and interests in, the protection your personal data within the meaning of art. 6 para. 1 (f) GDPR do not outweigh this.

V. Transfer of data to third countries

We also process data in countries outside the European Economic Area (“EEA”). This concerns, specifically:

REVENUECAT

300 Euclid

94107 San Francisco, CA

United States of America

FACEBOOK

1 Hacker Way

94025 Meno Park, CA

United States of America

The European Commission issued a decision on 12th July 2016 that declared that an adequate level of data protection exists for the US under the regulations of the EU–US Privacy Shield (Adequacy Decision, art. 45 GDPR). RevenueCat and Facebook are companies that are certified in accordance with the EU–US Privacy Shield.

VI. Changes in the purpose for processing your data

Processing your personal data for purposes other than those described will only take place if allowed by law or if you have given your consent to the change of purpose. If your data is processed for a purpose other than that for which it was originally collected, the information about this other purpose and all other relevant information will be made available to you prior to any further processing.

VII. General storage duration

Unless specified otherwise or in more detail in this Privacy Policy, personal data collected by this APP shall be deleted or anonymised as soon as it is no longer required for the purposes for which we collected or used it in accordance with the preceding paragraphs. If there is a legal obligation to retain your data, or any other reason to store it that is recognised by law (e.g., legitimate interest), the personal data concerned will not be deleted until the relevant reason for storing it ceases to apply.

VIII. Your rights as data subject

VIII.I Revocation of your consent to data processing

Many data processing operations are only possible with your consent. We will obtain this before the start of data processing. You can revoke this consent at any time. To do so, an informal message sent to us by email is sufficient. The legality of the processing of data which has already occurred before we receive your request remains unaffected by this.

VIII.II Right to be informed

You have the right to request information from us at any time about the personal data concerning you that we have processed within the scope of art. 15 GDPR To exercise this right, you can submit an application by post or by email to the address provided below.

VIII.III Right to correction of incorrect data

You have the right to request that we immediately correct any inaccurate personal data we have on file about you. To exercise this right, please use the contact address below.

VIII.IV Right to correction of incorrect data

You have the right to demand that we erase your personal data under the conditions described in art. 17 GDPR. In particular, these conditions provide for a right to erasure when, inter alia, the data is no longer necessary for the purposes for which it was collected or otherwise processed, the data was processed unlawfully, you have filed an objection to said processing, or EU law or the law of a Member State to which we are subject requires its erasure. See also section VII. of this Privacy Policy on the subject of the period of data storage. To assert your right to erasure, please use the contact address provided below.

VIII.V Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data in accordance with art. 18 GDPR. To do so, you can contact us at any time at the address provided below. The right to restrict processing exists in the following cases:

If you deny the accuracy of any personal information we hold about you, we generally need time to review this. For the time this review takes, you have the right to request that the processing of your personal data be restricted.

If your personal data was processed unlawfully, you may request that processing of your personal data be restricted instead of the data being erased.

If we no longer need your personal information, but you need it to exercise, defend or enforce legal rights, you have the right to request that processing of your personal data be restricted instead of the data being erased.

If you have filed an objection pursuant to art. 21 para. 1 GDPR, your interests and our own must be weighed. As long as it has not been ascertained whose interests prevail, you shall have the right to demand that the processing of your personal data be restricted.

VIII.VI Right to data portability

You have the right to have data which we automatically process on the basis of your consent or to fulfil a contract delivered to you yourself or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another data controller, this shall only take place to the extent that is technically feasible.

IX. RIGHT OF OBJECTION

Under art. 21 GDPR, you have the right, for reasons arising from your own particular situation, to object at any time to the processing of your personal data that is carried out, inter alia, pursuant to art. 6 para. 1 (e) or (f) GDPR. We will cease the processing of your personal data, unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to enforce, pursue or defend legal claims.

X. The right to lodge a complaint with a supervisory authority

You also have the right to contact the responsible supervisory authority in the event of complaints. Your right to complain exists without prejudice to other administrative or judicial remedies.

The responsible supervisory authority is:

Country Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestraße 2-4

40213 Düsseldorf

Telephone: 02 11/384 24-0

Fax: 02 11/384 24-10

Email: poststelle@ldi.nrw.de

XI. Contact

If you have any questions or comments about our handling of your personal data, or if you would like to exercise any of the aforementioned rights as data subject, please contact our customer service team using the following contact details:

MO BIG GmbH

Drosselweg 14,

45739 Oer-Erkenschwick

Email: info@moveimama.de

Website: www.moveitmama.de

XII. Amendments to this Privacy Policy

We always keep this Privacy Policy up to date. We, therefore, reserve the right to amend it from time to time and to make changes to the collection, processing or use of your data. The current version of the Privacy Policy is always available under “Privacy” within the APP.