Privacy Policy

Privacy Policy for the Online Service of WeightBuddy

We as the provider of the WeightBuddy app (hereinafter also "App") and the associated internet service at http://www.WeightBuddy.com/ (also "Internet Service") are the controller within the meaning of the applicable data protection law, in particular the General Data Protection Regulation ("GDPR"), for the processing of personal data of the user ("You") of the App and the Internet Service.

Personal data is defined in the GDPR as any information relating to an identified or identifiable natural person.

In the following, we provide you with a clear overview of the personal data that is processed when using our Apps and our Internet Service, the legal basis for this, and the rights you have against us and the competent supervisory authority, in compliance with our information obligations (Art. 13 et seq. GDPR).

1. Contact Information

The controller for data processing is Joyride GmbH, Bartenbacher Str. 4, 73033 Göppingen, E-Mail: privacy@weightbuddy.com.

We have appointed a data protection officer, whom you can contact for data protection requests of any kind at: Data Protection Officer c/o Joyride GmbH, Bartenbacher Str. 4, 73033 Göppingen, E-Mail: privacy@weightbuddy.com.

The data protection supervisory authority responsible for our company's registered office is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, reachable at https://www.baden-wuerttemberg.datenschutz.de/ and by e-mail at poststelle@lfdi.bwl.de. Further contact details for the data protection supervisory authorities of other federal states can be found at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

2. Data Transfers to Third Countries

Insofar as personal data is transmitted to one or more states outside the scope of the GDPR ("Third Country") when using our App or our Internet Service, we will inform you separately within the framework of this Privacy Policy. Any transmission to third countries takes place within the framework of the legal requirements. In the event of a data transfer to the United States of America, this means that the requirements of the applicable adequacy decision of the EU Commission are observed.

3. Use of Our Internet Service

When using our Internet Service, different data processing operations may occur depending on the type of use.

a) Hosting

Our Internet Service is operated on the servers of the CDN provider Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter "Webflow"). This means that the data we collect when you visit our Internet Service may also be processed and stored in the USA.

The legal basis for the processing of your personal data is Art. 6 (1) sentence 1 lit. f GDPR, as it is our legitimate interest to use the services of a professional provider for the secure and efficient provision of our website.

We have concluded a data processing agreement with Webflow in accordance with Art. 28 GDPR.

If a data transfer to the USA takes place, the level of data protection is ensured by a so-called adequacy decision of the EU Commission, whereby Webflow is certified under the EU-U.S. Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TT9jAAG&status=Active.

b) Informational Use

When you access our Internet Service, our web servers automatically collect general information that is technically required for the display of the Internet Service. This includes the web browser used, the operating system used, the domain name of your Internet Service Provider, the IP address of the device you are using, the website from which you visit us, the pages of our Internet Service you visit, as well as the date and duration of your visit.

We are not able to use this data to identify you. This information is only statistically evaluated by us to improve the functionality of our Internet Service. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR. Insofar as we ask for your consent, the data processing is based on consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. Your consent can be revoked at any time.

c) Special Forms of Use

Special forms of use of our Internet Service may result in us processing further personal data from you.

d) Contacting Us

You have the option to contact us by e-mail, by telephone, or via our contact form. Your personal data transmitted in this way will be stored by us. The data is processed exclusively to handle your contact request. The legal basis for the processing of your personal data is Art. 6 (1) sentence 1 lit. f GDPR. It is our legitimate interest to process the data for the handling and answering of your inquiry. The data is stored until it is no longer required for achieving the purpose of the conversation with you and the matter of your contact request has been fully clarified.

Another legal basis for our processing is, if you have explicitly consented to the processing of your data, for example when using our contact form, your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time.

If your contact aims at concluding a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) sentence 1 lit. b GDPR. This data is stored for as long as it is necessary for the performance of the contract or pre-contractual measures. Beyond this, we only store your data to comply with legal obligations (e.g., tax obligations) (Art. 6 (1) sentence 1 lit. c GDPR).

In addition to the data that you voluntarily provide to us, we may receive the time (date and time) of the transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR) to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact request, will be deleted as soon as it is no longer needed, at the latest when the matter of your contact request has been fully clarified.

A comparison of data communicated to us in the course of a contact request with other data collected from you only takes place if you have given us your express consent to do so. This consent can be revoked at any time. You can inform us at any time that we should delete the data communicated in the context of the conversation. In this case, all personal data of the conversation will be deleted, as far as permissible, and a continuation of the conversation will not be possible.

e) Third-Party Tools

Our Internet Service uses functions offered by service providers commissioned by us. If personal data is processed on our behalf by the service provider within the scope of these functionalities, we have concluded a data processing agreement with them in accordance with Art. 28 GDPR. This means that the service provider only processes personal data whose processing is necessary for the functionality offered by them, and that we ensure through legal, technical, and organizational measures, as well as regular checks, that the manner of this data processing complies with the legal requirements. In particular, our service providers are not permitted to pass on personal data processed by them in this context or to use it for other purposes, such as their own commercial purposes.

Links to Social Networks

Our Internet Service includes links to the social networks Facebook, TikTok, YouTube, LinkedIn, and Instagram. These are merely graphics with a link that forwards you to the respective social network when you click on the graphic. If you do not click on the link, we do not transmit any personal data to the respective social network. However, if you click on the link and are forwarded to the respective social network, the processing of personal data there takes place outside our Internet Service.

4. Download of Our App

You can download our App from an App Store of your choice (Apple App Store or Google Play Store, hereinafter "Store") onto a suitable device (hereinafter generally "Smartphone"). When downloading one of our Apps onto your Smartphone, the necessary information, in particular the Store username, e-mail address and customer number of your account, time of download, payment information, and the individual device identifier, are transmitted to the respective Store. We have no influence on this data collection and are not responsible for it. We only process this data to the extent necessary for downloading the App to your Smartphone. This data is not stored by us beyond that.

The legal basis for this data processing is Art. 6 (1) sentence 1 lit. f GDPR, as it is our legitimate interest to enable you to download and install the App by processing the data required for this.

5. Use of Our App

a) Hosting

Our App is operated on the servers of Zurkuhl GmbH, Fester Straße 54, 40882 Ratingen, Germany (hereinafter "Zurkuhl"). This means that the data we collect during the general use of one of our Apps is initially stored in Germany and thus within the EU.

The legal basis for this processing of your personal data is Art. 6 (1) sentence 1 lit. f GDPR, as it is our legitimate interest to use the services of a professional provider for the secure and efficient provision of our App.

We have concluded a data processing agreement with Zurkuhl in accordance with Art. 28 GDPR.

At this point, we would like to transparently point out that we cannot map certain functionalities of our App, and in particular the personalized advertising measures that largely finance the App you use in the individual case, on Zurkuhl's servers, but are dependent on the tools, services, and advertising networks of third-party providers for this. These providers are often based in third countries (e.g., the United States of America), so data transfers to third countries typically occur in this context. You can find more detailed information on these data processing operations and transfers in the following sections.

b) General Information on the Use of Our App

An internet connection is established during the use of our App. In this process, we collect and process many different personal data, in particular data that you actively enter (e.g., place of birth, date of birth) and data that arises during the targeted use of the individual App functions (e.g., interaction with the chatbot, start of a session).

The processing of this personal data is technically necessary to comfortably provide you with the functions of the App you use in the individual case, as exemplified, and many other functions, and to ensure the stability and security of our information technology systems.

The following potentially personal data is processed when a session starts:

  • IP address
  • Smartphone model
  • Operating system version
  • Device ID
  • Date and time of the session start
  • Time zone difference to Greenwich Mean Time (GMT)
  • Assignment to your user account, if one exists

In the event that you use further functions of our App, the personal data required for the function you have chosen is processed in addition to the aforementioned data, such as:

  • Date, time + time zone of the interaction
  • Goals related to exercise and weight
  • Data on logged meals, activities, and weight
  • The message content when interacting with the chatbot
  • The purchased product in the case of an in-app purchase

The specific personal data thus transparently results from your respective interaction with the respective App.

An assignment of such data to your person is generally possible. However, we only store this data temporarily. As soon as the data is no longer required to achieve the aforementioned purposes, we delete it immediately. The storage duration thus depends on the category of data. Registration data and data on purchases are stored for the duration of the registration. Message data is stored for 6 months.

In general, we delete your personal data immediately from our live system if you delete your user account with us. After the deletion of the user account, we only store pseudonymous data for the statistical evaluation of App usage, separated from individual users, and data that we need to comply with our legal obligations (e.g., tax obligations).

The processing of this data is necessary for the provision of our App with its various, modern functions. The legal basis is therefore our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR. For individual functions, we may rely on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. Insofar as we have contractually committed ourselves to providing the App to you, the legal basis for data processing for which we do not obtain consent is the performance of the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR.

The storage of data due to our legal obligations is based on Art. 6 (1) sentence 1 lit. c GDPR.

c) Registration for the App

To use our App, you must register as a user within the App you are using in the individual case. For this, you must provide us with the following information:

  • Connection to Social Login (Apple Login, Google Login)
  • Desired username
  • Gender identity
  • Date of birth
  • Height
  • Weight
  • Nutritional preferences
  • Goals for weight, activity, steps, calorie consumption, fasting plan

We process this data for the purpose of providing the functions associated with your account, i.e., for the purpose of fulfilling a contract with you pursuant to Art. 6 (1) sentence 1 lit. b GDPR. In addition, the relevant information is required to fulfill the main function of the respective App, which is to network users with similar interests. This suggestion function requires a minimum amount of information to be provided by users. A further legal basis is therefore our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

In the case of Social Login via an existing Google or Apple account, we process the e-mail address you have stored with Google or Apple. In this case, Google or Apple receives the information that you have registered or logged in to our App. It is possible that Google or Apple processes further personal data in this context, for example about your Smartphone, within the framework of a usage profile and uses this, for example, for advertising or market research purposes. You have a right to object to this, but you must exercise this right with Google or Apple.

d) App Permissions

For the use of individual functions of our app, it is necessary to grant the app used by you in the individual case certain permissions. If you do not wish to grant these permissions, you cannot use the corresponding functions.

  • Connection to Apple HealthKit or Android Health Connect for automatic step counting
  • Permission to receive push notifications
  • Camera access to log meals by photo

The legal basis for the processing of personal data following these permissions is in each case the performance of a contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR. The legal basis for subsequent access to information on your device and storage of information on your device following the granting of permission is Section 25 (2) No. 2 TTDSG.

You are free to grant and revoke the corresponding permissions to the App at any time. The mere granting of the permissions does not result in the permanent storage of additional personal data. The decisive factor is rather your use of the respective functions.

e) Use with Consent for Measuring Advertising Performance

We use the analytics service Appsflyer in our App, operated by AppsFlyer Ltd., Maskit 14 Hertzliya, Israel. Appsflyer enables us to measure the effectiveness of our advertising measures and to understand how users install and use our App (so-called "Attribution"). Pseudonymous data about the use of the App (e.g., installation source, in-app interactions, technical device information) may be processed in this process.

The processing takes place only if you have expressly consented to it (Art. 6 (1) lit. a GDPR). You can voluntarily give or refuse your consent at any time without affecting the use of the App.

You can revoke your consent at any time with effect for the future in the privacy settings of the App. After a revocation, no further data will be transmitted to Appsflyer.

Appsflyer may also process data in countries outside the EU/EEA (especially in Israel and the USA). An adequacy decision of the EU Commission exists for Israel; appropriate safeguards pursuant to Art. 46 GDPR (e.g., standard contractual clauses) exist for other transfers. Further information can be found in Appsflyer's privacy policy at:

https://www.appsflyer.com/legal/services-privacy-policy/

f) Other Functionalities

Our App has other functions that are intended to make use safer and more pleasant, as well as to expand and improve our offer.

Insofar as personal data is processed on our behalf by the service provider, we have concluded a data processing agreement with them in accordance with Art. 28 GDPR. This means that the service provider only processes personal data whose processing is necessary for the functionality offered by them, and that we ensure through legal, technical, and organizational measures, as well as regular checks, that the manner of this data processing complies with the legal requirements.

Sentry

We use the software Sentry for monitoring stability and error analysis of our App. Sentry helps us to detect and fix technical problems (e.g., crashes, performance problems, or unexpected program errors) to continuously improve the functionality and security of our App.

All data incurred in this process is processed exclusively on our own servers and not passed on to third parties.

In the context of error detection, technical information about the device used, the operating system, the App version, as well as the times and circumstances of the occurrence of an error can be processed. This data is pseudonymized as far as possible and is not used to identify individual users.

The processing is based on Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in the error analysis, stability assurance, and improvement of the technical reliability of our App.

The collected data is only stored for as long as it is necessary for the analysis and correction of the respective error and is then deleted.

Zendesk

Zendesk is a customer service platform from the provider Zendesk Inc., 989 Market St, San Francisco, CA 94103, United States of America. The use of Zendesk helps us to handle customer service inquiries more effectively.

The legal basis for data processing within the scope of Zendesk is Art. 6 (1) sentence 1 lit. f GDPR. It is our legitimate interest to use specialized software for the efficient processing of customer service inquiries and to be able to respond to you as quickly and precisely as possible in this way.

More information on data processing when using Zendesk can be found at https://www.zendesk.de/trust-center/#privacy.

6. Your Rights

As a person affected by the processing of personal data, both in relation to the App(s) you use in each case and in relation to our Internet Service, you have the following rights vis-à-vis us as the controller:

  • Right of Access, i.e., the right to request confirmation from us as to whether we are processing your personal data, and if so, further information, in particular about the purposes of the processing, categories of personal data, recipients or categories of recipients, and the storage period.
  • Right to Rectification, i.e., the right to have data we have stored about you corrected or completed without undue delay in the event of errors or incompleteness.
  • Right to Restriction of Processing, i.e., the right, under certain conditions, to request that we restrict the processing of your personal data, for example, during an ongoing review of the accuracy of this data.
  • Right to Erasure, i.e., the right to request that we erase your personal data without undue delay in certain situations, for example, if we have processed your data unlawfully, the purpose for data processing no longer exists, or you have withdrawn your consent to processing, provided that the data processing cannot be based on other legal grounds in this case.
  • Right to Notification, i.e., the right to be notified by us, unless impossible or involves disproportionate effort, of any rectification, erasure, or restriction of processing to all recipients to whom we have disclosed your personal data.
  • Right to Data Portability, i.e., the right, under certain conditions, to receive the data provided to us in a structured, commonly used, and machine-readable format, and the right to have this data transmitted to another controller.
  • Right to Object, i.e., the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on a legitimate interest of the controller or the performance of a task carried out in the public interest by the controller.
  • Right to Withdraw Consent, i.e., the right to withdraw your consent at any time for the future. The withdrawal of consent does not retrospectively invalidate the lawfulness of processing.
  • Right to Lodge a Complaint, i.e., the right to lodge a complaint with a supervisory authority, without prejudice to any other legal remedies, regarding processing of your personal data that you believe violates the GDPR, which can be asserted in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

You can assert these rights against us, for example, by using the contact options listed at the beginning.

If you have any further questions about the content of this Privacy Policy, our handling of your data, or other data protection issues in connection with our products, we are of course also available to you there.

© Joyride GmbH • Made with Love
Product
BlogPrivacy PolicyTerms & ConditionsStudies
Company
ImprintContact usSupport
© Joyride GmbH • Made with Love