PRIVACY POLICY – MOBILE APP

1. Introduction

In the following, we provide information about the collection of personal data when using our mobile app (hereinafter only “App”).

Personal data is any data that can be related to a specific natural person, such as their name or IP address.

1.1 Contact details

The controller within the meaning of Art. 4 (7) EU General Data Protection Regulation (GDPR) is:

‍

Twaiv GmbH
Brahmsstraße 38
12203 Berlin
Germany
Email: support@trait.club

‍

We are legally represented by Matthias Ettrich, Raphael Jung.

‍

Our data protection officer can be reached via:

‍
heyData GmbH
Schützenstraße 5
10117 Berlin
Germany
Website: www.heydata.eu
Email: datenschutz@heydata.eu

1.2 Scope of data processing, processing purposes and legal bases

We detail the scope of data processing, processing purposes and legal bases below. In principle, the following legal bases apply:

• Art. 6 para. 1 sentence 1 lit. a GDPR – consent
• Art. 6 para. 1 sentence 1 lit. b GDPR – performance of a contract or pre-contractual measures
• Art. 6 para. 1 sentence 1 lit. c GDPR – compliance with a legal obligation
• Art. 6 para. 1 sentence 1 lit. f GDPR – legitimate interests (e.g. technical operation)

1.3 Data processing outside the EEA

Where data is transferred to service providers or other third parties outside the EEA, data security is ensured through adequacy decisions of the EU Commission pursuant to Art. 45 (3) GDPR, where available (e.g. for Great Britain, Canada, Israel).

For transfers to service providers in the USA, the legal basis is an adequacy decision of the EU Commission if the provider is certified under the EU–US Data Privacy Framework.

In other cases, standard contractual clauses pursuant to Art. 46 (2) lit. b GDPR are used unless otherwise stated. Many providers offer additional contractual safeguards, such as encryption or notification obligations in the event of access by law enforcement authorities.

1.4 Storage duration

Unless expressly stated otherwise in this privacy policy, stored data is deleted once it is no longer required for its intended purpose and no statutory retention obligations apply.

If deletion is not possible due to legal obligations, processing is restricted and the data is blocked from other uses.

1.5 Rights of data subjects

Data subjects have the following rights:

• Right of access
• Right to rectification or deletion
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right to revoke consent at any time

Data subjects also have the right to lodge a complaint with a data protection supervisory authority. Contact details are available at:
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

1.6 Obligation to provide data

Within the scope of a business or other relationship, users must provide personal data that is required for the establishment, execution and termination of such relationship or that we are legally obliged to collect.

Without this data, we may be unable to conclude or perform a contract. Mandatory data is marked as such.

1.7 No automated decision-making

We do not use fully automated decision-making within the meaning of Art. 22 GDPR. Should this change, we will inform users separately if required by law.

1.8 Making contact

When contacting us (e.g. by email or telephone), the data provided will be stored to process the inquiry.

Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest).

Data is deleted once it is no longer required, unless statutory retention obligations apply.

2. Data processing in the app

2.1 Downloading the app

Our app is available via Apple App Store and Google Play Store (“Stores”). When downloading the app, necessary information is transmitted to the Stores, including:

• Username
• Email address
• Customer number
• Download time
• Payment information
• Device identifier

We have no influence over this data collection and are not responsible for it.

2.2 Hosting

Our app is hosted by Amazon Web Services (AWS). Personal data processed may include content data, usage data, communication data or contact data.

Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest).

2.3 Informative use of the app

When using the app, technically necessary data is processed to ensure functionality, stability and security.

Processed data includes:

• IP address
• Date and time of request
• Time zone difference (GMT)
• Request content (interface)
• HTTP status code
• Transferred data volume
• Operating system and interface
• Language and OS version

Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR.

2.4 Access to device functions or data

The app may request access to device functions or data. Granting access constitutes consent.

Legal basis: Art. 6 para. 1 sentence 1 lit. a GDPR.

Accessed data/functions may include:

• Camera
• Existing photos
• Location
• Apple Health

Consent can be revoked at any time via device settings.

2.5 Data processing for the provision of functions

Data is processed to provide app functions.

Legal basis: Usage agreement.

Processed data includes:

• Universal Unique Identifier (UUID)

2.6 User Profile and Social Networking

Upon registration, a user profile is automatically created. Required information includes name, gender and profile picture.

These basic profile data are permanently visible and searchable for other users. Additional profile content (e.g. homebase, images, personal facts, planned trainings) can be marked as public or private.

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract).

2.7 Single sign-on

Users may log in using single sign-on providers.

Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR.

Providers:

• Apple Inc. – https://www.apple.com/legal/privacy/de-ww/
• Google Ireland Limited – https://policies.google.com/privacy

2.8 Purchase of products or services

Purchases may be processed via:

• Stripe Payments Europe, Ltd.
• RevenueCat, Inc.

Legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR.

2.9 Third-party tools

‍

2.9.1 Google Analytics for Firebase

‍

2.9.2 Firebase Crashlytics

‍

2.9.3 Amazon AWS

‍

2.9.4 Amplitude

‍

2.9.5 Firebase Cloud Messaging

‍

2.9.6 Google Analytics

‍

2.9.7 Intercom

Each service is processed on the legal basis stated in the original text (consent or legitimate interest). Further details and privacy policies are linked within the respective sections.

3. Changes to this privacy policy

We reserve the right to amend this privacy policy with effect for the future. The current version is always available here.

4. Questions and comments

If you have any questions or comments regarding this privacy policy, please contact us using the contact details provided above.

‍

The providers of the process (s) offered are:
‍

We offer to purchase goods or services via our app. In the ordering process or shipping, we include the following service providers, who only receive the personal data required in each case to provide a service. The data is processed to provide the contract concluded with the respective user (Art. 6 (1) (b) GDPR).
‍