Privacy Policy for the M.T.O. Tamarkoz® App

Using our mobile app

 

I. Information on the processing of personal data

(1) In addition to our online service, we also provide you with a mobile app (“M.T.O. Tamarkoz® App") that you can download onto your mobile device. In the following we inform you about the collection of personal data when using M.T.O. Tamarkoz App. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

(2) Data controller is according to Article 7 (7) of the European Data Protection Regulation (“GDPR”)


M.T.O. Tamarkoz® Association

PO Box 73288,

Davis,

CA 95617, U.S.

info@tamarkozapp.com

For our imprint see https://tamarkozapp.com/web/imprint

The internal Contact for Data Protection can be reached under the above stated address or via privacy@tamarkozapp.com.

 

(3) When you contact us by e-mail or via a contact form, we will store your e-mail address and, if you have provided it, also your name and telephone number in order to answer your questions. The data collected in this context will be deleted after storing it is no longer necessary. Do statutory obligations apply, the data will not be deleted but the processing will be restricted.

(4) For some processing activities it might be useful to assign external service providers for individual functions of our offer or use your data for advertising purposes. If we decide to do so, we will inform you below in detail about the respective processes. We will also specify the criteria for the retention period.

 

II. Processing of personal data when using our mobile app 

(1)   Download, deletion and temporarily pausing the processing of your personal data

When the M.T.O. Tamarkoz App is downloaded, the required information is transmitted to the App Store, in particular username, e-mail address, time of download and the individual device code number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading M.T.O. Tamarkoz App to your mobile device. This processing takes place on the basis of your consent pursuant to Article 6 (1) sentence 1 lit. a GDPR.

When you deinstall the M.T.O. Tamarkoz App, your data will be deleted 30 months from the date of deinstallation for the purpose for which they were collected, unless we are required by law to retain them. We assume that the data will be deleted after this period because we assume that it is no longer likely that you will use our services again. However, in order to give you the opportunity to restore your profile for a shorter period of time, e.g. because you deleted the app at an earlier point in time due to a lack of necessity, we store the data temporarily for you.

If, however, you wish to withdraw your consent and do not wish the use to be suspended temporarily, you can do so by sending an email to info@tamarkozapp.com or sending us a request by using the “contact us” option integrated in the M.T.O. Tamarkoz App which you can find in the menu under “settings”. M.T.O. Tamarkoz App is hosted on AWS Servers in USA and all data is stored in the Amazon RDS database, a service of Amazon.com, Inc. P.O. Box 81226, Seattle, WA 98108-1226, USA. Amazon.com, Inc. is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles.

(2)   Use of data for M.T.O. Tamarkoz App

In order to provide you meditation exercises that serve your individual preferences the best and being aware of your privacy needs, we do not track your health data and limiting the data processing to data categories that are relevant for your meditation experience. Therefore, we record only basic user interaction inside the M.T.O. Tamarkoz App, for example what exercises are your favorites, what categories/exercises you are searching for within the M.T.O. Tamarkoz App and your reporting dates. Furthermore, when you are performing an exercise, we store data about the date and time, it’s duration, amount of repetitions, it’s associated category and the degree of severity. When you decide to report your mood (e.g. happy, sad), we record your report and the date and time of its submission.  This processing is carried out on the legal basis of consent pursuant to Article 6 (1) sentence 1 lit. a GDPR.

You may withdraw your consent any time by sending an email to info@tamarkozapp.com or sending us a request by using the “contact us” option integrated in the M.T.O. Tamarkoz App which you can find in the menu under “settings”. After you have withdrawn your consent, your account will be deactivated. We will store your data for six months in case you will re-activate your account within this time period. If you do not re-activate your account within six months after withdrawing your consent, we will delete your data.

If you do not wish us to store your data for six months, please let us know when you withdraw your consent, then we will delete your data immediately.

(3)   Collection of log file data

When using M.T.O. Tamarkoz App, we collect the following log file data: 

- IP address

- User Name

- Sign-up type (email, mobile)

- Device ID

- Date and time of request

- Content of request (concrete page, concrete API endpoint)

- Access status/HTTP status code

- Device Access Token

- Amount of data transferred in each case

- Terminal equipment from which the request comes

- User agent

- Login limit

- Operating system and its interface

- Country ID

- Language and version of the user agent.

From a technical point of view, this data is absolutely necessary for us in order to offer the various functions of M.T.O. Tamarkoz App and to guarantee the stability and security of M.T.O. Tamarkoz App, as well as to enable comfortable use of the functions. This processing purpose also represents the legitimate interest, which according to Article 6 (1) Sentence 1 lit. f GDPR is the legal basis for data processing.

          IP addresses in log files are deleted after 14 days.

(4)   Installation ID and push notifications

Furthermore, when M.T.O. Tamarkoz App is started for the first time, we assign a unique installation ID for each installation. It does not contain any personal data. If you delete M.T.O. Tamarkoz App and then reinstall it, a new installation ID will be assigned. When M.T.O. Tamarkoz App starts on the mobile device, a connection to a server can be established in order to send push notifications from the admin panel to the respective device that the ID got assigned to.

We use Google Firebase, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to provide you with such push notifications after you consented according to Article 6 (1) Sentence 1 lit. a GDPR to receive them. 

(5)   Application of Stripe as payment service provider

We are using the payment service provider Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA (“Stripe”), for online payment matters. When you execute payments, Stripe will collect according to its own Privacy Policy your payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, your name, email, billing or shipping address and in some cases your transaction history to authenticate you.

Stripe may also share your personal information with service providers, subcontractors or other affiliates to the extent necessary to fulfill the contractual obligations of your order or to process the personal information on behalf of Stripe. You will find an overview of these third parties under the following link: https://stripe.com/sub-processors/legal

The legal basis for the data processing is Article 6 (1) Sentence 1 lit. b GDPR.

The processing of your personal data is necessary for the processing of your order with the payment method selected by you, in particular for the confirmation of your identity as well as for the administration of your payment. Stripe will use your data as long as it is providing its services to you, for more detailed information, see the Privacy Policy of Stripe under https://stripe.com/privacy.

We retain Personal Data after we cease providing Services to you, even if you close your Stripe account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention.

Stripe is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles. In addition, Stripe has implemented intra-group data transfer agreements.

(6)  Payment for In-App-Purchases

If you make an In-App purchase on an Apple device, the transaction and payment will be made solely between you and the Apple App Store based on the terms and conditions and privacy policy applicable to that device, which can be found at https://www.apple.com/legal/internet-services/itunes/us/terms.html and https://www.apple.com/legal/privacy/en-ww/

If you make an in-app purchase on an Android device from the Google Play Store, the transaction and payment will be made solely between you and the Google Play Store, subject to the terms and conditions and privacy policy of the Google Play Store, which can be found at https://play.google.com/about/play-terms/index.html and https://policies.google.com/privacy

(7)  Log-in through Facebook and Google

While logging in with your Facebook or Google account, we process your name, e-mail-address, profile picture and phone number on the basis of your consent Article 6 (1) Sentence 1 lit. a GDPR. We are using the profile picture you are using for the respective network also as profile picture to individualize your account in the M.T.O. Tamarkoz App. The other data is constantly processed because it is necessary for the use of M.T.O. Tamarkoz App that you are logged in. In case you want to withdraw your consent being logged in with your Facebook or Google account, you need to sign up with your e-mail-address or phone number, because otherwise we are not able to give you access to our app. We use Google Firebase, a service of Google Inc., for giving you the opportunity to log in with your Google account.

(8)   Google Analytics

We use Google Analytics and Google Firebase, both services of Google Inc., to analyse the general use of the M.T.O. Tamarkoz App., in particular app installs/uninstalls, category activities, exercise activities, FAQ activities, start of a session, number of shares. Your IP address does not get tracked during these activities. Google compiles and submits a report about the general usage of the M.T.O. Tamarkoz App and we use this information to continuously improve our service and increase the user friendliness of the M.T.O. Tamarkoz App. The reports we receive do not contain personal data. We process the information according to Art. 6 (1) Sentence 1 lit. f GDPR.

Google is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles.

(9) SendGrid

We use SendGrid, a service of SendGrid, Inc., 1801 California Street, Suite 500, Denver, Colorado 80202, as service provide to send you information via email regarding administrative issues, code verification, welcome notification and account updates. Additionally, we send you further information about our products and services we are offering in the M.T.O. Tamarkoz App or related products and services offered by M.T.O. Tamarkoz Association to keep you informed about various possibilities to improve your wellbeing. in order to help you to get used to the functions of the M.T.O. Tamarkoz App without any problems. For this, we process your account data, in particular your name and email address according to Art. 6 (1) Sentence 1 lit. f GDPR. You have the right to object to this data processing by sending an email to info@tamarkozapp.com or sending us a request by using the “contact us” option integrated in the M.T.O. Tamarkoz App which you can find in the menu under “settings”, SendGrid is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles.

(10) Twilio

We use Twilio, a service of Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA, 94105, USA, for sending you an SMS when you signup with your phone number. The processing of your phone number by Twilio is based on your consent according to Article 6 (1) Sentence 1 lit. a GDPR. You may withdraw your consent any time by sending an email to info@tamarkozapp.com or sending us a request by using the “contact us” option integrated in the M.T.O. Tamarkoz App which you can find in the menu under “settings”,

SendGrid is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles.

 

III. Your Rights

You have the following rights vis-à-vis us with regard to the personal data concerning you:

–   Right to be informed,

–   Right to rectification and erasure,

–   Right to restriction,

–   Right to objection,

–   Right to data portability.

–   Right to withdrawal according to Article 7 (3) GDPR

 

(2) You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR. Our competent supervisory authority is

M.T.O. Jugendhilfe & Kulturförderung e.V.

Harffstr. 29

40596 Duesseldorf


(3) Residents of the State of California have the right to request a full and complete copy of their information once per year. Such copy will be made available by digital mail or physical mail. We will request proof of your identity to prevent fraud, abuse, or other malicious activities. Residents of the State of California may request the complete destruction of all information relating to them, their activities, and their purchases. In such instance, your ability to use our application, website, or other services, will be restricted, as such destruction will prohibit any services we may provide to you. We warrant and certify that we are not a data brokerage and that we will not sell or exchange your information. When a California resident contacts us, we will acknowledge their request within 10 days and may request proof of their identity before moving forward. Upon receipt of such proof, we will respond to the request within 60 days. In the event deletion of information is required we will provide a written statement asserting such deletion has occurred to the best of our ability.

 

IV. Miscellaneous

(1) This Privacy Policy may be modified from time to time, due to ongoing changes in regulatory laws, our third-party associations, or for other reasons. We will make you aware of such change by posting a notice on our application, website, or other means reasonably available.

(2) We will seek to comply with any and all newly developed laws and regulations affecting your privacy. If you believe that this policy does not address your rights within your jurisdiction, please contact us and we will promptly look into the matter.

(3) While we will make reasonable and good faith efforts to delete information upon request, your information may be subject to the policies and terms & conditions or the entities referenced above.

(4) We are not liable for the privacy policy of any third party website and you are cautioned and advised when leaving our site to a third-party’s the terms of their privacy policy will be different from ours.

(5) The laws governing this policy, as outlined above, shall be the laws of the European Union, unless prohibited, in which case, the laws of the United States and the State of California shall control this policy.

(6) You may contact us at: info@tamarkozapp.com or by post PO Box 73288, Davis, CA 95617, U.S.