Using our mobile app
I. Information on
the processing of personal data
(1) In addition to our
online service, we also provide you with a mobile app (“M.T.O. Tamarkoz® App") that you can download onto your
mobile device. In the following we inform you about the collection of personal
data when using M.T.O. Tamarkoz App. Personal data is all data that can be
related to you personally, e.g. name, address, e-mail addresses, user behavior.
(2) Data controller is according to Article 7
(7) of the European Data Protection Regulation (“GDPR”)
M.T.O. Tamarkoz® Association
PO Box 73288,
CA 95617, U.S.
For our imprint see https://tamarkozapp.com/web/imprint
The internal Contact for Data Protection can be
reached under the above stated address or via email@example.com.
(3) When you contact
us by e-mail or via a contact form, we will store your e-mail address and, if
you have provided it, also your name and telephone number in order to answer
your questions. The data collected in this context will be deleted after storing
it is no longer necessary. Do statutory obligations apply, the data will not be
deleted but the processing will be restricted.
(4) For some
processing activities it might be useful to assign external service providers
for individual functions of our offer or use your data for advertising
purposes. If we decide to do so, we will inform you below in detail about the
respective processes. We will also specify the criteria for the retention
II. Processing of
personal data when using our mobile app
(1) Download, deletion and
temporarily pausing the processing of your personal data
When the M.T.O. Tamarkoz App is downloaded, the required
information is transmitted to the App Store, in particular username, e-mail
address, time of download and the individual device code number. We have no
influence on this data collection and are not responsible for it. We process
the data only to the extent necessary for downloading M.T.O. Tamarkoz App to
your mobile device. This processing takes place on the basis of your consent
pursuant to Article 6 (1) sentence 1 lit. a GDPR.
When you deinstall the
M.T.O. Tamarkoz App, your data will be deleted 30 months from the date of
deinstallation for the purpose for which they were collected, unless we are
required by law to retain them. We assume that the data will be deleted after
this period because we assume that it is no longer likely that you will use our
services again. However, in order to give you the opportunity to restore your
profile for a shorter period of time, e.g. because you deleted the app at an
earlier point in time due to a lack of necessity, we store the data temporarily
however, you wish to withdraw your consent and do not wish the use to be
suspended temporarily, you can do so by sending an email to firstname.lastname@example.org or sending us a request by
using the “contact us” option integrated in the M.T.O. Tamarkoz App which you
can find in the menu under “settings”. M.T.O. Tamarkoz App is hosted on AWS Servers in
USA and all data is stored in the Amazon RDS database, a service of Amazon.com,
Inc. P.O. Box 81226, Seattle, WA 98108-1226, USA. Amazon.com, Inc. is certified
under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to
the Privacy Shield Principles.
(2) Use of
data for M.T.O. Tamarkoz App
order to provide you meditation exercises that serve your individual
preferences the best and being aware of your privacy needs, we do not track
your health data and limiting the data processing to data categories that are
relevant for your meditation experience. Therefore, we record only basic user
interaction inside the M.T.O. Tamarkoz App, for example what exercises are your
favorites, what categories/exercises you are searching for within the M.T.O.
Tamarkoz App and your reporting dates. Furthermore, when you are performing an
exercise, we store data about the date and time, it’s duration, amount of
repetitions, it’s associated category and the degree of severity. When you
decide to report your mood (e.g. happy, sad), we record your report and the
date and time of its submission. This
processing is carried out on the legal basis of consent pursuant to Article 6
(1) sentence 1 lit. a GDPR.
may withdraw your consent any time by sending an email to email@example.com or sending us a request by using the “contact
us” option integrated in the M.T.O. Tamarkoz App which you can find in the menu
under “settings”. After you have withdrawn your consent, your account will be
deactivated. We will store your data for six months in case you will
re-activate your account within this time period. If you do not re-activate
your account within six months after withdrawing your consent, we will delete your
you do not wish us to store your data for six months, please let us know when
you withdraw your consent, then we will delete your data immediately.
of log file data
using M.T.O. Tamarkoz App, we collect the following log file data:
Sign-up type (email, mobile)
Date and time of request
Content of request (concrete page, concrete API endpoint)
Access status/HTTP status code
Device Access Token
Amount of data transferred in each case
Terminal equipment from which the request comes
Operating system and its interface
Language and version of the user agent.
From a technical point of view, this data is
absolutely necessary for us in order to offer the various functions of M.T.O. Tamarkoz App and to guarantee the stability and
security of M.T.O. Tamarkoz App, as well as to enable comfortable use of the
functions. This processing purpose also represents the legitimate interest,
which according to Article 6 (1) Sentence 1 lit. f GDPR is the legal basis for
addresses in log files are deleted after 14 days.
ID and push notifications
Furthermore, when M.T.O. Tamarkoz App is
started for the first time, we assign a unique installation ID for each
installation. It does not contain any personal data. If you delete M.T.O.
Tamarkoz App and then reinstall it, a new installation ID will be assigned. When
M.T.O. Tamarkoz App starts on the mobile device, a connection to a server can
be established in order to send push notifications from the admin panel to the
respective device that the ID got assigned to.
We use Google Firebase, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View,
CA 94043 USA, to provide you with such push notifications after you consented
according to Article 6 (1) Sentence 1 lit. a GDPR to receive them.
of Stripe as payment service provider
are using the payment service provider Stripe, Inc., 510 Townsend Street, San
Francisco, CA 94103, USA (“Stripe”), for online payment matters. When you
payment method information (such as credit or debit card number, or bank
account information), purchase amount, date of purchase, your name, email,
billing or shipping address and in some cases your transaction history to
may also share your personal information with service providers, subcontractors
or other affiliates to the extent necessary to fulfill the contractual obligations
of your order or to process the personal information on behalf of Stripe. You
will find an overview of these third parties under the following link: https://stripe.com/sub-processors/legal
legal basis for the data processing is Article 6 (1) Sentence 1 lit. b GDPR.
processing of your personal data is necessary for the processing of your order
with the payment method selected by you, in particular for the confirmation of
your identity as well as for the administration of your payment. Stripe will
use your data as long as it is providing its services to you, for more detailed
retain Personal Data after we cease providing Services to you, even if you
close your Stripe account, to the extent necessary to comply with our legal and
regulatory obligations, and for the purpose of fraud monitoring, detection and
Stripe is certified under the EU-U.S. and the
Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield
Principles. In addition, Stripe has implemented intra-group data transfer
(6) Payment for In-App-Purchases
through Facebook and Google
logging in with your Facebook or Google account, we process your name,
e-mail-address, profile picture and phone number on the basis of your consent
Article 6 (1) Sentence 1 lit. a GDPR. We are using the profile picture you are
using for the respective network also as profile picture to individualize your
account in the M.T.O. Tamarkoz App. The other data is constantly processed
because it is necessary for the use of M.T.O. Tamarkoz App that you are logged
in. In case you want to withdraw your consent being logged in with your
Facebook or Google account, you need to sign up with your e-mail-address or
phone number, because otherwise we are not able to give you access to our app.
We use Google Firebase, a service of Google
Inc., for giving you the opportunity to log in with your Google account.
use Google Analytics and Google Firebase, both services of Google Inc., to analyse the general use of the M.T.O.
Tamarkoz App., in particular app installs/uninstalls,
category activities, exercise activities, FAQ activities, start of a session,
number of shares. Your IP address does not get
tracked during these activities. Google compiles and submits a report
about the general usage of the M.T.O. Tamarkoz App and we use this information
to continuously improve our service and increase the user friendliness of the M.T.O.
Tamarkoz App. The reports we receive do not contain personal data. We process the information according to Art. 6 (1)
Sentence 1 lit. f GDPR.
Google is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield
Framework and adheres to the Privacy Shield Principles.
use SendGrid, a service of SendGrid, Inc., 1801 California Street, Suite 500,
Denver, Colorado 80202, as service provide to send you information via email
regarding administrative issues, code verification, welcome notification and
account updates. Additionally, we send you further information about our
products and services we are offering in the M.T.O. Tamarkoz App or related
products and services offered by M.T.O. Tamarkoz Association to keep you
informed about various possibilities to improve your wellbeing. in order to
help you to get used to the functions of the M.T.O. Tamarkoz App without any
problems. For this, we process your account data, in particular your name and
email address according to Art. 6 (1) Sentence 1 lit. f GDPR. You have the
right to object to this data processing by sending an email to firstname.lastname@example.org
or sending us a request by using the “contact us” option integrated in the M.T.O. Tamarkoz App which you can find in the menu
under “settings”, SendGrid is certified under the EU-U.S. and the Swiss-U.S.
Privacy Shield Framework and adheres to the Privacy Shield Principles.
We use Twilio, a service of Twilio Inc., 375 Beale Street, Suite 300,
San Francisco, CA, 94105, USA, for sending you an SMS when you signup with your
phone number. The processing of your phone number by Twilio is based on your
to Article 6 (1) Sentence 1 lit. a GDPR. You may withdraw your consent any time
by sending an email to email@example.com or sending us a request by using
the “contact us” option integrated in the M.T.O. Tamarkoz App which you can
find in the menu under “settings”,
is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and
adheres to the Privacy Shield Principles.
III. Your Rights
have the following rights vis-à-vis us with regard to the personal data
– Right to be informed,
– Right to rectification and erasure,
– Right to restriction,
– Right to objection,
– Right to data portability.
– Right to withdrawal according to Article 7
(2) You have the right to lodge a complaint
with a supervisory authority if you believe that the processing of your
personal data is contrary to the GDPR. Our competent supervisory authority is
M.T.O. Jugendhilfe & Kulturförderung e.V.
(3) Residents of the State of California have
the right to request a full and complete copy of their information once per
year. Such copy will be made available by digital mail or physical mail. We
will request proof of your identity to prevent fraud, abuse, or other malicious
activities. Residents of the State of California may request the complete
destruction of all information relating to them, their activities, and their
purchases. In such instance, your ability to use our application, website, or
other services, will be restricted, as such destruction will prohibit any
services we may provide to you. We warrant and certify that we are not a data
brokerage and that we will not sell or exchange your information. When a
California resident contacts us, we will acknowledge their request within 10
days and may request proof of their identity before moving forward. Upon
receipt of such proof, we will respond to the request within 60 days. In the
event deletion of information is required we will provide a written statement
asserting such deletion has occurred to the best of our ability.
time to time, due to ongoing changes in regulatory laws, our third-party
associations, or for other reasons. We will make you aware of such change by
posting a notice on our application, website, or other means reasonably
(2) We will seek to comply with any and all
newly developed laws and regulations affecting your privacy. If you believe
that this policy does not address your rights within your jurisdiction, please
contact us and we will promptly look into the matter.
(3) While we will make reasonable and good
faith efforts to delete information upon request, your information may be
subject to the policies and terms & conditions or the entities referenced
any third party website and you are cautioned and advised when leaving our site
(5) The laws governing this policy, as outlined
above, shall be the laws of the European Union, unless prohibited, in which
case, the laws of the United States and the State of California shall control
(6) You may contact us at: firstname.lastname@example.org or by post PO Box
73288, Davis, CA 95617, U.S.