Data protection

1. DATA PROTECTION AT A GLANCE

GENERAL INFORMATION

The following notes give a simple overview of what happens to your personal information when you visit our website and/or use the trackle service. Personal data is any data that personally identifies you. Detailed information on data protection can be found in our Privacy Policy.

DATA COLLECTION ON OUR WEBSITE

Who is responsible for the data collection on this website?
 
The data processing on this website is carried out by the website operator. Its contact details can be found in the imprint of this website.
 
How do we collect your data?
 
Your data will be collected on the one hand, by telling us your data. This may be e.g. data that you enter in the newsletter form.
 
Other data is collected automatically when visiting the website through our IT systems. These are technical data (e.g. internet browser, operating system or time of the page call). The collection of this information is automatic as soon as you enter our website. 
 
What do we use your data for?
 
Part of the data is collected to ensure a flawless provision of the website. Other data can be used to analyze your user behaviour.
 
What rights do you have regarding your data?
 
At any time you have the right to obtain information about the origin, recipient and purpose of your stored personal data, for free. You also have a right to request correction, blocking or deletion of this data. For this purpose as well as for further questions about data protection you can contast us at any time at the address given in the imprint. Furthermore, you have a right of appeal to the supervisory authority.
 

ANALYSIS TOOLS AND TOOLS OF THIRD PARTIES

When visiting our website, your surfing behaviour can be statistically evaluated. This happens with cookies and with so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tolls. Detailed information can be found in the following privacy policy.
 
You can object to this analysis. We will inform you about the possibilities of objection in this privacy policy.

 2. GENERAL INFORMATION AND REQUIRED INFORMATION

DATA PROTECTION

The trackle GmbH as the provider of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in a accordance with the statutory data protection regulations and this privacy policy.
 
If you use this website, various personal data will be collected.
Personal information is information that personally identifies you. This privacy policy explains what information we collect and what we us it for. It also explains how and for what purpose this happens.
 
Please note that data transmission over the internet(e.g. when communication by e-mail) may have security vulnerabilities. A complete protection of the data from access by thirs parties is not possible.
 

NOTICE ON THE RESPONSIBLE BODY

The responsible data processing company on this website is:
 
trackle GmbH
Bertha-von-Suttner-Platz 1-7
53111 Bonn
 
Telephone: +49228 90278777
 
Responsible entity is the natural or legal person who, alone or in cooperation with others, decides on the purposes and means of processing personal data (such as names, e-mail address, etc.)

REFUSAL OF YOUR AGREEMENT FOR DATA PROCESSING

Many data processing operations are only possible with your explicit consent. You can revoke and already given consent at any time. An informal message by e-mail to us is sufficient. The legality of data processing carried out until the revocation remains unaffected by the revocation.

COMPLAINT RIGHTS TO THE SUPERVISORY AUTHORITY

In the case of violations of data protection law, the person concerned has the right of appeal to the supervisory authority. The supervisory authority in matters of data protection law is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found on the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
 

RIGHT TO DATA TRANSFERABILITY

You have the right to have data that we process on the basis of your consent or in fulfillment of a contract, in itself or to a third party in a standard, machine-readably format. If you require the direct transfer of the data to another person in charge, this will only be done to the extent technically feasible.

SSL- OR TLS-ENCRYPTION

This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL- or TSL-Encryption. An encrypted connection is indicated by the browser’s address bar changing from “http://" to “https://" and the lock icon in your browser bar.
 
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
 

ENCRYPTED PAYMENT ON THIS WEBSITE

If, after the completion of a fee-based contract, there is an obligation to provide us with your payment details (e.g. account number for direct debit authorization), this data will be required for payment processing.
 
Payment via the common means of payment(Visa/MasterCard) takes place exclusively via an encrypted SSL or TLS connection. An encrypted connection is indicated by the browser’s adress bar changing from “http://" to “https://" and the lock icon in your browser bar.
 
In the case of encrypted communication, your payment details that you send to us cannot be read by third parties.
 

INFORMATION, LOCK, DELETION

Within the scope of the applicable legal provisions, you have the right at any time to provide free information about your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to correct, block or delete this data. For further information on personal data, please contact us at any time at the address given in the imprint.
 

CONTRADICTION AGAINST ADVERTISING MAILS

The use of contact data published in the context of the imprint obligation for the purpose of sending unsolicited advertising and information materials is hereby rejected. The operators of the pages reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
 

3. DATA PROTECTION OFFICIAL

LEGALLY REQUIRED PRIVACY POLICY

 
We have appointed a data protection officer for our company.
 
Mr. Maxim Loick
trackle GmbH
Bertha-von-Suttner-Platz 1-7
53111 Bonn
 
Telephone: +49228 90278777
 

4.DATA COLLECTION ON OUR WEBSITE

COOKIES

The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.
 
Most of the cookies we use are so-called “session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
 
You can set your browser so that you are informed about the setting of cookies, allowing cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
 
Cookies required to carry out the electronic communication process or to provide certain functions desired by you (e.g. shopping cart function) are processed and saved on the basis of Art. 6 Para. 1 lif. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically corret and optimizes provision of its services. If other cookies (such as cookies for analyzing your browsing behavior) are stored, they will be treated seperately in this privacy policy.
 

SERVER LOG FILES

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
 
Browser type and browser version
Used operating system
Referrer URL
Host name of the accessing computer
Time of the server request
IP address
 
There is no merge of this data with other data sources.
 
The basis for data processing is Art. 6 para.1 lit. f GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
 

PROCESSING OF DATA (CUSTOMER AND CONTRACT DATA)

We collect, process and use personal data only insofar as they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or precontractual measures. We only collect, process and use personal data on the use of our Internet pages (user data) insofar as this is necessary in order to enable or charge the user for the use of the service.
 
The collectes customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
 

DATA TRANSMISSION BY CONCLUSION OF CONTRACT FOR ONLINE SHOPS, DEALERS AND GOODS

We only transfer personal data to third parties if this is necessary in the course of the contract, for example to the companies entrusted with the delivery of the goods or to the bank responsible for processing the payment.
 
A further transmission of the data does not take place or only if you have expressly consented to the transmission. A transfer of your data to third parties without explicit consent, such as for advertising purposes, does not occur.
 
The basis for data processing is Art.6 para. 1 lit. b GDPR, which allows the processing of data of the performance of a contract or precontractual measures.
 

DATA TRANSFER AT CONTRACT CLOSURE FOR SERVICES AND DIGITAL CONTENT

 
We only transfer personal data to third parties is this is necessary in the course of the contract, for example to the bank responsible for the processing of payments.
 
A further transmission of the data does not take place or only if you have expressly consented to the transmission. A transfer of your data to third parties without explicit consent, such as for advertising purposes, does not occur.
 
The basis for data processing is Art.6 para. 1 lit. b GDPR, which allows the processing of data of the performance of a contract or precontractual measures.

5. GOOGLE TAG MANAGER & GOOGLE ANALYTICS

GOOGLE TAG MANAGER

Google Tag Manager is a solution that allows us to manage so-called Website tags through one interface (including integrating Google Analytics and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process users’ personal data. With regard to processing of users’ personal date, reference is made to nthe following information about the Google services. Use Policy: https://www.google.com/analytics/tag-manager/use-policy/
 
GOOGLE ANALYTICS
Based on our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offer within the meaning of Art.6 para.1 lit. f GDPR), we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google"). Google uses cookies. The information generated by the cookies about the use of the online offer by the users are usually transmitted to a Google server in the USA and stored there.
 
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
 
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous user profiles of the processed data can be created.
 
We only use Google Analytics with activated IP anonymization. This means that the IP adresses of the users is shortened by Google within member started of the European Union or in other contracting stated of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
 
The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of such data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
 

For more information about Google’s data usage, hiring and disparaging options, please read Google’s Privacy Policy (https://policies.google.com/privacy) and Google’s Ads Settings (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymized after 14 months.

6.NEWSLETTER

NEWSLETTER DATA

If you wish to receive the newsletter offered on the website, we require an e-mail address from you, as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data are not collected or only on a voluntary basis. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
 
The processing of the data entered into the newsletter registration form takes places exclusively on the basis of your consent (Art.6 para.1 lit. a GDPR). You can revoke your consent to the storage of data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe" link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.
 
The data deposited with us for the purpose of obtaining the newsletter will be stored by us from the newsletter until your cancellation of the newsletter. Data that has been stored for other purposes with us (such as e-mail adresses for the members area) remain unaffected.
 

MAILCHIMP

 
This website uses the services of MailChimp for sending newsletters. Provides is the Rocket Science Group LLC, 675 Ponce De Leon Ave. NE, Suite 5000, Atlanta, GA 30308, USA.
 
MailChimp is a service that helps, among others, to organize and analyze the dispatch of newsletters. If you enter data for the purposes of newsletter subscription (e-mail address, for example), it will be stored on MailChimp’s servers in the United States.
 
MailChimp is certified under the “EU-US Privacy Shield". The “Privacy-Shield" is an agreement between the European Union (EU) and the USA to ensure compliance with European privacy standards in the United States.
 
With the help of MailChimp we can analyze our newsletter campaigns. When you open an e-mail sent by MailChimp, a file inclued in the e-mail (called web-beacon) connects to MailChimp’s servers in the United States. This will determine if a newsletter message has been opened and which links may have been clicked. In addition, technical information is collected (e.g., time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They serve exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better tailor future newsletters to the interests of the recipients.
 
If you do not want to be analyzed by MailChimp you have to unsubscribe from the newsletter. For this we provide in each newsletter message a corresponding link. Furthermore, you can unsubscribe from the newsletter directly on the website.
 
The data processing takes place on the basis of your consent (Art.6 para.1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.
 
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us from the newsletter until the time of your revocation and will be deleted from our servers as well from the servers of MailChimp after cancellation of the newsletter. Data that has been stored for other purposes with us (such as e-mail addresses for the members area) remain unaffected.
 
For detail, see the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.

COMPLETION OF A DATA PROCESSING AGREEMENT

We have a so-called “Data Processing Agreement" with MailChimo, in which we commit MailChimo to protect the data of our customers and not to pass them on to third parties. This contract can be viewed at the following link: https://mailchimp.com/legal/data-processing-addendum/.

7. PAYMENT PROVIDER

PAYPAL

 On our website we offer Payment, among others, via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal").

If you choose to pay via PayPal, the payment details you enter will be sent to PayPal.

The transmission of your data to PayPal is based on Art.6 para.1 lit. a GDPR (Consent) and Art.6 para.1 lit. b GDPR (processing to fulfill a contract). You have the opportunity to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of historical data processing operations.

KLARNA

On our website we offer the payment, among others, via Klarna. The provider of this payment service is Klarna Bank AB (publ.). Sveavägen 46, 11134 Stockholm (hereinafter “Klarna").
 
If you select payment via Klarna, the payment details you enter will be transmitted to Klarna.
 
The transmission of your data to Klarna is based on Art.6 para.1 lit. a GDPR (consent) and Art.6 para.1 lit. b GDPR (processing to fulfill a contract). You have the opportunity to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of historical data processing operations.

 

8. SHOP PROVIDER

SHOPIFY

This website uses the services of Shopify for the processing of purchasing processes. Provider is Shopify Inc., a Canadian corporation located at 150 Elgin Street, Suite 800, Ottawa, ON, K2P 1L4, Canada.
 
Shopify is a service that helps, among others, to set up and administered an online shop system. When you enter data for purposes of processing the sales contract and shipping (e.g. e-mail address), these are stored on Shopify’s servers outside the EU.
 
Shopify works under the specifications of the EU-US Privacy Shield Framework, the Swiss-US Privacy Shield Framework and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). These agreements are designed to ensure compliance with European privacy standards in the United States.
 
The privacy statement of Shopify can be viewed here: https://www.shopify.com/legal/privacy and here https://www.shopify.com/legal/dpa.
A transfer of the data that has been recorded for the fulfillment of the contract by Shopify to third parties shall only be made insofar as this is necessary for the execution of the contract, in particular in the following cases:
 
Address data to shipping companies for the purpose of delivery
Payment data to credit institutions for the settlement of payments
Payment data to debt collection agencies for the assignment of claims

9. SUPPORT DESK

FRESHDESK SUPPORT

If you contact our support team via the e-mail address [email protected] or via Facebook Messenger, your requests will be redirected to our help desk tool. Supplier is Freshworks INC, San Francisco, USA, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066.
 
If you enter and submit data for the purpose of processing a support request via e-mail ord Facebook messenger (e.g. e-mail adress, your name), these will be stored on Freshdesk’s servers outside the EU.
 
Freshdesks works under the specifications of the EU-US Privacy Shield Framework, the Swiss-US Privacy Shield Framework (for more information, see https://www.privacyshield.gov/list). These agreements are designed to ensure compliance with European privacy standards in the United States.
 
The Privacy Statement of Freshdesk can be viewed here and here (Privacy Notice and Data Security Addendum).You have the opportunity to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of historical data processing operations.

FRESHDESK LIVE CHAT

 On this website, for the purpose of operating a live chat system to answer live requests, your communicated chat content is collected and stored for the chat’s progress. The Chattool provider is Freshworks INC, San Francisco, US, 1250 Bayhill Druve, Suite 315, San Bruno, CA 94066. Freshworks receives information about the device, IP address, browser type, browser setting and cookie information via the chat function. Cookies are small text files stored locally in the cache of the site visitor’s Internet browser. The cookies allow the recognition of the Internet browser of the site visitor to ensure a distinction of each user of the chat function of our website.
 
Insofar as the information collected in this way is personally identifiable, the processing will be carried out in accordance with Art.6 para.1 lit. f GDPR based on our legitimate interest in effective customer care and the statistical analysis of user behavior for optimization purposes.
 
In order to avoid the storage of cookies, you can set your Internet browser so that in the future no more cookies can be stored on your computer or already stored cookies are deleted. However, switching off all cookies may mean that that the chat function on our website can no longer be executed. More information about the cookie policy of Freshwork can be found here.

10. DATA COLLECTION WITHIN THE TRACKLE APPLICATION

APP, BACKEND, SENSOR

The use of the trackle service requires the storage and processing of health data (for example, body core temperature and other cycle-related parameters). These data are collected and stored in separate systems. The identification and connection of the individual elements of the application, takes place exclusively via anonymized IDs. The data will not be shared without the consent of the user.
 
To provide our services and to fulfill our legal obligations as a medical device manufacturer (for example, in connection with recalls), we may, if necessary, allocate individual devices to their buyers. This is done with reference to GDPR Art.6 para.1 and MPG (Medical Devices Act), August 2002 issue, §29.
We ensure by a strictly separate data management that an assignment of the data generated by the use of the trackle system to a buyer account for third parties is not possible.

11. ENCRYPTION, ENSURING THE INTEGRITY OF DATA

APP, BACKEND, SENSOR

The trackle system uses various cryptographic techniques for security and to protect the transmission of sensitive content, such as temperature data.

 
The connection between sensor and app is protected by the Bluetooth LE protocol.
The HTTP connection between app and backend is encrypted using the TLS method (TLS 1.2).
In addition, the integrity of the transmitted data is protected by an asymmetric encryption method (public-private key method: ECC). Digital signatures prevent the data submit from bein altered unnoticed (content, order and completeness).
 

If you have further questions about the security measures, please contact [email protected] at any time.