Data protection

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website and social networks or use our offers within the framework of the Breath app. Personal data is all data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Data collection on our website and the ATEM app

Who is responsible for the data collection on this website and in the ATEM app?

The data processing on this website and in the breathing app is carried out by Qur Digital Therapeutics GmbH. You can find the contact details in the imprint of the website (www.atem.app). The responsible party for data processing on this website is: Qur Digital Therapeutics GmbH, Maximilian Wagner, Florian Reiss, Amalienstrasse 71, 2. RG, 80799 München, info@atem.app.

What data is collected?

The following data is collected: • Inventory data (e.g., names, addresses) • Contact data (e.g., e-mail, telephone numbers) • Content data (e.g., text entries, photographs, videos) • Usage data (e.g., websites visited, interest in content, access times) • Meta/communication data (e.g., device information, IP addresses)

For what purpose do we collect your data?

We collect your data for the following purposes: • Provision of the online offer, its functions, and contents • Answering contact requests and communication with users • Security measures • Reach measurement/marketing

What terminology is used here?

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and encompasses virtually any handling of data. "Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

What are the relevant legal bases?

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures and respond to inquiries is Art. 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis.

What rights do you have regarding your data?

You have the right to obtain information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. If you have given your consent for data processing, you can revoke this consent at any time in the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right of appeal to the relevant supervisory authority. You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of data protection.

Analysis tools and tools from third-party providers

When you visit our website and/or use the ATEM app, your surfing behavior may be analyzed statistically. This is mainly done with so-called analysis programs. The analysis of your usage behavior is usually anonymous. Detailed information on these analysis programs can be found in the following data protection declaration.

2. hosting and content delivery networks (CDN)

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This can include IP addresses, contact requests, meta and communication data, contact data (e.g. e-mail address), names, web site accesses and other data that is generated via a web site. The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a safe, fast and efficient provision of our online offer by a reliable provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent that this is necessary for the fulfillment of its performance obligations and to comply with our instructions regarding this data.

Conclusion of a contract for the provision of services

In order to ensure data protection-compliant processing, we have concluded a contract with our hoster for the processing of orders. This site is operated via the "Heroku" service of the hosting provider Salesforce.com, Inc. (The Landmark @ One Market, Suite 300, San Francisco, California 94105, USA). The privacy policy can be found here: https://www.salesforce.com/company/privacy. Salesforce.com, Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection.

3. general information and obligatory information

Data protection

The operating company of www.atem.app and the ATEM-App takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration. When you use this website or other ATEM products, various personal data will be collected. Personal data is data that can be used to identify you personally. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that the transmission of data via the Internet (e.g. when communicating by e-mail) can lead to security gaps. It is not possible to provide complete protection of the data against access by third parties.

Note on the responsible party

The responsible party for data processing on this website is: qur digital therapeutics GmbH Amalienstrasse 71 2nd Backyard, Basement 80799 Munich E-Mail: breathe@atem.app The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage period

Insofar as no specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law). In the latter case, the data will be deleted after these reasons no longer apply.

Note on the transfer of data to the USA and other third countries

On our website, among other things, tools from companies based in the USA or other third parties that are not secure from a data protection point of view are included. If these tools are active, your personal data may be transferred to these third parties and processed there. Please note that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. Therefore, it cannot be ruled out that U.S. authorities (e.g., intelligence agencies) may process, evaluate and permanently store your data on U.S. servers for surveillance purposes. We have no influence on these processing activities. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in a third country if the special requirements of Art. 44 ff. GDPR. This means that the processing is carried out, for example, on the basis of special guarantees, such as compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. To do so, simply send an informal e-mail to us at breathe@atem.app. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data processing in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to a profile based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you lodge an objection, we will no longer process your personal data concerned, unless we can prove compelling reasons for the processing that merit protection, that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or distribution of legal claims (objection pursuant to Art. 21 para. 1 GDPR). If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection in accordance with Art. 21 Para. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of your usual place of residence, your place of work or the location of the alleged violation. The right to appeal exists without prejudice to other administrative or judicial remedies.

Right to data transferability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract posted to you or to a third party in a common, machine-readable format. If you request the direct transfer of data to another party, this will only be done if it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

Keyed payment transactions in the app

If, after concluding a contract that is subject to a charge, you are obliged to provide us with your payment details (e.g. account number for direct debit authorization), this data is required for payment processing. Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via a secure SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. With encrypted communication, your payment details that you send to us cannot be read by third parties.

Information, deletion and correction

Within the scope of the applicable statutory provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to rectification or deletion of this data. You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of personal data.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases: If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data was/is unlawful, you can request the restriction of the data processing instead of deletion. If we no longer need your personal data, but you need them to exercise, distribute or enforce legal claims, you have the right to request the restriction of the use of your personal data instead of deletion. If you have lodged an objection in accordance with Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or for assertion, The data may only be processed with your consent or in order to assert, exercise or distribute legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Objection to advertising e-mails

We hereby object to the use of contacts published within the scope of the imprint obligation for the transmission of non-expressly requested advertising and information media. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising material, such as spam e-mails, being sent to them.

4. data collection on our web site

Cookies

Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your enduser device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your enduser device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, third-party cookies may also be stored on your end device when you access our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertisements. Cookies that are required to perform the electronic communication process (necessary cookies) or to provide certain functions that you want (functional cookies, e.g., for the shopping cart function). The data required to provide certain functions requested by you (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring web traffic) are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the relevant cookies will be carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); the consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or geneally and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be restricted. Insofar as cookies are used by third parties or for analysis purposes, you will be informed of this separately within the scope of this data protection declaration and, if necessary, consent will be requested.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: - browser type and browser version - used operating system - Referrer URL - Host name of the accessing server - Time of the server request - IP address These data are not combined with other data sources. The collection of this data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

Inquiry by e-mail or telephone

If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Article 6 (1) (f) of the German Data Protection Act) or on your consent (Article 6 (1) (a) of the German Data Protection Act), provided this has been requested. The data you send us via contact requests will remain with us until you ask us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory statutory provisions - in particular, statutory retention periods - remain unaffected.

Registration in the ATEM-App

You can register in the ATEM app to use basic and additional features in the app. The data entered for this purpose will only be used for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. For important changes, such as the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way. The processing of the data entered in the registry is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. For this purpose, a formless notification by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation. The data collected during registration will be stored by us as long as you are registered with ATEM and will be deleted afterwards. Any statutory periods of retention remain unaffected.

Login via Google Sign-in

We offer you the possibility to register and login for our ATEM-App with Google Sign-In. An additional registration is therefore not necessary. Google Sign-In is a service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. To register, you will be redirected to a Google page where you can log in with your usage data. This will link your Google profile and our service. Through the link, we automatically receive your name (first name, last name, username, your email address, your Google ID and a link to your Google profile picture. Of these, we only store email, username and ID. According to Art. 6 para. 1 p. 1 lit. b) DS-GVO, this information is absolutely necessary for the conclusion of the contract in order to be able to identify you. Your IP address, app ID and app start statistics are automatically sent to Google. A possible transfer of personal data to Google LLC, which is based in the USA, is carried out in accordance with the existing agreement between us and Google in accordance with the EU standard contractual clauses, which ensure the adequacy of the European level of data protection in accordance with Art. 46 (2) c) DS-GVO. For more information, please see Google's terms of use and Google's privacy policy.

Login via "Sign in with Apple

We offer you the possibility to register and login for our ATEM-App via "Sign in with Apple". Thus, an additional registration is not required. "Sign in with Apple" is a service provided by Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. This links your Apple ID and our service. You have the option to either share your email address or hide your email address. If you choose "Share my email address" we will receive the email address and name associated with your Apple ID. Apple's "Hide My Email Address" feature allows you to register for other services, such as the ATEM app, without revealing your email address. When you enable this feature when creating a new ATEM account, Apple generates a random email address with the domain @privaterelay.appleid.com. Anything sent to this address will automatically be forwarded to the email address associated with your Apple ID. This means that if you disable forwarding of your emails, you will not receive any emails from ATEM. So by linking, we automatically receive an email address, either the one linked to your Apple ID or one randomly generated by Apple. According to Art. 6 para. 1 p. 1 lit. b) DS-GVO, this information is mandatory for the conclusion of the contract in order to be able to identify you. ATEM does not pass on any data to Apple in this regard, but by connecting to Apple you at least transmit your IP address to Apple. The responsible party for the processing of personal data for persons who are located within the European Economic Area including Switzerland is Apple Distribution International ltd, Hollyhill Industrial Estate, Hollyhill Cork, Republic of Ireland. Possible processing of personal data by Apple Inc. takes place on the basis of standard data protection clauses in accordance with Art. 46 Para. 2 S. 1 lit. c). For more information on any data processing by Apple, please see Apple's privacy policy.

Permission of the app to access your camera

The app asks you for permission to use your camera. This feature enables pulse measurement in the ATEM app. The data is processed in accordance with Art. 6 (1) p. 1 lit. b) DS-GVO. No photos are created or stored. You can turn the function on or off at any time in the settings of the operating system of your end device.

Amazon Web Services

For hosting the database content, we use the Amazon Relational Database Service (RDS) of Amazon Web Services Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter "AWS") in accordance with Art. 6 para. 1. 1 lit. b) DS-GVO. All data collected as part of our offers are automatically encrypted and stored exclusively in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. The data transferred to AWS is stored on the servers until we delete it. We have concluded an order data processing contract with AWS, which includes the EU standard contractual clauses and ensures the adequacy of the level of data protection in accordance with Art. 46 (2) c) DS-GVO. You can find more information about AWS and data protection at https://aws.amazon.com/de/ses/ and in the privacy policy.

5. Social Media

Facebook Plugins (Like & Share Button)

Plug-ins of the social network Facebook are integrated on this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. You can recognize the Facebook plug-ins by the Facebook logo or the "Like" button on this website. An overview of the Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE. When you visit this website, a direct connection between your browser and the Facebook server is established via the plugin. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data or its use by Facebook. You can find more information about this in Facebook's data protection statement at: https://de-de.facebook.com/privacy/explanation. If you do not want Facebook to associate your visit to this website with your Facebook user account, please log out of your Facebook user account. The use of the Facebook plug-ins is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint representation agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of the Facebook products. You can assert affected parties' rights (e.g. requests for information) with regard to the data processed by Facebook directly with Facebook. If you assert the rights of the data subject with us, we are obligated to transfer them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Instagram plugin

On this website, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA.If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. Our joint obligations have been set forth in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

Social Media fan pages

ATEM maintains so-called fan pages with social media providers such as Instagram, Facebook (both: Facebook Inc. Menlo Park, California) and Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) in order to communicate with customers, interested parties and users active there and to inform them about our products, services and events. In the process, user data may be processed outside the EU. The aforementioned US providers have signed the EU standard contractual clauses and thus guarantee compliance with European data protection laws. According to the European Court of Justice (ECJ), we are jointly responsible with Facebook for the processing of your personal data. You can find the decision of the ECJ from 05.06.2018 here. There is a Joint-Controller Agreement with Facebook Inc. according to Art. 26 GDPR, which can be accessed here. Facebook Ireland undertakes to assume primary responsibility under the General Data Protection Regulation (GDPR) for the processing of Insights Data and to comply with all applicable obligations under the GDPR in relation to the processing of Insights Data (including but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). Facebook Ireland will also provide data subjects with the essentials of this Page Insights Addendum. Please contact Facebook to exercise your data subject rights. Facebook's privacy policy can be accessed here. When using the Facebook fan page, the following data is collected from you for the purpose of user communication and target group advertising: - User interactions (postings, likes, etc.) - Facebook cookies - Demographic data (e.g. based on age, place of residence, language or gender) - Statistical data on user interactions in aggregated form, i.e., without personal reference (e.g., page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day) The promotional use of personal data is the main focus, especially for Facebook. We use the statistics function to learn more about the visitors to our fan page. The use of the function enables us to adapt our content to the respective target group. In this way, we also use demographic information on the age and origin of users, for example, although no personal reference is possible for us here. In order to provide the social media service in the form of our Facebook fan page and to use the Insights function, Facebook generally stores cookies on the user's terminal device. These include session cookies, which are deleted when the browser is closed, and persistent cookies, which remain on the end device until they expire or are deleted by the user. For statistical evaluation purposes, we use the Facebook Insights function. In this context, we receive anonymized data on the users of our Facebook fan page. It is not possible for us to draw any conclusions about your person. For more information, please refer to Facebook's cookie policy. The processing of personal data of users is based on our legitimate interest in effective information of users and communication with users as well as for the purpose of statistical analysis pursuant to Art. 6 I lit. f GDPR.

6. analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Re-/Marketing Services

We use on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our offer within the meaning of Art. 6 para. 1 lit. f. GDPR) the marketing and remarketing services (in short "Google Marketing Services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). The legal basis for the use of this service is Art. 6 (1) sentence 1 letter f GDPR. We have entered into contractual agreements with Google to the effect that a sufficient level of data protection is also ensured in accordance with Art. 49 GDPR. The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offerings. The aforementioned information may also be linked on the part of Google with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests. The user's data is processed pseudonymously as part of Google's marketing services. This means that Google does not store and process the name or e-mail address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA. The Google marketing services we use include, among others, the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted-in to conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. We may include third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies that allow Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet. Furthermore, we may use the "Google Tag Manager" to integrate and manage Google analytics and marketing services on our website. For more information about Google's use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

Integration of third-party services and content

We use within our offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.

Youtube

We integrate the videos of the platform "YouTube" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/ , Opt-Out: https://adssettings.google.com/authenticated

IP Anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order data processing

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics with Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

Storage period

Data stored by Google at user and event level, which are linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID), are anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de.

Facebook Pixel, Custom Audiences and Facebook-Conversion

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. In this way, the behavior of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.The use of Facebook Pixel is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media.If a corresponding consent has been requested (e.g., consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) a GDPR; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/. You can also deactivate the "Custom Audiences" remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/

Google Fonts

We integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated

7. newsletter

Newsletter Data

If you would like to receive the newsletter offered on our website www.atem.app, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Mailchimp

ATEM uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. When you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on MailChimp's servers in the USA.With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web-beacon) connects to the servers of MailChimp in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.

Signing of a data processing agreement

We have concluded a so-called "data processing agreement" with MailChimp, in which we oblige MailChimp to protect the data of our customers and not to pass it on to third parties.

8. plugins and tools

Information shared with other providers such as Google Fit or Apple HealthKit.

At your direction, we may cause certain information to be transferred to other applications, such as the Apple HealthKit or Google Fit, in order for us to receive information from those applications, which we in turn use to improve the service we offer. Before you instruct us to share your information with another provider, you should review the relevant provider's privacy policy, as any information you share with us is subject to that policy. Act the event that you use any of these applications, you should be cautious about granting these applications, service providers or individuals access to your information through these service providers. While much of the information collected by these service providers is innocuous, people who have insight into ATEM data may be able to access a variety of personal information. - ATEM does not share user data or other information collected through the use of HealthKit or Google Fit with third parties who may use it for advertising, data mining, or similar purposes and do not directly intend to improve health, pursue health purposes, or advance medical research. - Act the event that information is collected through the Apple HealthKit or Google Fit, it is for the sole purpose of enabling third parties to provide health or fitness services or to use it for medical research. - We do not sell any of your information, including information collected through the Apple Health Kit or Google Fit, to advertising platforms, broker services, or resellers of information.We do not use any of the information we receive through Apple HealthKit or Google Fit for any purpose other than to provide health or fitness services in connection with this Service.

Zendesk

We use the Zendesk CRM system to handle user requests. The provider is Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA. We use Zendesk to process your requests quickly and efficiently. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. You can only send requests by providing your email address and without providing your name.The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal requirements - especially retention periods - remain unaffected. Zendesk has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding corporate rules that legitimize corporate data transfers to third countries outside the EU and EEA.Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/. If you do not agree to us processing your request via Zendesk, you can alternatively communicate with us directly by email (to: breathe@atem.app). For more information, please see Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/. IP Address. Your name is not required for the chat.

Signing of a contract on order processing

We have concluded a contract with Zendesk in which we oblige Zendesk to protect our customers' data and not to pass it on to third parties.

9. eCommerce and payment providers

Processing of data (customer and contract data) We collect, process and use personal data only insofar as they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected. Data transmission upon conclusion of a contract for services and digital content We only transmit personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with payment processing. A further transmission of data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

APP

Collection of personal data when using the ATEM mobile app

• No registration is necessary to use the ATEM app. Simply use the "anonymous login" function for this purpose. In this case, your data will be stored anonymously and without direct personal links (such as email or name). If you choose to register Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA, "Facebook"), we will receive the following personal data: • First and last name • email address • Gender • Date of birth • profile picture • Friends list (this can be deselected under the "edit" link). If you choose to register by email, we will receive the following personal data: • E-mail address All data that you send to us from registration or login (e.g. e-mail address, profile details) are transmitted in encrypted form. This encryption protects the confidentiality of the data exchange between your computer and our web server and helps to prevent e.g. eavesdropping. We use SSL (Secure Socket Layer) as encryption technology. With regard to our databases, all technical precautions have been taken to store your data in a secure environment. Access to the totality of your information is reserved only to those employees who need it to carry out their professional activities and is granted only for the purposes of quality control, as well as for the verification of complaints and the prevention of fraud. All our employees are bound by an agreement to observe data protection and are instructed accordingly. Any personal data that you explicitly provide to us through our app will only be used for the purposes for which you have provided it to us. Any data that may be provided after registration in the App is optional and is intended to improve the effectiveness of ATEM Services. This optional data is as follows: • First Name • Weight • Height • Fitness level • Sex, gender • Age, date of birth • Fitness and health goals • Pre-existing conditions Furthermore, the app requires some permissions to access data and features of your smartphone, these are: • In-app purchases • Device ID • Show above other apps • Disable phone sleep mode • Push messages • Control vibration alert • By downloading the mobile app, the required information is transferred to the respective app store, i.e. in particular user name, email address and customer number of your account, time of download, payment information and the individual device identification number. This data collection is carried out by the respective app stores. We have no influence and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device. • If you want to use the mobile app, we also collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR): • IP address of your mobile device; • Type and version of your mobile device (e.g. "iPhone 6, iOS 8.1"). • Date and time of the request; • Time zone difference from Greenwich Mean Time (GMT); • Content of the request (specific page); • Access status/HTTP status code (file transferred, file not found, etc.); • Amount of data transferred in each case; • File name of the requested file; • Operating system of the end device used and its interface; • Language and region settings of the end device; • Screen resolution, CPU brand, CPU model, screen size and screen density of the end device; • RAM memory of the end device; • App version. After the end of the usage process, this data is stored in anonymized form, i.e. without your IP address, in so-called log files. These log files are evaluated exclusively for statistical purposes; they are not passed on to third parties. • We use advertising identifiers in the app on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) advertising identifiers in the app. For advertising purposes, we use the so-called "Advertising Identifier" on iOS devices and the "Google Advertising ID" (collectively "Identifier") on Android devices. This identifier is a unique, but non-personalized and non-permanent identification number for a specific device provided by iOS or Android. The data collected via the Identifier is not linked to any other device-related information. We use the identifier to provide you with personalized advertising and to evaluate your usage. If you activate ad tracking in the settings of your operating system (under iOS under "Privacy" - "Advertising" the option "no ad tracking", under Android "Settings" -> "Google Settings" -> "Google" -> "Ads" -> "Disable personalized advertising"), we can do the following: • Measuring your interaction with banners by counting the number of times a banner is displayed without being clicked ("frequency capping"), • click-through rate, • detection of unique usage ("unique user"). • Security measures • Fraud prevention • Troubleshooting. You can delete the identifier at any time in the device settings (on iOS "Reset Ad-ID"); a new identifier will then be created, which will not be merged with the previously collected data. Please note that you may not be able to use all functions of our app if you restrict the use of the identifier. • You can subscribe to our email newsletter within the app using the double opt-in process. Please refer to the "Newsletter" section at the top of this page for more information.

Push Notifications

We use push notifications within the app on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. f. GDPR) push notifications within the app. The app can notify you of certain news via push notifications, even if you are not actively using or have opened the app at the moment. The app uses these push notifications only if you have enabled them in the operating system. When you activate the push notification service, your device is assigned a so-called device token from Apple or a so-called registration ID from Google. The sole purpose of our use of these IDs is to provide the push services. Without a device token or registration ID, no push messages can be sent to you for technical reasons. These IDs are only encrypted, randomly generated numbers. It is not possible for us to identify individual users \n Notes for Apple users To be alerted to certain events and topics through push notifications, even if you are not currently using the app, you must give the app the necessary permission. Without your permission, which you give by activating it in the settings, we cannot send you a push message. You can adjust the permissions for push notifications in the iOS settings and also turn push notifications on or off at any time later To do this, open the app settings of iOS and select the menu item "Messages". In the following menu, you will find an overview of all apps installed on your device that have a push message function. Select our app here. Here you can turn the push notification function on or off. You also have the option to customize the app's push message display to your liking \n Notes for Android users On Android, all apps are set by default to allow you to receive push messages even if you don't have the app open or are using it. This cannot be avoided due to Google's technical specifications, over which we have no influence Within the app, you can turn off the push services you have enabled (more -> Messages) at any time. Regardless of the settings in the app, you can also turn off the reception of push notifications by going to the "App Settings" in the main menu of your device and selecting "Apps" in the following menu item. There you will then find an overview of all apps installed on your device. Select our app here. You can then turn the push notification function on or off via the "Show notifications" checkbox.

Google Firebase

• Basics: We use Firebase for our app on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) for our app Firebase. Firebase is a real-time database that can be used to integrate real-time information into our own websites or in our apps. All personal data and app usage data are transmitted to Firebase. Firebase is a Google subsidiary based in San Francisco (CA), USA. The following functions are used: • we use the Firebase real-time database to store and persist your personal data and app usage data • tracking user behavior via the Firebase database and Google Analytics for Firebase (see below in paragraph b) • tracking of app crashes and their reasons via Firebase Crashlytics (see below in par. c) • push notifications via Firebase Cloud Messaging (see below in par. d) • configuration of app settings via Firebase Remote Config (see below in para. e). You can find Firebase's privacy policy at https://www.firebase.com/terms/privacy-policy.html. The legal basis for this processing is Art. 6(1) sentence 1 letter f GDPR. As a guarantee according to Art. 44ff GDPR, Google has signed the EU standard contractual clauses. • Evaluation of user behavior (app tracking) within the app - with Google Analytics: We use Google Analytics, a web analytics service of Google LLC ("Google") within the app, based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) Google Analytics, a web analytics service provided by Google LLC ("Google") within the app.The legal basis for this processing is Art. 6 (1) sentence 1 letter f GDPR. We have entered into contractual agreements with Google to the effect that a sufficient level of data protection is also ensured in accordance with Art. 49 GDPR.The insights gained in the process help us to improve this app and thus make your user experience more convenient and effective. Google Analytics is a real-time database which we use for real-time data exchange and storage. In this process, user data is transmitted to Google Analytics. Google Analytics is a service of Google Inc. The privacy policy of Google Analytics can be found at https://www.google.com/intl/en/policies/privacy. For more information on data usage by Google, setting and objection options, please refer to Google's privacy policy (https://policies.google.com/technologies/ads ) as well as the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated ).The personal data of the users will be deleted or anonymized after 14 months.

Crashlytics

We use Firebase Crashlytics to track app crashes and prevent them in the future. In the event of a crash, a crash report is automatically generated, which contains the type of end device used, the operating system, your last activities in the app and your geolocation in pseudonymous form and is sent to Google. Information around how Crashlytics works can be found here: https://firebase.google.com/products/crashlytics/

Cloud Messaging

The app uses Firebase Cloud Messaging to send messages to users of the app. To do this, the app sends a previously generated, anonymous device ID (token) to Google so that we can identify users of the app and address them with message content. Information around how cloud messaging works can be found here: https://firebase.google.com/products/cloud-messaging/

Remote Config

The app uses Firebase Remote Config to allow us to modify the app on the devices it is installed on without having to completely reinstall it from the respective app store every time a change is made. For this purpose - Your device information, - your language settings and - your country settings are transferred to Google in the USA and processed there. Information about how Remote Config works can be found here: https://firebase.google.com/products/remote-config/ . If you do not want the categories of data mentioned in this section to be collected and processed, you must not use the app.

Apple Search Ads

We use the marketing service Apple Search Ads on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) the marketing service Apple Search Ads, which is operated by Apple Inc. 1 Infinite Loop, Cupertino, California, USA, 95014. Apple Search Ads is a service used to serve ads for our App that appear in the Apple Appstore. Within the app, the clicks and conversions (e.g. registrations and in-app purchases) of these ads are evaluated anonymously. The privacy policy of Apple Search Ads can be found at https://searchads.apple.com/de/privacy/ .

Facebook Analytics

We use Facebook Analytics of the social network facebook.com, which is operated by Facebook Ireland Ltd. Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 (1) f. GDPR) Facebook Analytics of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (further information can be found here). This allows us to track and analyze which marketing channels or sources, in conjunction with Facebook, deliver the best results in getting users to download products and better understand how our users use our app. For this purpose, Facebook Analytics processes IDFA and GAID or similar mobile device IDs. The legal basis for the use of this service is Art. 6(1) sentence 1 letter f GDPR. We have entered into contractual agreements with Facebook to the effect that a sufficient level of data protection is also ensured in accordance with Art. 49 GDPR.

Appsflyer

The ATEM App uses AppsFlyer, an analytics service provided by AppsFlyer Inc , 111 New Montgomery Street, San Francisco, CA 94105. To measure the success of our marketing campaigns, we use AppsFlyer tracking software. With the help of AppsFlyer, we collect and store data about the use of our app using a pseudonym. The usage profiles created in this way are used to analyze visitor behavior and are evaluated in order to improve our offer and design it in line with requirements. Cookies may be used for this purpose. The pseudonymized usage profiles are not combined with other personal data about the bearer of the pseudonym without the user's express consent, which must be given separately. The legal basis for the use of this service is Art. 6 (1) sentence 1 letter f GDPR. We have entered into contractual agreements with AppsFlyer to the effect that a sufficient level of data protection is also ensured in accordance with Art. 49 GDPR. AppsFlyer has signed the EU standard contractual clauses pursuant to Art. 44ff GDPR and thereby offers a guarantee of compliance with European data protection law: https://www.appsflyer.com/gdpr/dpa.pdf You can object to the collection and storage of data by AppsFlyer at any time with effect for the future by following the instructions at https://www.appsflyer.com/optout.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law. According to legal requirements in Germany, data is stored in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

Delete user account

To delete your ATEM account and all related data, please contact our support team at info@atem.app with the request from the email address associated with your account. If you receive an automated response, please reply directly to this message and we will take care of it. If instead you just want to unsubscribe from our newsletter emails, you can do so by clicking the unsubscribe button in the email. Please note that once your account has been deleted by us, it cannot be recovered. Also note that it may take up to 72 hours for our email system to remove you from our email list.

Privacy policy last updated on:

17.10.2022