Privacy Policy

Plant Product Design UG (haftungsbeschränkt), 2024-07-18

Principle of anonymous data use

In principle, our website can be used without providing personal data. The use of individual services and offers (KnowDrugs App for Android, KnowDrugs App for iOS, KnowDrugs Website[in short ‘KnowDrugs Apps’]) on our website and in our apps can entail divergent regulations which in this case are explained separately below. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

When you access our website or Apps, some information, such as IP address, is transferred. You are also providing information about the end device used (computer, smartphone, tablet etc.), the browser used (Internet Explorer, Safari, Firefox etc.), time of visit to the website, the so-called referrer and volume of data transferred.

We cannot use this data to identify an individual user. We only use this information to determine how attractive our offers are and to improve their performance or content, if necessary, and make their design even more appealing to you.

Please bear in mind, however, that in the case of a static IP address, personal identification is possible by RIPE query in individual cases, although we do not perform this. Nevertheless, this website is accessible for both static and dynamic IP addresses assigned.

Collection and processing of personal data

In the case of use purely for information, i.e. if you do not register or send us information another way, we only collect personal data which your browser transfers to our servers. If you want to view our website, we collect the following data, which we require for technical purposes in order to show you our content and guarantee stability and security (legal basis is a legitimate interest pursuant to Article 6 (1) (f) GDPR).

In the context of the balance of interests in accordance with Article 6 (1) (f) GDPR, we have considered and weighed up our interest in website provision and your interest in data protection compliant processing of your personal data. As the data below is technically required for the provision of our service in order to offer you our website and also guarantee stability and security, in particular protection against misuse, we have reached the conclusion that, with a state-of-the-art oriented data security guarantee, this data can be processed whereby appropriate consideration will be given to your interest in data protection compliant processing.

Data Purpose of processing Storage period
Operating system used Ensure evaluation by device and optimized display of the website or app Up to 30 days after deletion of the customer account
Information about the browser type and version used Evaluation of the browser used to optimize our websites for it Up to 30 days after deletion of the customer account
IP address Presentation of the website on the respective device
Investigation and prevention of fraud
Proof of user’s consent to receiving the newsletter
Up to 30 days after deletion of the customer account
Date and time of visit Presentation of the website on the respective device
Investigation and prevention of fraud
Proof of user’s consent to receiving the newsletter
Up to 30 days after deletion of customer account
If applicable, manufacturer, model and version of the smartphone, tablet or other device as well as the app type and version Evaluation of device manufacturers and types of mobile end devices for statistical purposes Up to 30 days after deletion of customer account
Session ID Identification of installation Up to 30 days after deletion of customer account

The collection of data for website provision and the storage of data in log files is imperative for website operation. Consequently, users may not object to this.

 

Registering a KnowDrugs Account

You can use the KnowDrugs App without registering any account as well as registering with Email and a password specified by you.

When you register a KnowDrugs account with Email/Password, Google or Apple, we will store and process the following information:

Data Purpose of processing Legal basis of processing Storage period
Email address Customer account identification Performing the contractual relationship Up to 30 days after deletion of the customer account
Password Customer account identification Performing the contractual relationship Up to 30 days after deletion of the customer account
IP address at login Data transfer at registration to web server Performing the contractual relationship Indefinite

Name of provider Provider type Data transfer to third party country Third party country Guarantees in acc. with Art. 44 ff GDPR
Google Firebase Order processor Yes USA EU standard contractual clauses

Registering with Google

We also offer you the opportunity to create your KnowDrugs account using your Google account, or to link your KnowDrugs account to your Google account. You can register or log in to KnowDrugs using your Google account if you simply use Google instead of the other options while registering your KnowDrugs account. You will then be forwarded to Google (where you must be logged in or require an account) and receive an explanation of which of your data we need from Google, namely your public profile information such as first and last name, gender, and the email address you are using there. This information is required for identification purposes in order to create a secure KnowDrugs account for you. Your Google account and your KnowDrugs account will be permanently linked using your email address. We store your email information in-house and will send you information using this address as needed. We can also tell that you have logged in using Google. As soon as you log in to Google, you can log in to KnowDrugs. We will not submit any information on you to Google without your consent.

Important: We do not record your Google login data in any way, and cannot post anything to your Google profile without your having expressly consented to this.

You can learn how Google handles privacy settings using Google’s privacy policy and terms of use; these also include the applicable conditions for the previously specified option of logging in and registering to KnowDrugs.

Data Purpose of processing Legal basis of processing Storage period Platform
Email address Customer account identification Performing the contractual relationship Up to 30 days after deletion of the customer account Google
Password Customer account identification Performing the contractual relationship Up to 30 days after deletion of the customer account Google
IP address at login Data transfer at registration to web server Performing the contractual relationship Indefinite Google

Registration with Apple

You can also register and log in using the “Apple Login” function from your Apple account. When you log in with your Apple ID for the first time, the app will prompt you to enter your name and your email address so that an account can be set up for you. We store your email information in-house and will send you information using this address as needed. You will not be tracked by Apple and a profile of you will not be created while you are using the “Register with Apple ID” function. Apple only collects information required for you to log in and manage your account.

You will stay logged into our app automatically as long as you stay logged in on your device. Here you can find more information on the Apple login.


Data collection, purposes and use in the context of the KnowDrugs service

Access rights

We require these access options and information to ensure the technical function of our app and to provide the services offered with the app, in particular to access your camera or your photos for looking up similar-looking pills comparing a photo you send to us with our database and to send you push notifications to inform you about new drug alerts. During the installation procedure or before you use the app for the first time, we request permission to access individual functions and information. We will only access these functions with your approval. You can revoke access rights manually in the settings for each operating system. You can find out how this works in the manufacturer instructions for your mobile OS. However, please note that you can only use the app to a limited extent or you cannot use it at all without the relevant approval.

Before you either use the app for the first time, or use a function for the first time, we ask the user for the permissions for the purpose described below:

Permission Purpose Legal basis of processing
Camera Taking photos for image-search Consent
Photo library Selection of photos for image-search Consent

Delivery of push notifications

(granted by the operating system)

Receipt of push notifications Consent
Mobile data/WLAN
(granted by the operating system)
Use of Internet and downloading of new content

Analysis of location data

Based on our legitimate interests (Art. 6 para. 1 lit. f) GDPR) we use the ipdata geolocation service which is provided by Ipdata LLC, 2035 Sunset Lake Road Suite B-2, Newark, Delaware 19702, USA. Ipdata LLC determines the users’ approximate location by means of their IP address being transmitted to ipdata LLC. The purpose is to facilitate the technical implementation of our mobile app, to offer app contents in accordance with the users’ location (such as drug alerts and drug counselling organisations) and thereby to provide user-specific information. The users’ IP addresses will be allocated to their approximate location data based on the country of which the IP address originates. KnowDrugs does not store the geolocation data retrieved from ipdata LLC.

KnowDrugs has entered into a data processing agreement with Ipdata LLC to ensure compliance with applicable European data protection law.

Name of provider Provider type Data transfer to third party country Third party country Guarantees in acc. with Art. 44 ff GDPR
ipdata Order processor Yes USA EU standard contractual clauses

Push notifications as part of the user experience

We require your consent if you wish to receive our push notifications on your mobile iOS device even if the app is not open. Our app only uses push notifications if you have given your explicit consent to these. You can disable push notifications in settings at any time. If you use an Android device, push notifications are permitted automatically unless you disable this in your settings.

Name of provider Provider type Data transfer to third party country Third party country Guarantees in acc. with Art. 44 ff GDPR
Google Firebase Order processor Yes USA EU standard contractual clauses

Data Purpose of processing Legal basis of processing Storage period
Device token Sending to your device Consent Until revocation of consent

Newsletter, newsletter personalization and analysis of user behavior

You can subscribe to our newsletter if you want to receive regular updates or information about topics and products that are referred to in the declaration of consent.

We need a valid email address for you for subscription purposes.

To make doubly sure that you actually want to receive information from us, we use the double opt-in procedure. Once you have subscribed, you will receive a link by email which you can use to activate the newsletter service. In other words, we will send an email to the address given when you subscribed in which we ask for confirmation that you want to receive the newsletter.

Name of provider Provider type Data transfer to third party country Third party country
Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin Managing contacts & sending messages No

Data in the context of the newsletter
Data in the context of the personalized newsletter (*)
Purpose of processing Legal basis of processing Storage period
Time of registration Proof of double opt-in (DOI) Consent Up to 30 days after deletion of the customer account
IP address during DOI Proof of double opt-in (DOI) Consent Up to 30 days after deletion of the customer account
Time of DOI verification Proof of double opt-in (DOI) Consent Up to 30 days after deletion of the customer account
Email address Newsletter dispatch Consent Until revocation/objection
Firstname Direct approach Consent Until revocation/objection

Cookies and tracking pixels and similar technologies on our website

To improve our web service and make your experience as comfortable as possible, we use cookies, tracking pixels, or similar technologies. Cookies are small text files saved on your computer when you visit our website. They help us recognize your browser as yours. Cookies save information such as your language settings or the duration of your visit to our website. They save data entries you make on the website, like when you log in, so you don’t need to enter your data each time you use our services. Cookies help us to recognize your preferences and adjust our website to your areas of interest.

Every time our website loads, we record how often it is visited and clicked on by using tags on our website called tracking pixels. These tracking pixels do not interfere with your computer.

We only use performance cookies and advertising cookies with your consent in accordance with Section 25 (1) TTDSG. If you want to prevent the storage of performance cookies and advertising cookies, you can select “Do not accept cookies” in the browser and app settings. You can change this at any time by changing your cookie settings above. You can find out how this works in detail in your browser from your browser manufacturer’s instructions. You can delete cookies that are already stored on your computer at any time. However, we would like to point out that our website and app can only be used to a limited extent without cookies.

We use cookies and tracking pixels for different purposes, which also means they have different legal bases and storage periods. You will find more information about that in the following sections:

Cookies, tracking pixels and similar technologies on our website

Required and functional cookies

These cookies are required to ensure the use of essential services of this website and the operation of the App. Without these cookies, you will not be able to view our site properly. We also utilize functional cookies which assist us in the continuous improvement of our website and App.

  • Analytics services are used to analyze data based on your browsing behavior (e.g. which pages you have visited on the website or how you use our App) and to improve the functionality and design of our website / App. For this purpose, we use only an unique identifier, but no information that can be used to identify you (such as your name or email address).
  • Quality assurance tools are used to measure errors presented on a website, to make sure we fix bugs or any issues promptly.
  • Test services: The use of A/B tests or multivariate tests ensures consistent website / App design and user experience in the current and subsequent sessions

The legal basis is in this respect for access to your terminal device is Section 25 (2) No. 2 TTDSG and for the subsequent processing of personal data our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

 

Technologies in our app “KnowDrugs Drug Checing”

We use various technologies to improve the performance of our application, personalize user experiences and provide relevant content. These technologies may collect information about your use of our app, including device information, IP addresses, location data and interactions with the app. The data collected is used exclusively to improve our services and personalize content. KnowDrugs does not sell any of this data at not time.

Necessary technologies

These services are used to ensure the technical performance of the application and to provide you with the most basic content. Functional cookies enable smooth use of our application by allowing you to create an account, log in and view content. These technologies must always be activated in order to use our mobile app and therefore cannot be deactivated. The legal basis in this context is our legitimate interest in the provision of technical functionality, optimization and development of services in accordance with § 25 para. 2 no. 2 TTDSG in conjunction with Art. 6 para. 1 letter f GDPR.

This includes:

 Crashlytics: To collect crash reports and error diagnostics in order to improve the stability of the application.

 Firebase RemoteConfig: For dynamic customization of app settings and functions based on user segments.

 Firebase Cloud Messaging for Android devices: To provide push notifications and in-app messages to our users. This service is only activated if you have consented to receive push notifications.

Analytical and performance technologies

These technologies are used to improve the performance of our app and perform business-related analysis. We use analytical technologies to understand user behavior so that we can improve our app and communication. We use information about previous actions and interactions to display personalized content. The legal basis for processing the data is your consent in accordance with Section 25 (1) TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your consent can be revoked at any time in the app settings.

This includes:

 Google Firebase Analytics: For analyzing user behavior and interactions within the application. Firebase is a sub-service of Google Analytics. When Firebase is used in the app, the data is forwarded to Google Analytics via Google Tag Manager. You can find more information on how this works in the “Google Analytics” section

 Google Advertising ID: A unique identifier on Android devices that is used for ad personalization and measurement.

 IDFV: A unique identifier on iOS devices used for internal purposes such as analyzing usage data and app install attribution.

Google Analytics

We use the Google Analytics service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to analyze our website visitors. Google uses cookies to track the use of the online product or service by users and the information is generally transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available here. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses. For more information on data processing by Google Analytics, please refer to the privacy policy of the provider.

If you do not wish to be tracked by Google Analytics in the future, you can opt out at any time by writing an email to [email protected].

 

Heroku by Salesforce

We use the Heroku app hosting service from salesforce.com Salesforce Germany (Erika-Mann-Strasse 31-37, 80636 München, Germany) for hosting certain backend functions of the KnowDrugs App. Salesforce’s Privacy Policy can be found here: https://www.salesforce.com/company/privacy/

Firebase by Google

We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in order to derive application behavioral analytics. We use that information to see how users interact with our website and app.

Firebase is part of the Google Cloud Platform and offers numerous services for developers. Some Firebase services process personal data. In most cases, the personal data is limited to so-called “instance IDs”, which are provided with a time stamp. These “Instance IDs” assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not represent personally identifiable information for us, nor do we make any efforts to personalize it subsequently. We process these aggregated data to analyze and optimize usage behavior, for example by evaluating crash reports.

Currently, we use the following Firebase services for our App:

Google Analytics for Firebase: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. You can find more information via this link: https://support.google.com/firebase/answer/6318039.
and on Google’s partner policy. Google Analytics retains ID-associated data for 60 days, and retains aggregate reporting and campaign data without automatic expiration, unless the Firebase customer changes their retention preference in their Analytics settings or deletes their project.For Analytics for Firebase, Google uses not only the “Instance ID” described above, but also the advertising ID of the end device. You can restrict the use of the advertising ID in the device settings of your mobile device. For Android: Settings > Google > Ads > Reset Ad ID For iOS: Settings > Privacy > Advertising > No ad tracking. The legal basis for the use of Google Analytics is § 25 para. 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR.

Firebase Hosting: Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data. Hosting retains IP data for a few months.
Place of processing: United States – Privacy Policy

Firebase Dynamic Links: Dynamic Links uses device specs on iOS and Android to open newly-installed apps to a specific page or context. Dynamic Links only stores device specs temporarily, to provide the service.

Firebase Remote Config: Remote Config uses Instance IDs to select configuration values to return to end-user devices. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days. The legal basis for the use of this service is Section 25(2)(2) TTDSG in conjunction with Art. 6 para. 1 letter f GDPR.

Firebase Cloud Messaging: Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymized push reference is assigned to the mobile device, which serves as a target for the push messages or in-app messages. The push messages can be deactivated and reactivated at any time in the settings of the mobile device. Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase will use this information on our behalf for the above mentioned reasons.

The legal basis for the use of Firebase Cloud Messaging is § 25 para. 2 no. 2 TTDSG i.V.m. Art. 6(1)(f) GDPR. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses.

Firebase Realtime Database: Firebase Realtime Database is a hosting and backend service provided by Google Ireland Limited.
Purpose: Providing of hosting & backend infrastructure for our apps
Personal Data collected: Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy

Firebase Cloud Firestore: Firebase Cloud Firestore is a hosting and backend service provided by Google LLC.
Purpose: Providing of hosting & backend infrastructure for our apps
Personal Data collected: Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy

Firebase will use this information on our behalf for the above-mentioned reasons.

Firebase Crashlytics: We use Firebase Crashlytics to collect and analyze information about crashes and errors in our app. Firebase Crashlytics helps us to monitor the stability and performance of our app and to quickly identify and fix problems.

The information collected by Firebase Crashlytics is used exclusively to analyze and fix crashes and errors in our app. This information may include the following: Device information such as model, operating system version and device ID, information about the timing and duration of crashes, information about the state of the application at the time of the crash, such as stack tracing. The legal basis for the use of this service is § 25 para. 2 no. 2 TTDSG i.V.m. Art. 6(1)(f) GDPR.

 

Name of provider Provider type Data transfer to third party country Third party country Guarantees in acc. with Art. 44 ff GDPR Storage period
Crashlytics by
Google Ireland Limited
Gordon House
Barrow Street\ Dublin 4, Ireland
Order processor Yes USA EU-Standard Contractual Clauses 90 days

 

RevenueCat

The KnowDrugs app for Android and iOS uses RevenueCat to facilitate subscriptions (Place of processing: US). RevenueCat is a service used to verify App Store receipts, process subscription purchases, restore previous purchases and sync purchase status between devices signed into your Apple ID (on iOS) or Gmail Address (on Android). RevenueCat provides us with data on when a user first used the app and with information about purchased subscriptions. This information is linked to an anonymous App User ID. No other information (like your IP address, email, etc.) is collected or transmitted. RevenueCat does not have access to any Personal Information. RevenueCats privacy policy can be found here: https://www.revenuecat.com/privacy.

Social media fan pages

KnowDrugs maintains so-called fan pages with social media providers like Instagram and Facebook (both: Facebook Inc. Menlo Park, California) in order to communicate with users, interested parties, and users who are active there, and to inform them about our products and services. In doing so, the users’ data can be processed outside of the EU. The above-mentioned US providers have signed the EU standard contractual clauses and thus guarantee the observance of European data protection laws.

In the opinion of the European Court of Justice (ECJ), we are responsible, together with Facebook, for the processing of your personal data. You can find the decision of the ECJ dated June 5, 2018 here: http://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=298398

A Joint Controller Agreement exists with Facebook Inc. pursuant to Art. 26 GDPR, which can be found here: https://www.facebook.com/legal/terms/page_controller_addendum. Facebook Ireland pledges to assume the main responsibility in the context of the General Data Protection Regulation (GDPR) for the processing of Insights data and to fulfill all applicable obligations in the context of the GDPR with reference to the processing of Insights data (including, but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR, and Articles 32 to 34 GDPR). Facebook Ireland will also make available the essential information of this Page Insights Addendum to the affected parties. Please contact Facebook to assume your rights as affected parties. The Data Policy of Facebook can be found here: https://www.facebook.com/privacy/explanation

When using the Facebook fan page, the following data will be collected from you for the purpose of user communication and target group advertising:

  • user interactions (posts, likes, etc.)
  • Facebook cookies
  • demographic data (e.g., based on information regarding age, place of residence, language, or gender)
  • statistical data on user interactions in aggregated form, that is, without the possibility to relate the information to any particular persons (e.g., page activities, page impressions, page previews, likes, recommendations, articles, videos, page subscriptions, incl. source, times of day)

The usage of personal data for advertising purposes is of particular importance for Facebook. We use the statistics function to find out more about visitors to our fan page. The use of the function enables us to adapt our content to the respective target group. In this way we also use, for example, the demographic information about the users’ age and location, whereby it is not at all possible for us to relate this information to persons.

In order to provide the social media service in the form of our Facebook fan page and to use the Insight function, Facebook generally saves cookies on the end device of the user. These include session cookies, which are deleted when the browser is closed, and persistent cookies that remain on the end device until they expire or are deleted by the user.

We use the Facebook Insights function for statistical evaluation purposes. In this connection, we receive anonymized data concerning the users of our Facebook fan page. As a result, it is not possible for us to trace them back to your person. For more information, you can refer to the cookie guideline https://www.facebook.com/policies/cookies/ of Facebook.

The personal data of users are processed on the basis of our justified interest in effectively providing information to users and maintaining communication with the users, as well as for the purposes of statistical evaluation pursuant to Art. 6(I) (f) GDPR.

Transfer of data to third parties

We only pass your personal data on to third parties if:

  • you have given your explicit consent to this,
  • forwarding data is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on,
  • in the event that we have a legal obligation to forward data, and
  • this is legally permissible and required for the performance of the contractual relationship with you.

In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union due to the GDPR. If the recipient is located outside the European Union / European Economic Area, we have taken the necessary measures such as signing the EU standard contractual clauses approved by the EU Commission, and have additionally taken appropriate security precautions.

Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:

  • your personal data could be processed over and above the intended purpose.
  • Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for example, your right of access, to rectification, erasure, or data portability, on a consistent basis and enforce these.
  • It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.

Your Rights

Information on the rights of data subjects

Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.

Information on the option to lodge a complaint

You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.

You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

CCPA Consumer Rights (Additional California Privacy Rights)

This section provides additional details for California consumers about the rights afforded to them under the California Consumer Privacy Act or “CCPA“.

In addition to the rights mentioned above under “information on the rights of data subjects”, California consumers have the right not to be discriminated against for having exercised their rights under the CCPA. In particular, Freeletics may not deny you goods or services, charge you different prices for goods or services, either by denying benefits or imposing penalties, provide you with a different level or quality of goods or services or threaten you with any of the above. In addition, Freeletics does not sell the personal information we collect (as defined in the CCPA) and will not sell it without providing you the right to opt out.

Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Information on the right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

Our website may contain links to the websites of other providers. Please note that this Data Privacy Statement applies only to the website of KnowDrugs. We have no influence on or control over the compliance of other providers with applicable data protection regulations.

Amendments to the Data Privacy Statement

We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.

Controller and data protection officer

Alternatively, you may contact our external data protection officers at any time if you have any questions regarding the collection, processing or use of your personal data or in the case of access, rectification, blocking or erasure:

Personal/Confidential

Data controller Controller’s data protection officer
Plant Product Design UG (haftungsbeschränkt)
Skalitzer Str. 33
10999 Berlin
Germany
E-Mail:: [email protected] 
represented by Managing Director Philipp Kreicarek
Plant Product Design UG (haftungsbeschränkt)
Data Protection Officer
Skalitzer Str. 33
10999 Berlin
Germany
E-Mail: [email protected]