Plant Product Design UG (haftungsbeschränkt), 2022-01-15
Principle of anonymous data use
In principle, our website can be used without providing personal data. The use of individual services and offers (KnowDrugs App for Android, KnowDrugs App for iOS, KnowDrugs Website[in short ‘KnowDrugs Apps’]) on our website and in our apps can entail divergent regulations which in this case are explained separately below. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).
When you access our website or Apps, some information, such as IP address, is transferred. You are also providing information about the end device used (computer, smartphone, tablet etc.), the browser used (Internet Explorer, Safari, Firefox etc.), time of visit to the website, the so-called referrer and volume of data transferred.
We cannot use this data to identify an individual user. We only use this information to determine how attractive our offers are and to improve their performance or content, if necessary, and make their design even more appealing to you.
Please bear in mind, however, that in the case of a static IP address, personal identification is possible by
Collection and processing of personal data
In the case of use purely for information, i.e. if you do not register or send us information another way, we only collect personal data which your browser transfers to our servers. If you want to view our website, we collect the following data, which we require for technical purposes in order to show you our content and guarantee stability and security (legal basis is a legitimate interest pursuant to Article 6 (1) (f) GDPR).
In the context of the balance of interests in accordance with Article 6 (1) (f) GDPR, we have considered and weighed up our interest in website provision and your interest in data protection compliant processing of your personal data. As the data below is technically required for the provision of our service in order to offer you our website and also guarantee stability and security, in
Data | Purpose of processing | Storage period |
---|---|---|
Operating system used | Ensure evaluation by |
Indefinite |
Information about the browser type and version used | Evaluation of the browser used to optimize our websites for it | Indefinite |
IP address | Presentation of the website on the respective device Investigation and prevention of fraud Proof of user’s consent to receiving the newsletter |
|
Date and time of visit | Presentation of the website on the respective device Investigation and prevention of fraud Proof of user’s consent to receiving the newsletter |
|
If applicable, manufacturer and model of the smartphone, tablet or |
Evaluation of device manufacturers and types of mobile end devices for statistical purposes | Indefinite |
The collection of data for website provision and the storage of data in log files is imperative for website operation. Consequently, users may not object to this.
Registering with Google
We also offer you the opportunity to create your KnowDrugs account using your Google account, or to link your KnowDrugs account to your Google account. You can register or log in to KnowDrugs using your Google account if you simply use Google instead of the other options while registering your KnowDrugs account. You will then be forwarded to Google (where you must be logged in or require an account) and receive an explanation of which of your data we need from Google, namely your public profile information such as first and last name, gender, and the email address you are using there. This information is required for identification purposes in order to create a secure KnowDrugs account for you. Your Google account and your KnowDrugs account will be permanently linked using your email address. We store your email information in-house and will send you information using this address as needed. We can also tell that you have logged in using Google. As soon as you log in to Google, you can log in to KnowDrugs. We will not submit any information on you to Google without your consent.
Important: We do not record your Google login data in any way, and cannot post anything to your Google profile without your having expressly consented to this.
You can learn how Google handles privacy settings using Google’s privacy policy and terms of use; these also include the applicable conditions for the previously specified option of logging in and registering to KnowDrugs.
Data | Purpose of processing | Legal basis of processing | Storage period | Platform |
---|---|---|---|---|
Email address | Customer account identification | Performing the contractual relationship | Up to 30 days after deletion of the customer account | |
Password | Customer account identification | Performing the contractual relationship | Up to 30 days after deletion of the customer account | |
IP address at login | Data transfer at registration to web server | Performing the contractual relationship | Indefinite |
Registration with Apple
You can also register and log in using the “Apple Login” function from your Apple account. When you log in with your Apple ID for the first time, the app will prompt you to enter your name and your email address so that an account can be set up for you. We store your email information in-house and will send you information using this address as needed. You will not be tracked by Apple and a profile of you will not be created while you are using the “Register with Apple ID” function. Apple only collects information required for you to log in and manage your account.
You will stay logged into our app automatically as long as you stay logged in on your device. Here you can find more information on the Apple login.
Data collection, purposes and use in the context of the KnowDrugs service
The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Analytics, Infrastructure monitoring and Hosting and backend infrastructure.
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
Data collection, processing and use in the context of KnowDrugs Service
Access rights
We require these access options and information to ensure the technical function of our app and to provide the services offered with the app, to send you
Before you use the app for the first time, we will request the following permissions for the purpose described below:
Permission | Purpose |
---|---|
Delivery of push notifications | Receipt of push notifications |
Mobile data/WLAN (granted by the operating system) |
Use of |
Push notifications as part of the user experience
We require your consent if you wish to receive our push notifications on your mobile iOS device even if the app is not open. Our app only uses push notifications if you have given your explicit consent to these. You can disable push notifications in settings at any time. If you use an Android device, push notifications are permitted automatically unless you disable this in your settings.
Name of provider | Provider type | Data transfer to |
Third party country | Guarantees in acc. with Art. 44 ff GDPR |
---|---|---|---|---|
Google Firebase | Order processor | Yes | USA | EU standard contractual clauses |
Data | Purpose of processing |
|
Storage period |
---|---|---|---|
Device token | Sending to your device | Consent | Until revocation of consent |
Newsletter, newsletter personalization and analysis of user behavior
You can subscribe to our newsletter if you want to receive regular updates or information about topics and products that are referred to in the declaration of consent.
We need a valid email address for you for subscription purposes.
To make doubly sure that you actually want to receive information from us, we use the double opt-in procedure. Once you have subscribed, you will receive a link by email which you can use to activate the newsletter service. In other words, we will send an email to the address given when you subscribed in which we ask for confirmation that you want to receive the newsletter.
Name of provider | Provider type | Data transfer to |
Third party country |
---|---|---|---|
Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin | Managing contacts & sending messages | No | – |
Data in the context of the newsletter Data in the context of the personalized newsletter (*) |
Purpose of processing |
|
Storage |
---|---|---|---|
|
Proof of double opt-in (DOI) | Consent | Up to 30 days after deletion of the customer account |
IP address during DOI | Proof of double opt-in (DOI) | Consent | Up to 30 days after deletion of the customer account |
Time of DOI verification | Proof of double opt-in (DOI) | Consent | Up to 30 days after deletion of the customer account |
Email address | Newsletter dispatch | Consent | Until revocation/objection |
Direct approach | Consent | Until revocation/objection |
Cookies and tracking pixels
We use cookies to improve our web service and make your use as easy as possible. Cookies are small text files which are saved on your computer when you visit our website. They facilitate the repeated allocation of your browser. Cookies save information, such as your language settings, duration of the visit to our website or the entries you made there. This means that the required data does not need to be entered again each time the service is used. Moreover, cookies help us to recognize your preferences and adjust our website to your areas of interest.
Most browsers accept cookies automatically. If you want to prevent cookies from being saved, you can select the ‘Accept no cookies’ option in your browser settings. To find out exactly how this works, you can consult your browser manufacturer’s instructions. You can delete cookies that have already been saved on your computer at any time. Please bear in mind, however, that our website service can only be used to a limited extent without cookies.
Moreover, every time our website is loaded, we record how often it is visited and clicked on by using tags on our website, so-called tracking pixels, likewise without any interference and intervention for your computer.
Google Analytics
We use the Google Analytics service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to analyze our website visitors. Google uses cookies to track the use of the online product or service by users and the information is generally transferred to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.
We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available here. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses. For more information on data processing by Google Analytics, please refer to the privacy policy of the provider.
If you do not wish to be tracked by Google Analytics in the future, you can opt out at any time by writing an email to [email protected].
Facebook Marketing Services
We use the “visitor action pixels” from Facebook Inc. (Menlo Park, California) on our website so that user
We also use Facebook’s Software Development Kit (SDK) within our apps, in order to link various Facebook services with our apps. For example, this enables users to be able to use the Facebook SDK to share content from our apps within their Facebook timeline or to send messages to other Facebook users. Further information about the Facebook SDK within iOS can be found here: https://developers.facebook.com/docs/ios. For Android, please refer
As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Facebook has signed the EU standard contractual clauses. The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter f GDPR.
Heroku by Salesforce
We use the Heroku app hosting service from salesforce.com Salesforce Germany (Erika-Mann-Strasse 31-37, 80636 München, Germany) for hosting certain backend functions of the KnowDrugs App. Salesforce’s Privacy Policy can be found here: https://www.salesforce.com/company/privacy/
Firebase by Google
We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in order to derive application behavioral analytics. We use that information to see how users interact with our website and app.
Firebase is part of the Google Cloud Platform and offers numerous services for developers. A list can be found here: https://firebase.google.com/terms/. Some Firebase services process personal data – an overview can be found here: https://firebase.google.com/support/privacy. In most cases, the personal data is limited to so-called “instance IDs”, which are provided with a time stamp. These “Instance IDs” assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not represent personally identifiable information for us, nor do we make any efforts to personalize it subsequently. We process these aggregated data to analyze and optimize usage
Currently, we use the following Firebase services:
Google Analytics for Firebase: Google Analytics uses
and on Google’s partner policy. Google Analytics retains ID-associated data for 60
Firebase Hosting: Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data. Hosting retains IP data for a few months.
Place of processing: United States – Privacy Policy
Firebase Dynamic Links: Dynamic Links uses device specs on iOS and Android to open newly-installed apps to a specific page or context. Dynamic Links only stores device specs temporarily, to provide the service.
Firebase Cloud Messaging: Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymized push reference is assigned to the mobile device, which serves as a target for the push messages or in-app messages. The push messages can be deactivated and reactivated at any time in the settings of the mobile device. Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.
Firebase
Purpose: Providing of hosting & backend infrastructure for our apps
Personal Data collected: Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy
Firebase Cloud Firestore: Firebase Cloud Firestore is a hosting and backend service provided by Google LLC.
Purpose: Providing of hosting & backend infrastructure for our apps
Personal Data collected: Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy
Firebase will use this information on our behalf for the
Crashlytics: When using our website and apps, data is collected and stored which is used to generate information using pseudonymous usage profiles for purposes of web analysis. We measure and analyze technical performance data (e.g. response and load times) and application data (hardware and software used) in order to improve the performance of our products. Cookies are used to do so. These are text files saved on your computer that allow us to analyze how you use our website. The pseudonymous usage profiles are not associated with personal data on the bearer of the pseudonym without the concerned party’s express consent. You can object to future data collection and storage for the purpose of web analysis at any time by deactivating cookies in your browser settings. You can find the individual privacy notices for the providers here:
https://firebase.google.com/terms/data-processing-terms
Name of provider | Provider type | Data transfer to |
Third party country | Guarantees in acc. with Art. 44 ff GDPR | Storage period |
---|---|---|---|---|---|
Crashlytics by Google Ireland Limited Gordon House Barrow Street\ Dublin 4, Ireland |
Order processor | Yes | USA | EU-Standard Contractual Clauses | 90 days |
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses.
RevenueCat
The KnowDrugs app for Android and iOS uses RevenueCat to facilitate subscriptions (Place of processing: US). RevenueCat is a service used to verify App Store receipts, process subscription purchases, restore previous purchases and sync purchase status between devices signed into your Apple ID (on iOS) or Gmail Address (on Android). RevenueCat provides us with data on when a user first used the app and with information about purchased subscriptions. This information is linked to an anonymous App User ID. No other information (like your IP address, email, etc.) is collected or transmitted. RevenueCat does not have access to any Personal Information. RevenueCats privacy policy can be found here: https://www.revenuecat.com/privacy.
Social media fan pages
KnowDrugs maintains so-called fan pages with social media providers like Instagram and Facebook (both: Facebook Inc. Menlo Park, California) in order to communicate with users, interested parties, and users who are active there, and to inform them about our products and services. In doing so, the users’ data can be processed outside of the EU. The above-mentioned US providers have signed the EU standard contractual clauses and thus guarantee the observance of European data protection laws.
In the opinion of the European Court of Justice (ECJ), we are responsible, together with Facebook, for the processing of your personal data. You can find the decision of the ECJ dated June 5,
A Joint Controller Agreement exists with Facebook Inc. pursuant to Art. 26 GDPR, which can be found here: https://www.facebook.com/legal/terms/page_controller_addendum. Facebook Ireland pledges to assume the main responsibility in the context of the General Data Protection Regulation (GDPR) for the processing of Insights data and to fulfill all applicable obligations in the context of the GDPR with reference to the processing of Insights data (including, but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR, and Articles 32 to 34 GDPR). Facebook Ireland will also make available the essential information of this Page Insights Addendum to the affected parties. Please contact Facebook to assume your rights as affected parties. The Data Policy of Facebook can be found here: https://www.facebook.com/privacy/explanation
When using the Facebook fan page, the following data will be collected from you for the purpose of user communication and target group advertising:
- user interactions (posts, likes, etc.)
- Facebook cookies
- demographic data (e.g., based on information regarding age, place of residence, language, or gender)
- statistical data on user interactions in aggregated form, that is, without the possibility to relate the information to any particular persons (e.g., page activities, page impressions, page previews, likes, recommendations, articles, videos, page subscriptions, incl. source, times of day)
The usage of personal data for advertising purposes is of particular importance for Facebook. We use the statistics function to find out more about visitors to our fan page. The use of the function enables us to adapt our content to the respective target group. In this
In order to provide the social media service in the form of our Facebook fan page and to use the Insight function, Facebook generally saves cookies on the end device of the user. These include session cookies, which are deleted when the browser is closed, and persistent cookies that remain on the end device until they expire or are deleted by the user.
We use the Facebook Insights function for statistical evaluation purposes. In this connection, we receive anonymized data concerning the users of our Facebook fan page. As a result, it is not possible for us to trace them back to your person. For more information, you can refer to the cookie guideline https://www.facebook.com/policies/cookies/ of Facebook.
The personal data of users are processed on the basis of our justified interest in effectively providing information to users and maintaining communication with the users, as well as for the purposes of statistical evaluation pursuant to Art. 6(I) (f) GDPR.
Transfer of data to third parties
We only pass your personal data on to third parties if:
- you have given your explicit consent to this,
- forwarding data is necessary for the assertion, exercise or
defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on, - in the event that we have a legal obligation to forward data, and
- this is legally permissible and required for the performance of the contractual relationship with you.
In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means the EU Commission has not yet decided that the level of data protection in the respective country corresponds to the level of protection in the European Union based on the GDPR. Consequently, we have put the appropriate guarantees referred to above in place. Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:
- your personal data could be processed over and above the intended purpose.
- Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for
example your right of access, to rectification, erasure or data portability, on a consistent basis and enforce these. - It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.
Your Rights
Information on the rights of data subjects
Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.
Information on the option to lodge a complaint
You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.
Information on withdrawal of consent
You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to
CCPA Consumer Rights (Additional California Privacy Rights)
This section provides additional details for California consumers about the rights afforded to them under the California Consumer Privacy Act or “CCPA“.
In addition to the rights mentioned above under “information on the rights of data subjects”, California consumers have the right not to be discriminated against for having exercised their rights under the CCPA. In particular, KnowDrugs may not deny you goods or services, charge you different prices for goods or services, either by denying benefits or imposing penalties, provide you with a different level or quality of goods or services or threaten you with any of the above. In addition, KnowDrugs does not sell the personal information we collect (as defined in the CCPA) and will not sell it without providing you the right to opt out.
Right in the event that data is processed for direct marketing purposes
You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to
Information on the right to object in the case of balance of interests
If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.
Links to other websites
Our website may contain links to the websites of other providers. Please note that this Data Privacy Statement applies only to the website of KnowDrugs. We have no influence on or control over the compliance of other providers with applicable data protection regulations.
Amendments to the Data Privacy Statement
We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.
Controller
Plant Product Design UG (haftungsbeschränkt)
Skalitzer Str. 33
10999 Berlin, Germany
E-Mail: [email protected]