Data protection

1. data protection at a glance

General Information

The following information provides a simple overview of what happens to yourpersonal data when you visit our website and social networks or use our offers within the framework of the Qur-App. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Data collection on our website and the Qur app

Who is responsible for the data collection on this website and in the Qur app?

The data processing on this website and in the Qur app is carried out by Qur Digital Therapeutics GmbH. You can find the contact details in the Qur website imprint (www.qur.app).

How do we collect your data?

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form or use when registering the Qur-App. Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website or use our app.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website and the Qur app. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to obtain information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. If you have given your consent for data processing, you can revoke this consent at any time in the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right of appeal to the relevant supervisory authority. You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of data protection.

Analysis tools and tools from third-party providers

When you visit our website and/or use the Qur app, your surfing behavior may be analyzed statistically. This is mainly done with so-called analysis programs. The analysis of your usage behavior is usually anonymous. Detailed information on these analysis programs can be found in the following data protection declaration.

2. hosting and content delivery networks (CDN)

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This can include IP addresses, contact requests, meta and communication data, contact data (e.g. e-mail address), names, web site accesses and other data that is generated via a web site. The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a safe, fast and efficient provision of our online offer by a reliable provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent that this is necessary for the fulfillment of its performance obligations and to comply with our instructions regarding this data.

Conclusion of a contract for the provision of services

In order to ensure data protection-compliant processing, we have concluded a contract with our hoster for the processing of orders. This site is operated via the "Heroku" service of the hosting provider Salesforce.com, Inc. (The Landmark @ One Market, Suite 300, San Francisco, California 94105, USA). The privacy policy can be found here: https://www.salesforce.com/company/privacy. Salesforce.com, Inc. is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection.

3. general information and obligatory information

Data protection

The operating company of www.qur.app and the Qur-App takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration. When you use this website or other Qur products, various personal data will be collected. Personal data is data that can be used to identify you personally. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that the transmission of data via the Internet (e.g. when communicating by e-mail) can lead to security gaps. It is not possible to provide complete protection of the data against access by third parties.

Note on the responsible party

The responsible party for data processing on this website is: qur digital therapeutics GmbH Amalienstrasse 71 2nd Backyard, Basement 80799 Munich E-Mail: breathe@qur.app The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage period

Insofar as no specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law). In the latter case, the data will be deleted after these reasons no longer apply.

Note on the transfer of data to the USA and other third countries

On our website, among other things, tools from companies based in the USA or other third parties that are not secure from a data protection point of view are included. If these tools are active, your personal data may be transferred to these third parties and processed there. Please note that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. Therefore, it cannot be ruled out that U.S. authorities (e.g., intelligence agencies) may process, evaluate and permanently store your data on U.S. servers for surveillance purposes. We have no influence on these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. To do so, simply send an informal e-mail to us at breathe@qur.app. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data processing in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to a profile based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you lodge an objection, we will no longer process your personal data concerned, unless we can prove compelling reasons for the processing that merit protection, that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or distribution of legal claims (objection pursuant to Art. 21 para. 1 GDPR). If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection in accordance with Art. 21 Para. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of your usual place of residence, your place of work or the location of the alleged violation. The right to appeal exists without prejudice to other administrative or judicial remedies.

Right to data transferability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract posted to you or to a third party in a common, machine-readable format. If you request the direct transfer of data to another party, this will only be done if it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

Keyed payment transactions in the app

If, after concluding a contract that is subject to a charge, you are obliged to provide us with your payment details (e.g. account number for direct debit authorization), this data is required for payment processing. Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via a secure SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. With encrypted communication, your payment details that you send to us cannot be read by third parties.

Information, deletion and correction

Within the scope of the applicable statutory provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to rectification or deletion of this data. You can contact us at any time at the address given in the imprint with regard to this and other questions on the subject of personal data.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases: If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data was/is unlawful, you can request the restriction of the data processing instead of deletion. If we no longer need your personal data, but you need them to exercise, distribute or enforce legal claims, you have the right to request the restriction of the use of your personal data instead of deletion. If you have lodged an objection in accordance with Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data. If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or for assertion, The data may only be processed with your consent or in order to assert, exercise or distribute legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Objection to advertising e-mails

We hereby object to the use of contacts published within the scope of the imprint obligation for the transmission of non-expressly requested advertising and information media. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising material, such as spam e-mails, being sent to them.

4. data collection on our web site

Cookies

Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your enduser device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your enduser device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, third-party cookies may also be stored on your end device when you access our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertisements. Cookies that are required to perform the electronic communication process (necessary cookies) or to provide certain functions that you want (functional cookies, e.g., for the shopping cart function). The data required to provide certain functions requested by you (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring web traffic) are stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the relevant cookies will be carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); the consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or geneally and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be restricted. Insofar as cookies are used by third parties or for analysis purposes, you will be informed of this separately within the scope of this data protection declaration and, if necessary, consent will be requested.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: - browser type and browser version - used operating system - Referrer URL - Host name of the accessing server - Time of the server request - IP address These data are not combined with other data sources. The collection of this data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

Inquiry by e-mail or telephone

If you contact us by e-mail or telephone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Article 6 (1) (f) of the German Data Protection Act) or on your consent (Article 6 (1) (a) of the German Data Protection Act), provided this has been requested. The data you send us via contact requests will remain with us until you ask us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory statutory provisions - in particular, statutory retention periods - remain unaffected.

Registration in the Qur-App

You can register in the Qur app to use basic and additional features in the app. The data entered for this purpose will only be used for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. For important changes, such as the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way. The processing of the data entered in the registry is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. For this purpose, a formless notification by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation. The data collected during registration will be stored by us as long as you are registered with Qur and will be deleted afterwards. Any statutory periods of retention remain unaffected.

Login via Google Sign-in

We offer you the possibility to register and login for our Qur-App with Google Sign-In. An additional registration is therefore not necessary. Google Sign-In is a service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. To register, you will be redirected to a Google page where you can log in with your usage data. This will link your Google profile and our service. Through the link, we automatically receive your name (first name, last name, username, your email address, your Google ID and a link to your Google profile picture. Of these, we only store email, username and ID. According to Art. 6 para. 1 p. 1 lit. b) DS-GVO, this information is absolutely necessary for the conclusion of the contract in order to be able to identify you. Your IP address, app ID and app start statistics are automatically sent to Google. A possible transfer of personal data to Google LLC, which is based in the USA, is carried out in accordance with the existing agreement between us and Google in accordance with the EU standard contractual clauses, which ensure the adequacy of the European level of data protection in accordance with Art. 46 (2) c) DS-GVO. For more information, please see Google's terms of use and Google's privacy policy.

Login via "Sign in with Apple

We offer you the possibility to register and login for our Qur-App via "Sign in with Apple". Thus, an additional registration is not required. "Sign in with Apple" is a service provided by Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. This links your Apple ID and our service. You have the option to either share your email address or hide your email address. If you choose "Share my email address" we will receive the email address and name associated with your Apple ID. Apple's "Hide My Email Address" feature allows you to register for other services, such as the Qur app, without revealing your email address. When you enable this feature when creating a new Qur account, Apple generates a random email address with the domain @privaterelay.appleid.com. Anything sent to this address will automatically be forwarded to the email address associated with your Apple ID. This means that if you disable forwarding of your emails, you will not receive any emails from Qur. So by linking, we automatically receive an email address, either the one linked to your Apple ID or one randomly generated by Apple. According to Art. 6 para. 1 p. 1 lit. b) DS-GVO, this information is mandatory for the conclusion of the contract in order to be able to identify you. Qur does not pass on any data to Apple in this regard, but by connecting to Apple you at least transmit your IP address to Apple. The responsible party for the processing of personal data for persons who are located within the European Economic Area including Switzerland is Apple Distribution International ltd, Hollyhill Industrial Estate, Hollyhill Cork, Republic of Ireland. Possible processing of personal data by Apple Inc. takes place on the basis of standard data protection clauses in accordance with Art. 46 Para. 2 S. 1 lit. c). For more information on any data processing by Apple, please see Apple's privacy policy.

Permission of the app to access your camera

The app asks you for permission to use your camera. This feature enables pulse measurement in the Qur app. The data is processed in accordance with Art. 6 (1) p. 1 lit. b) DS-GVO. No photos are created or stored. You can turn the function on or off at any time in the settings of the operating system of your end device.

Amazon Web Services

For hosting the database content, we use the Amazon Relational Database Service (RDS) of Amazon Web Services Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter "AWS") in accordance with Art. 6 para. 1. 1 lit. b) DS-GVO. All data collected as part of our offers are automatically encrypted and stored exclusively in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018 as well as PCI DSS Level 1. The data transferred to AWS is stored on the servers until we delete it. We have concluded an order data processing contract with AWS, which includes the EU standard contractual clauses and ensures the adequacy of the level of data protection in accordance with Art. 46 (2) c) DS-GVO. You can find more information about AWS and data protection at https://aws.amazon.com/de/ses/ and in the privacy policy.

5. Social Media

Facebook Plugins (Like & Share Button)

Plug-ins of the social network Facebook are integrated on this website. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. You can recognize the Facebook plug-ins by the Facebook logo or the "Like" button on this website. An overview of the Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE. When you visit this website, a direct connection between your browser and the Facebook server is established via the plugin. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data or its use by Facebook. You can find more information about this in Facebook's data protection statement at: https://de-de.facebook.com/privacy/explanation. If you do not want Facebook to associate your visit to this website with your Facebook user account, please log out of your Facebook user account. The use of the Facebook plug-ins is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint representation agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of the Facebook products. You can assert affected parties' rights (e.g. requests for information) with regard to the data processed by Facebook directly with Facebook. If you assert the rights of the data subject with us, we are obligated to transfer them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Instagram plugin

On this website, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA.If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. Our joint obligations have been set forth in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

6. analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order data processing

We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics with Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

Storage period

Data stored by Google at user and event level, which are linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID), are anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de.

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. In this way, the behavior of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.The use of Facebook Pixel is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media.If a corresponding consent has been requested (e.g., consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 (1) a GDPR; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/. You can also deactivate the "Custom Audiences" remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/

7. newsletter

Newsletter Data

If you would like to receive the newsletter offered on our website www.qur.app, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Mailchimp

Qur uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. When you enter data for the purpose of receiving newsletters (e.g. e-mail address), this data is stored on MailChimp's servers in the USA.With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web-beacon) connects to the servers of MailChimp in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.

Conclusion of a data processing agreement

We have concluded a so-called "data processing agreement" with MailChimp, in which we oblige MailChimp to protect the data of our customers and not to pass it on to third parties.

8. plugins and tools

Information shared with other providers such as Google Fit or Apple HealthKit. At your direction, we may cause certain information to be transferred to other applications, such as the Apple HealthKit or Google Fit, in order for us to receive information from those applications, which we in turn use to improve the service we offer. Before you instruct us to share your information with another provider, you should review the relevant provider's privacy policy, as any information you share with us is subject to that policy. Act the event that you use any of these applications, you should be cautious about granting these applications, service providers or individuals access to your information through these service providers. While much of the information collected by these service providers is innocuous, people who have insight into Qur data may be able to access a variety of personal information. - Qur does not share user data or other information collected through the use of HealthKit or Google Fit with third parties who may use it for advertising, data mining, or similar purposes and do not directly intend to improve health, pursue health purposes, or advance medical research. - Act the event that information is collected through the Apple HealthKit or Google Fit, it is for the sole purpose of enabling third parties to provide health or fitness services or to use it for medical research. - We do not sell any of your information, including information collected through the Apple Health Kit or Google Fit, to advertising platforms, broker services, or resellers of information.We do not use any of the information we receive through Apple HealthKit or Google Fit for any purpose other than to provide health or fitness services in connection with this Service.

Zendesk

We use the Zendesk CRM system to handle user requests. The provider is Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA. We use Zendesk to process your requests quickly and efficiently. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. You can only send requests by providing your email address and without providing your name.The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal requirements - especially retention periods - remain unaffected. Zendesk has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding corporate rules that legitimize corporate data transfers to third countries outside the EU and EEA.Details can be found here: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/. If you do not agree to us processing your request via Zendesk, you can alternatively communicate with us directly by email (to: breathe@qur.app). For more information, please see Zendesk's privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/. IP Address. Your name is not required for the chat.

Conclusion of a contract on order processing

We have concluded a contract with Zendesk in which we oblige Zendesk to protect our customers' data and not to pass it on to third parties.

9. eCommerce and payment providers

Processing of data (customer and contract data) We collect, process and use personal data only insofar as they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected. Data transmission upon conclusion of a contract for services and digital content We only transmit personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with payment processing. A further transmission of data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Privacy policy last updated on:

09.11.2021