Habit Finch Privacy Policy
Introduction
Moritz Tucher (Mühlenstraße 19, 33607 Bielefeld; hereinafter referred to as the “controller”), as the operator of the “HabitFinch” app, is the controller responsible for the processing of personal data in connection with the use of the app. The contact details of the provider can be found in the imprint of the app, the contact persons for questions regarding the processing of personal data are named directly in this privacy policy.
The controller takes the protection of your privacy and your private data very seriously. Your personal data will only be collected, stored and used in accordance with the content of this privacy policy and the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the national data protection regulations.
With this privacy policy, the controller informs you to what extent and for what purposes personal data is processed in connection with the use of the app.
Personal data
Personal data is information relating to an identified or identifiable natural person. This includes all information about your identity, such as your name, your e-mail address or your postal address. Information that cannot be linked to your identity (such as statistical data, e.g. the number of users of the online service) is not considered personal data.
In principle, you can use the app without disclosing your identity and without providing personal data. Only general information about the use of the app is then collected by the controller. However, personal data is collected from you for some of the services offered. This data is then only processed by the controller for the purposes of using the services, in particular to provide the requested information. When collecting personal data, only the data that is absolutely necessary must be provided. In addition, further information may be possible, in which case it is voluntary. The controller shall indicate whether the fields are mandatory or voluntary. Information on the specific details is then provided in the corresponding section of this privacy policy.
Automated decision-making based on your personal data does not take place in connection with the use of the app.
Processing of personal information
Your data will be stored on specially protected servers within the European Union when transmitted to the controller. These are protected by technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons. Access to your data is only possible for a few authorized persons. These persons are responsible for the technical, commercial or editorial support of the servers. Despite regular checks, however, complete protection against all risks is not possible.
Your personal data is transmitted in encrypted form over the Internet. We use TLS encryption (Transport Layer Security) for data transmission.
Disclosure of personal data to third parties
Your personal information will only be used by the controller to provide the services you have requested. If external service providers are used as part of the service provision, their access to the data is also exclusively for the purpose of providing the service. The controller takes technical and organizational measures to ensure compliance with data protection regulations and obliges external service providers to do the same.
Furthermore, the controller will not pass on the data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.
If the controller transfers your personal data itself or through service providers to countries outside the European Union, it complies with the special provisions of Art. 44 et seq. GDPR and also obliges our service providers to comply with these regulations. The controller will therefore only transfer your data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is guaranteed in particular by an adequacy decision of the EU Commission or by suitable guarantees in accordance with Art. 46 GDPR.
Legal basis for data processing
Insofar as we obtain consent for the processing of your personal data, Art. 6 (1) (a) GDPR is the legal basis for data processing.
Insofar as the controller processes your personal data because this is necessary for the performance of a contract or in the context of a quasi-contractual relationship with you, Art. 6 (1) (b) GDPR constitutes the legal basis for data processing.
Insofar as the controller processes your personal data to fulfill a legal obligation, Art. 6 (1) (c) GDPR is the legal basis for data processing.
Art. 6 (1) (f) GDPR may also be used as the legal basis for data processing if the processing of your personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.
As part of this privacy policy, the controller will always point out the legal basis on which we base the processing of your personal data.
Data erasure and storage duration
The controller always deletes or blocks your personal data when the purpose of storage no longer applies. However, data may be stored beyond this point if this is provided for by legal requirements to which we are subject, for example with regard to statutory retention and documentation obligations. In such a case, the controller will delete or block your personal data after the end of the corresponding requirements.
Use of the app
Information about your end device
Each time you access the app, the following information about the device you are using is collected, regardless of your registration: the IP address of the device, the request from the app and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. We also collect product and version information about the end device, including the operating system used. The IP address is only stored for the time the app is used and then deleted or anonymized by shortening it. The other data is stored for a limited period of time.
The controller uses the data for the operation of the app in particular to detect and eliminate errors, to determine the utilization of the app and to make adjustments or improvements. These purposes also constitute the controller’s legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR.
Use of cookies
Cookies may be used for our app. Cookies are small text files that are stored on your computer and save certain settings and data for exchange with our online offer via your browser. A cookie usually contains the name of the domain from which the cookie file was sent as well as information about the age of the cookie and an alphanumeric identifier.
Cookies enable us to recognize your computer and make any pre-settings and preferences immediately available. The cookies we use are – as far as possible – so-called session cookies, which are automatically deleted at the end of the browser session. Occasionally, cookies with a longer storage period may also be used so that your pre-settings and preferences can also be taken into account the next time you visit our website.
Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are sent. It is also possible to delete cookies that have already been saved manually via the browser settings. Please note that you may only be able to use our online services to a limited extent or not at all if you reject the storage of cookies or delete necessary cookies.
If cookies are not required for our online offer, we ask you to consent to the use of cookies when you access the online offer for the first time. With regard to the non-essential cookies from third-party providers, you will find a more detailed description of the services we use from these third-party providers below. The legal basis for the associated data processing, including any data transfer, is your consent within the meaning of Art. 6 (1) (a) GDPR. Once consent has been given, it can be revoked at any time with effect for the future, in particular by changing the selected settings.
The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our online offer within the meaning of Art. 6 (1) (f) GDPR and – insofar as contracts are concluded or fulfilled via our online offer – the fulfillment of the contract within the meaning of Art. 6 (1) (b) GDPR.
Once a selection has been made with regard to the use of cookies, it can be changed again at any time.
Integration of the services of third-party providers
For some functions in the app, the controller uses the services of third-party providers. The controller has concluded contractual agreements with the respective providers for the provision or integration of their services and is committed to ensuring, as far as possible, that the third-party providers also provide transparent information about the scope of the processing of personal data and comply with data protection regulations.
iCloud
The app offers the option of cloud storage of data through the iCloud service. iCloud is operated by Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland. Among other things, usage, health and behavioral data are stored. Data is only stored if the user has consented to this. The controller has no influence on data processing by Apple; in particular, Apple does not act as a processor for the controller under its responsibility. You can find more information on data protection at Apple at https://support.apple.com/de-de/102651.
Please note that the data Apple collects about you in this context may also be transferred outside the European Union.
The legal basis for the processing of your data is your consent within the meaning of Art. 6 (1) (a) GDPR.
Google Firebase
The controller uses various functions of Google Firebase for the app. Google Firebase is a collection of various functions that can be used primarily for apps and are offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). When using Google Firebase, the number and duration of sessions, operating systems, device models, region and a range of other data are stored for the provision of the functions and for evaluation purposes. A detailed overview of the data collected by Google Firebase can be found at Google at https://support.google.com/firebase/answer/6318039?hl=de. Further information about Google Firebase is available at: https://firebase.google.com/ and https://www.firebase.com/terms/privacy-policy.html. In connection with the use of the service, it cannot be ruled out that personal data will be transmitted to the USA. To protect personal data, there is an agreement with Google on order processing in accordance with the standard contractual clauses .
Google Firebase is used to optimize the app. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Insofar as cookies are used for Google Firebase, this is only done for non-essential cookies if consent has been given.
PostHog
The controller uses the functions of PostHog to improve the app. PostHog is an open source platform and offers various functions for analyzing software products. PostHog is operated by PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114, USA. When PostHog is used, the IP address, session duration, operating system, device model and a range of other data are stored. A detailed overview of the data collected by PostHog can be found at https://posthog.com/dpa. Further information about PostHog is available at https://posthog.com/ and https://posthog.com/privacy. In connection with the use of the service, it cannot be ruled out that personal data will be transferred to the USA. To protect the data, there is an agreement with PostHog for order processing, taking into account the standard contractual clauses.
PostHog is used to optimize the app. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Insofar as cookies are used for PostHog, this is only done for non-essential cookies if consent has been given.
In-app purchases/subscriptions
In the app, you have the option of purchasing paid content via the Apple App Store The controller uses your personal data for in-app purchases and subscriptions only within the company and with the company commissioned to process orders.
Storage and data transfer for in-app purchases
The person responsible uses the RevenueCat technical interface for order processing. RevenueCat offers the option of managing in-app purchases and subscriptions. RevenueCat is operated by RevenueCat Inc, 1032 E Brandon Blvd #3003 Brandon, FL 33511, USA. If a purchase process is initiated in the app, RevenueCat forwards the process to the App Store. Payment is then made via the payment method stored by the user in the App Store, e.g. credit card, PayPal or credit. After successful payment processing, the App Store sends a confirmation of the purchase to the RevenueCat interface. When the service is used, the subscription status, payment information, device information and other data are processed. A detailed overview of the data collected by RevenueCat can be found at https://www.revenuecat.com/dpa/. Further information on RevenueCat is available at https://www.revenuecat.com/ and https://www.revenuecat.com/privacy/. In connection with the use of the service, it cannot be ruled out that personal data will be transferred to the USA. To protect the data, there is an agreement with PostHog for order processing, taking into account the standard contractual clauses.
The legal basis for this is Art. 6 (1) (b) GDPR. The processing of your personal data is necessary for the performance of the contract with you.
The data is stored by the controller for as long as it is required to fulfill the contract. In addition, we store this data to fulfill post-contractual obligations and due to commercial and tax retention periods for the legally prescribed period. This retention period is generally 10 years to the end of the respective calendar year.
As part of payment processing, data may be processed by Apple as the operator of the App Store and by the payment service provider used. The controller has no influence on data processing by Apple or the payment service provider; in particular, they do not act as processors for the controller under its responsibility. You can find more information on data protection at Apple at https://www.apple.com/legal/privacy/data/de/app-store/. We would like to point out that the data collected by Apple about you in this context may also be transferred outside the European Union.
Communication with us
You can contact the responsible persons in various ways, including via the contact form in the app.
Contact form
If you wish to use the contact form in the app, the controller will collect the personal data that you enter in the contact form, in particular your name and email address. In addition, the controller stores the IP address, device-related information such as the device model and the date and time of the request. The controller processes the data transmitted via the contact form solely for the purpose of responding to your inquiry or request.
You can decide for yourself what information you send to the controller via the contact form. The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) (a) GDPR.
After the matter has been processed by the controller, the data will initially be stored in case of any queries. Deletion of the data can be requested at any time, otherwise we will delete the data after the matter has been fully dealt with; statutory retention obligations remain unaffected in each case.
Your rights and contact
The controller attaches great importance to explaining the processing of your personal data as transparently as possible and to informing you of the rights to which you are entitled. If you would like more information or wish to exercise your rights, you can contact the controller at any time so that they can deal with your request.
Rights of data subjects
You have extensive rights with regard to the processing of your personal data. First of all, you have a comprehensive right to information and can request the correction and/or deletion or blocking of your personal data if necessary. You can also request a restriction of processing and have the right to object. With regard to the personal data you have provided, you also have the right to data portability .
If you wish to assert one of your rights and/or receive further information about this, please contact the controller.
Withdrawal of consent and objection
Once you have given your consent, you can freely withdraw it at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The contact person for this is also the controller.
If the processing of your personal data is not based on consent, but on another legal basis, you can object to this data processing. Your objection will lead to a review and, if necessary, termination of the data processing. You will be informed of the result of the review and – if the data processing is nevertheless to be continued – you will receive more detailed information from the controller as to why the data processing is permissible.
Complaints
If you are of the opinion that the processing of your personal data by the controller does not comply with this privacy policy or the applicable data protection regulations, you have the right to lodge a complaint with the supervisory authority. You can also lodge a complaint with the controller. The controller will then investigate the matter and inform you of the outcome of the investigation.
Further information and changes
Links to other websites
Our app may contain links to other websites. These links are usually marked as such. We have no influence on the extent to which the applicable data protection regulations are complied with on the linked websites. We therefore recommend that you also inform yourself about the data protection declarations of other websites.
Changes to this privacy policy
The status of this privacy policy is indicated by the date (below). The controller reserves the right to amend this privacy policy at any time with effect for the future. Changes will be made in particular in the event of technical adjustments to the app or changes to data protection regulations. The current version of the privacy policy can always be accessed directly via the app. We recommend that you inform yourself regularly about changes to this privacy policy.
Status of this privacy policy: September 2024