Scope And Responsible Party
This privacy policy informs users ("you") about the nature, scope and purposes of the collection and use of personal data on the website www.augment-app.com and the Augment App ("Online Offer").
The responsible party is:
JD Augment Personal Development UG (haftungsbeschränkt).
Remigiusstraße 37, 56182 Urbar, Germany
(hereinafter "we", "us" or "Augment").
Basic information on data processing
Types of data processed:
l Inventory data (e.g., full name,gender, date of birth).
l Contact Data (e.g., email, telephone number (optional) ).
l Content data (e.g., text entries, queries, messages).
l Contract data (e.g., subject matter of contract, term, customer category).
l Payment data (e.g., bank details, payment history).
l Usage data (e.g., websites visited, interest in content, access times).
l Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Art. 9 (1) GDPR):
No special categories of data are processed.
Categories of persons concerned by the processing:
Customers, interested parties, visitors and users of the online offer, business partners, visitors and users of the online offer.
Purpose of processing:
Provision of the online offer, its contents.
Provision of contractual services, service and customer care.
Answering contact requests and communication with users.
Marketing, advertising and market research.
Security measures.
Processing of personal data
The use of your data is governed by the applicable legal provisions, in particular the General Data Protection Regulation (hereinafter: GDPR).
Terminology used
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Relevant legal basis
In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures and answering queries is Art. 6(1)(b) GDPR, the legal basis for processing for the performance of our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
Security measures
We take appropriate technical and organisational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk;
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise.
Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server.
Disclosure and transmission of data
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b of the GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e. g. e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to efficiently and effectively fulfil our contractual obligations, administrative tasks and duties).If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.
Disclosure of personal data to authorities
We reserve the right, in the event of a legal obligation, to disclose information about you if we are required to hand it over by authorities or law enforcement bodies acting in accordance with the law. The legal basis for the processing is Art. 6 (1) c) GDPR in conjunction with Section 24 BDSG-neu.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process the data or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
Deletion of data
The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
According to legal requirements, storage is carried out in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) as well as for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Your rights as a data subject
Withdrawal of your consent - As a data subject, you have the right under Article 7(3) of the GDPR to withdraw your consent once given to Augment at any time. This means that we may no longer process your personal data. After revocation of consent, processing that was lawful in the past remains lawful.
Objection - Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR if there are grounds for doing so that arise from your particular situation.
which arise from your particular situation. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done.
In the event of your justified objection, we will review the merits of the case and either cease processing the data, amend it or show you our compelling legitimate grounds for continuing to process it.
You can lodge your objection by post or by sending a simple e-mail. Of course, you can also object to the processing of your personal data for the purposes of advertising and data analysis at any time. In addition, we will point out how you can object at the time of use.
Information - In accordance with Art. 15 of the GDPR, you can obtain information on your personal data processed by Augment free of charge upon request. The information informs you about:
l the processing purposes,
l the category of personal data,
l the categories of recipients to whom the data has been or will be disclosed,
l the intended storage period,
l the existence of a right to rectification, erasure, restriction of processing or objection,
l the existence of a right of appeal
l the origin of your data, if it has not been collected by us, any existing automated decision-making including profiling.
Correction - You can request correction in accordance with Art. 16 GDPR if we should store your personal data incorrectly or incompletely.
Erasure - You may request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Restriction - In accordance with Art. 18 of the GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with Art. 21 of the GDPR.
Data portability - In accordance with Art. 20 GDPR, you will receive your personal data that you have provided to us in a structured, common and machine-readable format. You may request their transfer to another controller, provided that this is technically possible for us.
Complaint - You are entitled to complain to a supervisory authority under Article 77 of the GDPR if you consider that the processing of your personal data infringes the GDPR. As a rule, you can contact the supervisory authority at your usual place of residence, place of work or the place of an alleged breach.
Competent Supervisory Authority
You can contact the competent supervisory authority in the event of complaints regarding the use of your personal data:
The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate.
Hintere Bleiche 34
55116 Mainz
Telephone: +49 (0) 6131 208-2449
Fax: +49 (0) 6131 208-2497
Website: https://www.datenschutz.rlp.de/
Mail: post office(at)datenschutz.rlp.de
Individual processing
Automatic collection of access data/server log files
Each time you access the website, we automatically collect a number of technical data that constitute personal data.
These are:
l IP address of the user
l Name of the website or file accessed
l Date and time of access
l Amount of data transferred
l Message about successful retrieval
l Browser type and version
l Operating system of the user
l end device used by the user,
l referrer URL (the previously visited page)
The server log files with the above data are automatically deleted after seven days at the latest. We reserve the right to store the server log files for a longer period of time if facts exist that suggest the assumption of unauthorised access (such as an attempt at hacking or a so-called DDOS attack).
The personal data in log files are processed on the basis of Art. 6 para. 1 lit. f GDPR. This authorisation permits the processing of personal data within the scope of the "legitimate interest" of the controller, insofar as your fundamental rights, freedoms or interests do not prevail. Our legitimate interest is to facilitate administration and the ability to detect and prosecute hacking. You can object to this data processing at any time if there are reasons that restrict your rights to a particular extent or if there is a particular interest in preventing the data processing.
Use of cookies
In addition to the data mentioned above, cookies are stored on your device when you use our website. Cookies are small text files that are stored by the browser you are using and through which certain information can flow to the entity that sets the cookie. Cookies cannot run programs or deliver viruses to your computer.
This website uses transient cookies and persistent cookies, the scope and functionality of which are explained below: Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various queries of your browser can be assigned to the common session. This allows your device to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a set period of time, which may vary depending on the cookie. You can also delete the cookies at any time in the security settings of your browser. You can determine the acceptance of cookies and other technologies that are not necessary for the operation and function of the website via the cookie banner displayed when the page is called up.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US-American site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Please note that in this case you may not be able to use this online offer.
Please note that in this case not all functions of this online offer can be used.
Business analyses and market research
In order to run our business economically and to be able to recognise market trends, customer and user wishes, we analyse the data we have on business transactions, contracts, queries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the data subjects include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purpose of business management evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details of, for example, their purchase transactions. The analyses serve us to increase user-friendliness, to optimise our offer and to improve business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised values.
If these analyses or profiles are personal, they are deleted or anonymised when the user terminates the contract, otherwise after two years from the conclusion of the contract. In all other respects, the overall business analyses and general trend analyses are prepared anonymously wherever possible.
Order processing and customer account
If you order a subscription in the app, we may collect the following data from you in order to process the desired order:
l IOS or Google user ID
l Email address
l Payment confirmation from the payment data collected by Apple Pay or Google Pay , depending on the payment method chosen
l Device IP and device serial number to be linked to the device.
You may also be asked to enter a range of personal data as part of the account creation process. We store this data to save you from having to enter it again in the future. You can always view, change and delete the data in your user account. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
Contacting us and customer service
When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) GDPR.
We delete the queries if they are no longer necessary. We review the necessity every two years; we store queries from customers who have a customer account permanently and refer to the customer account details for deletion. Furthermore, the statutory archiving obligations apply.
Push notifications
To enable the sending of push notifications, a "registration token" is created when the app is first started, which uniquely identifies the app installation on your device. The token is used to recognise the message destination.
By agreeing to receive push notifications when you first start the app, you consent to the registration token being stored on our servers and used for sending messages. The settings on which topics you want to receive messages are stored in connection with the anonymised token and kept until revoked.
Online presence in social media
We maintain online presences within social networks and platforms on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
Communication via mail, e-mail or telephone
We use remote means of communication, such as post, telephone or e-mail, for business processing and marketing purposes. In doing so, we process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.
The processing is based on Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f GDPR in connection with legal requirements for promotional communications. Contact is only made with the consent of the contact partners or within the scope of legal permissions and the processed data is deleted as soon as it is no longer required and otherwise with objection/ revocation or discontinuation of the authorisation bases or legal archiving obligations.
Integration of third-party services and content
Within our online offer, we use content or service offers of third parties on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.
Google AdMob with personalised ads
We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Our Apps used technology from Google AdMob to display personalised ads. Therefore, we transmit your IP address and your advertising ID to the Google AdMob service in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The advertising ID is a pseudonym under which general information about your surfing behaviour is stored. Google processes the data on our behalf in order to display personalised advertising tailored to you. We receive a fee from Google for displaying the advertising in order to be able to make our offer available to you free of charge in this way.
If we ask users for consent (e.g. in the context of a cookie consent), the legal basis for this processing is Art. 6 para. 1 lit. a. GDPR. Otherwise, the users' personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer and the mobile apps within the meaning of Art. 6 para. 1 lit. f. GDPR) are processed.
You can find Google's privacy policy at: https://www.google.com/policies/privacy/
