Use of your data
The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003, DSG). These legal bases ensure that we are allowed to process your data if it is legally standardized. A transaction of your data in a country that is not subject to the GDPR will only take place if this country is certified with a corresponding protection program, for example.
The lawfulness of the data processing results from this:
- Your express consent for those cases in which you have consented to processing
- Necessity to fulfill your user contract
In this data protection information, we explain the most important aspects of data processing within our app, both for standard users and for the business client.
Download from Google Play Store or Apple Store
Our app can only be used if you download it from the Google Play Store or the Apple App Store. By downloading our app, you authorize the Google Play Store or Apple App Store to access your data. Pandocs cannot rule out the possibility that Apple or Google may use the data collected in connection with the download or use of the app in a way that does not comply with the European General Data Protection Regulation (GDPR), because we have no direct influence on these two companies. After downloading the app, you can either log in if you already have an account, or register for a new one. If you create your account again, you will be asked to tick the box to agree to our data protection regulations and the newsletter.
The business client logs on to our website in the web client and creates his account there. The same provisions regarding data protection and newsletters also apply here.
How is your data collected and what is processed?
Most of the data is collected directly from us, the publishers of this app; however, this can also be done via third-party companies with which we cooperate. If you have any questions or suggestions on this topic, you can contact us:
Hart 19, 4343 Mitterkirchen
General information on registration and deletion
Your data is always collected when you enter it, such as your name, which you give us when you register. If you just install the app, but don’t log in or register, we only see the number of downloads (in a statistic from Google/Apple/Facebook). From the time you register, your email will be stored on Google Firebase and our server will save your first name, last name, gender, country and date of birth. You cannot use our app without entering this data. Optionally, you can enter weight and height. Further information can be provided voluntarily. Other data is automatically recorded when our app accesses the data memory of your device (smartphone). Still other data is collected automatically when using the app through our IT systems or through connected accounts. This is mainly technical data (e.g. counting your steps).
If you want to delete your account, you can enable this in the settings > Profile & Accounts > Delete account. After 30 days, the account will be deleted, including all associated data. You have 30 days to log in again. This will result in the account being reactivated. A deletion request has no effect on the data if the storage is legally necessary, for example for billing purposes or other legal circumstances.
The business client creates his account just like basic users and enters his personal data. Business client data (company name, company logo, company address, account manager name, company description, etc.) are stored in the web client.
Firebase is a platform used for mobile and web applications. Using SDK (Software Development Kit), developers can provide certain functions with the help of programming interfaces on various platforms. The SDK provides the tools and infrastructure to make these operations possible. Firebase is used for user login. The email addresses and passwords (encrypted) are stored on Firebase: https://firebase.google.com/support/ privacy.
Firebase has the following function for us: On the one hand, we guarantee state-of-the-art storage of login information. On the other hand, by using this program we can track and fix app crashes. Those information are then sent to Firebase: app version, device brand, device software version, crash date and time, free RAM, free disk space, orientation (portrait/landscape), and rooted yes/no.
Google or Apple account
You can register in our app with your Google Play or Apple account. If you do this, we will receive the following data: first and last name, email address, gender, date of birth, profile picture.
Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA, “Google”): First and last name, email address, gender, date of birth, profile picture
Apple Inc. (One Infinite Loop, Cupertino, CA 95014, USA, “Apple”): your email address or a private Apple e -Mail address with forwarding to your email address.
You can also register in our app with your existing Facebook account. If you do this, we will receive the following data:
Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): first and last name, email address, gender, date of birth, Profile picture
Apple and Google Maps are online map services that can determine the location of certain objects or institutions using aerial and/or satellite images. Apple and Google Maps are used for us to visualize the ambient noise and are not used apart from that.
Use of data in the challenges
Challenges are competitions with a specific goal over a set period of time. Registered users can take part in various challenges and win prizes. In principle, only who completes which challenge and how many points are played for it is saved. In the case of daily training, the duration of the training is also saved and in the case of the ambient noise level, how far the person has moved out of the radius; in the step challenge, how many steps have been completed. This data is also used purely for internal statistical and research purposes for our app. Our server saves information (name, time, when a challenge was completed and how many points were played) as soon as a challenge was opened and the challenge closed, for example by clicking on “Get reward”.
We save on the server In addition, when the users last logged in and with which device (manufacturer). This means that all app installations and devices are saved. We read operating systems, operating system versions, device manufacturers and the device ID and transmit this information to the server. The date is saved so that we know how long the person has not actively used the app. After a long period of inactivity, users will be deleted from our database.
Import fitness activity information from connected accounts
So that we can transfer your daily progress (number of steps) to our app, we use Apple Health Kit and Google Fit. The evaluation of the steps should then serve for statistical purposes for our company.
Apple Health Kit
We use Apple’s HealthKit program, which provides a central location for health and fitness data on iPhone and Apple Watch. With your explicit consent, apps cohere with the HealthKit Store and allow your data to be accessed. We process certain data (steps, calories) provided by the motion sensor. In addition, there is a HealthKit screen in the intro, which asks what we are allowed to track. You have to press and activate “Steps” so that we can use this data as part of the challenges. If further functions (e.g. calories) are added in the future, your explicit consent will also be required here, as discussed above. Here, too, the use of your data is solely for internal company research and analysis purposes and will under no circumstances be passed on or used for advertising and the like.
We use Google’s Fit SDK, which is an open platform that allows users to collect and control their own fitness data. We access the following data: steps and calories.
Transfer of data to third parties
Facebook, Instagram and Google
Pandocs uses third-party advertising platforms such as Facebook, Instagram, Google (not an exhaustive list) to send you specific messages that are adapted to the locations of the platforms and your surfing behavior. This allows us to increase the efficiency of our advertising campaigns and you will be provided with the latest content. In order for your personal data to be forwarded, we also need your express consent here. These companies try to place you in their system in such a way that an advertisement from Pandocs is displayed to you at the optimal time and place.
You can read about exactly how the third-party companies fulfill this purpose on their websites.
Vimeo is a platform on which it is possible to upload videos and share them with friends. Any kind of videos (music videos, short films and documentaries) can be uploaded or streamed. In addition, Vimeo offers a live stream and users can view, comment on or rate videos from other users. The company is based on the Hudson River in Manhattan (Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA). For Vimeo we use a PRO account. This means we can play videos in a native player in Android/iOS (without Vimeo’s own video player, without a Vimeo logo, not in the web browser, etc.). This program is used to play our training videos. These videos are private on Vimeo, can be streamed in-app with an API key (unlimited bandwidth). Vimeo is used during the daily training. A connection to the Vimeo servers is established. The IP address and the page visited are communicated even if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA. We have no influence on the tracking settings and analysis results and cannot access them.
YouTube is a world-renowned video portal where users can view, comment and rate videos or upload them themselves. The type and content of the videos varies from music videos, how-to’s, documentaries to funny and sad clips. YouTube is a subsidiary of Google and is based in San Bruno, California. We use YouTube for the dish of the day (recipes) and meditation, among other things. A YouTube player with a visible logo opens in our app and plays the video.
We do not pass on any user data to YouTube or Vimeo. In principle, only a video (e.g. a training video) is played in our app without YouTube or Vimeo knowing who is watching the video. Vimeo knows that a video is playing in our app. The IP address used is also sent. We use official APIs to access the YouTube and Vimeo service and do not pass on any user data to these services.
Our website uses functions of the web analysis service Google Analytics. Cookies are used for this purpose, which enable an analysis of the use of the website by your users. The information generated in this way is transferred to the provider’s server and stored there. You can prevent this by setting up your browser so that no cookies are saved. We have concluded a corresponding contract for order data processing with the provider. The relationship with the web analytics provider based in the USA is regulated under the Privacy Shield. Data processing takes place on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Art 6 Paragraph 1 lit a (consent) and/or f (legitimate interest) of the GDPR. Our concern within the meaning of the GDPR (legitimate interest) is the improvement of our offer and our website. Since the privacy of our users is important to us, user data is pseudonymised. The user data will be kept for a period of 26 months.
Why do we need your data and what are your rights?
Purpose of storage
Your data is partly used so that the app can be used at all. This selected data is then sent to the server via the app and forwarded to the devices. The other part is used for analysis or troubleshooting.
We use Google Analytics and Facebook Pixel to store data and to analyze and further develop our app. The data there is stored on our website by means of cookies or similar and of course only used for internal company purposes. The cookies are not relevant for standard users and do not appear in the app. They enable the functionality for the business client, since otherwise it cannot log in. The business client announces the data with which he logs in and these are forwarded to us and stored.
The Facebook Pixel makes it possible to reach website visitors on Facebook with advertisements and, conversely, to measure the effectiveness of advertisements. Cookies are also used in this case. From this we can deduce how many people come to our website from Facebook and install the app. The Facebook pixel creates a link to the Facebook account.
In addition to the storage programs already mentioned, we use Microsoft Azure. Microsoft Azure is an online platform that offers storage space, computing power or application software as a service. It represents a kind of IT infrastructure that does not have to be installed on the local computer, but can establish the connection to your own server. Our traffic runs and is stored on Microsoft Azure. The database of our server (location of the European version: Germany) works together with that of Azure.
You have the following rights with regard to your data stored by us:
- Data portability
- Revocation of consent
If you believe that the processing of your data violates data protection law or other legal provisions, or your data protection rights have otherwise been violated in any way, you are welcome to contact us and we will try to rectify the problem as quickly as possible . You also have the right to contact the supervisory authority in accordance with Art. 77 GDPR.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data from access by third parties is therefore not possible.
For some data processing operations we need your express consent; You can of course revoke this at any time if you change your mind. All you have to do is send us an email to firstname.lastname@example.org. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.
What data is stored?
While communicating with our server, the app transmits data that the server automatically saves in so-called log files. There are different categories for this.
- Name (first and last name) / company name
- Company logo
- Date of birth
- Email address
- Profile picture
- Identification and information from the social media area that is forwarded to us via your Facebook or Google account
This data enables us to address you personally.
- Your phone number
- Company address
- Billing address
- Email address
- Messenger ID
- Social media handle
- Other communication channels you used to request more information from us (e.g. HealthKit or Google Fit)
This data is used to contact us for any reason.
- IP address and/or GPS position (voluntarily by providing this via your mobile device settings) or other phone-related location data (e.g. via WiFi or Bluetooth )
We use this data to adapt our service based on your location.
- Payment service providers
- Duration of your Pandocs subscription
- Currency and VAT (based on country-specific information)
We use this data to process your payment.
Information on the Pandocs community
- Information about networked friends
- Provision of photos, videos, for example
- Participation in sweepstakes, fame points
- Registration details
- company resp. Department Affiliation
This data serves us primarily for the purpose of networking: If you give us your express consent that we have access to your phone book and can therefore view telephone numbers and e-mail addresses, we can suggest friends to you and you can connect and exchange ideas. Friends can see life points, rank, profile photo and names of other friends. You have the option to change the settings so that friends cannot find you. You can also deactivate your profile picture for friends there and hide steps/age from your friends.
Information in the social media area
- Information we receive from your interactions with us on various social media such as Facebook, Instagram or Google (public posts, likes and other reactions, contacts, photos, posts, handles or hashtags)
This data is transmitted to us directly or by third-party companies with whom we cooperate.
- Information about your browser (information is collected using cookies and pixels)
- Information includes, for example: IP address, date and time of the visit, how long you were active in our app, the Amount of data transferred, the referrer URL, the pages visited on our website, your browser type and add-ons, device identifiers and functions, device type, versions and the operating system
- language used
- Fitness data (steps)
- other data from your fitness app (location data)
We use this data to improve your goals and to optimally adjust the training.
We use this data to improve your goals and to optimally adjust the training.
In order to be able to provide our services, your data is required. These then serve primarily for those matters:
- to authenticate your access to your account
- to track and view your health and fitness activities
- to view your exercise progress and statistics
- Customer support
- Investigations into certain concerns/complaints and the like
As soon as you register in our app, we will send you a newsletter with the most important collected information regarding competitions, new videos, etc. if you agree to this procedure by ticking the box. You can unsubscribe from the newsletter at any time with a click. We will then immediately delete your data in connection with the newsletter dispatch. This revocation does not affect the legality of the processing carried out on the basis of the consent up to the revocation.
These data are stored by Sendinblue (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany). When an e-mail newsletter is opened, information as to whether a newsletter was opened/clicked on and other technical information is sent to the server (e.g. time of retrieval, IP address, browser type and operating system). This information is not assigned to the respective user but helps to better adapt future newsletters to their interests.
(last update: 4/4/2022)