Privacy Policy the weeks App

This privacy policy applies to the use of our app. Below we provide detailed information about the type, scope and purpose of the personal data we collect, use and process and explain the rights to which you are entitled as the data subject.

We reserve the right to change the privacy policy at any time with effect for the future. When you visit our app again, the updated and published privacy policy applies. The current version of the privacy policy can be accessed, saved and then printed out in our app at any time.

1. Definitions

The data protection declaration of out loud UG (limited liability) is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the general public as well as for you, our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy we use, among others, the following terms:

a. personal data

Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e. Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f. Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g. Controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her nomination may be provided for by Union or Member State law.

h. Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i. Recipient

Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular investigation in accordance with Union or Member State law shall not be considered recipients.

j. Third

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct responsibility of the controller or processor.

k. Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.

2. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

out loud UG (limited liability)
Managing Director: Dr. Lea-Sophie Borgmann
Bismarck Stone 1
22587 Hamburg
Germany
Phone: +49 30 62930175
Email: support[at]theweeks.de
Website: www.theweeks.de

3. General information on data processing

a. Scope of processing

We generally only collect and use personal data to the extent that this is necessary to provide a functional app and our content and services, you have given your consent or the processing of the data is permitted by law.

b. Legal basis for the processing of personal data

If we obtain your consent for the processing of personal data, Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data that is necessary to fulfill a contract to which you are a party, Art. 6 Paragraph 1 Clause 1 Letter b of GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for processing.

c. Legitimate interests in processing

If the processing of your personal data is based on Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, our legitimate interest is, unless otherwise stated, the conduct of our business activities. In addition, we have stated our purposes and interests in the above list of processing.

d. Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies or you withdraw your consent. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. If the purpose of storage no longer applies, you withdraw your consent or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

e. Recipient of the collected data / data transmission

The primary recipient of the data collected via our app is us as the responsible company. In addition, processors (web hosts, IT service providers, etc.) may have access to the data collected via our app. However, compliance with the legal regulations is guaranteed by order processing contracts that we conclude with our processors based in the EU. Data is only transferred to so-called third countries outside the EU if and to the extent that this has been pointed out below.

f. Necessity of disclosure of personal data

If you would like to use our app, the provision of personal data is mandatory for the execution of the contract.

g. Existence of automated decision-making

We do not carry out any automated decision-making or profiling within the meaning of Art. 22 GDPR.

h. Data security

We protect our app and other systems through comprehensive technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement to ensure the latest state of the art.

i. Data processing when using our app and using our services

The personal data described below in this privacy policy, which you provide as part of the intended use of the app, are necessary in order to be able to guarantee the purpose of using the app in the best possible way.

The long-term guarantee of the technical functionality, user-friendliness and further development of the app includes processing your feedback to improve the app.

The prerequisite for lawful data processing is that you consent to the data processing for the aforementioned purposes. Consent to the processing of health data and feedback is given when registering in the app and can be revoked from within the app.

4. Data collection and use when registering and using our services

a. Download the weeks app from the Apple App Store or Google Play Store

When you download the mobile the weeks app, certain information is transferred to the Apple App Store or Google Play Store, in particular

• Username
• Email address and customer number of your account
• Time of download
• Payment information and
• the individual device identification number.

We have no influence on this data collection and are not responsible for it. We only process the data to the extent that it is necessary for downloading the mobile app onto your mobile device.

b. Creating a user account in the weeks app

In order to use the weeks app, you must provide certain mandatory information when you first use it in order to gain access to and manage your user account ("mandatory information"). Mandatory information as part of the registration is required to conclude the user agreement. The data collected can be seen from the respective input forms. As part of the registration, this includes:

• A freely selectable nickname (pseudonym)
• The estimated date of birth

If you do not provide this information, you will not be able to create a user account.

If you use our service via our app, we collect and process the following data from you as part of the service provision:

• A freely selectable nickname (pseudonym)
• The estimated date of birth

We use your data to provide our services to you and to bill you for our services.

We use the data you provide only to process the contract and provide the services we provide under the contract. We may also pass your data on to one or more processors who will also use your data exclusively for internal use on our behalf. You can find the processors we use in this privacy policy.

The legal basis for the processing of your personal data is the fulfillment of our contract with you in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR.

We also save your IP address and the date and time of registration in order to prevent misuse of our app and the services offered on it and to investigate any crimes that may have been committed. The storage of this data is therefore necessary for our own protection. The legal basis for the processing of your personal data is Art. 6 Para. 1 Clause 1 Letter f of GDPR. Our legitimate interest in data processing also lies in the aforementioned purposes.

After the contract has been fully processed or your account has been deleted, your data will initially be blocked for further use and deleted after the statutory retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you below. Data that we do not have to keep is generally deleted by us one year after the estimated due date you entered has expired.

You have the option to object to the processing at any time and to delete your account. In such a case, the contractual relationship with you cannot be continued.

c. Processing of special categories of personal data – data concerning health

In order to be able to make the app available to you, to be able to send you specific information about your postpartum period and to be able to accompany you through the postpartum period using the app, you must provide your estimated due date when registering for the app.

Since these are special categories of personal data (health data), the legal basis for the processing of this data is your consent in accordance with Art. 9 (2) (h) GDPR.

You can revoke your consent to the processing of health data at any time via the app.

d. Use of short messages via push notifications in the weeks app

When using our mobile app, you have the option of activating push notifications. Push notifications are short messages that are shown on the display with your consent. We use them to inform you about news in the weeks app.

If you use push services, your device will be assigned a device token from Apple or a registration ID from Google. These are encrypted, anonymized device IDs. It is impossible to identify individual users.

The sole purpose of our use of this data is to provide the push services. If you do not give permission, we will not use this data.

If you want to unsubscribe from push notifications at a later date, you can use the unsubscribe option in your settings. You can find this under the settings in the top right corner of the app.

The legal basis for the processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR; the processing serves to safeguard the legitimate interests of the controller or a third party.

e. Hosting, access data in server log files

We host our app on servers of Firebase, Inc. The operating company of Firebase is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Hoster”).

We provide a technical infrastructure via our hoster in order to be able to offer our app. When you use our app, personal data is transferred to our hoster.

The temporary storage of the IP address by the system is necessary in order to be able to offer the app via your device.

The legal basis for the temporary storage of your data is our legitimate interest Art. 6 Para. 1 S. 1 lit. f GDPR.

The specified data is evaluated exclusively to ensure the continuous and trouble-free operation of our app and the security of our information technology systems.

The collection of data to provide the app is essential for the operation of our app. There is therefore no possibility of objection.

For further information on data protection, please see Firebase’s privacy policy at https://firebase.google.com/support/privacy?hl=de.

f. Customer support via email

We have customer support available for you in our app. You can use our customer support to send us an email with your technical questions and queries. If you contact us by email, the personal data you send us will be saved automatically. This includes your first name, last name and email address.

We expressly point out that customer support is only intended to provide assistance with technical problems and problems using the app. Customer support does not answer any medical questions. We therefore ask you to refrain from making such inquiries via customer support.

We use the personal data you provide exclusively to process your specific request. The data you provide will always be treated confidentially.

The legal basis for the processing of data transmitted when sending an email is Art. 6 (1) sentence 1 lit. f GDPR. If the aim of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

g. Purchase of premium content from the weeks app

1) Purchases of premium content via our website wwww.theweeks.de

Purchases of premium content of the weeks app via our website www.theweeks.de are processed by one of the following payment service providers:

i) Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If users choose a payment method offered by the payment service provider Shopify Payments, payment processing is carried out by the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information provided by the data subjects during the ordering process, together with information about the order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1) (b) GDPR. The data is passed on exclusively for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information on Shopify Payments' data protection can be found at the following Internet address: www.shopify.com/legal/privacy. Data protection information about Stripe Payments Europe Ltd. can be found here: www.stripe.com/de/privacy .

ii) PayPal (Europe) S.à rl et Cie, SCA

If the data subject selects "PayPal" as a payment option during the ordering process in our online shop, the data subject's data will be automatically transferred to PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal L-2449 Luxembourg (" PayPal"). By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on their behalf.

The data subject has the option of revoking his or her consent to PayPal handling personal data at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal’s applicable data protection provisions can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

2) In-app purchases via the Apple App Store or Google Play Store

When you purchase or download apps via an app store in our app, we do not collect or process any personal data. This data, in particular data for electronic payment processing, is only collected and processed directly by the relevant app store. Please note their privacy policies when using the app stores:

Apple App Store: www.apple.com/de/privacy/
Google Play Store: policies.google.com/privacy

If you have any questions about the processing of your personal data by the relevant app store (e.g. How can I delete my data?), please contact the app store through which you downloaded or purchased an app directly.

5. Rights of the data subject

If your personal data is processed, you as the data subject within the meaning of the GDPR have the following rights in particular:

a. Right to information (Art. 15 GDPR)

You have the right to request confirmation as to whether we process data concerning you. You also have the right to obtain information about the personal data stored about you and a copy of this data from us at any time free of charge in accordance with the legal requirements.

b. Right to rectification (Art. 16 GDPR)

You have the right to request the immediate rectification and/or completion of inaccurate or incomplete personal data concerning you. We must carry out the rectification immediately.

c. Right to restriction of processing (Art. 18 GDPR)

You have the right to request that we restrict processing if one of the legal requirements is met.

d. Right to erasure (Art. 17 GDPR)

You have the right to request that we delete the personal data concerning you immediately if one of the legal reasons applies and if processing is not necessary.

e. Right to information

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis us, we are obliged to inform all recipients to whom the personal data concerning you was disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure.

You have the right to be informed by us about these recipients.

f. Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have made available to us in a structured, common and machine-readable format in accordance with the statutory requirements. You also have the right to transmit this data to another controller without hindrance from us in accordance with the statutory requirements. Furthermore, you have the right to have the personal data transmitted directly from us to another controller in accordance with the statutory requirements, provided this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

g. Right to object (Art. 21 GDPR)

You have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) sentence 1 lit. e or f GDPR, for reasons related to your particular situation. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You also have the right to object, for reasons related to your particular situation, to the processing of your personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to perform a task carried out in the public interest.

You can contact us at any time to exercise your right to object.

h. Right to withdraw consent

You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of your consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

i. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

STATUS: AUGUST 2023