App Privacy Notice

1. Introduction
As part of the use of our app, personal data is also processed by us as the data controller and stored for the duration necessary to fulfil the specified purposes and legal obligations. Personal data is any information that relates to an identified or identifiable natural person or that is an expression of a person's identity, such as the name, address, telephone number or email addresses, but also log data and GPS information.

This privacy policy applies to our mobile iPhone and Android app (hereinafter referred to as "App"). It explains the nature, purpose and scope of data collection in the context of the use of the app.

This privacy policy can be accessed at any time under the menu item "Privacy policy" within the app.
2. Data controller
Steeped Software Germany GmbH
Breite Str. 46
76467 Bietigheim
Germany
Phone: +‭49 (0) 174 5275675‬
E-Mail: [email protected]
3. Contact data protection
You can contact us directly at any time with questions concerning data protection law or your rights as a data subject.

E-Mail: [email protected]
4. Definitions
Personal data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction to processing means marking stored personal data with the aim of limiting its processing in future.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the data can no longer be assigned to a specific data subject without additional information being provided, given that such additional information is kept separate and subject to appropriate technical and organisational measures that ensure that personal data cannot be attributed to an identified or identifiable natural person.
Controller or person responsible for processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
Processor
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third parties
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent
Consent is any unambiguous voluntary declaration of consent given by the data subject for a specific case in an informed manner in the form of a statement or other action clearly confirming consent (ticking a box) with which the data subject indicates their agreement to their personal data being processed.
5. Using the app
5.1 Data collection when downloading and installing the app
In order to be able to download and install our app from an app store (e.g. Google Play, Apple App Store), you must first register for a user account with the provider of the respective app store and conclude a corresponding user agreement with them. When downloading and installing the app, the necessary information is transferred to the respective app store, in particular your user name, your e-mail address and the customer number of your account, the time of the download, payment information (if applicable) and the individual device identification number. We have no influence on this data collection and are not responsible for it. We process this provided data only insofar as this is necessary for downloading and installing the app on your mobile device (e.g. smartphone). The data processing is based on our legitimate interest in an efficient and secure provision of the app in accordance with Article 6 (1) f. GDPR.
5.2 Contact
If you contact our customer service, e.g. for questions, complaints or suggestions, further personal data may be processed in order to implement and process your request, such as your telephone number (if not already stored), the time of the telephone call (date, time, duration) and your request. Your data will be processed on the basis of Article 6 (1) b. GDPR or Article 6 (1) f. GDPR (provision of customer service).
5.3 Data protection of minors under 16
We do not knowingly solicit or process information from users under the age of 16, nor do we knowingly allow them to register with our services. The Services and their content are therefore not intended for children under the age of 16. If we discover that we have collected personal information from a minor under the age of 16 without parental consent, we will delete that information immediately. If a user believes that we are in possession of any information about a minor under the age of 16 please contact us: [email protected].
5.4 App permissions
The app requires the following permissions:
  • Send push notifications to inform users about expired steeping time timers.
6. What information do we collect about users, why and over what period of time?
6.1. Information from the user
Users may provide us with information, including personally identifiable information ("Personal Information"), when using our App, for example, when filling out forms in the App, participating in surveys, or when communicating with us by phone, email or by other means. The information provided may include:
  • IP adress
  • Device identifiers
  • Speicherkapazität des Geräts
  • Storage capacity of the device
  • Operating system of the device
  • Time zone of the device
  • Internet connection of the device
  • Network operator of the device
  • Email address
  • Name
  • Gender
  • Age
  • Information on personal tea consumption, behavior and life
  • Videos, photos, audio recordings
  • Location data
  • Language
  • App version
  • App operation time
  • Mac addresses
6.2 Automatically collected information
As part of your use of the app, we automatically collect certain data that is required for the use of the app. This includes: internal device ID, version of your operating system, time of access. This data is automatically transmitted to us but is not stored,
  • to provide you with the service and related features;
  • improve the functions and performance features of the app; and
  • prevent and eliminate misuse and malfunctions.
This data processing is justified by the fact that
  • the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 (1) b. GDPR for the use of the App, or
  • we have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a service that is in line with the market and interests, which outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f. GDPR.
6.3 Registration
When you create a user account, we use your data to grant you access to your user account and to manage it ("mandatory data"). Mandatory data within the scope of registration is marked accordingly and is required for the conclusion of the user contract. If you do not provide this data, you will not be able to create a user account. We use the mandatory data to authenticate you when you log in and to follow up on requests to reset your password. We process and use the data you provide during registration or a login process
  • to verify your eligibility to manage the user account;
  • enforce the terms of use of the App and any rights and obligations associated with it; and
  • contact you to send you technical or legal notices, updates, security messages or other messages relating to the administration of the user account.
This data processing is justified by the fact that
  • the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 (1) b. GDPR for the use of the App, or
  • we have a legitimate interest in ensuring the functionality and error-free operation of the app that outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f. GDPR.
7. Transfer to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:
  • you have given your express consent in accordance with Article 6 (1) a. GDPR (in conjunction with § 15 (3) TMG),
  • the disclosure is permissible in accordance with Article 6 (1) f. GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that a legal obligation exists for the disclosure in accordance with Article 6 (1) c. GDPR as well as
  • this is legally permissible and necessary according to Article 6 (1) b. GDPR for the processing of contractual relationships with you.
We transfer collected data for processing to the respective internal departments or to external service providers, processors (e.g. hosting, shipping, processing service providers, web analysis) according to the required purposes (e.g. advertising, communication). In order to protect your data and, if necessary, allow us to transfer data to third countries (outside the EU/EEA), we have concluded commissioned processing agreements based on the standard contractual clauses of the European Commission.
8. Data collection when using push notifications
The app also uses push services from the operating system manufacturers. These are short messages that are shown on the user's display with the user's consent and with which the user is actively informed. When using the push services, a device token from Apple or a registration ID from Google is assigned. The sole purpose is to provide the push services. These are only encrypted, anonymized device IDs. It is not possible to draw conclusions about the individual user. You can decide if you want to use this functionality. To unsubscribe from the push messages, you can use the unsubscribe option in the app.

The collection and processing of device-specific information is based on Article 6 (1) b. GDPR for the purpose of processing contractual relationships with you or Article 6 (1) f. GDPR if and to the extent necessary to protect our interests or those of third parties.
9. Analytics Tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) a. GDPR. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our app.
Google Analytics
Google Analytics is an analytics service provided by Google Inc. The application uses mobile device identifiers (including Android Advertising ID or Advertising Identifier for iOS) and cookie-like technologies to run the Google Analytics service.

At app level, a so-called app instance ID is generated (pseudonymized), similar to the functionality of cookies in a web browser. It is a randomly generated ID that is recorded when the app is used for the first time. For this purpose, general device information such as model and operating system as well as interactions with our app are recorded.

In the default implementation of Google Analytics collects the following data:
  • Number of users and sessions
  • Session duration
  • Operating systems
  • Device models
  • Region
  • First launches
  • App executions
  • App updates
  • In-app purchases
The anonymization of your IP address is always activated. This does not allow us to assign the above data to a specific person. The collected data is usually transferred to US servers and stored there. However, Google must previously truncate the IP addresses in Member States of the European Union or in other contracting states to the Agreement on the European Economic Area (EEA).

For more information on the terms of use and privacy policy of Google Analytics, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

The data we collect and link to an App Instance ID is automatically deleted after 14 months.

Consent to data analysis can be revoked at any time with effect for the future.
10. Period of data processing
We delete or anonymise the data to be processed as soon as it is no longer necessary for the purposes for which we collected or used it. As a rule, we store the data to be processed for the duration of the usage or contractual relationship via the app. Specific information in this data protection declaration or legal requirements for the retention and deletion of personal data, in particular data that we must retain for tax reasons, remain unaffected.
11. Your rights as a data subject
11.1 Right to information (Article 15 GDPR)
You have the right to obtain information about the personal data stored about you at any time, free of charge, as well as the right to access a copy of such data from us.
11.2 Right to correction (Article 16 GDPR)
You have the right to request the immediate rectification of incorrect personal data relating to yourself. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
11.3 Erasure (Article 17 GDPR)
You have the right to request that we erase your personal data, provided one of the reasons stipulated by law applies and if processing is not necessary.
11.4 Restriction to processing (Article 18 GDPR)
You have the right to request that we restrict the processing of your data if one of the legal requirements is met.
11.5 Data transferability (Article 20 GDPR)
You have the right obtain personal data relating to you that you provided us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on the consent pursuant to Article 6 Paragraph 1(a) GDPR or Article 9 Paragraph 2(a) GDPR or on a contract pursuant to Article 6 Paragraph 1(b) GDPR, and the data are processed using automated procedures, unless processing is necessary to complete a task, is in the public interest or is carried out in the exercise of an official authority assigned to us.

Furthermore, when exercising your right to data transferability pursuant to Article 20 Paragraph 1 GDPR, you have the right to have personal data transferred directly from one controller to another, provided this is technically feasible and does not impede the rights and freedoms of other persons.
12. Objection (Article 21 GDPR)
You have the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Paragraph 1(e) (data processing in the public interest) or (f) (data processing on the basis of the weighing of legitimate interests) GDPR.

This also applies to profiling based on these provisions pursuant to Article 4 Number 4 GDPR.

Should you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where processing serves the assertion, exercise or defence of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.
13. Lodging a complaint with a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
14. Versions and amendments to the Privacy Notice
This Privacy Notice is currently valid and was last updated in October 2021.

It may be necessary for us to amend this Privacy Notice in the process of further developing our website and the services we offer through our website or due to changes in legal or regulatory requirements. We therefore recommend that you consult this page regularly for any updates or changes to our privacy policy.
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences Deny Accept