Privacy policy for the Endel-App

General Information

We, Endel Sound GmbH, Hohenzollerndamm 61, 14199 Berlin (hereinafter also referred to as “Endel”) collect and Process your Personal Data in connection with the Endel App (hereinafter also referred to as “App”) and are “controller” within the meaning of the EU General Data Protection Regulation (GDPR).

Definitions

Personal Data means any information relating to a living person which can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data or an online identifier.

Processing refers to any operation relating to Personal Data such as its collection, recording, organization, structuring, storage, adaptation or alteration, disclosure or any other use.

The protection and confidentiality of your data is very important to us. We therefore process your data only to the extent that

this is necessary to provide the services you requested from the App,

you have consented to the Processing or

we are otherwise legally authorized to do so.

If you have any questions, suggestions or comments, please feel free to contact Endel Sound GmbH, Hohenzollerndamm 61, 14199 Berlin: Phone +49 176 22877069, E-Mail: oleg@endel.io.

What data do we collect from you and for what purpose?

Information collected during download

When you download the App, certain required information is sent to the App Store, including your Apple ID, time of download, payment information, and your unique device identification number. The processing of these data takes place exclusively through the App Store and is beyond our control.

Information that is automatically collected when using the app

As part of your use of the App, we automatically collect certain data required for the use of the App. This includes, for example, your device model, system version, and IP address of your mobile device.

This data is automatically Processed by us (1) to provide you with the App and related features; (2) to improve the features and functionality of the App; and (3) to prevent and correct misuse and malfunctions. This Processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the App, or (2) we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in guaranteeing the functionality and error-free operation of the App and being able to offer an interest-oriented service.

Creation of a user account (registration) and login

To use the App we can ask you to create a user account. For this purpose, it is necessary to enter your e-mail address (“mandatory information”). The mandatory information enable and guarantee the access and administration of your user account. Mandatory information within the scope of registration are marked with an asterisk and are required for the conclusion of the user contract. If you do not provide this mandatory information, you will not be able to create a user account. The creation of the user account takes place after entering the mandatory data and using the so-called double opt-in procedure. This means that we will only activate your user account after you have confirmed your registration via the link in the confirmation e-mail.

In addition, you can voluntarily enter your date of birth during the registration process.

We use the mandatory information to authenticate you when you log in and to follow up requests to reset your password. The data entered by you during registration or login will be processed and used by us to (1) verify your authorization to manage your user account; (2) enforce the App’s terms and conditions and all related rights and obligations; and (3) contact you to send you technical or legal notices, updates, security messages, or other messages regarding the management of your user account.

This Processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the App, or (2) we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in ensuring the functionality and error-free operation of the App.

Generic mode

If you use the app without providing any further data or giving permission, we will not Process any Personal Data to create a personalized sound environment for you. You will then receive a generic sound environment.

Personalized sound environment

If you want to personalize your sound environment, you can share various information and manage these shares. These include, for example, your heart rate and your location.

The following authorizations can be assigned to the app:

Internet access: This is required to store your entries on our servers.

Location data: By Processing your location data, the app can personalize your sound environment by incorporating weather and time data.

This data is Processed to provide the service, in particular to provide the functionality of the app and the services specified in the terms and conditions. This data processing is justified by the fact that the processing is necessary for the fulfilment of the contract between you and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App.

You can also grant the following authorizations:

Heart rate: By processing your heart rate, the app allows you to create personalized sound environments.

Motion, data: By processing your movement data, especially your Cadence, steps count and speed, the app can create personalized sound environments for you.

If you grant these authorizations, we Process your Personal Data to provide you with personalized sound environments based on your consent pursuant to Art. 6 para. 1 lit. a) GDPR.

You are not obliged to provide your Personal Data. Furthermore, the use of our app and the associated services is voluntary. However, if you do not wish to provide us with the necessary data, we will not be able to provide you with the functions and services mentioned above.

Please note that when using third-party hardware, such as an Apple Watch, the third-party’s privacy policy applies.

Reports and highlights

We will inform you periodically, usually once a week, about your weekly highlights when using the app and show you statistical analyses. For this purpose we process data about your activity in the app. This is justified by the fact that the processing is necessary for the fulfilment of the contract between you and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App.

Payments

For payment processing, only the data relevant to payment is transmitted to Apple Pay. This is justified by the fact that the processing is necessary for the fulfilment of the contract between you and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App.

Where we store your data

We store your data on your device and on the servers of our IT service provider Amazon Web Services SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg. Processing shall only take place on our behalf and on the basis of a data processing agreement.

Analytics tools

Endel partially commissions third party providers to provide services for the analysis and evaluation of data. Processing is only carried out on our behalf and on the basis of a data processing agreement. In detail we use the following tools:

Amplitude

We use the web analysis service Amplitude of Amplitude, Inc. 631 Howard St., Floor 3, San Francisco, CA 94107, USA to evaluate user access. The data collected with this technology will not be used to identify the user personally and will not be merged with Personal Data about the bearer of the pseudonym without the separate consent of the data subject. The information collected is stored on a server in the USA. Amplitude’s privacy policy can be found here: https://amplitude.com/privacy. The transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.

Google Firebase

We use the Google Firebase service from Google LLC, 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA to play push messages. A so-called device token from Apple is assigned for
this purpose. The sole purpose of their use by us is to provide the Push Services. These are encrypted, anonymous device IDs. The transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.

Crashlytics

We work with Crashlytics Inc. “(“Crashlytics”), a Google LLC service that collects user information when users use Endel. Crashlytics collects data on app usage specifically related to system crashes and bugs. It uses information about the device, the version of the app that is installed, and other information that can help fix bugs, especially about the user’s software and hardware. The transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.

Plug-ins

We are currently using the social media plug-ins from Facebook and Spotify. We offer you the possibility to communicate directly with the provider of the plug-in via the button. When using the plug-ins, your data may be transmitted to the respective plug-in provider.

How long your data will be stored and how you can delete it

We store your data only for the time period for which you use the app and they are necessary to fulfill the purpose for which they were originally collected. If applicable, we will store your data for as long as is legally required, e.g. for tax reasons.

You can delete your data by visiting the data management section in your settings. This will irrevocably delete all your data from our databases.

Your data rights

Depending on the circumstances of the specific case, you have the following rights:

The right of access (Art. 15 GDPR)

The right to rectification (Art. 16 GDPR)

The right to erasure (Art. 17 GDPR)

The right to restriction of processing (Art. 18 GDPR)

The right to data portability (Art. 20 GDPR)

The right to take legal action or to file a complaint with the competent supervisory authorities (Art. 77 GDPR)

In addition, you have the right to object at any time to the Processing of your Personal Data for purposes of direct marketing or to pursue our legitimate interest.

You may (i) exercise the above rights or (ii) ask questions or (iii) complain about our processing of your Personal Data by contacting us as indicated above.

Changes to our privacy policy

We reserve the right to amend this privacy policy in accordance with the provisions of data protection law. You will find the current version on our website at http://endel.io/privacy-policy/.

If you have any questions, suggestions or comments on the subject of data protection, please feel free to contact us. Contact information:  Endel Sound GmbH, Hohenzollerndamm 61, 14199 Berlin, Phone +49 176 228 77069, E-Mail: oleg@endel.io

Version: 1.0 ; Date: 6 November 2018