Privacy policy for the Endel app
General Information
We, Endel Sound GmbH, Sophienstraße 21, 10178 Berlin (hereinafter also referred to as “Endel”) collect and Process your Personal Data in connection with the Endel App (hereinafter also referred to as “App”) and are “controller” within the meaning of the EU General Data Protection Regulation (GDPR).
Definitions
Personal Data means any information relating to a living person which can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data or an online identifier.
Processing refers to any operation relating to Personal Data such as its collection, recording, organization, structuring, storage, adaptation or alteration, disclosure or any other use.
The protection and confidentiality of your data is very important to us. We therefore process your data only to the extent that this is necessary to provide the services you requested from the App, you have consented to the Processing or we are otherwise legally authorized to do so.
If you have any questions, suggestions or comments, please feel free to contact Endel Sound GmbH, Sophienstraße 21, 10178 Berlin: E-Mail: ask@endel.io.
What data do we collect from you and for what purpose?
a. Information collected during download
When you download the App, certain required information is submitted to the App Store, including your Apple ID, time of download, payment information (e.g. credit card, bank account) and your individual device ID number. The processing of this data occurs exclusively through the respective App Store or the respective payment system (e.g. Stripe) and is beyond our control.
b. Information that is automatically collected when using the app
As part of your use of the App, we automatically collect certain data required for the use of the App. This includes, for example, your device model, system version, and IP address of your mobile device.
This data is automatically Processed by us (1) to provide you with the App and related features; (2) to improve the features and functionality of the App; and (3) to prevent and correct misuse and malfunctions. This Processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the App, or (2) we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in guaranteeing the functionality and error-free operation of the App and being able to offer an interest-oriented service.
c. Creation of a user account (registration) and login
To use the App we can ask you to create a user account. For this purpose, it is necessary to enter your e-mail address (“mandatory information”). The mandatory information enable and guarantee the access and administration of your user account. Mandatory information within the scope of registration are marked with an asterisk and are required for the conclusion of the user contract. If you do not provide this mandatory information, you will not be able to create a user account. The creation of the user account takes place after entering the mandatory data.
In addition, you can voluntarily enter your date of birth during the registration process.
We use the mandatory information to authenticate you when you log in and to follow up requests to reset your password. The data entered by you during registration or login will be processed and used by us to (1) verify your authorization to manage your user account; (2) enforce the App’s terms and conditions and all related rights and obligations; and (3) contact you to send you technical or legal notices, updates, security messages, or other messages regarding the management of your user account.
This Processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the App, or (2) we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in ensuring the functionality and error-free operation of the App.
Registration and log-in with Facebook Connect
Facebook Connect makes it easy for you to register for and log into an account. Instead of entering the required information, you can log in with your Facebook login information. You will be redirected to the Facebook page to enter your information.
Registration in this form links your user account to your Facebook profile. We receive Personal Data about you from Facebook, namely your e-mail address and your name. We use these Personal Data only in order to identify you at registration and login. This Processing is justified by Art. 6 para. 1 S. 1 lit. b GDPR.
Facebook also receives data about you from us. We would like to point out that, as the provider of the App, we do not have any knowledge of the content of the data transmitted or its use by Facebook. Further information on this can be found in Facebook's privacy policy. If you do not want data to be collected via Facebook Connect, please do not use the Facebook Connect function.
d. Data syncing: Connecting certain Personal Data to your account
If you create an account, you will have access to our data syncing feature. This means that we will connect your health data, subscription length and originating platform (iOS, Android etc.) to your account. This will enable you to enjoy your personalized ENDEL sound environment (as set out below) from several devices using different originating platforms.
This Processing is justified by the fact that (1) the processing is necessary for the fulfilment of the contract between you and us in accordance with Art. 6 para. 1 lit. b) GDPR for the use of the App, or (2) we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR in ensuring the functionality and error-free operation of the App.
e. Generic mode
If you use the app without providing any further data or giving permission, we will not Process any Personal Data to create a personalized sound environment for you. You will then receive a generic sound environment.
f. Personalized sound environment
If you want to personalize your sound environment, you can share various information and manage these shares. These include, for example, your heart rate and your location.
The following authorizations can be assigned to the app:
Internet access: This is required to store your entries on our servers.
Location data: By Processing your location data, the app can personalize your sound environment by incorporating weather and time data.
This data is Processed to provide the service, in particular to provide the functionality of the app and the services specified in the terms and conditions. This data processing is justified by the fact that the processing is necessary for the fulfilment of the contract between you and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App.
You can also grant the following authorizations:
Heart rate: By processing your heart rate, the app allows you to create personalized sound environments.
Motion, data: By processing your movement data, especially your Cadence, steps count and speed, the app can create personalized sound environments for you.
If you grant these authorizations, we Process your Personal Data to provide you with personalized sound environments based on your consent pursuant to Art. 6 para. 1 lit. a) GDPR.
You are not obliged to provide your Personal Data. Furthermore, the use of our app and the associated services is voluntary. However, if you do not wish to provide us with the necessary data, we will not be able to provide you with the functions and services mentioned above.
Please note that when using third-party hardware, such as an Apple Watch, the third-party’s privacy policy applies.
g. Reports and highlights
We will inform you periodically, usually once a week, about your weekly highlights when using the app and show you statistical analyses. For this purpose we process data about your activity in the app. This is justified by the fact that the processing is necessary for the fulfilment of the contract between you and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App.
h. Payments
For payment processing, only the data relevant to payment is transmitted to Apple Pay, Google Play and Stripe. This is justified by the fact that the processing is necessary for the fulfilment of the contract between you and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App.
i. Advertising and newsletter
With your consent, you can allow us to send you advertising and our newsletter, which will inform you about our new products and services and other relevant information. The legal basis for this Processing is Art. 6 para. 1 sentence 1 lit. a GDPR. We store your e-mail address as long as you agree to receive this information.
You can unsubscribe from receiving this information from us anytime by clicking on the link contained in each newsletter.
Where we store your data; who has access to your data.
We store your data on your device and on the servers of our IT service provider Amazon Web Services SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg. Processing shall only take place on our behalf and on the basis of a data processing agreement.
If you use Facebook Connect to register for and log into an account, your Personal Data will be transmitted to Facebook, Inc. 1601 Willow Road Menlo Park, California 94025 in the United States. The transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.
Analytics tools
Endel partially commissions third party providers to provide services for the analysis and evaluation of data. Processing is only carried out on our behalf and on the basis of a data processing agreement. In detail we use the following tools:
a. Amplitude
We use the web analysis service Amplitude of Amplitude, Inc. 631 Howard St., Floor 3, San Francisco, CA 94107, USA to evaluate user access. The data collected with this technology will not be used to identify the user personally and will not be merged with Personal Data about the bearer of the pseudonym without the separate consent of the data subject. The information collected is stored on a server in the USA. Amplitude’s privacy policy can be found here: https://amplitude.com/privacy. The transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.
b. Adjust
We use the analysis service Adjust from Adjust GmbH, Saarbrücker Straße 37a, 10405 Berlin to track user interactions with the app in real time and to analyze the performance of marketing campaigns. The data collected with this technology will not be used to identify the user personally and will not be merged with Personal Data about the bearer of the pseudonym without the separate consent of the data subject. Adjust’s privacy policy can be found here:https://www.adjust.com/terms/privacy-policy/. Any transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.
c. Apptimize
We use the service Apptimize from Apptimize, Inc., 330 Townsend St Suite 234, San Francisco, CA 94107, USA to analyse user behaviour via A/B-Testing. We can show you our App with slightly varied content, depending on the profile assignment. In this way we can analyse our offer, regularly improve it and make it more interesting for you as a user. Any transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.
d. Google Firebase
We use the Google Firebase service from Google LLC, 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA to play push messages. A so-called device token from Apple is assigned for this purpose. The sole purpose of their use by us is to provide the Push Services. These are encrypted, anonymous device IDs. The transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.
e. Crashlytics
We work with Crashlytics Inc. “(“Crashlytics”), a Google LLC service that collects user information when users use Endel. Crashlytics collects data on app usage specifically related to system crashes and bugs. It uses information about the device, the version of the app that is installed, and other information that can help fix bugs, especially about the user’s software and hardware. The transfer to the USA is secured by an adequacy decision based on the EU-US Privacy Shield.
f. Plug-ins
We are currently using the social media plug-ins from Facebook and Spotify. We offer you the possibility to communicate directly with the provider of the plug-in via the button. When using the plug-ins, your data may be transmitted to the respective plug-in provider.
g. Mailchimp
Our newsletter is sent using “Mailchimp”, a newsletter sending platform from the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE 5000, Atlanta, GA 30308, USA. Mailchimp organizes and analyzes the distribution of newsletters. When you open an email sent by Mailchimp, a file included in the email (called a web beacon) connects to Mailchimp’s servers in the US. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This is used for the statistical analysis of the newsletter campaign. You can find Mailchimp’s privacy policy here: https://mailchimp.com/legal/privacy/. If you do not want your usage of the newsletter to be analyzed by Mailchimp, you can always withdraw your consent and unsubscribe from the newsletter at any time.
h. Push-notifications
For push notifications, we use the technology of the provider OneSignal, located at 2850 S Delaware St Suite 201, San Mateo, CA 94403, USA. We use “OneSignal” to send you push notifications and to keep you informed about news through the notifications. The provider processes personal data from you which allow conclusions to be drawn about your user behaviour, such as your reactions to the push notifications. The legal basis for the processing is Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. OneSignal’s privacy policy can be found here: https://onesignal.com/privacy_policy.
How long your data will be stored and how you can delete it
We store your data only for the time period for which you use the app and they are necessary to fulfill the purpose for which they were originally collected. If applicable, we will store your data for as long as is legally required, e.g. for tax reasons.
You can delete your data by visiting the data management section in your settings. This will irrevocably delete all your data from our databases.
Your data rights
Depending on the circumstances of the specific case, you have the following rights:
The right of access (Art. 15 GDPR)
The right to rectification (Art. 16 GDPR)
The right to erasure (Art. 17 GDPR)
The right to restriction of processing (Art. 18 GDPR)
The right to data portability (Art. 20 GDPR)
The right to take legal action or to file a complaint with the competent supervisory authorities (Art. 77 GDPR)
In addition, you have the right to object at any time to the Processing of your Personal Data for purposes of direct marketing or to pursue our legitimate interest.
You may (i) exercise the above rights or (ii) ask questions or (iii) complain about our processing of your Personal Data by contacting us as indicated above.
Changes to our privacy policy
We reserve the right to amend this privacy policy in accordance with the provisions of data protection law. You will find the current version on our website at https://endel.zendesk.com/.
If you have any questions, suggestions or comments on the subject of data protection, please feel free to contact us. Contact information: Endel Sound GmbH, Sophienstraße 21, 10178 Berlin, E-Mail: ask@endel.io
Version: 1.3 ; Date: 29 April 2021