Privacy policy ovolution app
Privacy policy summary
The ovolution app (application) is an app for recording cycle data and evaluating it according to the Sensiplan® set of rules. The user registers a customer account under which his data are summarized. This data is stored and processed locally on the end device and in the Firestore database (location: Germany). This allows the user to use different end devices to capture and evaluate the cycle. The account will be linked to the payments to unlock the functionality after the trial period. If desired, the user has the possibility to delete his account in the application at any time and all cycle data will be irretrievably deleted. In addition, ovolution offers an optional email service with additional information on cycle topics and products sent to the user. If the user chooses to do so, selected cycle information is shared with the mail provider for the purpose of automation for better targeting.
To ensure application stability and user-friendliness, further information on user behavior and the hardware used by the user is also collected.
By using the application, the user agrees to the pseudonymized use of ovolution GmbH’s data for the following purposes:
- Conducting scientific studies to validate the ovolution app and to research and develop natural family planning methods. In order to conduct such studies, it may be necessary to share pseudonymized data with scientific partners. We ensure that no conclusions can be drawn about individuals.
- Further development and review of the ovolution app evaluation: We evaluate data sets to ensure that the ovolution app evaluations are working properly. For this purpose, we also use pseudonymized data for internal quality tests. No conclusions can be drawn about individuals.
The following list provides an overview of the external services used.
Personal data processed for the following purposes and through the use of the following services:
App Store Connect
Personal data: diagnostic data; purchase history; usage data; tracker.
Google Play Store
Personal data: diagnostic data; purchase history; usage data; tracker.
Payments processed through the Apple App Store
Personal data: Purchase history; device information; tracker; payment data
Payments processed through Google Play Store
Personal data: email; purchase history; device information; tracker; payment data.
RevenueCat
Personal data: application executions; user ID; device information; tracker; payment data.
Firebase Authentication
Personal data: email; first name; last name; password.
Firebase Cloud Firestore and Firebase Cloud Functions
Personal data: usage data; health data for cycle evaluation and other body monitoring data;
Firebase Remote Config for impact analysis of content and feature changes (A/B testing)
Personal data: various types of data, as described in the privacy policy of the service
Firebase performance monitoring for performance analysis in the ovolution app
Personal data: various types of data, as described in the privacy policy of the service
Crashlytics
Personal data: crash data; Device information; Universally Unique Identifier (UUID)
Google Analytics for Firebase for the analysis of user behavior
Personal data: application executions; number of users; number of sessions; app launches; operating systems; in-app purchases; usage data; session duration.
CleverReach
Personal data: email, first name, last name, segmentation data for targeted notification of topics such as childbearing, knowledge status NFP, pill discontinuation or use after pregnancy.
Contact details
Provider
ovolution GmbH
Friedrich-Ebert-Str. 161
64347 Griesheim
Email address of the provider:
hello@ovolution.rocks
Person responsible
Timo Schmuck
ovolution GmbH
Friedrich-Ebert-Str. 161
64347 Griesheim
Email address of the person responsible:
timo@ovolution.rocks
Complete privacy policy
Provider
ovolution GmbH
Friedrich-Ebert-Str. 161
64347 Griesheim
Person responsible: Timo Schmuck
Email address of the person responsible: timo@ovolution.rocks
Types of data collected
Personal data processed by this application independently or through third parties include: email; password; user ID; first name; last name; usage data; health data for cycle evaluation and other body monitoring data and derived information; number of users; number of sessions; session duration; in-app purchases; purchase history; payment data; application executions; operating systems; device information; trackers; diagnostic data.
Full details of each type of personal data processed are provided in the designated sections of this Privacy Policy or selectively through explanatory text displayed prior to data collection.
Personal data may be provided voluntarily by the user or, in the case of usage data, may be collected automatically when this application is used.
Unless otherwise specified, the provision of all data requested by this application is mandatory. If the user refuses to provide the data, this may result in this application being unable to provide its services to the user. In cases where this application expressly states that the provision of personal data is voluntary, users may choose not to provide such data without any consequences for the availability or functioning of the service.
Users who are unclear about which personal data is mandatory can contact the provider.
Any use of cookies – or other tracking tools – by this application or third-party service providers used by this application is for the purpose of providing the service requested by the User and any other purposes described in this document and, if any, in the Cookie Policy.
Users are responsible for all personal data of third parties obtained, published or disclosed through this Application and confirm that they have obtained consent for the transfer of personal data of any third parties to this application.
Type and location of data processing
Processing methods
The provider processes user data in a proper manner and takes appropriate security measures to prevent unauthorized access and unauthorized forwarding, modification or destruction of data.
Data processing is carried out by means of computers or IT-based systems in accordance with organizational procedures and practices specifically aimed at the stated purposes. In addition to the data controller, other persons internally (human resources, sales, marketing, legal department, system administrators) or externally – and in the case where necessary, designated by the data controller as processors (such as technical service providers, delivery companies, hosting providers, IT companies or communication agencies) – could also operate this application and thus have access to the data. A current list of these parties may be requested from the provider at any time.
Legal basis of processing
The provider may process personal data of users only if one of the following applies:
- The users have given their consent for one or more
specific purposes. Note: In some jurisdictions, the provider
may be permitted to process personal data until
the user objects to such processing (“opt-out”) without
relying on consent or any other
of the following legal bases. However, this does not apply if the processing
of personal data is subject to European data protection law; - the data collection is necessary for the fulfillment of a contract
with the user and/or for pre-contractual measures arising therefrom; - the processing is necessary for compliance with a legal obligation to which the provider is subject;
- the processing is related to a task
carried out in the public interest or in the exercise of official authority
vested in the provider; - the processing is necessary to protect the legitimate interests of the provider or a third party.
In any case, the provider will be happy to provide information about the specific legal basis on which the processing is based, in particular whether the provision of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.
Location
The data will be processed in the provider’s office and in all other places where the entities involved in data processing are located.
Depending on the user’s location, data transfers may involve the transfer of the user’s data to a country other than the user’s own. To learn more about the place of processing of the transmitted data, users can consult the section with the detailed information on the processing of personal data.
Users also have the right to be informed about the legal basis of the transfer of data to a country outside the European Union or to an international organization governed by international law or established by two or more countries, such as the UN, as well as about the security measures taken by the provider to protect their data.
If such a transfer occurs, the user can learn more about it by reviewing the relevant sections of this document or by contacting the provider using the information provided in the contact section.
Duration of storage
Personal data is processed and stored for as long as required by the purpose for which it was collected.
Therefore applies:
- Personal data collected for the purpose of fulfilling
contract concluded between the provider and the user
will be stored until the complete fulfillment
of this contract. - Personal data collected to protect the legitimate
interests of the provider shall be retained for as long
as necessary to fulfill these purposes. Users can obtain
more detailed information about the provider’s legitimate interests
in the relevant sections of this document or by contacting
the provider.
In addition, the provider is permitted to store personal data for a longer period of time if the user has consented to such processing, as long as the consent is not revoked. In addition, the provider may be required to retain personal data for a longer period of time if this is necessary to fulfill a legal obligation or by order of an authority.
After the retention period has expired, personal data is deleted. Therefore, the right of access, the right of erasure, the right of rectification and the right of data portability cannot be exercised after the expiry of the retention period.
Processing purposes
Personal data about the user is collected in order for the provider to provide the service and further to comply with its legal obligations, to respond to enforcement requests, to protect its rights and interests (or those of the users or third parties), to detect malicious or fraudulent activities. In addition, data is collected for the following purposes: registration and login, platform services and hosting, backend infrastructure and hosting, handling payments, ovolution app – analysis and optional automatic sending of emails around the cycle.
By using the application, the user agrees to the pseudonymized use of ovolution GmbH’s data for the following purposes:
- Conducting scientific studies to validate the ovolution app and to research and develop natural family planning methods. In order to conduct such studies, it may be necessary to share pseudonymized data with scientific partners. We ensure that no conclusions can be drawn about individuals.
- Further development and review of the ovolution app evaluation: We evaluate data sets to ensure that the ovolution app evaluations are working properly. For this purpose, we also use pseudonymized data for internal quality tests. No conclusions can be drawn about individuals.
Users can find more detailed information on these processing purposes and the personal data used for each purpose in the “Detailed information on personal data processing” section of this document.
Detailed information on the processing of personal data
Personal data is collected for the following purposes using the following services:
The purpose of these services is to host and operate main components of the application for this application so that this application can be offered from a unified platform. Such platforms provide the provider with a whole range of tools – for example, analysis and comment functions, user and database management, e-commerce and payment processing – which involve the processing of personal data.
Some of these services operate with geographically dispersed servers, making it difficult to determine where personal data is stored.
App Store Connect (Apple Inc.)
This application is distributed on Apple’s App Store, a mobile application distribution platform provided by Apple Inc.
App Store Connect allows the provider to manage this application in Apple’s App Store. Depending on the configuration, App Store Connect provides the provider with statistical data about user retention and app discovery, marketing campaigns, sales, in-app purchases, and payments to measure the performance of this application. App Store Connect collects such data only from users who have agreed to share it with the provider. Users can find more information on how to log out via their device settings here.
Personal data processed: diagnostic data; purchase history; usage data; tracker.
Processing location: United States – Privacy Policy.
Google Play Store (Google Ireland Limited)
This application is distributed on Google Play Store, a mobile app distribution platform provided by Google Ireland Limited.
By distributing this application through this channel, Google collects usage and diagnostic information and shares it with the provider. Much of this information is processed on an opt-in basis.
Users can deactivate this analysis function directly via their device settings. The user can find more information about managing the analytics settings on this page.
Personal data processed: usage data.
Processing location: Ireland – Privacy Policy.
Unless otherwise specified, this application processes all payments by credit card, bank transfer, or otherwise through third-party payment service providers. Generally, and unless otherwise stated, users are asked to provide their payment data and personal data directly to these payment service providers.
This application is not involved in the collection and processing of such information, but only receives a notification from the respective payment service provider as to whether the payment was successfully completed.
Payments processed through the Apple App Store (Apple Inc.)
This application uses a payment service provided by Apple Inc. that allows the provider to offer in-app purchases of the application itself or within the application.
Personal data processed to process purchases is processed by Apple as described in the App Store Privacy Policy.
Personal data processed: purchase history; device information; payment data.
Processing location: United States – Privacy Policy.
Payments processed through the Google Play Store (Google Ireland Limited)
This application uses a payment service provided by Google Ireland Limited, which allows the provider to offer in-app purchases of the application itself or within the application.
Personal data processed to process purchases is processed by Google as described in the Google Play Store Privacy Policy.
Personal data processed: email; purchase history; device information; trackers; payment data.
Processing location: Ireland – Privacy Policy.
RevenueCat (RevenueCat, Inc.)
RevenueCat is a payment service provided by RevenueCat, Inc. The service allows the owner to monitor and analyze users and their shopping history, and can be used to track user behavior.
Personal data processed: application executions; user ID; device information; tracker.
Processing Location: United States – Privacy Policy – Opt Out.
By registering or logging in, users authorize this application to identify them and grant them access to specific services.
The ovolution app uses a third-party provider as a registration and login service. In this case, this application may access some data stored by these third parties for registration or identification purposes.
The service listed below collects personal data for targeting and profiling purposes. For more information, see the description of the service.
Firebase Authentication (Google Ireland Limited)
Firebase Authentication is a registration and login service provided by Google Ireland Limited To simplify the login and sign-in process, Firebase Authentication may use third-party identity services and store the information on its platform.
Personal data processed: email; first name, last name; password.
Processing location: Ireland – Privacy Policy.
These types of services have the purpose of hosting data and files so that this application can be managed and used. These types of services have the purpose of hosting data and files so that this application can be managed and used.
Some of the services listed below may or may not operate through geographically dispersed servers, making it difficult to determine the actual location of personal data.
Firebase Cloud Functions (Google Ireland Limited)
Firebase Cloud Functions is a web hosting and backend service provided by Google Ireland Limited.
Personal data processed: usage data; various types of data as described in the Service’s Privacy Policy (e.g., cycle data entered by the user).
Processing location: Germany – Privacy Policy.
Firebase Cloud Firestore (Google Ireland Limited)
Firebase Cloud Firestore is a web hosting and backend service provided by Google Ireland Limited.
Processes and stores personal data: usage data; various types of data as described in the Service’s Privacy Policy (e.g., cycle data entered by the user).
Processing and storage location: Germany – Privacy policy.
The services listed in this section allow the provider to monitor, analyze, and track user traffic, user behavior on traffic related to structure, text, or other modifying components (A/B testing), and application performance and troubleshooting.
Firebase Remote Config (Google Ireland Limited)
Firebase Remote Config is a service provided by Google Ireland Limited for performing A/B testing and configuration.
Personal Data Processed: various types of data as described in the Service’s Privacy Policy.
Processing location: Ireland – Privacy Policy.
Firebase Performance Monitoring (Google Ireland Limited)
Firebase Performance Monitoring is an application monitoring service provided by Google Ireland Limited.
Personal Data Processed: various types of data as described in the Service’s Privacy Policy.
Processing location: Ireland – Privacy Policy.
Crashlytics (Google Ireland Limited)
Crashlytics is an application monitoring service provided by Google Ireland Limited.
Personal data processed: crash data; device information; Universally Unique Identifier (UUID).
Processing location: Ireland – Privacy Policy.
Google Analytics for Firebase (Google Ireland Limited)
Google Analytics for Firebase or Firebase Analytics is an analytics service provided by Google Ireland Limited.
Further information on Google’s use of data can be viewed in Google’s Partner Policy.
Firebase Analytics can share data with other tools provided by Firebase such as Crash Reporting, Authentication, Remote Config or Notifications. The user can check this Privacy Policy to find a detailed explanation of the other tools used by the owner.
This application uses mobile device identifiers and cookie-like technologies to run the Google Analytics for Firebase service.
Users may opt out of certain Firebase features through the appropriate mobile device settings, such as mobile advertising settings, or by following the instructions in other sections of this Privacy Policy regarding Firebase, as applicable.
Personal data processed: application executions; number of users; number of sessions; app launches; operating systems; in-app purchases; usage data; session duration.
Processing location: Ireland – Privacy Policy.
Optionally, users are offered the possibility to receive additional information about the cycle by mail. Selected personal data for the segmentation of users is transferred to CleverReach for this purpose and stored and processed there in its database in order to provide users with information tailored to their target groups.
CleverReach may also collect data on what date and time message was read by the user, as well as when the user interacts with incoming messages, for example, by clicking on links contained therein.
CleverReach (CleverReach GmbH & Co. KG)
CleverReach is a service provided by CleverReach GmbH & Co. KG provided service for managing email addresses and sending messages.
Personal data processed: email, first name, last name, segement information such as childbearing, knowledge status NFP, pill discontinuation or use after pregnancy.
Processing location: Germany – Privacy Policy.
User rights
Users may exercise certain rights in relation to their data processed by the provider.
In particular, users have the right to do the following:
- Revoke the consents at any time. If
the user has previously consented to the processing of personal data,
he may revoke his own consent at any time. - Object to the processing of their data.
The user has the right to object to the processing of his data
if the processing is based on a legal basis
other than consent. Further information on this is
provided below. - Receive information regarding their data. The
user has the right to know whether the data is processed by the provider,
to receive information about individual aspects of the processing and
to receive a copy of the data. - Review and have corrected. The user has the right to verify the accuracy of his data and request its update or correction.
- Request restriction of the processing of their data.
Users have the right to restrict the processing
of their data under certain circumstances. In this case, the provider will not process the data
for any purpose other than storage. - Request deletion or other removal of the personal data. Users have the right to request deletion of their data from the provider under certain circumstances.
- Receive your data and have it transferred to another responsible party.
The user has the right to receive his data in a structured, common
and machine-readable format and, if technically possible,
to have it transferred without hindrance to another responsible party.
This provision is applicable if the data is processed by automated
means and the processing is based on the user’s consent,
on a contract to which the user is a party, or
on pre-contractual obligations. - Submit a complaint. Users have the right to file a complaint with the competent supervisory authority.
Details on the right to object to processing
If personal data are processed in the public interest, in the exercise of a sovereign power conferred on the provider or in order to safeguard the provider’s legitimate interests, the user may object to such processing by providing a justification relating to his/her particular situation.
Users are informed that they may object to the processing of personal data for direct marketing at any time without giving reasons. Users can find out whether the provider processes personal data for direct marketing purposes in the relevant sections of this document.
How to exercise the rights
All requests to exercise the user rights can be directed to the provider via the contact details provided in this document. Applications can be exercised free of charge and will be processed by the provider as soon as possible, at the latest within one month.
Further information on the collection and processing of data
Legal measures
The user’s personal data may be processed by the provider for the purposes of law enforcement within or in preparation of legal proceedings arising from the improper use of this application or the related services. The user declares that he/she is aware that the provider may be required by the authorities to disclose personal data.
More information about the personal data of the user
In addition to the information set forth in this Privacy Policy, this application may provide the user, upon request, with additional contextual information relating to specific services or to the collection and processing of personal data.
System protocols and maintenance
This application and third party services may collect files that record interaction that takes place through this application (system logs) or use other personal data (e.g. IP address) for this purpose for operational and maintenance purposes.
Information not included in this privacy statement
Further information about the collection or processing of personal data can be requested from the provider at any time via the listed contact details.
How “Do Not Track” requests are handled
This application does not support Do Not Track requests by web browsers.
For information on whether integrated third-party services support the no-tracking protocol, users can refer to the Privacy Policy of the respective service.
Changes to this privacy policy
The provider reserves the right to make changes to this privacy policy at any time by informing users on this page and, if applicable, via this application and/or – as far as technically and legally possible – by sending a message via user contact data available to the provider. Users are therefore advised to visit this page regularly and in particular to check the date of the last modification indicated at the bottom of the page.
Insofar as changes affect a data use based on the consent of the user, the provider will – if necessary – obtain a new consent.
Definitions and legal notices
Personal data (or data)
Any information by which the identity
of a natural person is or can be determined, directly or in combination
with other information.
Usage data
Information that this application (or third party services that this application uses) automatically collects, such as: the IP addresses or domain names of the computers of users that use this application, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to send the request to the server, the size of the response file received, the numeric code indicating the status of the server response (successful result, error, etc.), the country of origin, the features of the browser and operating system used by the user, the various times per request (e.g., how much time was spent on each page of the application), and information about the path to the server used by the user. ), the country of origin, the functions of the browser and operating system used by the user, the various time details per call (e.g. how much time was spent on each page of the application) and information about the path followed within an application, in particular the order of the pages visited, as well as other information about the operating system of the device and/or the IT environment of the user.
User
The person using this application who, unless otherwise specified, is the same as the person concerned.
Concerned
The natural person to whom the personal data relates.
Order processor (or data processor)
Natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller as described in this Privacy Policy.
Responsible person (or provider, partly also owner)
The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data and the means used for that purpose, including the security measures relating to the operation and use referred to in this application. Unless otherwise specified, the responsible party is the natural or legal person through whom this application is offered.
This application
The ovolution app for Android or iOS, which is used to collect and process the user’s personal data.
Service
The service provided through this application as described in the relevant T&Cs and on this website/application.
European Union (or EU)
Unless otherwise indicated, all references in this document to the European Union refer to all current Member States of the European Union and the European Economic Area (EEA).
Cookies
Cookies are trackers that consist of a small data set stored in the user’s browser.
Tracker
The term tracker refers to any technology – e.g., cookies, unique identifiers, web beacons, embedded
scripts, e-tags, or fingerprinting – by which users can be tracked, e.g., by enabling access to or storage of information on the user device.
Legal notices
This Privacy Policy has been drafted based on provisions of various legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation). This Privacy Policy applies solely to this application, unless otherwise stated in this document.