Data protection information according to Art. 13, 14 GDPR
IMPORTANT NOTE: The German version of this document will govern our relationship – this translated version is provided for convenience only and will not be interpreted to modify the German version. For the German version, please see the German Data Privacy.
1. Responsible party
The service provider of the web application “onesome” (hereinafter the Application) and the website under the URL www.onesome.de (hereinafter the Website) and the party responsible under data protection law is Seneration GmbH, Maximilianstraße 43, 80538 Munich, Germany (Seneration).
2. Contact details of the data protection officer
3. Processing purposes and legal bases
3.1 Access and informational use of the website (without registration and without login to use the application).
Each time you access the website, your browser automatically sends the following data to our website server: IP address of your requesting internet-capable device; date and time of your access to the website; website/application from which the access was made (referrer URL); your browser type with version and language; operating system of your internet-capable computer; your internet service provider; the sub-websites you are visiting; files downloaded from our website (e.g. PDF or Word documents); website accessed; website previously visited.
The temporary storage of the IP address for the duration of the use of the application is necessary to provide you the website.
In addition, further processing of the data mentioned in 3.1 takes place in order to optimize the website, to ensure the permanent functionality, security and stability of the website and connected IT systems, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest follows from the above-mentioned purposes of providing the website content accessed by the user, optimizing the website and system security and stability, as well as procedures in the event of cyberattacks.
The above data will be deleted as soon as the use of the service (use of the website) ends.
We process your above-mentioned data for as long as it is necessary for the above-mentioned purposes.
3.2.1 Use of technically necessary cookies
In order to make the use of the website more pleasant for you, we use so-called essential cookies (first party cookies). These are necessary to provide the service that makes our website functional. For example, Essential Cookies help to store preferences of the user while navigating the website.
The following data is processed with these cookies: Browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request..
The aforementioned data is processed by us for the purpose of recognizing that you have already visited individual pages of the website, even after you have changed pages, and thus to simplify the use of the website.
The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest for data collection follows from the purpose of providing the informational function of the website called by the user and simplifying the website.
The following list provides more information on how to disable or manage your cookie settings in the browser you use:
3.2.2 Use of Matomo
The website uses the web analytics service Matomo. Matomo is software created by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Further information can be found on the website www.matomo.org.
Using this software, data is collected and stored for the statistical evaluation of the use of the website. Cookies are used for this purpose. The data is collected and stored for the purpose of statistical analysis of user behavior. This serves the purposes of evaluating the use of the website and enabling the website to be designed in line with requirements. For these purposes, pseudonymized usage profiles can be created from the data. The collected IP addresses are automatically anonymized by making parts of the IP address unrecognizable (so-called IP masking). We do not use this data to identify the user and the data is not merged with other personal data of the user. The data is anonymized and processed on a server rented from InnoCraft Ltd. in Frankfurt am Main and also stored in Ireland as a backup. They are not transmitted to third parties. InnoCraft does not pursue its own purposes with the storage and processing of the data.
Tracking with Matomo can be switched on or off again in the cookie preferences.
The legal basis for the use of Matomo in the case of consent is Art. 6 para. 1 sentence 1 GDPR. If you consent to web analysis using Matomo, the following data is collected when you call up individual pages of the website:
(1) 2 bytes of the IP address of the calling system of the user.
(2) The web page called up
(3) The website from which the user accessed the website (referrer)
(4) The subpages that are called up from the called-up website
(5) The time spent on the website
(6) The frequency with which the web page is accessed
3.2.3 Use of other cookies
- Analysis Cookies. These cookies collect information about website visits and help us improve our performance and users’ website experience. For example, we analyse the visitor or user experience and can then adapt content and suggest more targeted activities. These cookies allow us to gain insight into how visitors interact with the website, which page they came from and how often and how long each visitor spent on the website. We may also use analytics cookies to test new advertising, web pages or features, and how users respond to them.
- Functionality or preference cookies. These cookies may store information such as the user’s username, language or location preferences. They also store the user’s personal settings on the website, which the user uses to optimise their use, such as their preferred language. These settings are saved through the use of functionality cookies and the user does not have to make this selection again the next time they visit the website.
The user has the possibility to revoke his consent for the future at any time. However, such a revocation has no influence on the data processing based on his consent that took place before the revocation. The revocation takes place by changing the cookie preferences in the cookie settings on the page: https://seneration.com/datenschutzerklaerung/
3.3 Contact form
You can contact us via our contact form. You will be asked for the following data in the contact form: company, first name, last name, number of employees, position, e-mail, telephone (optional). You must also enter your comments (free text field) in the contact form.
If you use our contact form, your above-mentioned data will be processed by us for the purpose of processing your request or answering your enquiry.
The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by sending an email to email@example.com with effect for the future. Your revocation has no effect on data processing based on your consent that already took place before the revocation. Your data collected as part of the contact form will be stored until you request us to delete it or the purpose for storing the data no longer applies.
To provide the contact form, we use the services of Hubspot, Inc. which acts as an order processor for us. This company is based in the USA.
3.4 Newsletter dispatch
You can register to receive our newsletter via the website. If you have expressly consented in accordance with Art. 6 para. 1 p. 1 lit. a GDPR, we will use your e-mail address to send you the newsletter on a regular basis. For the receipt of the newsletter, it is sufficient to provide your e-mail address.
We use a dispatch service provider to send the newsletter. Personal data collected as part of the newsletter service is not passed on to third parties. The processing of your data by the dispatch service provider takes place exclusively on our behalf.
You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscribe request at any time by e-mail to firstname.lastname@example.org. This is a revocation of your consent to receive the newsletter.
This service provider is the company Mailjet GmbH, based in Germany.
You have the option to leave a comment on a blog post. If you make use of this option, your name and email address will be collected as mandatory data. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
4. Categories of recipients and transfer to third countries processors
We have carefully selected the service providers who process data on our behalf in accordance with instructions as processors and are therefore recipients of personal data, provide sufficient guarantees for appropriate technical and organisational measures and are contractually obliged by us in accordance with Art. 28 GDPR.
Seneration regularly transfers your personal data to the following processors:
Type of processing activity
Hosting and data centre services
5.3 Health data (within the app)
The data we process within the scope of use may be special types of personal data, in particular health data pursuant to Art. 9 DSGVO. This is data that relates to your physical or mental state of health.
These data include, for example:
– Choices about feelings, thoughts, moods, problems.
– Formulations and information in free text fields regarding feelings, thoughts, moods, problems.
5.2 Use of the app (after registration and login)
As part of the registration process, we collect the personal data provided in the input mask as mandatory data, which are marked with an asterisk (*):
– First and last name
– e-mail address
– password chosen by the user
Voluntary data are year of birth, gender and school/training qualification.
The use of the application is also possible without registration and login, but in this case the use is limited to a few features only.
5. data processing when using the application
5.1 Processing purposes and legal basis for the use of the Application.
The legal basis for the processing of your personal data in connection with the use of the Application is the usage contract for the Application that has come into existence between Seneration and you in the context of your registration and creation of a user account, Art. 6 (1) lit. b GDPR. If health data is processed in the context of using the application, this is done on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. A revocation of your consent is possible at any time with effect for the future by sending us an email to the contact details mentioned in section 1 or by making the appropriate setting in your user profile. In the event of a revocation of consent, the application can only be used to a limited extent.
6. Rights of the data subject
As a data subject, you can exercise the following rights if the legal requirements are met. Please use the contact details provided above under points 1. and 2:
Right to information about processes data according to Art. 15 GDPR: You have the right to request information about your stored personal data from us at reasonable intervals. This information extends to the question of whether we have stored personal data of yours and, among other things, what the data is and for what purposes the data is processed. Upon request, we will provide you with a copy of the data that is the subject of the processing.
Right to rectification of inaccurate data pursuant to Art. 16 GDPR: In addition, you have the right to request Seneration to correct incorrectly stored data.
Right to erasure pursuant to Art. 17 GDPR: You have the right to demand that Seneration erases your personal data. We are obliged to delete your personal data if, among other things, it is no longer necessary for the purposes for which it was collected or otherwise processed, if you have withdrawn your consent or if the data was processed unlawfully.
Right to restriction of processing according to Art. 18 GDPR: Under certain conditions, you have the right to restrict the processing of your personal data. This includes if you dispute the accuracy of your personal data and we need to verify your objection. In that case, your data may not be further processed by us, with the exception of storage, until the question of accuracy has been clarified.
Right to data portability pursuant to Art. 20 GDPR: Should you wish to switch to another service provider, you have the right to have us hand over the data you have provided to us on the basis of your consent or on the basis of a contractual relationship existing with you in a common, machine-readable format or – at your choice – transfer it to a third party.
Right to withdraw your consent pursuant to Art. 7 (3) GDPR: If you have given us consent to process data, you can revoke this at any time by the same means by which you gave it. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of objection pursuant to Art. 21 (1) GDPR: You may object to data processing on grounds relating to your particular situation if the data processing is based on our legitimate interests.
Right to complain to a supervisory authority pursuant to Art. 77 (1) GDPR: You have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the supervisory authority responsible for Seneration (Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach).