PRIVACY POLICY


Provider and responsible party

NIU Nature GmbH

Eschersheimer Landstra├če 95

60322 Frankfurt am Main, Germany

Email address of the provider: hello@niu.clinic


Types of data collected

The types of Personal Data that this Application collects, either independently or through third parties, include Tracker; Usage Data; Gender; General Activity Data; Activity related to physical activity; Body measurements & indices; Activity related to nutrition; Activity related to sleep; Heart rate and other vital data; Date of birth; Unique device identifier for advertising (Google advertising ID or IDFA, for example); User ID.

Full details on each type of Personal Data processed are provided in the dedicated sections of this privacy policy or selectively through explanatory texts displayed prior to data collection.


Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

Unless otherwise specified, the provision of all Data requested by this Application is mandatory. If the User refuses to provide the Data, this Application may not be able to provide its services to the User. In cases where this Application expressly states that the provision of Personal Data is optional, Users may choose not to provide such Data without any consequences for the availability or functionality of the Service.

Users who are unclear about which personal data is mandatory can contact the provider.

Any use of Cookies - or of other tracking tools - by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in this document.

Users are responsible for any third-party Personal Data obtained, published or shared through this Application.


Type and location of data processing

Processing methods

The provider processes the user data in a proper manner and takes appropriate security measures to prevent unauthorized access and the unauthorized forwarding, modification or destruction of data.

Data processing is carried out using computers or IT-based systems in accordance with organizational procedures and practices that are specific to the purposes indicated. In addition to the Data Controller, other parties may operate this Application and have access to the Data, either internally (Human Resources, Sales, Marketing, Legal Department, System Administrators) or externally (such as providers of technical services, delivery companies, hosting providers, IT companies or communication agencies), appointed by the Data Controller as Data Processors where necessary. An up-to-date list of these parties can be requested from the provider at any time.


Location

The data is processed at the provider's premises and at all other locations where the entities involved in the data processing are located.


Depending on the location of the users, data transfers may involve the transfer of the user's data to a country other than their own. To find out more about the place of processing of the transferred data, users can consult the section with detailed information on the processing of personal data.

Storage period

Unless otherwise specified in this document, Personal Data will be processed and stored for as long as required by the purpose for which it was collected and may be retained for longer periods if necessary to comply with a legal obligation or based on the User's consent.


Purposes of the processing

Personal data about the User is collected to enable the Provider to provide the Service and also to comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of Users or third parties), detect malicious or fraudulent activity. In addition, data is collected for the following purposes: Analytics, handling activity data , monitoring infrastructure, advertising, platform services and hosting, handling payments and registration and login.

Users can find more detailed information on these processing purposes and the personal data used for each purpose in the "Detailed information on the processing of personal data" section of this document.

Detailed information on the processing of personal data

Personal data is collected for the following purposes using the following services:

Analytics

The services listed in this section allow the Owner to monitor and analyze traffic and track Users' behavior.


Google Analytics (Universal Analytics) (Google Ireland Limited)

Google Analytics (Universal Analytics) is a web analytics service provided by Google Ireland Limited ("Google"). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.

Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

Personal Data processed: Usage Data; Tracker.

Processing location: Ireland - Privacy Policy - Opt Out. 


Meta Events Manager (Meta Platforms Ireland Limited)

Meta Events Manager is an analytics service provided by Meta Platforms Ireland Limited. By integrating the Meta Pixel, Meta Events Manager allows the Owner to gain insights into the traffic and interactions on this Application.

Personal data processed: Unique device identifier for advertising (Google advertising ID or IDFA, for example).

Place of processing: Ireland - Privacy Policy - Opt out.


Handling of activity data 

These types of services allow the provider to use activity data or biometric data for this application to perform or provide certain functions. The data collected from your device may include movement, heart rate, elevation or environmental data. Depending on what is described below, third parties may be involved in activity tracking. Most devices allow users to specify which data is retrieved or stored.

Apple HealthKit (Apple Inc.)

HealthKit is an activity data service provided by Apple Inc. that allows the owner to access or store activity data.

Personal Data processed: Activity related to sleep; Activity related to exercise; Activity related to diet; General activity data; Date of birth; Gender; Heart rate and other vital data; Body measurements & indices.

Processing location: United States - Privacy Policy.


Google Health Connect (Google Ireland Limited)

Google Health Connect is a service provided by Google Ireland Limited that allows the Owner to access and use Health Data in connection with this Application. This service may enable the Application to perform or provide certain functions related to Health Data, such as activity data, biometric data and other health-related information.

Personal Data processed: Activity related to sleep; Activity related to exercise; Activity related to diet; General activity data; Date of birth; Gender; Heart rate and other vital data; Body measurements & indices.

Who we share your health data with: In accordance with the Google Health Connect Privacy Policy, we only share Health Data with third parties for the purpose of improving or providing the functionality and performance of this Application. Health Data will not be used for any other purpose, including transfer to advertising platforms, data brokers or information vendors.

Help to manage and delete your data: In our app, we have implemented various ways for users to keep control of their health data. You can delete health data in the app by using the delete function in the diary. In addition, users can deactivate their consent to synchronization in the settings of their device to prevent the transfer of health data. If a user deletes their account in our app, their health data will also be removed to ensure complete deletion.

NIU Nature use and transfer of information received from Google APIs are not transfered to any other Apps or 3rd Party Applications and will adhere to Google API Services User Data Policy, including the Limited Use requirements

luding the Limited Use requirements.

Processing location: Ireland - Privacy Policy



Platform services and hosting

The purpose of these services is to host and operate the main components of the Application for this Application so that this Application can be offered from a unified platform. Such platforms provide the provider with a whole range of tools - for example, analysis and comment functions, user and database management, e-commerce and payment processing - which involve the processing of personal data. 

Some of these services work with geographically distributed servers, making it difficult to determine the location where the personal data is stored.

Google Play Store (Google Ireland Limited)

This Application is distributed through the Google Play Store, a mobile app distribution platform provided by Google Ireland Limited; by distributing this Application through this channel, Google collects usage and diagnostic information and shares it with the provider. Much of this information is processed on an opt-in basis and users can disable this analytics feature directly through their device settings. The user can find more information on managing the analysis settings on this page.

Processed personal data: Usage data.

Place of processing: Ireland - Privacy Policy.


App Store Connect (Apple Inc.)

This application is distributed on Apple's App Store, a mobile application distribution platform provided by Apple Inc.App Store Connect allows the provider to manage this application on Apple's App Store. Depending on the configuration, App Store Connect provides the provider with statistical data on user engagement and app discovery, marketing campaigns, sales, in-app purchases and payments to measure the performance of this application. App Store Connect only collects such data from users who have agreed to share it with the provider. Users can find more information on how to opt out via their device settings here (https://support.apple.com/de-de/HT202100).

Personal data processed: User ID.

Processing location: United States - Privacy Policy.


Registration and login

By registering or logging in, Users authorize this Application to identify them and grant them access to specific services.

Depending on what is specified below, third parties may provide registration and login services. In this case, this Application may access some Data stored by these third parties for registration or identification purposes. 


Some of the services listed below may collect personal data for targeting and profiling purposes. For more information, please refer to the description of each service.


Google OAuth (Google Ireland Limited)

Google OAuth is a registration and login service provided by Google Ireland Limited that is connected to the Google network.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: Ireland - Privacy Policy.


Handling of payments

Unless otherwise specified, this Application processes all payments by credit card, bank transfer or other means through external payment service providers. In general, and unless otherwise specified, Users are requested to provide their payment details and Personal Data directly to these payment service providers.

This Application is not involved in the collection and processing of such information, but only receives a notification from the respective payment service provider as to whether the payment has been successfully completed.


Apple Pay (Apple Inc.)

Apple Pay is a payment service provided by Apple Inc. that allows users to make payments with their cell phones.

Personal Data processed: various types of Data as described in the privacy policy of the service.

Place of processing: United States - Privacy Policy.


Advertising

This type of service allows the use of User Data for advertising purposes. Advertising messages are displayed in the form of banners and other ads through this Application and may be customized based on behavior. This does not mean that all personal data is used for this purpose. Further information and terms of use are listed below.

Some of the services listed below may use trackers to identify users or use so-called behavioral retargeting. This method can also be used to identify the interests and surfing behavior of users who do not use this application in order to target advertisements to them. For more information, please refer to the privacy policies of the respective services.

Services of this type generally offer the option of rejecting such tracking. 


In addition to any opt-out feature offered by the services listed below, users can learn more about how to opt-out of interest-based advertising in general in the relevant "How to opt-out of interest-based advertising" section of this document.


Google Ad Manager (Google Ireland Limited)

Google Ad Manager is an advertising service provided by Google Ireland Limited that enables the provider to run advertising campaigns in connection with external advertising networks. The provider has no direct relationship with the third parties, unless otherwise specified in this document.

To learn more about Google's data usage, please refer to Google's partner policy.

This service uses the "DoubleClick" Cookie to track how this Application is used and how Users respond to advertisements, products and services offered; Users can choose to disable all DoubleClick Cookies by visiting this page: Advertising Settings.

Personal Data processed: Usage Data; Tracker.

Processing location: Ireland - Privacy Policy.


Infrastructure monitoring

This type of service allows this Application to monitor the use and behavior of its individual components in order to improve performance, operation, maintenance and troubleshooting.

The Personal Data processed depends on the characteristics and type of execution of the services whose function is to filter the activities carried out through this Application.


Firebase Performance Monitoring (Google Ireland Limited)

Firebase Performance Monitoring is an application monitoring service provided by Google Ireland Limited.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: Germany - Privacy Policy.


Information on opting out of interest-based advertising

In addition to any opt-out functionality provided by the services listed in this document, users may follow the guidance provided by YourOnlineChoices (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow users to choose their tracking settings for most advertising tools. The provider therefore recommends that users make use of these tools in addition to the information provided in this document.

The Digital Advertising Alliance offers the "AppChoices" application to control interest-based advertising in mobile apps.

Users can also object to certain advertising functions via the corresponding device settings, e.g. via the device settings for advertising on mobile devices or via the general advertising settings.


Further information for users

Legal basis for processing

The provider may only process users' personal data if one of the following applies:

Users have given their consent for one or more specific purposes. Note: In some jurisdictions, the provider may be permitted to process personal data until the user objects to such processing ("opt-out"), without having to rely on consent or any other of the following legal bases. However, this does not apply if 

  • the processing of personal data is subject to European data protection law;

  • the collection of data is necessary for the performance of a contract with the user and/or for pre-contractual measures arising therefrom

  • the processing is necessary for compliance with a legal obligation to which the provider is subject

  • the processing is related to a task carried out in the public interest or in the exercise of official authority vested in the provider

  • the processing is necessary for the purposes of the legitimate interests pursued by the provider or by a third party.

In any case, the provider will be happy to provide information about the specific legal basis on which the processing is based, in particular whether the provision of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.


Further information on the retention period

Unless otherwise specified in this document, Personal Data will be processed and stored for as long as required by the purpose for which it was collected and may be retained for a longer period if necessary to comply with a legal obligation or based on the User's consent.

The following therefore applies:

Personal data collected for the purpose of fulfilling a contract concluded between the provider and the user will be stored until this contract has been completely fulfilled.

Personal data collected to protect the legitimate interests of the provider will be retained for as long as necessary to fulfill these purposes. Users can obtain more information about the legitimate interests of the Owner in the relevant sections of this document or by contacting the Owner.

In addition, the Owner may retain Personal Data for longer periods of time if the User has consented to such processing, as long as the consent is not withdrawn. Furthermore, the provider may be obliged to store personal data for a longer period of time if this is necessary to fulfill a legal obligation or by order of an authority.


After the retention period has expired, personal data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be asserted after the retention period has expired.


The rights of users

Users may exercise certain rights in relation to their data processed by the provider.

In particular, users have the right to do the following to the extent permitted by law:

Withdraw consent at any time. If the user has previously consented to the processing of personal data, they may withdraw their consent at any time.

Object to the processing of their data. The user has the right to object to the processing of their data if the processing is carried out on a legal basis other than consent.

receive information about their data. The user has the right to find out whether the data is being processed by the provider, to obtain information about individual aspects of the processing and to receive a copy of the data.

Verification and rectification. The user has the right to check the accuracy of their data and to request that it be updated or corrected.

Request restriction of the processing of their data. Users have the right to restrict the processing of their data. In this case, the provider will not process the data for any purpose other than storage.

Request erasure or other removal of personal data. Users have the right to request the provider to delete their data.

Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller without hindrance.

Lodge a complaint. Users have the right to lodge a complaint with the competent supervisory authority.


Users also have the right to obtain information about the legal basis for the transfer of data abroad or to an international organization governed by public international law or established by two or more countries, such as the UN, as well as about the security measures taken by the provider to protect their data.


Details on the right to object to processing

Where Personal Data is processed in the public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground of justification relating to their particular situation.

Users are informed that they can object to the processing of their personal data for direct marketing purposes at any time free of charge and without giving reasons. If the user objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes. Users can find out whether the provider processes personal data for direct marketing purposes in the relevant sections of this document.


How the rights can be exercised

All requests to exercise user rights can be addressed to the provider using the contact details provided in this document. Requests can be made free of charge and will be answered by the Owner as soon as possible, at the latest within one month, and Users will be provided with the information required by law. Any rectification or erasure of personal data or restriction of processing shall be notified by the Provider to all recipients to whom personal data have been disclosed, if any. Unless this proves impossible or involves a disproportionate effort. The provider shall inform the user of these recipients if the user so requests.


Further information on the collection and processing of data

Legal measures

The User's Personal Data may be processed by the Owner for the purposes of legal enforcement within or in preparation for legal proceedings arising from improper use of this Application or related services.

The User declares to be aware that the Provider may be obliged by the authorities to disclose personal data.

Further information about the User's personal data

In addition to the information contained in this privacy policy, this Application may provide the User with additional contextual information concerning particular Services or the collection and processing of Personal Data upon request. 

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) or use other Personal Data (such as the IP Address) for this purpose.

Information not included in this privacy policy

Further information about the collection or processing of personal data may be requested from the Owner at any time using the contact details provided.


Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. Users are therefore advised to visit this page regularly and in particular to check the date of the last change indicated at the bottom of the page.


If changes affect the use of data based on the user's consent, the provider will - if necessary - obtain new consent.

Definitions and legal information

Personal data (or data)

All information by which the identity of a natural person is or can be determined, either directly or in conjunction with other information.


Usage Data

Information that this Application (or third-party services used by this Application) collects automatically, such as: the IP addresses or domain names of the computers of Users who use this Application, the Uniform Resource Identifier (URI) addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (successful outcome, error, etc.), the country of origin, the features of the browser and operating system used by the User, the various time details per request (e.g. how much time was spent on each page of the Application), the path followed by the User, the date and time of the request, the date and time of the request and the time of the request. This information includes the country of origin, the functions of the browser and operating system used by the user, the various time details per request (e.g. how much time was spent on each page of the application) and details of the path followed within an application, in particular the sequence of pages visited, as well as other information about the operating system of the device and/or the user's IT environment.


User

The person using this Application who, unless otherwise specified, corresponds to the Data Subject.


Data Subject

The natural person to whom the personal data relates.


Processor (or processor)

Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, as described in this privacy policy.


Controller (or provider, sometimes also owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. Unless otherwise specified, the controller is the natural or legal person through whom this Application is offered.


This application

The hardware or software tool used to collect and process the User's Personal Data.


Service

The service provided by this Application as described in the relevant terms and conditions (if any) and on this Website/Application.


European Union (or EU)

Unless otherwise specified, all references in this document to the European Union refer to all current Member States of the European Union and the European Economic Area (EEA).


Cookie

Cookies are trackers that consist of a small data record stored in the user's browser.


Tracker

The term tracker refers to any technology - e.g. cookies, unique identifiers, web beacons, embedded scripts, e-tags or fingerprinting - that can be used to track users, e.g. by enabling access to or storage of information on the user's device.


Legal notice

This privacy policy applies exclusively to this Application, unless otherwise specified in this document.