Scope of application
1. Persons in charge
Große Theaterstrasse 39
Local Court (Amtsgericht) of Hamburg, HRB 140562
Management board: Lina Wüller, Eva Wüller
VAT ID DE305785062
The data protection officer can be reached via the Ovy GmbH. In the following you find the contact details:
Große Theaterstrasse 39
Local Court (Amtsgericht) of Hamburg, HRB 140562
Management board: Lina Wüller, Eva Wüller
VAT ID DE3057850622.
Processing of your personal dataThe subject matter of data protection is "personal data". This is any information relating to an identified or identifiable natural person (the data subject). This includes information such as name, postal address, email address or telephone number.The processing of personal health data is essential so that we can calculate your individual cycle. In the Ovy App, please give your explicit consent that we may process this special type of personal data in accordance with GDPR Art. 9. In the following we would like to inform you about the specific purposes for which we process your health data. If you use the Ovy App free of charge or subscribe to Ovy Premium for a charge and give us your consent, we collect, store and process the following (special) personal data, provided you enter these in the Ovy App.
1. Profile data in the registration process, including email address, encrypted password, intended use of the Ovy App ("Getting to know your body", "Natural Family Planning (NFP)", "Trying to conceive"), whether and when you have used hormonal contraception, duration and date of your last period and your average cycle length. We need this cycle data to calculate your current cycle. The information on hormonal contraception is important, as different rules apply for the first cycle after coming off the pill. You can skip some of these questions when setting up the Ovy App so they are not recorded. You can find the details on the registration screen. We ask whether you have an Ovy Bluetooth basal thermometer or Beurer Bluetooth basal thermometer to give you the opportunity to pair it directly. Note: You do not need to verify your email address in order to use the Ovy App.
2. Settings data with which the Ovy App saves adjustments you make. These include all data and notifications entered in the registration process, for example so that the Ovy App reminds you to take the daily measurement, document your period, etc. You can also enter your date of birth so that we can carry out an internal analysis of which age group the Ovy App is relevant for. You can access, check and change the data you provided to Ovy GmbH at any time via your profile.
3. Information that you add every day via the (+) in the Ovy App. This includes:The basal body temperature: To calculate the cycle or ovulation phase. Missing data may mean it is not possible to carry out an analysis in "Natural Family Planning" mode (NFP). On these days, it must be assumed that you are "fertile".The cervical mucus: To calculate the cycle or ovulation phase according to the symptothermal method. The Ovy App needs another symptom in addition to the basal body temperature, such as cervical mucus, to carry out the NFP analysis.
The cervix position & opening: To calculate the cycle or ovulation phase according to the symptothermal method. The Ovy App needs another symptom in addition to the basal body temperature, such as cervix, to carry out the NFP analysis.
Interference factors: The factoring out of the temperature values due to an interference factor such as alcohol, lack of sleep, etc. ensures that the temperature is not influenced by external factors, but instead is factored out.
The period: You can start a new cycle in the App by entering the period.
Results of ovulation test: In "Trying to conceive" mode, the results of positive ovulation tests influence the ovulation calculation.
Results of pregnancy test: As soon as you enter a positive pregnancy test in the App, the Ovy App "Pregnancy" mode starts, which calculates the due date and displays the current week of pregnancy.
The following body signals can be recorded but are not included in the algorithm: Sex, hygiene agent, pain, libido, illness, medication, notes, sleep, mood and activity. The purpose of documenting these anonymous data is for potential future research projects in the field of gynaecology, whereby Ovy GmbH guarantees that such research data cannot be linked to you. All information is encrypted and made anonymous. Ovy GmbH may publish the results of internal research in the form of data visualisations or articles in its own name. We would like to point out to you in this respect that such use is not on the basis of your consent, but rather it is outside the scope of the GDPR, which does not apply to anonymous data.After setting up a profile in the Ovy App, your data will be saved on the Ovy GmbH servers in order to provide you with a backup function and to provide additional features within the scope of services. The data are transmitted and stored in encrypted form.
3. Links to other website
Our website contains links to other websites of third parties. Ovy GmbH is not responsible for the privacy policies or the content of these third-party websites and cannot make any statements about the level of data protection prevailing on these third-party websites. Responsible is solely the respective site operator.
4. Purposes of processing your personal information
Below we would like to inform you about the specific purposes for which we process your personal data. These purposes vary, depending on whether we collect data through the Ovy App or through the Website.
5. Purposes of processing data that we collect through the Ovy App
We need your personal information specified in section 2 in order to offer you all the functions of the Ovy App. For example, you should enter your health data in the Ovy App on a daily basis to get a reliable cycle prediction.In addition, by admitting to the registration process, you agree that Ovy may store and process this information in order to generally improve Ovys’ services.Furthermore, by giving your consent, you agree that we may send you information about Ovy's offers (advertisement consent) and reminders via the Ovy App or to the email address you have provided.Through your profile, you can access, review and change your data provided to Ovy at any time. You can enter new data yourself. Further rights can be found under in section 8 (Affected rights).The transfer of your information happens via an encrypted connection.
6. Purposes of processing data that we collect through the Ovy Website
The IP addresses and other data collected when visiting our website in accordance with section 3.2 are processed by us for the following purposes:Ensuring a smooth connection to our websiteEnsuring comfortable use of our websiteEvaluation of system security and stability as wellFor further administrative purposesYou can create a customer account by registering on our website. With your customer account accessible through your email address and password of your choice, you have at all times access to your previous orders and you can control your personal data to process orders. You can also check out as a guest without setting up a customer account.Upon request we delete your customer account. Until then, we will save the corresponding data without time limitation, so you have access to it at any time. We block data for specific orders when deleting the customer account after the completion of the order (expiry of the warranty period) and delete it after expiration of the statutory retention periods. The data which is entered as part of an order as a guest, we also lock after the completion of the order (expiry of the warranty period) and delete them after expiration of the statutory retention periods.You can buy the Ovy Thermometer or other fertility products through our website. To purchase the Ovy Thermometer, fill in an order form stating the following information: first name, last name, address, telephone number and e-mail address (personal data). We use the data to fulfil the contract, in particular to deliver the thermometer and to contact you if we have any questions.Furthermore, personal data such as first name, name, e-mail address via our website can be specified voluntarily to pre-order the Ovy Bluetooth basal thermometer.
7. Disclosure of your personal data
8. Legal Basis
9. Rights of the data subject
You have the following rights:- in accordance with Article 15 GDPR to request information about your personal data processed by us. In particular, you have the right to obtain information on why we process data, the category of personal data we collect, the categories of recipients to whom your data has been disclosed, the planned retention period. You have the right to rectification, deletion, limitation of processing or opposition, the right to lodge a complaint, to find out the source of your data, if it was not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details.- in accordance with Article 16 GDPR to immediately demand the correction of incorrect or incomplete personal data stored with us- in accordance with Article 17 GDPR to erasure of your personal data held by us, except if the processing is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims- in accordance with Article 18 GDPR to demand the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their deletion and we no longer need the data, but you assert this, Exercise or defense of legal claims or you have objected to the processing in accordance with Article 21 GDPR- in accordance with Article 20 GDPR to receive your personal data provided to us in a structured, standard and machine-readable format or to request the transfer to another person responsible- in accordance with Article 7 paragraph 3 GDPR to revoke your once given consent to us at any time (see above). As a result, we are not allowed to continue the data processing based on this consent for the future- in accordance with Article 77 GDPR to complain to the supervisory authority of your habitual residence or place of work if you feel it infringes these regulations.
10. Right of objection
If your personal data is processed accordance with Article 6 paragraph 1 sentence 1 lit. f GDPR is processed on our legitimate interests, you have the right to file an objection against the processing of your personal data in accordance with Article 21 GDPR. Still, this applies only if there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which is implemented by us without requiring specification of any particular situation.If you would like to exercise your right of revocation or objection, please send an e-mail to email@example.com.
11. Further guidance
Please be aware of the in accordance with Article 13 paragraph 2 lit. e GDPR to the following:The provision of your personal data to us is not required by law. However, the specification of mandatory fields in the registration process is a prerequisite for a contract with us. You are not required to provide us with additional personal information. Not providing us with this information will not result in any negative consequence for you.We assign you in accordance with Article 13 paragraph 2 lit. f GDPR: We do not process your personal information for the purpose of automated decision-making.
12. Data security
We use the widespread SSL (Secure Socket Layer) method for every website visit, in conjunction with the highest level of encryption supported by your browser. In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption we'll use 128-bit v3 technology instead. Whether an individual website of our website is encrypted is shown by the closed representation of the key or lock icon in the lower status bar of your browser.We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. We are continuously improving our security measures in line with technological progress.
13. Storage and deletion of the data
On quarterly basis, we check whether the data transmitted to us is still needed for the information exchange with you. Data that is no longer needed will be deleted by us immediately, provided that no statutory storage periods are in place.We reserve the right to have medical data such as cycle lengths and body signals stored in anonymous form on the servers of Ovy GmbH (for details see section 5.1 above). However, this data cannot be assigned in any form to a person and is used solely for research purposes. If you want to delete your data yourself, you can do this in the Ovy App in your profile independently. You can also withdraw your consent at any time by requesting that Ovy deletes your account for you. To do so please write an email to firstname.lastname@example.org and put "Deletion of personal data" in the subject heading.Please be aware that once you decide to delete your data, we will not be able to restore that data.
14. Data protection
If you have an account in the Ovy App, your personal information about yourself and your cycle, as well as the information added on a daily basis, will be stored separately. Thereby we guarantee a very high security of your data. Your password is stored encrypted.When transferring your data between your device and Ovy's servers, the HTTPS protocol is used for encryption. HTTPS is the same technology used to make secure connections to your web browser and is indicated by a padlock icon in the browser.While we cannot guarantee that there will never be misuse, loss or alteration, we make every reasonable effort to protect your personal information in our power from misuse, loss and alteration.We take reasonable action to ensure the security of your personal information in a technically feasible and reasonable manner. Your data will be carefully protected against loss, destruction, falsification, manipulation and unauthorized access or disclosure.
15. Age restriction for the use of the services of Ovy (Article 8 GDPR)
Ovy does not collect and use personal information from children under the age of 18. When registering for an Ovy Account, you must confirm that you are at least 18 years old. If Ovy becomes aware that this information is incorrect, we reserve the right to delete this information immediately. The use of the Ovy App is therefore only permitted at the age of 18 or older.
16. Data transfer outside of the EU and third-party applications (Chapter 5 GDPR)
All personal information that you collect may only be transferred to countries outside the European Union / European Economic Area (EEA) if in compliance with applicable privacy policies, and to ensure that your privacy is protected.As a startup, we depend on working with cooperation partners or investors. It is also possible to merge with a company later on (for example as part of an acquisition). In the context of such cooperation and transactions, it may be necessary to disclose the data provided by the users to investors, cooperation partners, acquirers or other third parties. By using our app, you hereby agree. Even in such cases, we will handle all data in a highly sensitive manner and resort to statistical, aggregated, pseudonymous or anonymized data.
Apple HealthKit (iOS)
Ovy will not share personal information with Apple HealthKit without your prior consent. The approval will be granted by you in the corresponding settings of the HealthKit or in the Ovy app during the initial configuration of the user profile or via the Ovy app settings. The consent can be withdrawn at any time. Once you have given your consent, Ovy will be able to interact with the Health app on your iOS device and read and/or write information between the Ovy App and Apple HealthKit. This may include the transfer of your personal information to Apple servers outside the European Union. You can choose whether and to what extent your personal information is shared between Ovy and Apple HealthKit by granting or revoking appropriate permissions in Apple’s Health App settings. For more information, see the Apple Health privacy information.
Google Fit (Android)
Ovy will not share personal information with Google Fit without your prior consent. This approval will be granted by you in the appropriate settings of Google Fit or in the Ovy app during the initial configuration of the user profile or via the Ovy app settings and can be revoked by you at any time. Once you've given your consent, Ovy can interact with Google Fit on your Android device and read and / or write information between the Ovy App and Google Fit. This may include the transfer of your personal information to Google servers outside the European Union. You can choose to share your personal information between Ovy and Google Fit by granting or revoking permissions in the Google Fit settings. For more information, see the Google Fit privacy information.
Google Analytics for Firebase und Firebase Crashlytics
The sending of emails via the registration portal and for the production of passwords is carried out using "Mailgun". For this purpose, we use the features of the email delivery platform of the US provider Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105. The provider is designated as Privacy Shield-certified (https://www.privacyshield.gov/participant?id=a2zt0..., which guarantees compliance with the EU GDPR and all other data protection laws or regulations of a data protection nature applicable in EU Member States. Further information on data processing by the provider can be found at https://www.mailgun.com/privacy-policy.
Cycle sharing with third parties
You can share your Ovy Account data with external persons. Contacts with which you share your cycle will see your past, present and future periods, ovulations, fertile phases and possibly other body signals. You can revoke your consent at any time by removing the approval or contacts. This removal takes place immediately.
17. Bluetooth transfer
The Ovy App can be used in combination with the Ovy Bluetooth basal thermometer and accesses the services of "Bluetooth SIG", Bluetooth Special Interest Group, Inc. (5209 Lake Washington Blvd NE Suite 350, Kirkland, WA 98033 USA). You can find more information at: www.bluetooth.com.Use of this transfer between hardware and smartphone requires your consent. Bluetooth Low Energy (BLE) data transfer only works if Bluetooth is enabled on your iOS device. When starting the Ovy App or first pairing a Bluetooth device, you will be asked if you want to allow this service.In Android, Bluetooth Low Energy transfer is also connected to the location services. Data transfer with Bluetooth Low Energy (BLE) therefore only works if the location services are enabled on your Android device. This applies to all Android versions 6.0 or higher. We only use this permission to perform BLE scans and enable synchronisation. Ovy GmbH does not record your location. In Android, you can enable or disable usage under "Settings" > "Location". In Android, you can use the slider to enable or disable Bluetooth under "Settings" > "Connections" > "Bluetooth".In iOS, you can see which apps are allowed to access Bluetooth and allow or withdraw any future access under "Settings" > "Privacy". In iOS, under "Settings" > "Ovy", you can see whether Bluetooth is enabled for the app.
19. Social Media Plugins
On our website (not in the Ovy App), we use buttons ("plugins") of different social networks through which you can make use of the interactive possibilities of the social networks you’re using on our website. These plugins provide different functionalities. These are determined by the providers of social networks.By activating the social media buttons, you agree to the transfer of your data (not your app data) to the respective network. The social media providers based in the USA may have a different level of data protection than in the EU member states, i.a. due to legal access rights of state authorities.Please note that Ovy is not a provider of social networks and has no control over the data processing by the respective service providers. More information about the individual plugins can be found on the websites of the respective operators.
Facebook Software Development Kit (SDK)
Facebook's Software Development Kit (Facebook SDK) helps us track how effective marketing efforts are. The Facebook SDK is provided by Facebook Inc, 1601 S California Ave, Palo Alto, CA 94304, USA ("Facebook"). The Facebook SDK registers the download behavior of users who became aware of the Ovy App via Facebook. The Facebook SDK makes it possible to increase the advertising success of mobile app advertising campaigns placed via Facebook – this could be something like not displaying ads for the corresponding app on devices on which it is already installed. The Facebook SDK also enables various evaluations of the installation of our app and the success of one of our advertising campaigns. Users who become aware of our Ovy App via Facebook can be sure that data is only transferred to Facebook pseudonymously and that no personal data is collected or shared. Through the Facebook SDK, no personalized advertising content is displayed via Facebook. The legal basis is Art. 6 (1f) GDPR (legitimate interest of us in analyzing user behavior in order to carry out individualized advertising campaigns) or Art. 6 (1a) GDPR (consent given by you).
For our advertising, we use the services of the company AdRoll, 972 Mission St., 3rd Floor, San Francisco, CA 94103, USA. AdRoll helps us to show you our ads on other websites. AdRoll specifically targets users who have previously shown interest in our offer. To do this, AdRoll stores a cookie on your computer to better understand your interests. No personal data is stored. You can object to the anonymous analysis of your surfing behavior and the display of interest-based advertising by clicking on the opt-out button. For more information about AdRoll data collection, processing, and usage, visit.
ADCELL affiliate program
Microsoft Bing Ads
We use conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA on our pages. Microsoft Bing Ads saves a cookie to your computer if you have accessed our website via a Microsoft Bing ad. This enables Microsoft Bing and us to see that someone has clicked an ad, been redirected to our website, and reached a previously determined target page (conversion page). We only learn the total number of users who have clicked a Bing ad and have then been redirected to the Conversion page. No personal information about the user’s identity is shared. If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the saving of a cookie required for this; one way to do this is to set your browser to generally deactivate the automatic saving of cookies. You can also prevent Microsoft from collecting the data generated by the cookie and relating to your use of the website, as well as the processing of this data, by declaring your objection at the following link. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website.
Bing Universal Event Tracking (UET)
On our website, Bing Ads technologies record and store data from which usage profiles are created using pseudonyms. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track users’ activities on our website when they have reached our website via ads from Bing Ads. If you access our website via an ad of this type, a cookie is saved to your computer. A Bing UET tag is integrated into our website. This is a code that, in combination with the cookie, stores some non-personal data about website use. Among other information, this includes the length of time spent on the website, which areas of the website have been accessed, and via which ad the users reached the website. Information about your identity is not collected. The collected information is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent Microsoft from collecting the data generated by the cookie and relating to your use of the website, as well as the processing of this data, by deactivating the saving of cookies. This may restrict the functionality of the website. In addition, Microsoft may be able to track your usage behaviour across several of your electronic devices through cross-device tracking, making it possible to display personalized advertising on or in Microsoft websites and apps. You can deactivate this at the following link. More information on Bing’s analytics services can be found on the Bing Ads website. Further information on data protection at Microsoft and Bing can be found in Microsoft’s data privacy statement.
Referral Candy (referral programme)
20. Automatically collected information
For reasons of system security and to detect and track inadmissible access attempts and access to our app or our web server, certain information is automatically collected and stored in a log file. This happens as soon as you download our app, visit the website, or retrieve content.This automatically collected information in the app includes: your smartphone's device number, operating system, software version used, the date and time of usage and the error logs. This automatically collected information on the Ovy website includes: browser type / version, operating system used, referrer URL, IP address or host name of the accessing computer, date and time of the request, visited subpages, device type (mobile / web) and location. The storage of this data is done to ensure the stability and reliability of the app and to detect cases of abuse. This data is also deleted or overwritten on a quarterly basis, providing that there has been no suspicion of unlawful access to our app. The analysis of the automatically collected data only takes place in the case of such suspicion and only by authorized persons for purposes of data protection control, data storage or to ensure the proper operation of a data processing system. If you contact our service by sending an e-mail to the support team, e.g. to communicate with Ovy at email@example.com or otherwise, we will record the communication history as well as the information you send in this context (e.g., e-mail address). This ensures that we can process requests and provide appropriate support.
21. Newsletter, Advertisement
22. Contact form
You can contact us by email or via the contact form if you have any questions. This requires a valid email address. This is used to assign and then answer the enquiry. The provision of further data is optional. The information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions.
23. Links to other websites
Our app contains links to other websites of third parties. Ovy GmbH is not responsible for the privacy policies or the content of these third-party websites and cannot make any statements about the level of data protection prevailing on these third-party websites. Responsible is solely the respective site operator.
To exercise your rights, please contact:
Große Theaterstrasse 39