Privacy Policy
Website
The protection of your personal data is of great importance to us. Therefore, we collect, process, and use your personal data strictly in accordance with the European General Data Protection Regulation (GDPR) and all other applicable legal regulations. In the following, we would like to inform you about what data we collect when you visit our website and how we handle it.
Please note that the relevant privacy policy for the use of the Ovy App can be found further below.
Name and contact details of the responsible party:
Ovy GmbH
Represented by Eva Leonhardt, Lina Wüller
Große Theaterstraße 39
20354 Hamburg
Germany
Data Protection Officer
If you have any questions about our data protection measures, the processing of your data, or the protection of your rights as a data subject, you can reach us and our Data Protection Officer as follows:
External Data Protection Officer
ePrivacy GmbH
Represented by Prof. Dr. Christoph Bauer
Burchardstrasse 14
20095 Hamburg
Germany
For all questions and concerns regarding your data, please contact us at privacy@ovyapp.com.
If you wish to communicate directly with our Data Protection Officer (for example, because you have a particularly sensitive concern), please contact them by postal mail, as email communication may have security vulnerabilities. When making your inquiry, please indicate that your concern relates to the company Ovy GmbH.
Personal Data
Personal data includes all information about a specific or identifiable individual. This encompasses the following categories of personal data that we process:
- Contact and content data related to the use of the contact form (email address, as well as technical information about the devices used, operating systems, etc.).
- Order and address data related to online shop orders (first and last name, address, and optionally, phone number and information about ordered items).
- Communication and metadata or log files (device IDs, IP addresses, location data, operating system, software version used, date and time of access, and transmitted data volume, etc.), particularly in connection with support requests.
- Email address (for optional newsletter subscription).
Use of Cookies
General Information about Cookies
A cookie is a text file with an identification number that is transmitted to and stored on the user's computer when using the website, along with other data that was originally requested. The file is kept there for later access and is used to authenticate the user. Since cookies are only simple files and not executable programs, they pose no threat to the computer.
Depending on the user's chosen settings in their internet browser, cookies are automatically accepted. However, this setting can be changed, and the storage of cookies can be deactivated or configured to notify the user when a cookie is set. If cookies are deactivated, some functions of the website may not be available or may be limited. You can prevent the setting of cookies through our website at any time by adjusting the settings in your internet browser and thereby permanently object to the setting of cookies.
Active cookies can be deleted at any time using an internet browser or other software programs. We may work with advertising partners who help us make our internet offering more interesting for you. In this case, cookies from partner companies may also be stored on your hard drive during your visit to our website (third-party cookies).
Session Cookies
Session cookies are used for the duration of a session and are automatically deleted when the executing browser is closed. For example, they ensure that video and audio files can be played, your user input is temporarily saved during input, and thus user-friendliness is improved.
Persistent Cookies
Persistent cookies remain on your end device after closing the browser. These cookies can, for example, store your user preferences such as language settings and analyze user behavior on our website. The storage duration of persistent cookies corresponds to the respective lifespan of each individual cookie. After that, they are automatically deleted.
Purposes of Use
We process your data for the following purposes:
- Providing the services of the website,
- Handling contracts with you,
- Corresponding with users,
- Quality assurance and statistics,
- Enhancing the offering,
- Optionally, sending our newsletter after registration
Legal Basis
We rely on the following legal bases when processing your data:
- Your consent, if you have given us such consent (Art. 6(1)(a) GDPR),
- The initiation or execution of a contract with you (Art. 6(1)(b) GDPR),
- Compliance with legal obligations (Art. 6(1)(c) GDPR),
- The pursuit of our legitimate interests (Art. 6(1)(f) GDPR).
Legitimate Interests
The processing of your data aims to serve the following legitimate interests:
- Improving our offerings,
- Protecting our systems from abuse,
- Generating statistics,
- Marketing purposes,
- Storing our correspondence with you.
Requirement or Obligation to Provide Data
Unless expressly stated otherwise, the provision of your data is not required or mandatory.
Retention Period
We will retain your data:
- If you have consented to processing, for a maximum duration until you withdraw your consent.
- If we need the data to execute a contract, for a maximum duration as long as the contractual relationship with you exists.
- If we use the data based on a legitimate interest, for a maximum duration as long as your interest in deletion or anonymization does not outweigh it.
- If there are legal retention obligations, until the end of the retention periods.
Data Recipients
In the processing of your data, we collaborate with the following service providers who have access to your data:
Instagram Fanpage
We operate an Instagram page, commonly referred to as a "Fanpage," on Instagram, a service provided by Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta").
When you visit our Instagram Fanpage, personal data is processed not only by us but also by Meta, even if you do not have a profile on Instagram or are not logged in. During the use of our Fanpage, user data (such as contact information), content data (such as entries in forms), usage data (such as visited websites, interests in content, access times), communication data (such as device information, IP addresses) are processed. This is done for the purpose of informing you and for communication, such as through contact requests and feedback forms, as well as for marketing purposes.
If you are logged in when opening our Fanpage, we can access the information contained in your public Instagram profile. Additionally, Meta provides us with statistics and insights that help us gain insights into the types of actions individuals take on our pages ("Page Insights"). We use these to enhance the user experience. However, we do not have access to the usage data that Meta uses to create the statistics; we only have access to aggregated Page Insights.
For the collection of visitor data to our Fanpage and the sharing of this data with Meta, we share responsibility with Meta (this includes the creation of the events mentioned above and their aggregation into Page Insights, which are then provided to us by Meta Ireland). While interests can be derived from this data, we cannot draw conclusions about individual users. Meta also uses the data to provide "Page Insights," which can provide insights into interactions with the pages and associated content. Therefore, we have entered into an agreement with Meta regarding joint responsibility for the processing of your data under Article 26 of the GDPR. The agreement with Meta also stipulates the security measures Meta must adhere to. Rights of data subjects, such as inquiries or other requests, are also to be fulfilled by Meta. You can view the terms of this agreement with Meta here. Further processing by Meta does not fall under our shared responsibility.
For more information on Page Insights and instructions on how to exercise your data subject rights, you can refer to the "Information on Page Insights Data." For more detailed information on how Meta Ireland processes personal data, including information about the legal basis and how to exercise your data subject rights against Meta Ireland, please refer to Meta's data policy at https://www.facebook.com/about/privacy.
Facebook Fanpage
We operate a Facebook page (referred to as "Fanpage") on Facebook, a service provided by Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Ireland").
When you visit our Facebook Fanpage, personal data is processed not only by us but also by Meta Ireland, even if you do not have a Facebook profile or are not logged in. In the course of using our Fanpage, user data (such as contact information), content data (such as input in forms), usage data (such as visited websites, interests in content, access times), communication data (such as device information, IP addresses) are processed. This is done for the purpose of providing you with information and communication, such as contact requests and feedback forms, as well as for marketing purposes.
If you are logged in when you open our Fanpage, we can view the information contained in your public Facebook profile. In addition, Meta Ireland provides us with statistics and insights that help us gain insights into the types of actions people take on our pages ("Page Insights"). We use these insights to improve the user experience. However, we do not have access to the usage data that Meta Ireland uses to create the statistics, only to aggregated Page Insights.
For the collection of visitor data to our Fanpage and the sharing of this data with Meta, we are jointly responsible with Meta (this includes the creation of the events mentioned above and their consolidation into Page Insights, which are then provided to us by Meta Ireland). This can lead to the derivation of interests and the creation of user profiles, but we cannot draw conclusions about individual users from this. Meta also uses the data to provide "Page Insights," which can provide insights into interaction with the pages and the associated content. Therefore, we have entered into an agreement with Meta on joint responsibility for the processing of your data under Article 26 of the General Data Protection Regulation (DSGVO). The agreement with Meta also specifies the security measures that Meta must follow. Rights of data subjects, such as inquiries or other requests, are also to be fulfilled by Meta. You can view the terms of this agreement with Meta here. Further processing by Meta does not fall under our joint responsibility.
For more information about Page Insights and guidance on how to exercise your data subject rights, please refer to the "Information on Page Insights Data." More detailed information on how Meta processes personal data, including information on the legal basis and options for exercising your data subject rights against Meta, can be found in Meta's data policy at https://www.facebook.com/about/privacy.
Google Analytics (without activated data sharing setting for "Google products and services," https://support.google.com/analytics/answer/9024351)
We use the Google Analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google") to collect and analyze the behavior of visitors to our website. Data is collected in the form of online identifiers, IP addresses, device information, and information about interactions with our website. You can find more information about the provider at https://policies.google.com/privacy?hl=en.
Google Ads
We use Google Ads, an online advertising program provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"), which allows us to display advertisements on the Google search engine or on third-party websites when users enter specific search terms on Google (Keyword Targeting). Additionally, targeted advertisements can be displayed based on user data available with Google (e.g., location data and interests) (Audience Targeting). We can quantitatively analyze this data by, for example, analyzing which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
Details can be found at https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Mailgun
We use the Mailgun service provided by Sinch Email for sending emails through the registration portal and for generating passwords. The following data may be collected: name, email, phone numbers, IP address, and other personal data contained in contact lists and message content. You can find more information about the provider at https://www.mailgun.com/legal/privacy-policy/.
Meta Pixel
On this website, we use the Meta Pixel service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta") for conversion tracking, allowing us to display advertisements on Facebook, Instagram, and other websites to you and other interested users and measure the effectiveness of advertising.
Through the Meta Pixel implemented on our website, your browser establishes a connection with Meta, which allows user data such as IP address or user ID to be matched. If you are registered with Facebook or Instagram, Meta can associate your visit with your account. Your behavior can be tracked, for example, if you arrive on our site by clicking on a Facebook or Instagram ad or are redirected to an advertiser by clicking on an ad displayed by us. The ads can be evaluated for effectiveness for statistical or other market research purposes, and further advertising can be improved. We cannot draw conclusions about the identity of users from this data, but Meta can adjust the display of ads on and off Facebook and Instagram accordingly. Meta may use cookies, web beacons, or other storage technologies for this purpose.
To the extent that personal data is collected on our website and forwarded to Meta using the mentioned tool, we and Meta share joint responsibility for this data processing. We have entered into an agreement with Meta regarding joint responsibility for the processing of your data under Article 26 of the GDPR, the terms of which you can view here. We are responsible for providing data protection information and ensuring the data protection-compliant implementation of the tool on our website. Meta is responsible for data security. Rights of data subjects regarding data processed by Meta can be asserted directly with Meta and will be forwarded to Meta in case of assertion with us. Further information on what personal data is processed under joint responsibility can be found at https://www.facebook.com/legal/terms/businesstools_jointprocessing. Processing by Meta following the forwarding of data is not done in joint responsibility.
Further information on how Meta processes personal data, including the options for exercising your rights as a data subject with Meta, can be found in Meta's data policy at https://www.facebook.com/about/privacy.
Adroll
We use the Adroll service provided by Next Roll Inc., 2300 Harrison St.
San Francisco, CA 94110, USA to display our advertisements on other websites. In doing so, the following data stored in our CRM about our customers, such as contact information and all other associated contact information (e.g., email address, name, address, phone number, company name, job title), may be collected. Furthermore, data about the device and browsing behavior captured by the NextRoll pixel (e.g., cookies, device information, IP address, approximate location data, browser data, display pixel data) as well as hashed email addresses may also be collected.
For more information about the provider, please visit https://www.nextroll.com/de-DE/privacy.
Hotjar
We use the Hotjar service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta. We use this service to analyze user behavior on our website. This may include recording mouse and scroll movements, clicks, and the duration of visits to the website.
In this process, the IP address, screen size, browser information, location data, language settings, visited web pages, date and time of access may be collected.
For more information about the provider, please visit https://www.hotjar.com/legal/policies/privacy/de/.
ADCELL Partner Program
This website uses tracking cookies from Firstlead GmbH under the brand ADCELL (www.adcell.de). Once a visitor clicks on an advertisement with the partner link, a cookie is set. Firstlead GmbH / ADCELL uses cookies to trace the origin of orders. Additionally, Firstlead GmbH / ADCELL uses so-called tracking pixels. These allow for the analysis of visitor traffic on the pages. The information generated by cookies and tracking pixels about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to and stored on a server of Firstlead GmbH / ADCELL. Among other things, Firstlead GmbH / ADCELL can recognize that you clicked on the partner link on this website. Firstlead GmbH / ADCELL may share this information with their contractual partners, but your IP address will not be merged with other data stored by you. You can prevent the collection of your data by Adcell by clicking on the following link. An opt-out cookie will be set to prevent the collection of your data on future visits to this website.
Microsoft Bing Ads
On our website, we use Microsoft Corporation's Conversion Tracking, located at One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads stores a cookie on your computer if you arrive at our website through a Microsoft Bing ad. Microsoft Bing and we can thereby recognize that someone has clicked on an ad, been redirected to our website, and reached a pre-determined target page (conversion page). We only receive information about the total number of users who clicked on a Bing ad and were then directed to the conversion page. No personal information about the user's identity is shared. If you do not want information about your behavior to be used by Microsoft as explained above, you can decline to set the required cookie – for example, through a browser setting that generally disables automatic cookie setting. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by expressing your objection at the following link. For more information on data protection and the cookies used by Microsoft and Bing Ads, you can visit the Microsoft website at the following link.
Bing Universal Event Tracking (UET)
On our website, technologies of Bing Ads collect and store data from which usage profiles are created using pseudonyms. This is a service provided by Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399, USA. This service allows us to track the activities of users on our website when they arrive via Bing Ads advertisements. When you arrive at our website through such an ad, a cookie is placed on your computer. A Bing UET tag is integrated on our website. This is a code through which some non-personal data about the usage of the website is stored in conjunction with the cookie. This includes, among other things, the duration of the visit to the website, which areas of the website were accessed, and through which ad users arrived at the website. Information about your identity is not collected. The collected information is transmitted to Microsoft servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data, by disabling the setting of cookies. However, this may potentially restrict the functionality of the website. Additionally, Microsoft may, under certain circumstances, track your usage behavior across multiple of your electronic devices through cross-device tracking and is thereby able to display personalized advertising on Microsoft websites and apps. You can disable this behavior at http://choice.microsoft.com/de-de/opt-out. For more information about Bing's analytics services, you can visit the Bing Ads website. For more information on data protection at Microsoft and Bing, you can refer to Microsoft's privacy policies.
Referral Candy (Referral Program)
We use the "Referral Candy" tool on our website to conduct a referral program. The provider is Anafore Pte. Ltd. The legal basis for processing personal data is Art. 6 para. 1 sentence 1 lit. F GDPR. To transmit your personal data, we have entered into formal contractual agreements with Referral Candy.
The following data is collected in this process:
- Email address
- Name (optional)
You can find more details in the privacy policy of Referral Candy at: https://www.referralcandy.com/privacy/.
It is possible that we process personal data because you were referred by a friend and, as a result, your email address was provided to us. We only process your email address to send you an email containing a discount code.
If you refer someone, your data will be transferred to the servers of https://www.amazon.de/, Amazon EU S.à r.l., a Luxembourg company, registration number B-101818, registered office 38 Avenue John F. Kennedy, L-1855 Luxembourg, in order to send you an email with a voucher. You can find Amazon's complete privacy policy at https://www.amazon.de/gc-legal.
We will delete the data collected in this context when it is no longer necessary for storage or restrict processing if there are legal retention obligations.
If you have given consent for the processing of your personal data, you can revoke it at any time. You can send your revocation to privacy@ovyapp.com.
Zendesk
We use the service of Zendesk Inc. (989 Market Street, San Francisco, California, 94103, USA) to enhance our customer service. The following data may be collected: first and last name, email address, contact information (email, phone numbers, physical address), phone records, voicemail, and customer service information. You can find more information about the provider at:
https://www.zendesk.com/company/agreements-and-terms/privacy-notice/
Klaviyo
We use the Klaviyo service provided by Klaviyo Inc., 125 Summer St Floor 6,
Boston, MA 02111, USA to send our newsletter. The following data may be collected: name, phone number, email address, address data, IP address, device identifiers, and user behavior data. You can find more information about the provider at https://www.klaviyo.com/legal/privacy/privacy-notice.
Instagram Plugin
On our website, not in the Ovy app, features of the Instagram service are integrated. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our website with your user account. We would like to point out that Ovy GmbH has no knowledge of the content of the transmitted data or its use by Instagram and that we are not responsible for the data collection and processing by Instagram. You can find more information on this in Instagram's privacy policy.
TikTok Fanpage
We operate a TikTok page (referred to as a "Fanpage") on TikTok, a service provided by TikTok Information Technologies UK Limited, 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom, and TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (collectively "TikTok").
When you visit our TikTok Fanpage, personal data is processed not only by us but also by TikTok, even if you do not have a TikTok profile or are not logged in. As part of the use of our Fanpage, user data (such as contact information), content data (such as entries in forms), usage data (such as visited websites, interests in content, access times), and communication data (such as device information, IP addresses) are processed. This is done for the purpose of providing you with information and communication, such as contact requests and feedback forms, as well as for marketing purposes.
If you are logged in when opening our Fanpage, we can access the information contained in your public TikTok profile. TikTok also provides us with statistics and insights that help us gain insights into the types of actions people take on our pages ("TikTok Insights"). We use these for improving the user experience. However, we do not have access to the usage data TikTok uses to create the statistics; we only have access to aggregated page insights.
For the collection of visitor data to our Fanpage and the forwarding of such data to TikTok, we are jointly responsible with TikTok (this includes the collection and transmission of developer data and/or event data to and from TikTok, as well as the measurement and analysis of "TikTok Insights"). This can lead to the derivation of interests and the formation of user profiles, but we cannot draw conclusions about individual users from this. TikTok also uses the data to provide "TikTok Insights," which can provide insights into the interaction with the pages and related content. Therefore, we have entered into an agreement with TikTok regarding joint responsibility for the processing of your data in accordance with Art. 26 GDPR. The agreement with TikTok also specifies the security measures TikTok must adhere to. Rights of data subjects, such as information requests or other inquiries, are also to be fulfilled by TikTok. You can view the terms of this agreement with TikTok here. Further processing by TikTok does not fall under our joint responsibility.
Information about how TikTok processes personal data, including the legal bases and the options to exercise your data subject rights with TikTok, can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/en-US and https://www.tiktok.com/legal/page/eea/terms-of-service/en-US.
Pinterest Ads
We use the advertising data features of Pinterest Ads service provided by Pinterest Europe Limited (2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland) to display personalized ads on Pinterest to you and other interested users. For this purpose, we collect your activity data on our website through the Pinterest Tag.
Joint processing refers to the collection and transmission of this activity data by us to Pinterest Europe through an authorized advertising service function, which includes the collection and transmission of activity data through the Pinterest Tag, a Pinterest API, or another advertising service function. Joint processing does not involve the subsequent processing of activity data by Pinterest.
Therefore, we have entered into an agreement with Pinterest Europe regarding joint responsibility for the processing of your data in accordance with Article 26 of the GDPR. In the agreement, we have defined the responsibilities under the GDPR between us and Pinterest Europe. This particularly concerns the exercise of the rights of data subjects and the fulfillment of information obligations in accordance with Articles 13 and 14 of the GDPR.
Pinterest Europe is responsible for asserting the rights of data subjects under Articles 15-20 of the GDPR with regard to the personal data stored by Pinterest Europe in accordance with joint processing. For the right to object, to the extent that joint processing is based on Article 6(1)(f) of the GDPR, we and Pinterest Europe are responsible for our respective processing.
Further information on how Pinterest Europe processes personal data, including the legal basis on which Pinterest Europe relies, as well as the means through which data subject rights can be exercised against Pinterest Europe, and information in accordance with Article 13(1)(a) and (b) of the GDPR from Pinterest, can be found in Pinterest Europe's Privacy Policy at https://policy.pinterest.com/en/privacy-policy#section-residents-of-the-eea
Shopify
We use the Shopify service provided by Shopify International Limited (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland) to operate our online store. In doing so, we collect the following data in particular: your name, delivery and billing address, your email address, and (optionally) your telephone number, payment information, and information about purchased products and services.
You can find further information about the provider at https://www.shopify.com/en/legal/privacy.
Adverfly
For the optimization of our online marketing campaigns and for the targeted presentation of our advertisements on other channels, we use Adverfly, a service provided by Adverfly (located at In der Lochwiese 16, 51643 Gummersbach). According to Adverfly's information, third-party cookies are blocked and the data is processed anonymously as part of the specific real-time tracking.
YouTube Channel
For the processing of personal data when visiting our YouTube channel, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is generally the sole responsible party. For further information regarding the processing of personal data by YouTube or Google Ireland Limited, please refer to https://policies.google.com/privacy.
Transfer to Third Countries
Data is transferred to countries outside the European Economic Area. We only transmit personal data to third countries where the EU Commission has confirmed an adequate level of protection or when we can ensure the careful handling of personal data through contractual agreements or other suitable guarantees, such as certifications or demonstrated compliance with international security standards.
USA: Standard Contractual Clauses / Adequacy Decision
Your Rights
As an affected party, you have the following rights:
- To request information about the processing of your data, as well as to receive a copy of your personal data.
- You can request information about, among other things, the purposes of processing, the categories of personal data being processed, the recipients of the data (if disclosure occurs), the duration of storage, or the criteria for determining the duration.
- To receive your relevant personal data in a structured, commonly used, and machine-readable format or to transmit it to another controller.
- To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of processing.
- To have your data deleted or blocked.
- To restrict processing.
- To object to the processing of your data.
- To withdraw your consent to the processing of your data for the future.
- To report to the competent supervisory authority regarding any unauthorized data processing
App
The protection of your personal data is of great importance to us. Therefore, we collect, process, and use your personal data strictly in accordance with the European General Data Protection Regulation (GDPR) and all other applicable legal regulations. In the following, we would like to inform you about what data we collect when you visit our website and how we handle it.
This privacy policy applies to the use of the Ovy App by Ovy GmbH.
Name and contact details of the responsible party:
Ovy GmbH
Represented by Eva Leonhardt, Lina Wüller
Große Theaterstraße 39
20354 Hamburg
Germany
If you have any questions about our data protection measures, the processing of your data, or the protection of your rights as a data subject, you can reach us and our Data Protection Officer as follows:
External Data Protection Officer
ePrivacy GmbH
Represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg
Germany
For all questions and concerns regarding your data, please contact us at privacy@ovyapp.com.
If you wish to communicate directly with our Data Protection Officer (for example, because you have a particularly sensitive concern), please contact them by postal mail, as email communication may have security vulnerabilities. When making your inquiry, please indicate that your concern relates to the company Ovy GmbH.
Personal Data
Personal data includes all information about a specific or identifiable individual. This includes the following categories of personal data that we process:
• Registration and login data (including email address, password, and confirmation of the user's legal age, optional date of birth).
• Contact information (email).
• Usage and health data (especially whether you are managing cycle tracking* or have a desire for children, basal temperature and influencing factors, cervical mucus or cervical quality, cycle length, period, sexual intercourse (protected and unprotected), libido, current contraception, and potentially other relevant bodily signals such as complaints, ovulation/pregnancy test results, medication intake, skin condition, hair condition, hygiene products, illness, sleep duration and quality, mood, activity (exercise, etc.), notes).
• Optionally, date of birth, weight, and gender of the child or reporting the end of pregnancy.
• Content data (text inputs, photographs).
• Communication and metadata (device IDs, IP addresses, location data, device number of your smartphone, operating system, software version used, date and time of usage behavior, and error logs), especially in connection with support requests.
• Partner App.
Social Login
In the above enumeration of data processed by our app, we listed registration and login data. For both registration and login to your customer account, you can also use your existing profile from Apple or Google. For this purpose, there are corresponding fields on the app's login screen.
By clicking on the respective field, a window will open where you must log in with your Apple or Google login credentials. Apple or Google will inform you about which data is transmitted to us for authentication. We have no control over the (further) purpose or the specific scope of data collection by Apple or Google. Please refer to the respective provider's information for further privacy details.
Use of Cookies
General Information about Cookies
A cookie is a text file with an identification number that is transmitted to the user's device when using the app, along with the other data requested, and is stored there. The file is kept there for later access and is used for user authentication. Since cookies are only simple files and not executable programs, they pose no threat to your device.
Depending on the device's settings chosen by you, it automatically accepts cookies. However, this setting can be changed, and the storage of cookies can be disabled or set to notify you when a cookie is set. If you disable the use of cookies, some functions of the app may not be available or may only be available in a limited capacity. You can prevent our app from setting cookies at any time by adjusting the corresponding settings and thus permanently object to the setting of cookies. Already active cookies can be deleted at any time through the settings.
Session Cookies
Session cookies are used for the duration of a session and are automatically deleted when the executing browser is closed. They ensure, for example, that video and audio files can be played, user inputs are temporarily stored during input time, and thus, user-friendliness is improved.
Persistent Cookies
Persistent cookies remain on your device after the browser is closed. These cookies can, for example, store your user preferences, such as language settings, and analyze user behavior on our website. The storage duration of persistent cookies corresponds to the respective lifespan of each individual cookie. After that, they are automatically deleted.
Purposes of Use
We process your data for the following purposes:
• Providing the services of the Ovy App (including individual cycle calculation, for example, by entering body temperature or optionally capturing body signals such as cervical mucus).
• Corresponding with users.
• Quality assurance and statistics.
• Improving the offering.
• Optional: Sending our newsletter after registration.
• Optional: Using our partner app function.
• Optional: Connecting with the Apple Health function.
Legal Basis
We rely on the following legal bases for processing your data:
• Your consent, if you have provided such consent (Art. 6(1)(a) GDPR).
• The initiation or performance of a contract with you (Art. 6(1)(b) GDPR).
• Compliance with legal obligations (Art. 6(1)(c) GDPR).
• The pursuit of our legitimate interests (Art. 6(1)(f) GDPR).
Legitimate Interests
The processing of your data aims to safeguard the following legitimate interests:
• Improving our offering.
• Protecting our systems from abuse.
• Creating statistics.
• Marketing purposes.
• Analyzing user behavior to conduct personalized advertising campaigns.
• Retaining our correspondence with you.
Necessity or Obligation to Provide Data
Unless expressly stated otherwise, the provision of your data is neither necessary nor obligatory.
Data Retention Period
We store your data:
• If you have consented to the processing, for a maximum duration until you withdraw your consent.
• If we use the data based on a legitimate interest, for a maximum duration as long as your interest in deletion or anonymization does not outweigh it.
• If legal retention obligations exist, until the end of the retention periods.
Data Recipients
In the processing of your data, we collaborate with the following service providers who have access to your data:
Apple Health (iOS)
The Ovy App will not exchange any personal data with the Apple Health Kit without your prior consent. Authorization will be granted by you in the respective settings of the Health App or in the Ovy App during the initial configuration of the user profile or through app settings and can be revoked by you at any time.
If you grant your consent, the Ovy App can interact with the Health App on your iOS device and read and/or write information between the Ovy App and Apple Health. This may involve the transmission of your personal data to Apple servers outside of the European Union.
You can choose whether and to what extent your personal data is exchanged between the Ovy App and the Apple Health Kit by granting or revoking appropriate permissions in the Health App settings. Further information can be found in Apple Health's privacy policy: Apple Health Privacy Policy
Google Analytics
We use the Google Analytics service provided by Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter "Google") to collect and analyze the number of users, their navigation paths, and actions. This involves collecting data in the form of online identifiers, IP addresses, device information, and interaction information with the app. For more information about the provider, please visit Google's privacy policy.
Google Analytics for Firebase and Firebase Crashlytics
In the Ovy App, we use Google Analytics Firebase and Firebase Crashlytics, which are features of Google Firebase (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google"). Firebase is part of the Google Cloud Platform and offers various services to developers. You can find a list of these services here.
Some Firebase services process personal data. In most cases, this personal data is limited to "Instance IDs" with timestamps. These "Instance IDs" assigned by Firebase are unique and allow linking different events or processes. These data do not represent personally identifiable information for us, nor do we make efforts to personalize them afterward. We process these aggregated data for the analysis and optimization of user behavior, such as by evaluating crash reports.
Firebase Cloud Messaging is used to transmit push notifications or in-app messages (messages displayed only within the Ovy App). Pseudonymized push references are assigned to the end device for this purpose, serving as targets for push notifications or in-app messages. You can deactivate or reactivate push notifications in the device settings at any time.
We do not use Firebase services that involve personally identifiable information such as IP addresses, email addresses, phone numbers, or passwords. For more information on Firebase's privacy and security, please visit here.
To continuously improve our Ovy App offering, we conduct tests on individual pages, such as to learn more about optimal design or the maximum clarity of our pages. For such testing purposes, we also collect statistical data using the Firebase A/B Testing web analytics system provided by Google (https://firebase.google.com/docs/ab-testing/). Firebase does not collect personal data. Information about your use of this website is anonymized and transmitted to a Firebase server where it is stored.
You can deactivate the use of Google Analytics, Google Analytics for Firebase, and Firebase Crashlytics in the app under the settings at the end of the privacy policy. For more information on Google Firebase and privacy, please visit here.
Mailgun
We use the Mailgun service provided by Sinch Email for sending emails via the registration portal and creating passwords. The following data may be collected: name, email, phone numbers, IP address, and other personal data contained in contact lists and message content. For more information about the provider, please visit Mailgun's privacy policy.
Facebook Software Development Kit (SDK)
With the Facebook Software Development Kit (Facebook SDK), we can track the effectiveness of marketing measures. The Facebook SDK is provided by Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA ("Facebook"). The Facebook SDK records the download behavior of users who have become aware of the Ovy App through Facebook. The Facebook SDK enables us to increase the advertising success of mobile app advertising campaigns on Facebook, for example, by not displaying ads for the app on devices where it is already installed.
The Facebook SDK also allows various evaluations of app installations and the success of our advertising campaigns. Users who become aware of our Ovy App through Facebook can be assured that only pseudonymized data is passed to Facebook, and no personal data is collected or shared. The Facebook SDK does not display personalized ads to you through Facebook.
Google Cloud
We use the cloud service and cloud infrastructure of Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland, for flexible provision of IT services and secure storage or exchange of digital content and information. In particular, the following data or data categories are processed: master and contact data, data on transactions and contracts, as well as communication and usage data. For more information about the provider, please visit Google Cloud's privacy notice.
Adroll
We use the Adroll service provided by Next Roll Inc., 2300 Harrison St.
San Francisco, CA 94110, USA, to display our advertisements on other websites. The following data stored in our CRM about our customers, such as contact information and all related contact information (e.g., email address, name, address, phone number, company name, job title), may be collected.
Furthermore, data about the device and browsing behavior captured by the NextRoll pixel (e.g., cookies, device information, IP address, approximate location data, browser data, display pixel data) and hash email addresses may be collected. For more information about the provider, please visit Next Roll's privacy policy.
Zendesk
We use the service of Zendesk Inc. (989 Market Street, San Francisco, California, 94103, USA) to improve our customer service. The following data may be collected: first and last name, email address, communication (phone recordings, voicemail), and customer service information. For more information about the provider, please visit Zendesk's privacy notice.
AppsFlyer
We use the AppsFlyer service provided by AppsFlyer Ltd. (14 Maskit St., POB 12371 Herzliya, Israel) to create aggregated user profiles based on interactions with our advertising materials and within the apps (e.g., purchases) if you access our offering through one of our advertisements or download the app and provide your consent for both personalized ad tracking and the respective partner. The following data is collected: your Advertising ID (IDFA on Apple devices or GAID on Android devices) and your IP address. We utilize the following partners in this process:
- Apple Search Ads (https://searchads.apple.com/de/privacy/)
- Facebook Ads (https://www.facebook.com/about/ads)
- Instagram Ads (https://help.instagram.com/155833707900388)
- TikTok Ads (https://ads.tiktok.com/i18n/official/policy/privacy)
- Google Ads and Marketing Platform (https://www.google.de/intl/de/policies/privacy/)
You can object to data processing by disabling AppsFlyer (including Integrated Partners) in the app settings. For more information about the provider, please visit https://www.appsflyer.com/de/trust/privacy/.
Bluetooth
The Ovy App is used in conjunction with the Ovy Bluetooth Thermometer and relies on the services of the "Bluetooth SIG," Bluetooth Special Interest Group, Inc. (5209 Lake Washington Blvd NE Suite 350, Kirkland, WA 98033 USA). You can find more information at: www.bluetooth.com.
The use of this transmission between hardware and smartphone requires your consent. Data transmission using Bluetooth Low Energy (BLE) only works when Bluetooth is enabled on your iOS device. You will be asked whether you want to allow this service when you start the Ovy App or when you first pair a Bluetooth hardware.
On Android, Bluetooth Low Energy transmission is additionally associated with location services. Therefore, Bluetooth Low Energy data transmission only functions when the location services, also known as "Location Services," are enabled on your Android device. This applies to all Android versions 6.0 or higher. We only use this permission to conduct BLE scans and enable synchronization. Ovy GmbH does not record your location.
On Android, you can enable or disable the use of Bluetooth under "Settings" > "Connections" > "Bluetooth" using the slider.
On iOS, you can see which apps have access to Bluetooth and allow or revoke future access under "Settings" > "Privacy." You can also check whether Bluetooth is enabled for the Ovy App under "Settings" > "Ovy."
Klaviyo
We use the Klaviyo service provided by Klaviyo Inc., 125 Summer St Floor 6, Boston, MA 02111, USA to send our newsletter. The following data may be collected: name, phone number, email address, address data, IP address, device identifiers, and user behavior data. For more information about the provider, please visit Klaviyo's privacy notice.
Jira by Atlassian
We use the ticket management tool Jira provided by Atlassian Pty Ltd (Level 6, 341 George Street, Sydney NSW 2000, Australia) for organization and control of support requests and resources. In this process, registration and profile data are collected, as well as data related to the respective request. For more information about the provider, please visit Atlassian's privacy policy.
Software Bill of Materials (SBOM)
Please refer to the imprint of the Ovy website to find information regarding the Software Bill of Materials (SBOM), which includes information on frameworks and libraries utilized by the Ovy App.
Sharing Cycle Information with Third Parties via the Ovy Partner App
You can share specific Ovy App information with external individuals. You invite partners to do so via a link. When the external person clicks on this link and downloads the Ovy Partner App, they will be able to see the day of your ovulation, the fertile phase, and the next period of your current cycle. You can revoke this consent at any time by removing the sharing or contacts.
Data Transfer to Third Countries
Data transfer to countries outside the European Economic Area (EEA) takes place. We only transmit personal data to third countries where the EU Commission has confirmed an adequate level of protection or when we can ensure the careful handling of personal data through contractual agreements or other suitable guarantees, such as certifications or demonstrated compliance with international security standards.
USA (Standard Contractual Clauses)
Your Rights
As a data subject, you have the following rights:
• To request information about the processing of your data and to receive a copy of your personal data. You can request information about the purposes of processing, the categories of personal data being processed, recipients of the data (if it is being shared), the duration of storage, or the criteria for determining the duration.
• To receive your personal data concerning you in a structured, commonly used, and machine-readable format or to transmit it to another controller.
• To have your data corrected. If your personal data is incomplete, you have the right to have it completed, taking into account the purposes of processing.
• To have your data deleted or blocked.
• To restrict the processing of your data.
• To object to the processing of your data.
• To withdraw your consent for the processing of your data for the future.
- If you have given consent for the processing of your personal data, you can revoke it at any time by sending an email to privacy@ovyapp.com.
• To lodge a complaint with the competent supervisory authority regarding unlawful data processing.
Privacy Policy Status
We update the information when our processes change.
*The Ovy App is not a contraceptive and is therefore not certified as a medical device for contraception.
Status of this Privacy Policy: December 31, 2023