Privacy Policy (GAINSBYBRAINS App)

PRIVACY POLICY - GAINSBYBRAINS APP

(version: 21 February 2024)

This is the privacy statement of the GAINSBYBRAINS B.V. (GAINSBYBRAINS). In this privacy statement we explain, why we collect and use your personal data when you use our app. We also explain what your rights are and how to contact us.

 

Who we are

GAINSBYBRAINS is a limited liability company based in Amsterdam, the Netherlands

If you have any questions about this privacy statement or about GAINSBYBRAINS's use of your personal data, please do not hesitate to contact us at: gdpr@gainsbybrains.com We are happy to help.

Corporate address:
GAINBYBRAINS B.V. Zekeringstraat 17 A, 1014BM Amsterdam, the Netherlands
Dutch Chamber of Commerce number: 76549348

 

Why do we process personal data?

To use our app it is necessary to process personal data. For instance to verify if you have a subscription, what your language preference is and what workouts you prefer. In doing so, we process personal data only as necessary.

 

What personal data do we collect and use?

Hereafter we provide an overview of personal data we process and the legal basis for doing so. The legal basis is explained further down in this privacy statement.

Type

Why

Legal basis

E-Mail

necessary to communicate with you

Art. 6(1) (b) GDPR

Name (pseudonym allowed)

necessary to properly address you

Art. 6(1) (b) GDPR

IP Address(es)

security measures

Art. 6(1) (f) GDPR

Preferred language ISO Code

necessary to properly inform you

Art. 6(1) (b) GDPR

Password**

to secure your account

Art. 6(1) (b) GDPR

List of the preferred workouts days within a week

necessary tot perform the services of the app

Art. 6(1) (b) GDPR

Preferred workout intensity level

necessary to perform the services of the app

Art. 6(1) (b) GDPR

List of content IDs that the user has liked in the app

necessary to perform the services of the app; and analyse general content preferences of users

Art. 6(1) (b) GDPR / Art. 6(1) (f) GDPR

fitness plan

 

Data:

·     startDate

·     workouts

·     exercises

·     recipes

·           state of finishing

necessary to perform the services of the app. This is the result of the chosen workout days and intensity.

Art. 6(1) (b) GDPR

subscription data from Apple AppStore servers

To check for a valid subscription

Art. 6(1) (b) GDPR

Push notifications

To send notifications such as news and updates about the app or our services

Art. 6(1)(a) GDPR

Anonymized data analysis

For statistical analysis of the use and stability of the app

Art. 6(1)(f) GDPR

 

For avoidance of doubt, we note that we do not process any health data or monitor your health via your mobile device, sensory equipment or the app. In case we extend the app – in the future - to allow users to track their health – user’s informed consent will always be requested prior to processing any such personal data.

May we process your personal data?

We may only use personal data for a reason (so called ‘legal basis’) stated in the privacy laws. Under the General Data Protection Regulation (GDPR) the legal basis is listed in Article 6 GDPR.

Performance of the agreement
The main legal basis on which we process personal data is because it is necessary for the performance licensed use of the app. That way we can provide the services you are expecting from our app; or verify that you have a valid subscription; or properly address any complaints (legal basis: Art. 6(1)(b) GDPR).

Legal obligation
In some cases we might be obligated by law to process/archive personal data (legal basis: art. 6(1)(c) GDPR).

Legitimate interests
We process personal data for our legitimate interest. The interests or fundamental rights and freedoms of our users is never harmed in any way. Hereafter we explain when there is a legitimate interest.

We store the IP-address of app-users to secure the app and try to prevent illegitimate use of the app or your account.

We analyse what content is liked by our users in order to improve the app and its content in anonymized form.

We analyse in-app behaviour and system stability to improve the app for our users in anonymized form, so that no processing of personal data actually occurs. For this purpose we use Google Analytics for Firebase and Firebase Crashlytics. This way we can analyse which pages, content or UI-elements perform best or require (stability) improvements so we can further improve the app.

This requires Google Firebase to store, among other things, the device models, app updates, operating systems, number users and sessions, session duration, geography. Please note, Firebase does not collect any personal data. You can find a detailed overview of the data collected by Google Firebase at: https://support.google.com/firebase/answer/6318039.

The information is transferred anonymously to a Google server in the USA and stored anonymously. Google will also use said information to evaluate the use of the App and to provide GAINSBYBRAINS other services regarding the use of the app without being traceable to a user.

Google Firebase Crashlytics is used by us for further improving the app. It collects information about the device used and the usage of our App (e.g. the timestamp, when the App was started and when the crash occurred), which allows us to diagnose and solve stability problems. All data is stored anonymously.

Google uses the advertising ID of your device for the required data transmissions. This also allows you to restrict the use of the advertising ID (for iOS: go to Privacy -> Advertising -> No Ad Tracking & for Android: go to Account -> Google -> Ads).

Additional information about Google Firebase can be found at:

https://firebase.google.com/support/privacy/

https://firebase.google.com/terms/crashlytics/

Google might use subcontractors which can be found at: https://firebase.google.com/terms/subprocessors.

Consent
In case consent is the legal basis for the processing of your personal data, we will inform you in advance why we use the information. Please note that you can withdraw your consent at any time. From that moment we will no longer process your personal data, unless there is (also) another legal basis for processing your personal data (legal basis: art. 6(1)(a) GDPR). For the sake of completeness, hereafter we inform you additionally for the purposes for which we ask your consent:

If you enabled push notifications we can inform you about news and updates if the app is closed. These notifications require communication with Apple Push Notifications (for iPhones) and Google's Firebase Cloud Messaging (for android devices). These notifications services can’t identify you or obtain personal info. To send you the notifications a secure key is used that is stored in the app itself.

 

How do we secure your data?

The privacy of our users is important to us. In developing our app, we have tried to keep the applicable privacy principles in mind as much as possible.

In addition, we take both technical and organizational measures to secure the personal data we process.

Technical measures:

A few examples of the technical measures taken are:

  • Physical security of data centres
  • Logical access control
  • Secure connections for data transfer
  • Hashing of passwords
  • Encryption of data
  • IP-address-logging

Organisational measures taken:

A few examples of  the organizational measures taken are:

  • Only authorized persons have access to data and are bound to confidentiality
  • Data Processing Agreements are concluded with and companies that process personal data on behalf of GAINSBYBRAINS
  • Personal data is only stored in the European Union
  • Security incident management

 

How long do we keep your data?

We do not keep your personal data for longer than necessary for the purpose for which we process your data.

Upon deletion of your account, or any request to remove your data, the data will be no longer retained than 14 days, unless there is another legal basis for the processing.

 

Do we share your data with third parties?

In order to perform our services it is necessary to share data with other parties (third parties). For instance a hosting company to store the data. This may be within the Netherlands as well as within the European Union (EU). If we share your data outside the EU, we will inform you.

 

What are your rights?

You have several privacy rights. For example, you can ask us what personal data we process about you. And if the data is incorrect, you can request to correct it. Also, in some cases you can ask us to delete, transfer or restrict the processing of your data. Please note that restricting the processing of your personal data, can affect or prevent the performance of the app.

Finally, you can object to the processing of your data. If you disagree with how we process your data, you can file a privacy complaint with the local privacy authority.

Any request, questions or complaints regarding your privacy can be send to gdpr@gainsbybrains.com

 

Note: This privacy statement is valid as of 11 October 2023 and may be revised from time to time. Applicable at all times is the most recent version of the privacy statement. If a revision could significantly affect our users we will do our best to inform those affected of said revisions.