Consteed App
Information about the processing of your personal data
(Privacy Policy)
Overview
  1. Scope of this Privacy Policy
  2. Controller for data processing
  3. Data protection requests
  4. Purposes and legal bases for the processing of your personal data
  5. Use of cookies in the app
  6. Deletion of your personal data
  7. Recipients
  8. Necessity of providing your personal data
  9. Transfer of your personal data to third countries
  10. Firebase
  11. Google Tag Manager
  12. Single sign-on login (to be implemented soon)
  13. Provision of the online offer and web hosting
  14. Your rights in relation to your personal data
  15. Changes to this Privacy Policy
1.   Scope of this Privacy Policy
This Privacy Policy applies to the processing of your personal data in the Consteed app.
Personal data“ is any information about an identified or identifiable natural person. You are identifiable as a person if you can be identified directly (e.g., by your name) or indirectly (e.g., by a pseudonymous e-mail address) with this information.
Processing“ means any operation or set of operations which is performed upon personal data, whether or not by automated means.
2.  Controller for data processing
The controller (hereinafter also "we" or "us") of your personal data processed in our App is.
ContiTech Deutschland GmbH
Continental-Plaza 1
30175 Hannover
Germany
E-Mail: Consteed@continental.com
3.   Data protection requests
If you have any questions about data protection or data security, you can contact our data protection officer by writing to Continental AG, Continental-Plaza 1, 30175 Hannover, Germany, or by e-mail to dataprotection@conti.de.
4.   Purposes and legal bases for the processing of your personal data
4.1.   Processing in the app
The purposes pursued with the data processing in our app are explained below.
Type of data Processing purposes Legal basis Expected storage period
1.   User account registration
To use the Consteed app, you must create a customer account. The following data is processed in the process:
  • E-mail
  • Password
  • User Name
Furthermore, you can voluntarily provide the following additional data:
  • Name
  • Phone
  • Address
  • Use of the Consteed App / collected, processed or used exclusively for the fulfillment of the contractual obligations arising from the user contract for Consteed, i.e. in the context of the conclusion, execution and termination of the contract.
  • Improving evaluation results.
  • Individualisation of the profile and improvement of the user experience.
 Art. 6 (1) (b) UK GDPR (pre-contractual measures, fulfillment of a contract) We store the registration data for your user account until you delete your account. Furthermore, your data will be stored for as long as is necessary for the fulfillment of the contract (user contract). If necessary, personal data will be stored for the defense and/or assertion of legal claims within the framework of the limitation provisions of §§ 195 ff. BGB are stored.
2.   Contact Consteed
  • Your message
  • Name
  • E-mail
You can contact us through our contact form.
 To process and, if necessary, carry out the request you have communicated and to communicate with you via the contact form, email or phone.
Art. 6 (1) (a) UK GDPR (consent)
You can revoke your consent at any time with effect for the future.
  • Until your declaration of consent is revoked, otherwise until your request has been finally processed.
    We assume that processing has been completed when the circumstances indicate that the matter in question has been conclusively clarified.
  • If we process your request and there is another legal basis (e.g., fulfilment of a contract), we may store your data for the duration of this other purpose.
3.   App Analysis
The following data is processed when you use the Consteed app:
  • Date
  • Time of use of the app
  • App functionalities used (health analyses, weight measurement of the horse, steps taken, etc.),
 To measure app activity and improve the services and information provided by the app
Art. 6 para. 1 lit. f GDPR (legitimate interest)
The legitimate interest of ContiTech Deutschland GmbH lies in the measurement of app activities. This data is aggregated and subsequently analyzed in order to improve the services, information and services provided by the app.
  • Until the end of use, but at the latest until the analysis has been completed.
4.   Newsletter
  • Your message
  • Name
  • E-mail
You can register to subscribe to our newsletter and receive attractive product offers and information about our products.
Sending of a newsletter published at regular with interesting news about our products, events and our company (product news etc.)
Art. 6 (1) (a) UK GDPR (consent)
You can revoke your consent at any time with effect for the future.
  • Until you revoke your declaration of consent.
5.   Competition
  • Email
  • Phone
  • Name
  • Address
  • Age
  • Usage of the App
Participation in a competition from Consteed
Art. 6 para. 1 lit. a GDPR (consent)
  • Until consent is withdrawn or the purpose no longer applies.
4.2.   Data transmission to service providers
As part of the above data processing, we transmit data to the service providers listed below:
Service provider Address
ContiTech Luftfedersysteme GmbH
Philipsbornstraße 1, D-30165 Hanover, Germany
Konrad Hornschuch AG / Hornschuch-Markt GmbH
Salinenstraße 1, D-74679 Weißbach, Germany
Amazon Web Services, EMEA SARL
Avenue John F. Kennedy 38, 1855 Luxembourg
ContiTech India Pvt. Ltd
Gold Hill Supreme Software Park – East Tower,Shanthipura Road, Electronics City, Phase II Industrial Area,Hosur Road, Bangalore, India – 560 100, India
CodeCraft Technologies Pvt Ltd
No. 106, SSS Serene, 3rd Floor, 4th C Cross, Koramangala Industrial Layout, 5th Block, Bengaluru, Karnataka 560095, India
HCL Technologies
Technology Hub, Sez, Plot No. 3a, Sector 126, Noida, Uttar Pradesh, 201304, India
ContiTech – Innovation, Business Development & Digital Solutions
Hannoversche Str. 100, 21079 Hamburg, Germany
The service providers process your data as our order processors on the basis of a corresponding data processing agreement. Insofar as the service providers are located outside the United Kingdom, we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data (such as the European Economic Area) or the transfer takes place on the basis of the standard contractual clauses provided by the UK government or EU Commission (as applicable) and further technical and organisational measures to safeguard the security of your data.
5.   Deletion of your personal data
Your personal data will only be processed as long as the processing purposes specified in no. 4 exist unless there are legal and regulatory obligations or other legal bases that make longer processing necessary.
5.1.   Legal retention periods
Your personal data will be stored for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Legal basis: Art. 6 (1) (c) UK GDPR (legal obligation); Art. 6 (1) (f) UK GDPR (legitimate interest: Assertion, exercise or defence of or against legal claim(s)).
5.2.   Statute of limitations
Your personal data may also be stored to preserve evidence for the assertion of or defence against legal claims under the statute of limitations, including the Limitations Act 1980. These limitation periods can be up to twelve years, with the regular limitation period being six years. The regular limitation period begins at the time that the cause of action arises i.e., from the earliest time that the legal proceedings could first have been brought. Legal basis: Art. 6 (1) (f) UK GDPR (legitimate interest: Assertion, exercise or defence of or against legal claim(s)).
6.   Data Recipients
Your personal data may be transferred to the following categories of recipients:
7.  Necessity of providing your personal data
According to our Terms of Service to use the App, you are contractually obligated to provide the personal data required for user (Sections 1 and 2 under Number 4.1 of this Privacy Policy) if you wish to make use of our services offered in the app.
If you do not provide the required personal data, we will not be able to enter into a contract with you or provide you with any services.
However, if it is not necessary to provide personal data and you do not provide it, we will not be able to provide you with certain information or services.
8.   Transfer of your personal data to third countries
Your personal data is processed on servers within the EU / EEA. Otherwise, a transfer to third countries does not take place in principle, unless it is explicitly stated otherwise in this privacy information.
9.   Firebase
In our App we use the Firebase services described below, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
9.1   Dynamic Links (to be implemented soon)
Dynamic Links is a service from Google that allows deep links to an app. This enables us to take you to a specific area of the app via a link to display content directly in the app, passing information to the app.
Dynamic Links uses device specifications and IP addresses on iOS to open newly installed apps on a specific page or context. These device specifications and IP addresses are stored only temporarily to run the service.
We use the data in this service exclusively to provide app content.
Legal basis: Art. 6 (1) (f)UK GDPR (legitimate interest: proper and convenient provision of content).
9.2   Analytics for Firebase
Google Analytics for Firebase is a service from Google that provides event reports that help us understand how users interact with our app. The service provides us with insights into app usage and user engagement and helps us understand our users' behaviour so we can make informed decisions about app marketing and performance optimisation.
Analytics for Firebase processes the following categories of data:
The above information will not be linked to your user account, so we will not identify you as a user with the data.
Analytics for Firebase retains certain data associated with advertising IDs (e.g., Apple's Identifier for Advertisers and Identifier for Vendors, Android's Advertising ID) for 60 days and retains aggregated reports without automatic expiration. Retention of user-level data, including conversions, is set to up to 2 months. For all other event data, the retention period is 2 months.
We use this data solely for the purpose of understanding the behavior of the entirety of our users in pseudonymised form in order to improve the app and related services and other benefits.
In Analytics for Firebase, interactions by you as a visitor with our app are primarily recorded using cookies. For more information about cookies, see para. Section 5.
The legal basis for the processing of your personal data within the scope of Analytics for Firebase is your consent pursuant to Art. 6 (1) (a) UK GDPR, which we request in the settings.
9.2.1.  Revocation of your consent
You can revoke your consent to the processing of your personal data within the scope of Google Analytics at any time with future effect by deactivating Analytics for Firebase in the settings of our app.
9.2.2.  Job processing
We have concluded an order processing agreement with Google, which you can access here: Firebase Data Processing and Security Terms.
9.2.3.  More information about Analytics
For more information on how Google Analytics handles user data, please see Google's privacy policy on Google Analytics.
9.3  Transfer of personal data to third countries
According to Google, the Firebase services are run on the global Google infrastructure. Your data processed in the Firebase services may also be transferred by Google to third countries (countries outside the UK/ EU / EEA e.g., USA). In these third countries, despite the use of appropriate safeguards by the platforms, an adequate level of protection may not be ensured, and you may not be able to assert your data protection rights under the GDPR or not to the same extent. There may be a risk that the personal data are used by government agencies for other purposes (e.g., by security agencies to fight terrorism) due to laws or legal practice in third countries.
If data is transferred to third countries, Google uses the so-called Standard Contractual Clauses (“SCC”) as appropriate safeguards for the protection of personal data. Such SCCs have also been approved for transfers of data to countries outside the UK pursuant to Art. 46(2) UK GDPR together with the UK’s International Data Transfer Addendum under S119(A) of the Data Protection Act 2018. With this contract, Google undertakes to comply with the level of data protection guaranteed by the EU GDPR and UK GDPR (as applicable) when processing in third countries. The SCCs has its basis in a decision of the EU Commission, according to which the unchanged use of the SCC constitutes appropriate guarantees for data processing in third countries. The corresponding decision of the EU Commission and the SCC can be found here.
However, to the extent possible when using the services, we aim to process in European data centres.
9.4   More information about Firebase
For more information on data privacy and security in Firebase, click here.
10.  Google Tag Manager
We use the Google Tag Manager provided by Google Ireland Limited, incorporated and operating under the laws of Ireland (Registered Number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, "Google") in this app.
The Google Tag Manager only manages and implements tags. This means that no cookies are used by the Google Tag Manager and no personal data is collected. The data processed by the Google Tag Manager does not contain user IP addresses or any user-specific identifiers that could be associated with a specific person. Other than data in standard HTTP request logs, all of which is deleted within 14 days of receipt, Google Tag
Manager does not collect, store, or share information about visitors to our clients' properties, including page URLs visited.
More information about Google Tag Manager can be found at https://www.google.com/analytics/terms/tag-manager/ and https://support.google.com/tagmanager/answer/9323295?hl=en.
11.  Single sign-on login (to be implemented soon)
Single sign-on" or "single sign-on logon or authentication" refers to procedures that allow you to log on to our app using a user account with a provider of single sign-on procedures (e.g., a social network). The prerequisite for single sign-on authentication is that you are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose or are already registered with the single sign-on provider and confirm the single sign-on registration via button.
Authentication takes place directly with the respective single sign-on provider. In the course of such authentication, we receive a user ID with the information that you are logged in under this user ID at the respective single sign-on provider and an ID that cannot be used by us for other purposes (so-called "user handle"). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected during authentication, and also on which data you have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and your choice, this can be different data, usually the e-mail address and the username.
The password entered as part of the single sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us.
Please note that the single sign-on provider can automatically match your data stored by us with your user account, but that this is not always possible or does actually occur. If, for example, your e-mail address changes, you must change them manually in their user account with us.
The legal basis for our processing of your data when using a single sign-on registration is Art. 6 (1) (f)UK GDPR. Our legitimate interest is to provide you optionally with an easier way of registration and login.
Services used and service providers:
12.  Your rights in relation to your personal data
The UK GDPR grants you various rights in relation to your personal data, which we briefly explain below.
You can request information about whether your personal data is being processed. If this is the case, you can request further information, in particular on the purposes of the processing, the categories of personal data processed, the recipients, the storage period or, if this is not possible, the criteria for determining the period, as well as further information.
You can request a copy of your personal data, which will be provided to you in the event of a request by e-mail in a common electronic format, provided that this does not affect the rights or freedoms of other persons. For this purpose, please specify exactly which data you require.
You can immediately request the correction of incorrect personal data concerning you as well as the completion of incomplete personal data.
You have the right to request the deletion of your personal data, in particular if the data is no longer necessary for the purposes for which it was collected. Your data will be deleted immediately unless an exception applies, and your data may continue to be stored. This is the case, for example, if there is an obligation to store it for tax or commercial law reasons. In this case, processing will be restricted and will then only take place for this purpose.
You may request the restriction of the processing of your personal data, in particular if
In the event of the restriction of the agreement, your personal data may in principle only be stored and in particular only processed with your consent or for the assertion or exercise as well as for the defence against legal claims.
You may request to receive the personal data concerning you that you have provided in a structured, common and machine-readable format so that you can transfer it to another controller. You also have the right to have this data transferred directly to another controller. However, the prerequisite for this right is that the processing of your data is based on consent, the implementation of pre-contractual measures or the performance of a contract.
You may object to the processing of personal data relating to you if the processing is based on a legitimate interest (Art. 6 (1) (f)UK GDPR). Your right to object also exists in the case of any direct advertising carried out (e.g., newsletter dispatch), including any profiling that may be associated with this. The data will then no longer be processed unless compelling reasons for the processing are proven.
The objection must be sent in writing to Continental AG, Continental-Plaza 1, 30167 Hanover or by e-mail to dataprotection@conti.de
You can also contact our data protection officer at any time in writing (including e-mail) with questions or complaints, e-mail: dataprotection@conti.de.
If you have consented to the processing of your personal data, you can revoke this consent at any time. Processing that has taken place up to the time of the revocation remains unaffected by the revocation.
If you wish to exercise the rights described above, please contact us as the controller (Section 2).
You have a right of appeal to a competent data protection authority.
If you have any questions or complaints, please contact us directly first (see Section 2) - hopefully your concern can be solved there to your satisfaction.
13.  Changes to this Privacy Policy
From time to time, this Privacy Policy will be updated; changes or additions will be published here. We therefore recommend that you check this page regularly.
Thank you for reading this Privacy Policy.
Status: October 2024