Consteed App
Information about the processing of
your personal data
(Privacy Policy)
Overview
1 Scope of this Privacy Policy
2 Controller for data processing
4 Purposes and legal bases for the processing of your personal data
6 Deletion of your personal data
8 Necessity of providing your personal data.
9 Transfer of your personal data to third countries
12 Single sign-on login (to be implemented soon)
13 Provision of the online offer and web hosting
14 Your rights in relation to your personal data
15 Changes to this Privacy Policy
This Privacy Policy applies to the processing of your personal data in the Consteed app.
"Personal data" is any information about an identified or identifiable natural person. You are identifiable as a person if you can be identified directly (e.g., by your name) or indirectly (e.g., by a pseudonymous e-mail address) with this information.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automated means.
The controller (hereinafter also "we" or "us") of your personal data processed in our App is.
ContiTech Deutschland GmbH
Continental-Plaza 1
30175 Hannover
Germany
E-Mail: Consteed@continental.com
If you have any questions about data protection or data security, you can contact our data protection officer by writing to Continental AG, Continental-Plaza 1, 30175 Hannover, Germany, or by e-mail to dataprotection@conti.de.
The purposes pursued with the data processing in our app are explained below.
|
Type of data |
Processing purposes |
Legal basis |
Expected storage period |
|
1. User account registration To use the Consteed app, you must create a customer account. The following data is processed in the process: § Password § User Name Furthermore, you can voluntarily provide the following additional data: § Name § Phone § Adress § |
§ Use of the Consteed App / collected, processed or used exclusively for the fulfillment of the contractual obligations arising from the user contract for Consteed, i.e. in the context of the conclusion, execution and termination of the contract. § Improving evaluation results. § Individualisation of the profile and improvement of the user experience.
|
Art. 6 (1) (b) UK GDPR (pre-contractual measures, fulfillment of a contract)
|
We store the registration data for your user account until you delete your account. Furthermore, your data will be stored for as long as is necessary for the fulfillment of the contract (user contract). If necessary, personal data will be stored for the defense and/or assertion of legal claims within the framework of the limitation provisions of §§ 195 ff. BGB are stored. |
|
2. Contact Consteed § Your message § Name You can contact us through our contact form. |
To process and, if necessary, carry out the request you have communicated and to communicate with you via the contact form, email or phone. |
Art. 6 (1) (a) UK GDPR (consent) You can revoke your consent at any time with effect for the future. |
§ Until your declaration of consent is revoked, otherwise until your request has been finally processed. We assume that processing has been completed when the circumstances indicate that the matter in question has been conclusively clarified. § If we process your request and there is another legal basis (e.g., fulfilment of a contract), we may store your data for the duration of this other purpose. |
|
3. App Analysis The following data is processed when you use the Consteed app: § Date § Time of use of the app § App functionalities used (health analyses, weight measurement of the horse, steps taken, etc.), |
To measure app activity and improve the services and information provided by the app |
Art. 6 para. 1 lit. f GDPR (legitimate interest)
The legitimate interest of ContiTech Deutschland GmbH lies in the measurement of app activities. This data is aggregated and subsequently analyzed in order to improve the services, information and services provided by the app. |
§ Until the end of use, but at the latest until the analysis has been completed. |
|
4. Newsletter § Your message § Name You can register to subscribe to our newsletter and receive attractive product offers and information about our products. |
Sending of a newsletter published at regular with interesting news about our products, events and our company (product news etc.). |
Art. 6 (1) (a) UK GDPR (consent) You can revoke your consent at any time with effect for the future.
|
§ Until you revoke your declaration of consent. |
|
5. Competition § Phone § Name § Adress § Age § Uage of the App
|
Participation in a competition from Consteed |
Art. 6 para. 1 lit. a GDPR (consent) |
§ Until consent is withdrawn or the purpose no longer applies. |
|
6. KI-Training § Measurment § Horseprofile incl. horsename, race, gender, shoeing, usage § Date § Time |
To improve the services and information provided by the app, evaluation of measurement results and analysis. |
Art. 6 para. 1 lit. a GDPR |
§ If consent is revoked, no new personal data will be used for AI training from that point on with effect for the future. All data will be anonymized. |
|
7. Rekalibration & Maintainance Service § Name § Adress § Product-Nr. § Prod.-Usage |
Processing of the for a maintenance service & Recalibration of the consteed system. For forwarding to the maintenance service provider for contract fulfillment. For simplified provision of the service and maintenance of product quality |
Art. 6 (1) lit. a GDPR (consent)
|
§ Until you revoke your declaration of consent or Purpose no longer applicable. |
As part of the above data processing, we transmit data to the service providers listed below:
|
Service provider |
Address |
|
Konrad Hornschuch GmbH / Hornschuch-Markt GmbH |
Salinenstraße 1, D-74679 Weißbach, Germany |
|
Amazon Web Services, EMEA SARL |
Avenue John F. Kennedy 38, 1855 Luxembourg |
|
ContiTech India Pvt. Ltd |
Gold Hill Supreme Software Park – East Tower, |
|
CodeCraft Technologies Pvt Ltd |
No. 106, SSS Serene, 3rd Floor, 4th C Cross, Koramangala Industrial Layout, 5th Block, Bengaluru, Karnataka 560095, India |
|
HCL Technologies |
Technology Hub, Sez, Plot No. 3a, Sector 126, Noida, Uttar Pradesh, 201304, India |
|
ContiTech – Innovation, Business Development & Digital Solutions |
Hannoversche Str. 100, 21079 Hamburg, Germany |
|
Devhelden GmbH |
Harniskai 22, 24937 Flensburg, Deutschland |
|
Tratter Engineering GmbH |
Via Waltraud Gebert-Deeg 10, 39100 Bolzano/Bozen - Italy |
|
Cavallo Horse & Rider Inc. |
1714 Lockyer Road, Roberts Creek, BC, Canada V0N 2W1 |
The service providers process your data as our order processors on the basis of a corresponding data processing agreement. Insofar as the service providers are located outside the United Kingdom, we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data (such as the European Economic Area) or the transfer takes place on the basis of the standard contractual clauses provided by the UK government or EU Commission (as applicable) and further technical and organisational measures to safeguard the security of your data.
Your personal data will only be processed as long as the processing purposes specified in no. 4 exist unless there are legal and regulatory obligations or other legal bases that make longer processing necessary.
Your personal data will be stored for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Legal basis: Art. 6 (1) (c) UK GDPR (legal obligation); Art. 6 (1) (f) UK GDPR (legitimate interest: Assertion, exercise or defence of or against legal claim(s)).
Your personal data may also be stored to preserve evidence for the assertion of or defence against legal claims under the statute of limitations, including the Limitations Act 1980. These limitation periods can be up to twelve years, with the regular limitation period being six years. The regular limitation period begins at the time that the cause of action arises i.e., from the earliest time that the legal proceedings could first have been brought. Legal basis: Art. 6 (1) (f) UK GDPR (legitimate interest: Assertion, exercise or defence of or against legal claim(s)).
Your personal data may be transferred to the following categories of recipients:
§ Third parties who provide the contractually agreed services on our behalf and support us in the provision of our services e.g., transport companies;
§ Affiliated companies in accordance with binding corporate guidelines;
§ Insurance partner of ContiTech Deutschland GmbH
§ Authorities (e.g., tax authorities)
§ Lawyers and courts in the event of legal disputes
According to our Terms of Service to use the App, you are contractually obligated to provide the personal data required for user (Sections 1 and 2 under Number 4.1 of this Privacy Policy) if you wish to make use of our services offered in the app.
If you do not provide the required personal data, we will not be able to enter into a contract with you or provide you with any services.
However, if it is not necessary to provide personal data and you do not provide it, we will not be able to provide you with certain information or services.
Your personal data is processed on servers within the EU / EEA. Otherwise, a transfer to third countries does not take place in principle, unless it is explicitly stated otherwise in this privacy information.
In our App we use the Firebase services described below, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Dynamic Links is a service from Google that allows deep links to an app. This enables us to take you to a specific area of the app via a link to display content directly in the app, passing information to the app.
Dynamic Links uses device specifications and IP addresses on iOS to open newly installed apps on a specific page or context. These device specifications and IP addresses are stored only temporarily to run the service.
We use the data in this service exclusively to provide app content.
Legal basis: Art. 6 (1) (f)UK GDPR (legitimate interest: proper and convenient provision of content).
Google Analytics for Firebase is a service from Google that provides event reports that help us understand how users interact with our app. The service provides us with insights into app usage and user engagement and helps us understand our users' behaviour so we can make informed decisions about app marketing and performance optimisation.
Analytics for Firebase processes the following categories of data:
· Number of users and sessions
· Session duration
· Operating systems
· Device models
· Region
· First time starts
· App executions
· App updates
· In-app purchases
The above information will not be linked to your user account, so we will not identify you as a user with the data.
Analytics for Firebase retains certain data associated with advertising IDs (e.g., Apple's Identifier for Advertisers and Identifier for Vendors, Android's Advertising ID) for 60 days and retains aggregated reports without automatic expiration. Retention of user-level data, including conversions, is set to up to 2 months. For all other event data, the retention period is 2 months.
We use this data solely for the purpose of understanding the behavior of the entirety of our users in pseudonymised form in order to improve the app and related services and other benefits.
In Analytics for Firebase, interactions by you as a visitor with our app are primarily recorded using cookies. For more information about cookies, see para. Section 5.
The legal basis for the processing of your personal data within the scope of Analytics for Firebase is your consent pursuant to Art. 6 (1) (a) UK GDPR, which we request in the settings.
You can revoke your consent to the processing of your personal data within the scope of Google Analytics at any time with future effect by deactivating Analytics for Firebase in the settings of our app.
We have concluded an order processing agreement with Google, which you can access here: Firebase Data Processing and Security Terms.
For more information on how Google Analytics handles user data, please see Google's privacy policy on Google Analytics.
According to Google, the Firebase services are run on the global Google infrastructure. Your data processed in the Firebase services may also be transferred by Google to third countries (countries outside the UK/ EU / EEA e.g., USA). In these third countries, despite the use of appropriate safeguards by the platforms, an adequate level of protection may not be ensured, and you may not be able to assert your data protection rights under the GDPR or not to the same extent. There may be a risk that the personal data are used by government agencies for other purposes (e.g., by security agencies to fight terrorism) due to laws or legal practice in third countries.
If data is transferred to third countries, Google uses the so-called Standard Contractual Clauses (“SCC”) as appropriate safeguards for the protection of personal data. Such SCCs have also been approved for transfers of data to countries outside the UK pursuant to Art. 46(2) UK GDPR together with the UK’s International Data Transfer Addendum under S119(A) of the Data Protection Act 2018. With this contract, Google undertakes to comply with the level of data protection guaranteed by the EU GDPR and UK GDPR (as applicable) when processing in third countries. The SCCs has its basis in a decision of the EU Commission, according to which the unchanged use of the SCC constitutes appropriate guarantees for data processing in third countries. The corresponding decision of the EU Commission and the SCC can be found here.
However, to the extent possible when using the services, we aim to process in European data centres.
For more information on data privacy and security in Firebase, click here.
We use the Google Tag Manager provided by Google Ireland Limited, incorporated and operating under the laws of Ireland (Registered Number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, "Google") in this app.
The Google Tag Manager only manages and implements tags. This means that no cookies are used by the Google Tag Manager and no personal data is collected. The data processed by the Google Tag Manager does not contain user IP addresses or any user-specific identifiers that could be associated with a specific person. Other than data in standard HTTP request logs, all of which is deleted within 14 days of receipt, Google Tag Manager does not collect, store, or share information about visitors to our clients' properties, including page URLs visited.
More information about Google Tag Manager can be found at https://www.google.com/analytics/terms/tag-manager/ and https://support.google.com/tagmanager/answer/9323295?hl=en.
Single sign-on" or "single sign-on logon or authentication" refers to procedures that allow you to log on to our app using a user account with a provider of single sign-on procedures (e.g., a social network). The prerequisite for single sign-on authentication is that you are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose or are already registered with the single sign-on provider and confirm the single sign-on registration via button.
Authentication takes place directly with the respective single sign-on provider. In the course of such authentication, we receive a user ID with the information that you are logged in under this user ID at the respective single sign-on provider and an ID that cannot be used by us for other purposes (so-called "user handle"). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected during authentication, and also on which data you have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and your choice, this can be different data, usually the e-mail address and the username. The password entered as part of the single sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us.
Please note that the single sign-on provider can automatically match your data stored by us with your user account, but that this is not always possible or does actually occur. If, for example, your e-mail address changes, you must change them manually in their user account with us.
The legal basis for our processing of your data when using a single sign-on registration is Art. 6 (1) (f)UK GDPR. Our legitimate interest is to provide you optionally with an easier way of registration and login.
Services used and service providers:
§ Facebook Single Sign-On: Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policy: https://www.facebook.com/about/privacy;
§ Google Single Sign-On: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Website: https://www.google.de; Privacy Policy: https://policies.google.com/privacy;
§ Apple Single-Sign-On: Service provider: Apple Inc. , Infinity Loop, Cupertino, CA 95014. Privacy information: https://www.apple.com/legal/privacy/en-ww/
The UK GDPR grants you various rights in relation to your personal data, which we briefly explain below.
§ Right of Access
You can request information about whether your personal data is being processed. If this is the case, you can request further information, in particular on the purposes of the processing, the categories of personal data processed, the recipients, the storage period or, if this is not possible, the criteria for determining the period, as well as further information.
You can request a copy of your personal data, which will be provided to you in the event of a request by e-mail in a common electronic format, provided that this does not affect the rights or freedoms of other persons. For this purpose, please specify exactly which data you require.
§ Right to Rectification
You can immediately request the correction of incorrect personal data concerning you as well as the completion of incomplete personal data.
§ Right to Erasure
You have the right to request the deletion of your personal data, in particular if the data is no longer necessary for the purposes for which it was collected. Your data will be deleted immediately unless an exception applies, and your data may continue to be stored. This is the case, for example, if there is an obligation to store it for tax or commercial law reasons. In this case, processing will be restricted and will then only take place for this purpose.
§ Right to Restriction
You may request the restriction of the processing of your personal data, in particular if
you dispute the data’s accuracy,
the processing is unlawful and you object to the erasure,
the data is no longer required, but you need it for the assertion, exercise or defence of legal claims, or
you have objected to the processing, but we need to verify whether we have overriding legitimate grounds to use it.
In the event of the restriction of the agreement, your personal data may in principle only be stored and in particular only processed with your consent or for the assertion or exercise as well as for the defence against legal claims.
§ Right to Data Portability
You may request to receive the personal data concerning you that you have provided in a structured, common and machine-readable format so that you can transfer it to another controller. You also have the right to have this data transferred directly to another controller. However, the prerequisite for this right is that the processing of your data is based on consent, the implementation of pre-contractual measures or the performance of a contract.
§ Right to Object
You may object to the processing of personal data relating to you if the processing is based on a legitimate interest (Art. 6 (1) (f)UK GDPR). Your right to object also exists in the case of any direct advertising carried out (e.g., newsletter dispatch), including any profiling that may be associated with this. The data will then no longer be processed unless compelling reasons for the processing are proven.
The objection must be sent in writing to Continental AG, Continental-Plaza 1, 30167 Hanover or by e-mail to dataprotection@conti.de
You can also contact our data protection officer at any time in writing (including e-mail) with questions or complaints, e-mail: dataprotection@conti.de.
§ Revocation of Consent Given for Data Processing
If you have consented to the processing of your personal data, you can revoke this consent at any time. Processing that has taken place up to the time of the revocation remains unaffected by the revocation.
§ Assertion of your rights
If you wish to exercise the rights described above, please contact us as the controller (Section 2).
§ Right of appeal to a data protection authority
You have a right of appeal to a competent data protection authority.
If you have any questions or complaints, please contact us directly first (see Section 2) - hopefully your concern can be solved there to your satisfaction.
From time to time, this Privacy Policy will be updated; changes or additions will be published here. We therefore recommend that you check this page regularly.
Thank you for reading this Privacy Policy.
Status: March 2026