Data protection and privacy policy of Brainyoo Mobile Learning GmbH

In accordance with Art. 13ff of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”), we hereby inform you about the collection of personal data in connection with the use of our app and registration of your account.

1 Name and contact details of the data controller

The data controller as defined in Art. 4, Para. 7 of the GDPR is

Brainyoo Mobile Learning GmbH
Managing Directors: Filip Lyncker, Patrick Schmidt
Sonnenberger Straße 14, 65193 Wiesbaden

Email: support@brainyoo.de
Tel. +49 611 44754420
Fax +49 611 44754411

We have appointed a company data protection officer. This officer is

Mareike Seidel

who can be reached as follows:

Sonnenberger Straße 14, 65193 Wiesbaden
Tel.: 0611 44754420,
Email: datenschutz@brainyoo.de

2 Collection and storage of personal data in contacting us

If you contact us by email or by using a contact form, we store the data provided, that is, your email address, your name and, where applicable, your telephone number, as well as any other technical information provided. This data is collected to enable us to respond to the purpose of your contact, for example, to answer your question.

The data collection and processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 s. 1 letter a of the GDPR on the basis of your voluntary consent. We delete this data after its storage is no longer necessary, or we restrict the processing insofar as there are legal retention obligations.

3 Collection and storage of personal data when registering for a newsletter

If you have registered for a newsletter and have thereby expressly given your consent in accordance with Art. 6 para. 1 letter a of the GDPR, we will store your email address and use it to send you our newsletter on a regular basis. You can unsubscribe from the newsletter at any time, for example by clicking on the link at the end of the newsletter or by sending an email to support@brainyoo.de

4 Data protection and privacy provisions when using our app

4.1 Firebase Cloud Messaging

We use Firebase Cloud Messaging, a cross-platform messaging service, for our app. The service provider is the American company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Firebase also processes data of yours in the USA, among other places. The app uses the push services of the operating system manufacturers. These are short messages that can be sent directly through Firebase to the app from our server. Using this mechanism, changed content can be synchronized very quickly on all end devices. When using the push service, a device token from Apple or a registration ID from Google is assigned. These are encrypted, anonymized device IDs. The purpose of their use is solely to provide the push services. Firebase Cloud Messaging is part of the backend service platform. For more information on the terms of service of Firebase Cloud Messaging, please visit Firebase’s website: https://firebase.google.com/terms/

4.2 Firebase Crashlytics

To be able to continuously improve the reliability and stability of our app, we are reliant on anonymized crash and problem reports. We use Firebase Crashlytics for this, which is a service of Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland.

In the event of a problem or crash, anonymized information is sent to Google’s servers in the USA (installation UUID, crash trace, cell phone manufacturer and operating system, last log messages, and app state at the time of the crash). This information does not contain any personal data.

Crash reports are only sent with your explicit consent. When using the app (Android or iOS), you can provide and withdraw consent in the app settings.The legal basis for the data transfer is Art. 6 para. 1 letter a of the GDPR.For more information on data protection, please see the data protection and privacy policy of Firebase Crashlytics at:
https://firebase.google.com/support/privacy and
https://firebase.google.com/#data-collection-policies

4.3 PONS API

We use the PONS API in our app to provide you with various translation and dictionary functions. The PONS API is operated by PONS Langenscheidt GmbH, Stöckachstraße 11, 70190 Stuttgart, Germany. By using these functions, you consent to the processing of the data you enter by the PONS API. The PONS API processes the data you enter to generate the requested translations and dictionary queries. For this purpose, the texts and search queries you enter are sent to the PONS API and processed there. The PONS API collects and stores this data for a limited time to be able to offer and improve its service. The PONS API also uses cookies and similar technologies to provide its services and analyze user behavior. This information is stored on servers within the European Union. For more information on data protection and the processing of your data by the PONS API, please see the PONS data protection and privacy policy at: https://de.pons.com/p/privacy-policy.
If you do not consent to the processing of your data by the PONS API, you should not use the corresponding translation and dictionary functions in our app. However, please note that this may limit some of the functions of our app or they may not work as intended. To exercise your rights as a data subject, such as the right of access, rectification, erasure, or the right to object to the processing of your data, please contact PONS GmbH directly using the contact details provided in its data protection and privacy policy.

4.4 In-app purchases

Our app uses Google BillingClient (for Android users) and Apple StoreKit (for iOS users) to manage in-app purchases. These services allow you to purchase additional content, features, or subscriptions directly in our app.

When you make an in-app purchase, your payment information and transaction data are processed directly by Google (for Android users) or Apple (for iOS users). We do not have direct access to your full payment information. However, we do receive information about the transaction, such as the product ID, purchase amount, purchase date, and a unique transaction ID. This information is used to provide you with the content or services you purchased and to manage your subscriptions and purchases within the app.

Please note that both Google and Apple have their own data protection and privacy policies and terms of service that apply to the processing of your data in connection with in-app purchases. We recommend that you familiarize yourself with these policies before making in-app purchases:

• Google Play: https://policies.google.com/privacy
• Apple App Store: https://www.apple.com/de/legal/privacy/de-ww/

We store and process information about your in-app purchases in accordance with our data protection and privacy policy and applicable data protection laws. We take security measures to protect your information from unauthorized access, disclosure, modification, or destruction.

We use your in-app purchase information to:

• Provide you with the content, features, or subscriptions you have purchased.
• Manage and verify your subscriptions and purchases within the app.
• Provide customer support as needed and respond to inquiries related to in-app purchases.
• Detect and prevent fraud or abuse in connection with in-app purchases.
• Comply with legal obligations, such as tax or accounting obligations.

We will retain information about your in-app purchases for the period of time necessary to fulfill the purposes described in this data protection and privacy policy or to comply with legal or regulatory requirements. When we no longer need this information, we will delete it or anonymize it.

5 Registration and use of the account

To be able to fully use BRAINYOO, it is necessary to set up an account. For this purpose, you must provide additional personal data that we use to provide the respective service and to which the aforementioned data processing policies apply.
During registration, the following data is collected and stored:

• Email address
• Password (encrypted)
• Timestamp
• Client (Win/Mac application, web/iOS/Android app)

During registration, content management, active use – particularly the synchronization of content between multiple workstations (end devices of the user) – and when ordering free or paid content, offerings, or other services, additional personal data of the user is collected, processed, and used:

• The purchased learning content
• The created learning content
• Learning progress
• Learning statistics
• Clients used with time stamp

Personal data is not transferred to other third parties. A transfer of personal data to a third party outside the EU will only take place after a separate notification and your consent to this.
BRAINYOO collects, processes, and uses this data for

• Processing the order of free or paid content or other services in connection with the ACCOUNT
• Verification of the user’s compliance with the license terms (relating to the BRAINYOO program, license terms of the paid learning content and ACCOUNT)
• Optimization of the services offered in the ACCOUNT (debugging, optimization of processes, usability)

The collection and storage of data is based on your voluntary consent under Art. 6. para. 1 letter a of the GDPR, is furthermore necessary for the fulfillment of the subsequent contract processing under Art. 6 para. 1 letter c of the GDPR, is furthermore permitted on the basis of the protection of our legitimate interests with regard to the identification of the contractual partner and the enforcement of any claims under Art. 6 para. 1 letter f of the GDPR.

6 Partners outside the EEA

Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offering.

7 Rights of the data subject

You have the right:

• under Article 15 of the GDPR, to obtain information about whether we are storing and/or processing personal data about you;
• under Article 15 of the GDPR, to obtain information about your personal data that we are processing. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing, or the right to object, the existence of a right to lodge a complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
• under Article 16 of the GDPR, to request without delay the correction of inaccurate or incomplete personal data stored by us;
• under Article 17 of the GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
• under Article 18 of the GDPR, to obtain the restriction of the processing of your personal data to the extent that the accuracy of the data is contested by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the establishment, exercise, or defense of legal claims, or you have objected to the processing in accordance with Article 21 of the GDPR;
• under Article 20 of the GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to have it transmitted to another controller;
• under Article 77 of the GDPR, to lodge a complaint with a supervisory authority. You can generally contact the supervisory authority of your main residence or workplace or our company headquarters for this purpose.

8 Objection to or withdrawal from the processing of your data

If you have given your consent to the processing of your data, you may withdraw this consent at any time under Art. 7 para. 3 of the GDPR. Such withdrawal affects the lawfulness of the processing of your personal data after you have communicated it to us; the lawfulness of the processing that took place before the withdrawal remains unaffected.
Insofar as we base the processing of your personal data on a balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, to fulfill a contract with you, which we present when describing each of the functions. When exercising such an objection, we request that you explain the reasons why we should not process your personal data as carried out by us, see Art. 21 para 1 of the GDPR. In the case of your well-founded objection, we will review the situation and either cease the data processing or adapt it or explain to you our compelling legitimate reasons meriting protection, on the basis of which we will continue the processing.
You may, of course, object to the processing of your personal data for data analysis purposes at any time. Please send your objection to support@brainyoo.de.

9 Voluntary provision of data

The provision of data is completely voluntary for you. If you do not provide the data, there will be no adverse consequences for you; we will then solely be unable to conclude a contract with you or fulfill a contract with you.

10 Updating and amendment status of this data protection and privacy policy

This data protection and privacy policy is currently in effect and has been updated as of April 2023.
Original statement signed by Filip Lyncker (Managing Director), Wiesbaden, April 20, 2023