Privacy statement for using the Menthal-App

Für die deutsche Version, bitte hier klicken.

1. Information regarding the collection of personal data

(1) We provide you with a mobile app ("Menthal app") that you can download on your mobile device. Hereinafter we inform you about the collection of personal data when using our Menthal app. Personal data is all the data that can be personally related to you, i.e. name, address, e-mail addresses, user behavior.

(2) Responsible according to art. 4 paragraph 7 EU-General Data Protection Regulation (DSGVO/GDPR) is

Murmuras GmbH

Represented by managers Ionut Andone, Qais Kasem, Alexander Markowetz

Meckenheimer Allee 73

53115 Bonn, Germany

info@murmuras.com

as well as

University of Marburg (subject to approval by university bodies)

Research group Prof. Alexander Markowetz

Hans-Meerwein-Straße 6

35043 Marburg, Germany

markowet@Mathematik.Uni-Marburg.de

Our data protection officers can be reached at:

JURANDO GmbH

Contact person: Dr. Dennis Werner

Rathausplatz 21

58507 Lüdenscheid, Germany

Tel: 0049 2351-66854-37

Fax: 02351-66854-44

E-Mail: datenschutzbeauftragter@jurando.de

Or by post under our post address by mentioning "data protection officers".

2. Processing of personal data when using our Menthal app

The Menthal app supports "digital diets" and allows you to participate in a study about smartphone usage, which is provided by Murmuras and the University of Marburg. A sustainable digital lifestyle is promoted as our app supports its users to improve their behavior. The app provides information about users' smartphone usage and surveys this data on behalf of the comprehensive study.

Personal data is used exclusively for study purposes. Especially the use for personalized advertising, personal credit scoring or other automated decisions about individual participants is excluded. Any transfer of personal data without explicit consent is also excluded.

(1) Usage levels

The data collected is used to help users shape their digital behavior. Besides, Murmuras and the University of Marburg process your data for its own statistics and publications. In case of inquiries from other researchers, the provider also checks this data to determine whether the participant can also be a subject for these further studies. In this case, the participant may receive a separate invitation to participate in this study.

Murmuras and the University of Marburg manage the data internally as far as possible pseudonymized. Despite this precaution, it is treated at all times as if it were directly personal.

(2) Analysis period

The Menthal app collects different kinds of data:

  1. It regularly records the location of the participant. This can help, for example, to later derive the daily radius of action of the participant. For example, how much time the participant spends at home vs away from home can be evaluated.

  2. It collects the participant's mobile phone behavior. In particular, it records when they use the phone (phone sessions) and when they use which apps (app sessions). From this data, it can later be derived, for example, how long the participant was online in total, and which apps they used particularly often. Personal data from e-mails, SMS or messenger services is not tracked. Furthermore, address book data like names or phone numbers are not tracked as well.

  3. It collects questionnaires as part of the study. At the beginning, during and at the end of the study, the provider collects common factors (onboarding questions) from all participants. This includes, for example, demographic information such as age, gender and marital status or personality traits such as introversion and openness.

  4. It collects seen content and activities (e.g. clicks) in apps. In particular, it records sponsored content and publicly shared content in social media apps, as well as interactions and viewed content in shopping, mobile, and media apps. This can later be used to infer, for example, which ads the participants were exposed to, how often they see certain product categories, and which of these they click on, mark as "liked," or share. However, personal content from emails, text messages or chat messengers is not recorded. Neither are names, user names or phone numbers from the address book and other apps transmitted or personal account information collected.

The legal basis for the processing of your personal data is art. 6 (1) (a) GDPR (Consent).

See our Terms of Use for more details.

(3) App-Store

When you download the Menthal app, the required information is transferred to the App Store, in particular your account username, email address and client number of your account, time of download, payment information and unique device code. We have no influence on this data collection and are not responsible for it. We only process the data as far as it is necessary for the downloading of the mobile app to your mobile end device.

The supplier of the App Store (here Google Play Store) can be reached at the following contact details: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en.

Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US Framework.

You can also download the Menthal app for free via our website directly to your mobile end device. Upon download, we will process further data via the website and inform you about that in the privacy policy of our website.

(4) Google Firebase products

We use the following Google Firebase products for the Menthal app: Crashlytics and Firebase Cloud Messaging. Within the range of products, different data categories are sometimes processed for different purposes:

  • Firebase Crashlytics: With Crashlytics data while operating the app, including the type of operating system used, information on malfunctions during operation (type of malfunction, time of the malfunction, duration of the malfunction, use of the app at the time of the malfunction) and device information are being processed. Based on this data, we can get an overview of various malfunctions or issues occurring while operating the app and analyze them based on their relevance for use in order to ensure efficient troubleshooting and ensure the stability of the app. The data processing is based on art. 6 (1) sentence 1 letter f GDPR. We have a legitimate interest to identify and fix stability problems that affect the quality of the app. This also increases the user-friendliness of the app for our customers.

  • Firebase Cloud Messaging: Firebase Cloud Messaging enables us to inform users with targeted and contextual messages about our offer and to encourage them to use the app. Information on the subject, type of message and time of sending the message as well as data regarding whether and when a message was received and read is also processed. Some of this data is also used in the analysis. Cloud messaging is only used if you have given your consent (art. 6 (1) sentence 1 letter a GDPR).

You can contact the provider of Google Firebase products under the following contact details: Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) - use of Google Firebase.

3. Rights of subjects

Upon request and in accordance with legal requirements, we will provide you free of charge with information regarding the status of the personal data collected about you as well as that of the further processing of these data. For example, we may correct, block or delete your personal information partially or entirely in accordance with the legal requirements:

(1) Right of access by the data subject (article 15 GDPR)

The right to information gives you access to the data or data categories that concern you and some other important criteria, such as the processing purposes or the duration of the storage. Please note that under certain circumstances your right to information may be restricted in accordance with the legal provisions (e.g. art. 34 Federal Data Protection Act).

(2) Right to corrections (art. 16 GDPR)

Should the data concerning you be incorrect - or no longer correct -, you may request a correction under the provisions of art. 16 GDPR. If your data is incomplete, you may request a completion.

(3) Right to erasure (art. 17 GDPR)

You may request the deletion of your personal data under the conditions of art. 17 GDPR. Your claim for deletion may be restricted for example by the fact that we still need the data to fulfill statutory retention requirements. If we have made your personal data public, you may also be entitled to a "right to be forgotten". You may require proportionate action in order for us to inform the persons responsible regarding your request for erasure. Please note that under certain circumstances your right to erasure may be restricted in accordance with the statutory provisions (e.g. art. 35 Federal Data Protection Act).

(4) Right to restriction of processing (art. 18 GDPR)

Under the provisions of art. 18 GDPR, you may request the restriction of processing. We shall mark your stored personal data with the purpose of limiting its future processing. On the basis of this right you may, for example, exercise other rights in the review phase.

(5) Right to information (art. 19 GDPR)

In case of rights exercising, we shall inform all recipients of the correction, deletion or limitation of data processing under the provisions of art. 19 GDPR. Upon request, we will inform you regarding those recipients.

(6) Right to data portability (art. 20 GDPR)

Under the provisions of art. 20 GDPR, you are entitled to receive from us the respective personal data in a common, machine-readable format. In addition, you can request a direct forwarding to another responsible person, provided that this is technically feasible.

(7) Right to object (art. 21 GDPR)

In an extraordinary situation, you are entitled to object to the further processing of your personal data in accordance with art. 6 paragraph 1, point e) or f) GDPR. We will cease the data processing provided that a statutory exception does not apply. Should that be the case, we may continue the data processing, if e.g. there are compelling protection-worthy reasons that outweigh your interests, rights and freedoms, or in order to assert, exercise or defend legal claims.

(8) Right of complaint

You may also address a complaint to the statutory authority. The statutory authority for us is:

The Federal Commission for Data Protection and Freedom of Information Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Tel.: +49 211 38424-0

Fax: +49 211 38424-10

E-Mail: poststelle@ldi.nrw.de

Terms of use of the Menthal-App for participants

1. General

Murmuras GmbH, based in Bonn (Germany) and the research group led by Prof. Alexander Markowetz at the University of Marburg("provider"), offer the Menthal app for analyzing smartphone behavior for the user of the app ("participant"), as well as for running a comprehensive study on smartphone behavior which is operated by the provider. The data is processed on German servers and is subject to European law (GDPR). Uncommunicated use or even the transfer of data to third parties is excluded. Likewise, the data is used exclusively for studies and will not be used against the user (e.g. through targeted advertising).

2. Range of functions

The Menthal app allows the user to analyze their smartphone behavior. To this end, the user installs the Menthal app on their mobile phone.

The Menthal app collects different types of data:

The app collects different types of data after installation and consent. You are completely free to decide whether or not you want to grant data access to the app. You can revoke this permission at any time, although this may make the App or a feature of the App unusable. The following data is collected when you use the app:

  1. It regularly records the location of the participant. This can help, for example, to later derive the daily radius of action of the participant. For example, how much time the participant spends at home vs away from home can be evaluated.

  2. It collects the participant's mobile phone behavior. In particular, it records when they use the phone (phone sessions) and when they use which apps (app sessions). From this data, it can later be derived, for example, how long the participant was online in total, and which apps they used particularly often. Personal data from e-mails, SMS or messenger services is not tracked. Furthermore, address book data like names or phone numbers are not tracked as well.

  3. It collects questionnaires as part of the study. At the beginning, during and at the end of the study, the provider collects common factors (onboarding questions) from all participants. This includes, for example, demographic information such as age, gender and marital status or personality traits such as introversion and openness.

  4. It collects seen content and activities (e.g. clicks) in apps. In particular, it records sponsored content and publicly shared content in social media apps, as well as interactions and viewed content in shopping, mobile, and media apps. This can later be used to infer, for example, which ads the participants were exposed to, how often they see certain product categories, and which of these they click on, mark as "liked," or share. However, personal content from emails, text messages or chat messengers is not recorded. Neither are names, user names or phone numbers from the address book and other apps transmitted or personal account information collected.

The participant can gain insight into an analysis of their phone-related behavior (digital lifestyle). In addition, the provider processes the data for its own statistics and publications. In case of inquiries from other researchers, the provider also checks this data to determine whether the participant can also be a subject for these further studies. In this case, the participant may receive a separate invitation to participate in this study. We will use your email address for this purpose. Any transfer of personal data without explicit consent is excluded.

The app is free to use. The participant is responsible for their hardware (phone), software (e.g. operation system) and the data transfer (e.g. mobile data) and bears the corresponding costs.

3. Registration and access data

The Menthal app is used by downloading the app and by consent of the participant. The registration in the app can optionally be done via an email address. After deletion of the app, this email can be used to re-register , for example after changing smartphones. The participant makes sure that no conclusion about the natural person can be drawn from the email address. For this purpose, a generic email address is recommended to be used by the participant.

Users of the Menthal app need to be at least 16 years old. Users outside the European Union are required to follow the relevant domestic laws according to the minimum age for giving valid consent for processing personal data and are only allowed to use the app if doing so.

4. Rights of use

The provider grants the participant the non-exclusive, revocable, non-sublicensable and non-transferable right to use the Menthal App including all digital content contained therein in accordance with these terms of use for private purposes free of charge.

The granting of the above-mentioned rights of use is subject to the condition of compliance with these terms of use. If the user violates these terms of use, the rights to use the Menthal app including its content are terminated.

In the event of a reasonable assumption that the participant violates these terms of use or causes damage to the Menthal app through their use (e.g. through malware), the provider may, at their own discretion and without prior notice, block the access of a user to the Menthal app including all its functions and block content, in whole or in part.

5. Warranty

The provider assumes no commitment of complete availability. Warranty rights are excluded for the app that can be used free of charge, unless the provider has caused defects intentionally or through gross negligence.

6. Liability

The provider is always liable for intent, gross negligence, for injury to life, limb or health, according to the Product Liability Law and for guarantees expressly granted by the provider.

The liability of the provider is otherwise excluded insofar as this is legally permissible. Statutory mandatory rights of the researcher remain unaffected. For damages caused by minor negligence on the part of the provider, the provider is only responsible should a breach of an essential contractual obligation occur. The amount of this compensation is limited to the foreseeable damage. Significant contractual obligations in this sense are those obligations whose fulfillment the researchers can trust and do so on a regular basis and whose fulfillment is essential for the achievement of the purpose of the contract.

7. Data protection

The provider takes the protection of personal data seriously and observes the legal requirements of the GDPR and other data protection regulations. There is a focus on the principles of "privacy by design" and "privacy by default". Details can be found in the data protection declarations of participants.

8. Additional provisions

Should individual provisions of these terms of use be or become invalid in whole or in part or not enforceable, the effectiveness of the remaining provisions remains unaffected. The ineffective provision is considered to be replaced by an effective provision that comes closest to the purpose of the ineffective provision. The same applies to any loopholes in the regulations.

The law of the Federal Republic of Germany applies.