General
nukkuaa GmbH is a limited liability company with its registered office in Wals-Siezenheim, registered in the commercial register of the Salzburg Regional Court FN 581365 and 1. operates a product presence under the website https://www.nukkuaa.com/ (the "website"). 2. operates with the app NUKKUAA (the "app") a sleep analysis & -therapy app in the category "Health & Fitness".
This Privacy Policy clarifies the nature, scope and purposes of the collection and use of data from customers (our "users") by the "website" and the "app".
The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions (DSG, TKG). In this privacy policy, we inform you about the most important aspects of data processing within the framework of our website and our app.
Categories of personal data collected
Personal data is collected and stored for the purpose of successfully providing the service and scientifically processed exclusively within nukkuaa GmBH in cooperation with the University of Salzburg. Upon registration and subsequent use of the website / app, certain personal data about a user (the customer) is collected in various ways. The following categories divide these into mandatory data, optional data and automatically collected personal data or data that is collected after granting the appropriate permissions.
Mandatory information
In order to identify you as a user of our services or to prevent false information ("fake users"), certain information must be provided when registering to use the service: E-mail address, First and last name, age, sex
Automatically collected personal data or permissions
To enable the provision of certain personal data within the app, certain permissions are requested that require explicit consent from the user: - Transmission of push tokens: A push token explicitly identifies the combination of end device and app and is used by us to send individualized push messages.
- Location based on IP address
- Your IP address can provide us with information about your approximate location. We use this form of positioning for forwarding / recommendation to the respective country-specific online offer that we provide.
Automated decision making
Third-party providers
Below you find a list of interactions with our third-party providers that are relevant to data protection. The form of this integration (the origin of the connection or the place where the transfer of personal data takes place) is either direct - from the app or from the user’s browser in the case of web pages - or indirect via the servers that provide our service, which implement the relevant integrations with the third-party providers.
Google Analytics for Firebase
This app uses features of the web analytics service Google Analytics for Firebase (or Firebase Analytics). The provider is Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Firebase Analytics uses special identification mechanisms on mobile devices (Android Advertising ID and Advertising Identifier for iOS) or technologies that behave similarly to cookies on websites. A unique device identifier (Google Advertising ID / IDFA) and application usage data are transmitted to this web analytics service. For more information on how Firebase Analytics handles user data, please see Google's privacy policy: https://policies.google.com/privacy?hl=en. The data processing is carried out on the basis of the legal provisions of § 96 para 3 TKG as well as Art 6 para 1 lit f (legitimate interest) of the GDPR. Our concern in terms of the GDPR is the improvement of our offer and this service. The relationship with this analytics provider is based on an adequacy decision of the European Commission called "Privacy Shield".
In-App Purchase / Subscription
In order to be able to use the services of NUKKUAA to the full extent, additional service packages are available to you after registration in the form of paid subscriptions ("Subscriptions"). These can be concluded for different, possibly also changing, terms, which will be displayed in the order options. NUKKUAA's Subscription Accesses are ad-free, fee-based subscriptions that allow you to access additional content and features through our mobile and web-based applications. We currently offer the following subscription/service package: 1. Subscription with monthly cancellation option: €24,90/ month. 2. Subscription with annual cancellation option: €239,90/ year (equivalent to €19,99/ month)
The access to the respective services is valid as long as the subscription exists: You can sign up for a paid subscription through an in-app purchase via our iOS or Android apps. To do this, you must select the option you want on the subscription screen within the app, whereupon a popup will appear in which you must enter your password for the third-party app store. Once you have done that, a popup will appear asking you to reconfirm your subscription purchase. At this point - or until the end of the free trial period - you can also cancel the process. After that, you should receive a confirmation of receipt from the third-party app store (and not directly from nukkuaa GmbH).
Sendinblue
This website/app uses an email service provided by sendinblue. The interaction occurs when emails are automatically sent to a user. For this purpose, the following data is for example transmitted: Email address, first name, last name. For more information, see the privacy policy of sendinblue: https://www.sendinblue.com/legal/privacypolicy/v. The relationship with the provider is based on an adequacy decision of the European Commission called "Privacy Shield". You can find more information directly at SendGrid under the link https://sendgrid.com/policies/privacy/privacy-shield-certification/.
User rights and retention period
One of the main objectives of the GDPR is to define and preserve data protection rights for EU citizens and individuals within the EU. Even if you have already provided us with certain personal data, you are still entitled to various rights regarding your personal data. You have the right of access, rectification, erasure, restriction, data portability, revocation, objection and complaint to a supervisory authority. When issuing a request to us, we may ask you to confirm your identity or may need to obtain any additional identifying information from you that may be required. Where legally permissible, your request may also be refused on the basis of reasons clearly set out by us. In principle, all personal data will remain in our operational systems until the purpose of the data processing - the provision of the service requested by the user - expires or a deletion request is made by the user. Users may at any time request the responsible body to block or delete their data. If the option of direct (automated) deletion of certain or all personal data within the app / website is provided, personal data linked to this will also be completely deleted from our operational systems and can no longer be used for the service. Excluded from this deletion process are any third-party providers addressed (outside of our control) and any stand-alone archive systems used by us for failover (backups) or error logging (log files). Such data inventories in these stand-alone archive systems (cannot be used operationally and can only be viewed to a limited extent) are overwritten automatically - usually after one year. With the use of this app / this website, any other personal data - apart from those already outlined - are stored "volatile" exclusively for the length that is technically necessary for the provision of this service, serve IT security or help us with troubleshooting. This includes in particular log files, IP address, user data and identifiers. This data is not used for any other purpose and in accordance with data protection regulations (DSG, TKG). It is our intention to store and transmit your data as securely as possible. Therefore, we store your data exclusively on systems within the European Economic Area and only transfer your data to third-party providers if they are obliged to comply with the DSGVO/GDPR data protection requirements or are bound to an equivalent level of data protection by signing the EU-U.S. Privacy Shield Framework (between companies in the EU and companies in the U.S.) or an equivalent agreement between other legal systems. This does not include any requests for data transfer explicitly made by you.
Please direct all requests for information, information questions or objections to data processing by e-mail to hello@nukkuaa.com or in writing to the address listed in the appendix under "Our contact details".
Appendix
Our contact details
Nukkuaa GmbH
Hauptstraße 18
5071 Wals-Siezenheim
Email: hello@nukkuaa.com
Chamber: Austrian Chamber of Commerce
Managing directors: Dr. Manuel Schabus, Dr. Thomas Winkler
Legal system: Austria
Alternatively, you can contact our data protection officer and the data protection team by e-mail at hello@nukkuaa.com.
Company responsible for the processing of personal data
aaa - all about apps GmbH, Siebenbrunnengasse 17 / Top 3, 1050 Vienna, AT.
Contact details of the competent local supervisory authority
If you believe that the processing of your data violates data protection law or your data protection rights have been violated, you can file a complaint with your local supervisory authority, in Austria the Austrian Data Protection Authority is responsible for this. Postal address: Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, AT; Email: dsb@dsb.gav.at; Phone: (+43) 1 52 152-0