Privacy Policy for the “MyBiogents” App
1. Scope of the Privacy Policy
This privacy policy applies to the apps “MyBiogents” as well as to variants or further developments of the app, in particular “MyBiogents Pro” for mobile operating systems and devices (hereinafter “App”). This policy explains the nature, purpose, and scope of data collection within the use of the App.
Please note that when downloading our App, you must register or identify yourself in an AppStore with the respective AppStore operator (e.g. via a Google or Apple ID). During the download, various personal data such as email address, username, the customer number of your AppStore account, your individual device identifier, the time of download and, if applicable, payment information may be processed by the AppStore operator. The privacy policies and terms of use of the AppStore operators apply in this context, which may deviate from the data protection laws of the European Union. We have no influence on these conditions.
We reserve the right to amend these privacy provisions at any time in compliance with statutory requirements.
2. Controller
The controller responsible for the data processing described in this privacy policy is:
Biogens AG
An der Irler Höhe 3a
93055 Regensburg
E-Mail address: [info@biogents.com](mailto:info@biogents.com)
Telephone number: +49 941 9458330
3. Data Protection Officer
You can contact our data protection officer at the following contact details:
Manfred Becker
Zinkgräfstr. 24
69469 Weinheim
E-Mail address: [mb@becker-itc.de](mailto:mb@becker-itc.de)
Telephone number: 0171/7726043
4. Purpose and Legal Basis of Data Processing
Unless more specific information is provided within this privacy policy, we process your personal data within the scope of App use in order to provide the functionalities of the App, to ensure the security of the App or – if necessary and legally permitted – to contact you. The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract) and our legitimate interest in providing a functional App (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG; consent can be revoked at any time. Details can be found in the following explanations.
5. Categories of Processed Data
When you use this App, the following personal data about you is processed:
Communication data:
• Inquiries via email or contact form
Technical information:
• IP addresses when using internet-based functions
• Date and time of App access
• technical log and error data
• device and operating system information
• pseudonymous device identifiers (e.g. App instance ID, push token or advertising ID), insofar as analysis or push functions are activated
Device and connection data of connected devices
• Bluetooth device identifiers as well as technical connection information of connected devices
6. Bluetooth Communication with Connected Devices
The App enables the control of compatible devices via a Bluetooth connection. Within the establishment and use of the connection, technical device and connection data (e.g. Bluetooth device identifiers, technical connection parameters or configuration settings) are processed.
Processing is carried out exclusively for the provision of device functions and for communication between the App and the respective connected end device. These data are not transmitted to our servers unless explicitly described within the scope of other functions.
Insofar as personal data are processed in this context, this is done on the basis of Art. 6 para. 1 lit. b GDPR for the provision of App functionalities.
7. Firmware Updates
To ensure the functionality and security of the connected devices, the App provides firmware updates. In this context, technical device information – e.g. device type, firmware version, update status – may be processed and transmitted to our update servers in order to check whether an update is available and to provide it.
In doing so, technically necessary connection data (e.g. IP address as well as time of the request) may also be processed, insofar as this is necessary for the provision of the update.
The legal basis is Art. 6 para. 1 lit. b GDPR – provision of device functionality – as well as Art. 6 para. 1 lit. f GDPR – legitimate interest in IT security and functionality of our products.
8. App Access Rights
To provide our services, the App requests the access rights listed below, which enable us to access certain functions of your device.
• Bluetooth access: Access is carried out for the following purpose: Establishment and use of the connection between the App and the CO₂ controller as well as control of device settings.
• Location permission: Access is carried out for the following purpose: Required in certain Android versions for the technical search for Bluetooth devices in the vicinity;
The granted access permissions are used exclusively for the provision of the associated App functionalities. The data may, under certain circumstances, be processed by the providers of the AppStores.
The legal basis for access is, on the one hand, Art. 6 para. 1 lit. b GDPR (contract) and, on the other hand, your consent, which you have given as part of the installation (Art. 6 para. 1 lit. a GDPR). You can change the App’s access permissions at any time and revoke your consent in this way. In this case, however, it is possible that the App or certain App functions will no longer function properly.
9. Contact
If you contact us (e.g. via contact form, by email, telephone, fax or via any other channel), your inquiry including all personal data resulting from it (e.g. name, inquiry) will be stored and processed by us for the purpose of handling your request. This also applies if you use support or feedback forms available on our websites via links provided in the App. The processing of these data is based on Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of inquiries addressed to us. The data you send to us via contact inquiries remain with us until you request us to delete them, revoke your consent to storage or the purpose for data storage ceases to apply (e.g. after completion of the processing of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
10. Push Notifications
This App uses the push messaging service OneSignal for sending push notifications. The provider is OneSignal, Inc., USA. If you enable push notifications in our App, a push token as well as technical device information (e.g. device ID, operating system information) will be processed in order to deliver push messages to you. Processing is carried out exclusively for the transmission of App-related notifications (e.g. status messages, functional information).
When using an Android end device, delivery is carried out via the push service “Firebase Cloud Messaging” (Google). When using an iOS end device, the push request is forwarded to Apple’s servers, which deliver push notifications to you via the “Apple Push Notification Services” service.
The legal basis for processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR as well as § 25 para. 1 TDDDG. Consent can be revoked at any time with effect for the future via the settings of your end device or within the App.
A transfer of personal data to the USA cannot be excluded. The transfer is carried out on the basis of the certification of the respective provider under the “EU-US Data Privacy Framework” (DPF) pursuant to Art. 45 GDPR. In addition, where necessary, the standard contractual clauses issued by the European Commission pursuant to Art. 46 GDPR are agreed. Further information on this can be found in the privacy notices of the respective provider.
Further information on third country transfers can be found in section 14 of this privacy policy.
11. Analysis and Usage Statistics
When you access our App, your behavior may be statistically evaluated with the help of certain analysis tools and evaluated for the improvement of our offers. When using such tools, we ensure compliance with statutory data protection provisions. When using external service providers, we ensure through corresponding contracts with the service providers that data processing complies with German and European data protection standards.
We use the following tools to analyze user behavior:
Firebase Analytics: With Firebase Analytics, we can analyze how our users interact with our App (e.g. average App usage, average sessions per user, activation of buttons, detection of usage preferences) in order to optimize and improve the functionalities of the App accordingly. In this context, Google processes pseudonymous usage and device information, in particular the App instance ID, device identifiers (e.g. advertising ID/IDFA or GAID), technical device information as well as technical connection data of the end device used. We receive from Google exclusively aggregated statistical evaluations about the use of our App; a direct identification of your person does not take place by us.
The legal basis for the use of this service is your consent pursuant to Art. 6 para. 1 lit. a GDPR as well as § 25 para. 1 TDDDG. In addition, processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the statistical analysis of the use of our App, the troubleshooting as well as the optimization of our offers. Consent can be revoked at any time with effect for the future.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: [https://privacy.google.com/businesses/controllerterms/mccs/](https://privacy.google.com/businesses/controllerterms/mccs/). The company has a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider under the following link: [https://www.dataprivacyframework.gov/participant/5780](https://www.dataprivacyframework.gov/participant/5780)
Further information on third country transfers can be found in section 14 of this privacy policy.
12. Recipients of Personal Data
Your personal data are transmitted to the following recipients:
1. App store operators (Apple App Store / Google Play Store) Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork
Ireland and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4
Ireland: The provision and download of the App take place via the respective app store operators. Within the scope of the download or use of the App Store, personal data may be processed by the respective operators as independently responsible controllers. We have no influence on this data processing.
2. Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany: The server infrastructure for firmware updates is operated by Hetzner Online GmbH, Germany. Hetzner processes personal data on our behalf within the scope of a data processing agreement pursuant to Art. 28 GDPR.
3. AppMeisterei GmbH, Clermont-Ferrand-Allee 36, 93049 Regensburg (technical operation / maintenance): The technical support and maintenance of the update server is carried out by AppMeisterei GmbH, Regensburg. Processing is carried out within the scope of a data processing agreement pursuant to Art. 28 GDPR.
4. Google Firebase, Gordon House, Barrow Street, Dublin 4, Ireland: The transfer is carried out for the purpose of statistical evaluation of App usage as well as the optimization of the functionality and stability of the App. Processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR
5. Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA (Apple Push Notification Service) – When using an iOS end device, push notifications are delivered via the “Apple Push Notification Service”. For this purpose, the push request is transmitted to Apple servers, which carry out the delivery of the message to the respective end device. Apple processes certain technical information (e.g. device token) in order to enable delivery. Apple acts as an independently responsible controller in this respect. Further information can be found in Apple’s privacy policy.
6. One Signal, 2850 S Delaware St, Suite 201,
San Mateo, CA 94403, USA (push services): The transfer is carried out for the purpose of sending push notifications to your end device. Processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR.
13) Data Transfer to Third Countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We point out that in these countries no level of data protection comparable to that of the EU can be guaranteed. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be excluded that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence on these processing activities.
14. Encryption
For security reasons and to protect the transmission of confidential content, this App uses encryption. This encryption prevents that the data you transmit can be read by unauthorized third parties.
15. Storage Period
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. A cessation of purpose regularly exists when the use of the App is terminated or the data are no longer required for the respective processing purposes.
If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, deletion will take place after these reasons cease to apply.
16. Automated Decision-Making
No automated decision-making takes place.
17. Your Rights
Within the framework of the provisions of the GDPR, you are entitled to the following data protection rights:
Right of access (Art. 15 GDPR): You have the right to request information about your personal data stored by us.
Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.
Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of personal data concerning you.
Right to data portability (Art. 20 GDPR): You have the right to receive personal data that we process automatically, on the basis of your consent or in fulfillment of a contract, in a common, machine-readable format or to have them transmitted to another controller. If you request the direct transfer of the data to another controller, this will only be carried out insofar as it is technically feasible.
Right to withdraw your consent (Art. 7 para. 3 GDPR): If you have given consent to the processing of your data, you have the right to withdraw it at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): If you are of the opinion that we do not comply with data protection regulations when processing your personal data, you have the right to lodge a complaint with a data protection authority.
In cases where data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR, you have the right to object to data processing on grounds relating to your particular situation (right to object pursuant to Art. 21 GDPR).
Status: April 2026