Privacy Policy for the “MyBiogents” App

1. Scope of this Privacy Policy

This Privacy Policy applies to the mobile operating systems and devices app named in the heading (hereinafter referred to as the “App”). This statement explains the nature, purpose, and scope of data collection in connection with the use of the App.

Please note that when downloading our App, you must register or identify yourself in an app store with the respective app store operator (e.g., via a Google or Apple ID). During the download process, various personal data such as your email address, username, the customer number of your app store account, your individual device identifier, the time of download, and, where applicable, payment information may be processed by the app store operator. The privacy policies and terms of use of the respective app store operators apply in this context, which may differ from the data protection laws of the European Union. We have no influence over these conditions.

We reserve the right to amend this Privacy Policy at any time in compliance with applicable legal requirements.

2. Controller

The controller responsible for the data processing described in this Privacy Policy is:

Biogents AG
An der Irler Höhe 3a
93055 Regensburg
Germany

Email: info@biogents.com
Phone: +49 941 9458330

3. Data Protection Officer

You can contact our Data Protection Officer at:

Manfred Becker
Zinkgräfstr. 24
69469 Weinheim
Germany

Phone: +49 171 7726043
Email: mb@becker-itc.de

4. Purpose and Legal Basis of Data Processing

Unless more specific information is provided in this Privacy Policy, we process your personal data in connection with your use of the App in order to provide the App’s functionalities, ensure the security of the App, or – where necessary and legally permitted – to contact you.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract) and our legitimate interest in providing a functional app (Article 6(1)(f) GDPR).

If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) German Telecommunications Digital Services Data Protection Act (TDDDG). Consent may be withdrawn at any time with effect for the future.

Further details are provided below.

5. Categories of Data Processed

When you use this App, the following categories of personal data may be processed:

Technical Information

  • Device and operating system information
  • Pseudonymous device identifiers (e.g., app instance ID, push token, or advertising ID), if analytics or push functions are activated

Device and Connection Data of Connected Devices

  • Bluetooth device identifiers and technical connection information of connected devices

Data Stored Exclusively Locally

Certain configuration and device data (e.g., device settings, CO₂ emission time windows, or locally stored connection information) are stored exclusively on your device and are not transmitted to our servers.

The storage of and access to such locally stored information on your device takes place solely to provide the app functionalities expressly requested by you. Where access to information stored on your device occurs, this is based on Section 25(2) No. 2 TDDDG, as such storage is technically necessary to enable the use of the App. No transmission of these locally stored data to us takes place.

6. Bluetooth Communication with Connected Devices

The App enables the control of compatible devices via a Bluetooth connection. In the course of establishing and using this connection, technical device and connection data (e.g., Bluetooth device identifiers, technical connection parameters, or configuration settings) are processed.

Processing takes place exclusively for the purpose of providing device functions and enabling communication between the App and the connected device. These data are not transmitted to our servers unless expressly described in connection with other functions.

Where personal data are processed, this is based on Article 6(1)(b) GDPR for the provision of app functionalities.

7. Firmware Updates

To ensure the functionality and security of connected devices, the App provides firmware updates. In this context, technical device information (e.g., device type, firmware version, update status) may be processed to determine whether an update is available and to provide it.

The legal basis is Article 6(1)(b) GDPR (provision of device functionality) and Article 6(1)(f) GDPR (legitimate interest in IT security and the proper functioning of our products).

8. App Permissions

To provide our services, the App requests the permissions listed below, which allow us to access certain functions of your device:

  • Bluetooth access: Required to establish and use the connection between the App and the CO₂ controller and to control device settings.
  • Location permission: Required in certain Android versions for the technical detection of nearby Bluetooth devices.

The granted permissions are used exclusively to provide the associated app functionalities. The data may, under certain circumstances, be processed by the respective app store providers.

The legal basis for access is Article 6(1)(b) GDPR (contract performance) and your consent provided during installation (Article 6(1)(a) GDPR). You may change the App’s permissions at any time and withdraw your consent accordingly. In such case, however, the App or certain functions may no longer function properly.

9. Contact

If you contact us (e.g., via contact form, email, telephone, fax, or other channels), your request, including all personal data resulting from it (e.g., name, inquiry), will be stored and processed for the purpose of handling your request.

Processing is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in effectively handling inquiries addressed to us.

The data you send us will remain with us until you request deletion, withdraw your consent to storage, or the purpose for data storage ceases (e.g., after your request has been fully processed). Mandatory statutory provisions, particularly retention periods, remain unaffected.

10. Push Notifications

This App uses the push messaging service OneSignal to send push notifications. The provider is OneSignal, Inc., USA.

If you activate push notifications, a push token and technical device information (e.g., device ID, operating system information) are processed in order to deliver push messages to you. Processing takes place exclusively for the purpose of sending app-related notifications (e.g., status messages, functional notices).

If you use an Android device, delivery is carried out via the push service “Firebase Cloud Messaging” (Google). If you use an iOS device, the push request is forwarded to Apple’s servers, which deliver push notifications via the “Apple Push Notification Services.”

The legal basis for processing is your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be withdrawn at any time with effect for the future via your device settings or within the App.

A transfer of personal data to the United States cannot be excluded. The transfer is based on the provider’s certification under the EU–US Data Privacy Framework (DPF) pursuant to Article 45 GDPR. In addition, where required, Standard Contractual Clauses pursuant to Article 46 GDPR are concluded.

Further information on third-country transfers can be found in Section 14 of this Privacy Policy.

11. Analytics and Usage Statistics

When you access our App, your user behavior may be statistically evaluated using certain analytics tools for advertising purposes or to improve our services. When using such tools, we ensure compliance with applicable data protection laws. Where external service providers are engaged, appropriate data processing agreements are concluded to ensure compliance with German and European data protection standards.

Firebase Analytics

We use Firebase Analytics to analyze how users interact with our App (e.g., average app usage, average sessions per user, button interactions, identification of usage preferences) in order to optimize and improve its functionalities.

Google processes pseudonymous usage and device information, in particular the app instance ID, device identifiers (e.g., advertising ID/IDFA or GAID), technical device information, and the IP address of the device used.

We receive only aggregated statistical evaluations from Google. We do not directly identify users.

The legal basis is your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. Additionally, processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR in statistical analysis, error correction, and optimization of our services. Consent may be withdrawn at any time with effect for the future.

Data transfer to the USA is based on the European Commission’s Standard Contractual Clauses. The company is certified under the EU–US Data Privacy Framework (DPF).

Further information on third-country transfers can be found in Section 14.

12. Recipients of Personal Data

Your personal data may be transferred to the following recipients:

  1. Google Firebase– for statistical evaluation of app usage and optimization of functionality and stability. A data processing agreement has been concluded.
  2. OneSignal (Push Services)– for sending push notifications to your device. A data processing agreement has been concluded.

13. Data Transfers to Third Countries

We use tools from companies based in the United States or other third countries that are not considered to provide an adequate level of data protection.

If such tools are active, your personal data may be transferred to and processed in these third countries. We point out that these countries may not guarantee a level of data protection comparable to that of the EU.

For example, US companies may be required to disclose personal data to security authorities without you being able to take legal action against this. It cannot be excluded that US authorities (e.g., intelligence services) may process, analyze, and permanently store data located on US servers for surveillance purposes. We have no influence over these processing activities.

14. Encryption

For security reasons and to protect the transmission of confidential content, this App uses encryption. Encryption ensures that data transmitted by you cannot be read by unauthorized third parties.

15. Storage Period

Unless a more specific storage period is stated in this Privacy Policy, your personal data will remain with us until the purpose of processing ceases. This is generally the case when use of the App is terminated or the data are no longer required for the respective processing purposes.

If you assert a legitimate request for deletion or withdraw your consent, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., statutory retention obligations under tax or commercial law). In the latter case, deletion will take place once those grounds cease to apply.

16. Automated Decision-Making

No automated decision-making takes place.

17. Your Rights

Within the framework of the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)– You have the right to request information about your personal data stored by us.
  • Right to rectification (Art. 16 GDPR)– You have the right to request correction of inaccurate personal data concerning you and completion of incomplete data.
  • Right to erasure (Art. 17 GDPR)– You have the right to request deletion of your personal data.
  • Right to restriction of processing (Art. 18 GDPR)– You have the right to request restriction of processing.
  • Right to data portability (Art. 20 GDPR)– You have the right to receive personal data processed automatically on the basis of your consent or contract performance in a commonly used, machine-readable format, and to transmit those data to another controller, where technically feasible.
  • Right to withdraw consent (Art. 7(3) GDPR)– You may withdraw your consent at any time with effect for the future.
  • Right to lodge a complaint (Art. 77 GDPR)– If you believe that we are not complying with data protection regulations, you have the right to lodge a complaint with a supervisory authority.

Where data processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object to processing on grounds relating to your particular situation (Art. 21 GDPR).