Black Friday 🖤 -25% auf ALLES | Code 'blackfriday25'

Black Friday 🖤 -25% auf ALLES | Code 'blackfriday25'

femSense privacy policy (GDPR)

Preface

As a service provider and manufacturer in the fields of electronics and medical device technology, SteadySense GmbH (hereinafter referred to as ‘SteadySense’) takes the protection of your personal data very seriously. We collect and process personal data only to the extent described here and in accordance with the principles of the GDPR. The following notice explains how we ensure this protection, what data we collect and for what purpose, and how this data is processed.

1. Data Controller and Contact Details

If you have any questions regarding the processing of your personal data, please contact:

SteadySense GmbH
Johann-Schreiner-Strasse 3b
8074 Raaba-Grambach
Österreich
Tel: +43 316 232004

You can reach us by email at the following address, among others

gdpr@steadysense.at
www.steadysense.at

2. Personal data

SteadySense processes personal data that is collected or transmitted in the context of a business relationship by business partners (this includes customers, suppliers, and other individuals who have, or are initiating, a business relationship with SteadySense). Depending on the nature of the contract, the following categories of personal data may be subject to processing

  • User data (e.g. Name, Address).
  • contact information (e.g. e-mail, phone number).
  • usage data (e.g. visited websoites, content, access times).
  • Meta-/communication data (e.g. device information, IP-addresses).
  • health data (e.g. cycle length, weight, …)
3. Purpose and Lawfulness

SteadySense processes personal data for the provision of services related to medical device technology. The following legal bases may apply in this context:

3.1 Fulfillment of contractual obligations and pre-contractual measures in accordance with Article 6(1)(b) GDPR

In order to fulfill our contractual or pre-contractual obligations to our business partners, the processing of personal data is necessary. If you choose not to provide this data, it may not be possible to enter into or perform the contract or pre-contractual services. In such cases, an existing contract may no longer be fulfilled and may have to be terminated. The scope and specific purpose of data processing can be found in the respective individual contracts. If you have registered as a test subject, your registration is solely for the purpose of contacting you for future testing. In this case, your data will be deleted after 24 months.

3.2 Safeguarding legitimate interests pursuant to Article 6(1)(f) GDPR

SteadySense processes your data as part of the company’s ordinary business operations (e.g., accounting, controlling) based on the legitimate interest in maintaining proper and efficient business practices, as well as for process and business optimization.

3.3 Consent pursuant to Article 6(1)(a) GDPR

If the processing of personal data goes beyond contractual or legal obligations or a legitimate interest, SteadySense obtains the consent of its business partners—for example, for sending our newsletter. If consent is given, the data will be processed exclusively for the stated purpose. Consent may be revoked at any time. Revocation may be submitted in writing or verbally, including via email togdpr@steadysense.at.

3.4 Further justification based on legal obligation

Compliance with legal obligations pursuant to Article 6(1)(c) GDPR

Legal obligations may require the processing of personal data. At SteadySense, such obligations arise in particular from the Distance and Off-Premises Contracts Act (FAGG), the Austrian Commercial Code (UGB), and/or the Federal Fiscal Code (BAO).

4. Addressee

Recipients of the personal data include employees of SteadySense (e.g., IT support, customer service, marketing, logistics, accounting) who process the data in accordance with its intended purpose and the applicable legal basis.

Depending on the purpose of processing, SteadySense may transfer data to commissioned processors (in particular newsletter service providers, online payment processors, and logistics partners), insofar as this is necessary for fulfilling the respective task. When selecting its processors, SteadySense ensures compliance with data protection regulations. Agreements have been concluded with these processors to ensure that personal data is handled confidentially and with due care. The collected data will not be sold or disclosed to unrelated third parties without justification. Depending on the contract concluded, it may be necessary to transfer data to third parties.

5. Duration of Dta Storage

As a rule, we will retain your data only for as long as is necessary for processing based on the respective purpose and legal basis, and as permitted by applicable law. Personal data that you provide to us when contacting us will be stored for as long as necessary to respond to your inquiry. SteadySense is also subject to the following statutory retention obligations, among others:

  • Commercial Code (UGB)
  • Federal Fiscal Code (BAO)
  • General Civiel Code (ABGB)
6. Individual Rights under the GDPR

You are generally entitled to the following rights

  • Right of access pursuant to Article 15 GDPR
  • Right to rectification pursuant to Article 16 GDPR
  • Right to erasure pursuant to Article 17 GDPR
  • Right to restriction of processing pursuant to Article 18 GDPR
  • Right to data portability pursuant to Article 20 GDPR and
  • Right to object pursuant to Article 21 GDPR

If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time with immediate effect. The lawfulness of any data processing carried out prior to the withdrawal remains unaffected.

In addition, you have the right to lodge a complaint with the supervisory authority:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Wickenburggasse 8-10
1080 Wien
Österreich
dsb@dsb.gv.at

7. Website – personal data

In the course of your visit to our website, we may process the following personal data:

  • Time and date of visit
  • IP Address
  • Name and version of your web browser
  • Visited Websites
  • Cookies
8. Online Shop / In-App Shop – Personal Data

In order to process and fulfill your order in our online shop or in-app shop, we collect your full and accurate name, address, payment details, and email address during the ordering process. We require your email address to confirm receipt of your order.

Use of Cookies

Furthermore, cookies may be processed and used by third-party providers in the United States. There is no decision by the European Commission, nor a ruling by the Court of Justice of the European Union, confirming that the U.S. provides an adequate level of data protection. Moreover, the U.S. does not guarantee the protection of personal data. As a result, there is a risk that personal data may be accessed by U.S. authorities for monitoring and surveillance purposes. There are no effective legal remedies available against such data access.

PayPal

Issuer
PayPal (Europe) S.à r.l. et Cie, S.C.A

Description
The above-mentioned cookies are set by the payment widget, which is integrated into the payment page via an iframe. PayPal also uses cookies on its website to identify its customers and to reduce the time users spend logging into their PayPal accounts by comparing email addresses with the PayPal database.

Link to privacy policy of PayPal
https://www.paypal.com/de/webapps/mpp/ua/privacy-full#2

Categories of Personal Data:

  • Address
  • Network connectivity information
  • Bank information
  • Browser Information
  • E-Mail address
  • Geographic place
  • Device information
  • Device type
  • Internet provider
  • IP Address
  • Purchase information
  • Account information
  • credit card or account number
  • Surname
  • Password
  • User information
  • TAN and Checksum
  • Transaction information
  • Name
  • Payment information

Purpose of Data Processing

Advertising
Consent storage
Service improvement
Payment
Functionality
Website security
Enabling downloads
Tag management
Displaying videos
Bot protection
Statistics
Content delivery
Integration of Facebook features
Improving network performance
Providing messaging services
Bookings
Displaying maps
Improving Google products and services
Hosting
Segmentation
Providing Pinterest buttons and widgets

Legal basis for processing
Article 6(1)(a) GDPR

Country of Processing
United States of America – USA

Stripe

Issuer
Stripe, Inc.

Description
This cookie is required to process credit card transactions on the website. The service is provided by Stripe.com, which enables online transactions without storing credit card information. The provider does not disclose any details about this in its privacy policy.

Link to privacy policy
https://stripe.com/de/privacy#translation

Categories of Personal Data:

  • Purchase information
  • Date of purchase
  • Payment information

Purpose of data Processing
Payment processing

Legal basis for processing
Article 6(1)(a) GDPR, Article 49(1)(a) GDPR

Country of Processing
United States of America – USA

Analyses / Statistics
Google

Issuer
Google

Description
Run personalized ads and videos and use or customize Google services. Google collects data about the programs, browsers, and devices you use to access its services. This data includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information (such as your carrier’s name and phone number), and application version numbers.
Google also collects data on how your apps, browsers, and devices interact with its services. This includes information such as IP addresses, crash reports, system activity, as well as the date, time, and referring URL of your request. This data is collected whenever Google services on your device contact Google’s servers—for example, when you install an app from the Play Store or when an automatic service update is requested.
If you use an Android device with Google Apps, your device regularly contacts Google’s servers to provide information about your device and your connection to Google services. This includes data such as device type, network provider name, crash reports, and the apps you have installed.
Google services also collect data about your activities. This data is used, for instance, to suggest YouTube videos that may interest you. Activity data collected may include:

Search terms
Videos you watch
Content and ads you view and interact with
Voice and audio data when using voice features
Purchase activity
People you communicate or share content with
Activities on third-party websites and apps that use Google services
Your Chrome browser history (if synced with your Google account)

If you use Google services to make or receive calls or send and receive messages, information such as call and message logs, call duration, routing data, and the type and number of calls and messages may also be collected.
Activity data stored in your account can also be viewed and managed within your Google Account.

Google Analytics

Issuer
Google Ireland Limited

Description
Google Analytics collects statistics about the use of the website (e.g. traffic measurement). This includes browser information (such as browser type, referring/exit pages, files viewed on our website, operating system, timestamp, and/or clickstream data), as well as usage data (e.g. views, clicks).
We have activated IP anonymization (IP masking) in Google Analytics, meaning your IP address is shortened by Google within the EU or the EEA before being transmitted. This ensures that no direct personal identification is possible. Only the anonymized IP address is transmitted to Google.

Link to privacy policy
https://policies.google.com/privacy?hl=en

Categories of Personal Data:

  • App Updates
  • App-Updates
  • Visited Websites
  • Besuchte URL
  • Screen resolution
  • Browser Information
  • Time and date of visit
  • Downloads
  • Flash version
  • Device OS
  • Device information
  • Host name
  • Usage Data
  • IP Address
  • JavaScript Support
  • JavaScript Unterstützung
  • Purchase information
  • Click path
  • Usage Data
  • Referrer URL
  • Geographic location
  • Widget Interaction

Purpose of Data Collection
Advertising; Analytics; Content delivery; Provision of fonts; Service improvement
Integration of Facebook features
Personalization
Tag management
Payment
Cloud computing
Bot protection
Conversion tracking
Online audio distribution
Use of a chatbot
Feedback
Customer behavior analysis
Web analytics
Authentication
Purposes according to Art. 5(b) GDPR / Consent / Customer support
Security measures
Bookings
Statistics
Providing technical support
Providing a marketplace for labeled data
Trend analysis
Transaction tracking
Website usage
Displaying ads
Store and/or access information on a device
Measure content performance
Maintenance

Legal basis for processing
Article 6(1)(a) GDPR, Article 49(1)(a) GDPR

Country of Processing
European Union

Google Campaign Manager 360

Issuer
Google Ireland Limited

Description
This is a marketing service. The service provides web-based advertising management systems and analytics tools for advertisers and agencies.

Link to privacy policy
https://policies.google.com/privacy?hl=en

Categories of Personal Data:

  • Cookie ID
  • Geographic location
  • Device information
  • IP Address
  • Customer-ID
  • Online identification

Purpose of Data Collection
Advertising; Analyses; Marketing; Measure content performance

Country of Processing
European Union

Hotjar

Issuer
Hotjar Limited

Description
Hotjar uses cookies and other technologies to collect information about user behavior and their devices. It records the device’s IP address (logged and stored only in anonymized form), screen size, device type (unique device identifiers), browser information, location (country only), and the preferred language used to display the website.
Hotjar stores this information in pseudonymized user profiles. Neither Hotjar nor we use this information to identify individual users or to combine it with other data about individual users.

Link to privacy policy
https://www.hotjar.com/legal/policies/privacy

Categories of Personal Data:

  • Responses to surveys
  • Visited Websites
  • Screen resolution
  • Browser Information
  • Browser type
  • Time and date of visit
  • Domain name
  • Geographic location
  • Device OS
  • Device type
  • IP Address
  • clicks
  • Mouse movments
  • Referrer URL
  • Language information

Purpose of Data Collection
Analyses; Feedback

Legal basis for processing
Article 6(1)(a) GDPR

Country of Processing
European Union

Ads
Google Adsense

Issuer
Google Ireland Limited

Description
Google AdSense is an online service provided by the American company Google LLC that displays advertisements on websites other than its own platforms.

Link to privacy policy
https://policies.google.com/privacy?hl=en

Categories of Personal Data:

  • Visited Ads
  • Events
  • IP address
  • Click path
  • Mouse movments
  • Usage Data
  • Visited Websites
  • Referrer URL
  • Transactions
  • User

Purpose of Data Collection:
Advertising
Analytics
Service improvement
Personalization
Cloud computing
Targeting
Accepting tracking
Search results
Advertisement
Website usage
Login data storage

Legal basis for processing
Article 6(1)(a) GDPR

Country of Processing
European Union

Meta Pixel

Issuer
Meta Platforms Ireland Ltd.

Description
This is a tracking technology provided by Facebook and used by other Facebook services. It is used to track visitor interactions with the website (“events”) after they have clicked on advertisements served on Facebook or other services offered by Meta (“conversions”).

The data collected is anonymous for us as the operators of this website, and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, which may allow a connection to the user’s profile on Facebook or Instagram. Meta may use this data for its own advertising purposes in accordance with the Meta Data Policy (https://www.facebook.com/about/privacy/). This enables Meta to place advertisements on Facebook, Instagram, and other platforms. We, as the site operators, have no influence over how this data is used.”

Insofar as personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited solely to the collection of the data and its transfer to Meta. Any processing that takes place after the transfer is the sole responsibility of Meta.
Our respective obligations have been outlined in a joint processing agreement, the text of which is available at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information regarding the use of the Meta tool and for implementing the tool on our website in compliance with data protection law. Meta is responsible for the data security of its products.
Data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram can be asserted directly with Meta. If you assert such rights with us, we are obliged to forward your request to Meta.”

Data transfer to the USA is based on the standard contractual clauses of the European Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find more information about protecting your privacy in Meta’s privacy policy.: https://de-de.facebook.com/about/privacy/.

You can also deactivate the ‘Custom Audiences’ remarketing feature in the ad settings section: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . You need to be logged into your Facebook account to make this change.

If you do not have a Facebook or Instagram account, you can disable interest-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the ‘EU-U.S. Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the U.S. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please refer to the provider via the following link: https://www.dataprivacyframework.gov/participant/4452.

Link to privacy policy
https://www.facebook.com/privacy/explanation

Categories of Personal Data:

  • usage information
  • Visitor-ID
  • Visited Websites
  • Browser Information
  • Device information
  • Hashed email-address
  • Success of marketing campaigns
  • Facebook User-ID
  • Facebook Cookie Information
  • Device-ID
  • HTTP-Header
  • Interaction with Ads and Services
  • IP Address
  • Conversions
  • Marketing information
  • Non sensitive user data
  • Click usage
  • Usage Data
  • Pixel-ID
  • Pixel usage data
  • Referrer URL
  • Geographic location
  • phone number
  • User Agent

Purpose of Data Collection:

Advertising
Analytics
Provision of fonts
Service improvement
Marketing
Personalization
Tag management
Payment processing
Cloud computing
Bot protection
Functionality
Retargeting
Website security
Conversion tracking
Recommendations
Buyer protection
Feedback
Tracking
Geolocation
Consent to tracking
Customer behavior analysis
Web analytics
Monitoring
Search results optimization
Performance measurement
Access measurement
Reach measurement
Management of tags and scripts on this website
Research
Location identification
Lead generation
Management of customer reviews
Website monitoring
Provision of online chats
Tracking ID
Payment facilitation
Service enhancement
Provision of a marketplace for labeled data
Trend analysis
Ad display
Application processing
Provision of software solutions
Digital advertising
Product updates
Company announcements
Sponsored messages
Website design
Creation of target group-specific ad graphics

Legal basis for processing
Art. 6 Abs. 1 lit. a DSGVO und § 25 Abs. 1 TDDDG

Country of Processing
European Union

TikTok Pixel

Issuer
TikTok Technology Limited

Descriptio
We use the TikTok Pixel to improve our marketing campaigns, including tracking conversions from TikTok ads, building audiences, optimizing TikTok ads on third-party websites and apps for current and future visitors, and retargeting individuals who have previously taken marketing actions on our website or interacted with TikTok ads. This includes information about the use of TikTok content and interactions on the website.

Link to privacy policy
https://www.tiktok.com/legal/cookie-policy?lang=de

Categories of Personal Data:

  • Visited Websites
  • E-Mail address
  • Date of Birth
  • Device information
  • Internet provider
  • IP Address
  • Surname
  • Usage Data
  • Profile image
  • Profile information
  • Smartphone device information
  • Name

Purpose of Data Collection
Analyse; Social Media

Legal basis for processing
Article 6(1)(a) GDPR, Article 49(1)(a) GDPR

Country of Data Processing
Singapure, United States of America

Social Media
YouTube Video

Issuer
Google Ireland Limited

Description:
This cookie stores your preferences and other information, including your preferred language, the number of search results you want to display on the page, and whether you wish to activate Google’s SafeSearch filter.

Link to privacy policy
https://policies.google.com/privacy?hl=en

Categories of Personal Data:

  • Visited Videos
  • Device information
  • IP Address
  • Referrer URL

Purpose of Data Collection

Display videos; improve the service; payment processing; cloud computing; session management; provision of a marketplace for labeled data

Legal basis for processing
Article 6(1)(a) GDPR

Country of Processing
European Union

Miscellaneous
9. Google Analytics

Our website uses features of the web analytics service Google Analytics provided by the company “Google”:

Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
United States

Google Analytics collects the number of users and their usage behavior on our website. Cookies are used for this purpose; they enable the analysis of how users interact with the website. The information generated by the cookies is transmitted to the provider’s servers in the USA and stored there. We have concluded a corresponding data processing agreement with the provider. If you do not want your usage behavior on our website to be tracked, you can prevent this by configuring your browser so that no cookies are stored. You can also prevent the installation and storage of cookies by adjusting your browser settings accordingly or by downloading and installing the free browser plugin.

We also use the Google Firebase service to analyze potential app crashes.

10. Mailchimp

We use the service ‘Mailchimp’ to send our newsletter.

The Rocket Science Group
LLC, 512 Means Street Suite 404
Atlanta, GA 30318
United States

Die „The Rocket Science Group“ garantiert durch die Zertifizierung nach dem „EU-US Privacy Shield“, einsehbar unter: privacy-shield

that the data protection requirements of the EU are also complied with when processing data in the USA. Further privacy information from ‘The Rocket Science Group’ can be found at: Mailchimp

When you sign up for our newsletter, your registration data—specifically your email address and IP address—will be processed and stored by The Rocket Science Group. In addition, The Rocket Science Group uses so-called “web beacons” to analyze whether and when you have read our newsletter and whether you have followed any included links.
You may revoke your consent to receive the newsletter at any time.

11. Facebook

As part of our social media marketing and advertising campaign strategy, SteadySense uses the following Facebook events:

App Installations
App Launch
Registrations
Section which mode is used
Patch purchases

The femSense app and website use analytics tools to optimize the performance of the offering and to increase the benefit for the user.

12. Apple Health iOS

You can choose whether and to what extent your personal data is shared between the femSense app and Apple Health. This permission can be granted or revoked at any time in the Apple Health settings. With your consent, femSense can interact with the Health app on your iOS device. This may involve the transfer of your personal data to Apple servers located outside the European Union.

SteadySense may not use or share data collected in connection with health, fitness, and medical research for advertising purposes or with third parties. This includes the Clinical Health Records API, the HealthKit API, Motion and Fitness, Movement Disorder APIs, or health-related research involving human subjects—for marketing or other usage-based data mining purposes, except for improving health management or for the purpose of health research, and only with proper authorization.

SteadySense does not use any information obtained through the use of the HealthKit framework or similar services for advertising purposes.

SteadySense may not disclose any information obtained through HealthKit to third parties without the user’s explicit consent. Even with permission, SteadySense may only share information with third parties that also provide a health or fitness service to the user.

SteadySense may not sell information obtained through HealthKit to advertising platforms, data brokers, or information resellers.

If the user consents, SteadySense may share their HealthKit data with third parties for medical research, but must clearly inform the user how the app will use their HealthKit data.

SteadySense values your privacy and does not sell personal data to third parties.

13. Sensitive data

Sensitive data (e.g., cycle data) entered into the femSense app and that can be linked to a user is stored for internal analysis purposes and to monitor the functionality of the femSense app. This confidential data is not shared with third parties.

14. Usage data

Usage data is generated in the femSense app in the event of a customer inquiry and is stored solely for internal analysis purposes and to monitor the functionality of the femSense app. This usage data is not shared with third parties.

15. System diagnosis

In the event of a crash of the femSense app, crash reports are anonymized and transmitted for internal analysis purposes and to monitor the performance of the femSense app. They are not shared with third parties.

16. Deletion of femSense account

If you wish to delete your femSense account, please use the ‘Contact Support’ function in the menu of the femSense app and notify us that you would like your account to be deleted. Your account will be deleted by us within 2 working days

17. Confidentiality of the Data

All employees of SteadySense are bound to confidentiality regarding any information entrusted to them or made known to them in the course of their work.

18. Data Security

Data security is of paramount importance to us. SteadySense has implemented all necessary technical and organizational measures to ensure the security of data processing and to protect personal data against unauthorized access by third parties. The IT infrastructure of SteadySense complies with current security standards and is subject to regular review and updates.

The femSense system uses various cryptographic methods for security and to protect the transmission of confidential content, such as temperature data and cycle data. These encryption techniques are employed to ensure that sensitive information remains secure during transmission and cannot be accessed or manipulated by unauthorized parties.

The HTTP connection between the app and the backend server is encrypted using the TLS protocol. The server is located in Europe and is hosted by SteadySense.

SteadySense does not store any payment-related data and archives health and body measurement data exclusively in anonymized form.