"Personal data" is any information about an identified or identifiable natural person. You are identifiable as a person if you can be identified directly (e.g. by your name) or indirectly (e.g. by a pseudonymous e-mail address) with this information.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automated means.
2 Controller for data processing
The controller (hereinafter also "we" or "us") of your personal data processed in our App is.
30419 Hanover, Germany
3 Data protection requests
If you have any questions about data protection or data security, you can contact our data protection officer by writing to Continental AG, Vahrenwalder Straße 9, 30165 Hannover, Germany, or by e-mail to email@example.com.
4 Purposes and legal bases for the processing of your personal data
4.1 Processing in the app
The purposes pursued with the data processing in our app are explained below.
|Type of data||Processing purposes||Legal basis||Expected storage period|
|1. User account registration: To use the BAL.ON app, you must create a customer account. The following data is processed in the process: E-mail; Password; User ID. Furthermore, you can voluntarily provide the following additional data: Name; Phone; Birthday; Shoe Sole Size; Weight; Size; Left/right handed; Golf Handicap; Swing-related information collected via app and BAL.ON kit||- Use of the BAL.ON App / individual evaluation of the BAL.ON Kit data transmitted to the BAL.ON App. - Improving evaluation results. - Individualization of the profile and improvement of the user experience. - At the request of the data subject, transmission to and evaluation by a golf coach using the BAL.ON Academy App.||Art. 6 (1) sentence 1 lit. b GDPR (pre-contractual measures, fulfillment of a contract)||We store the registration data for your user account until you delete your account again or we delete it due to inactivity of more than one year and as far as no other storage purposes oppose.|
|2. Contact Benecke-Kaliko AG: Your message; Name; E-mail (*You can contact us through our contact form.)||To process and, if necessary, carry out the request you have communicated and to communicate with you via the contact form.||Art. 6 (1) sentence 1 lit. a GDPR (consent). You can revoke your consent at any time with effect for the future.||- Until your declaration of consent is revoked, otherwise until your request has been finally processed. We assume that processing has been completed when the circumstances indicate that the matter in question has been conclusively clarified. - If we process your request and there is another legal basis (e.g. fulfill-ment of a contract), we may store your data for the duration of this other purpose.|
|3. Newsletter: Your message; Name; E-mail (*You can register to subscribe to our newsletter and receive attractive product offers and information about our products)||Sending of a newsletter published at regular intervals (1x per month) with interesting news about our products, events and our company (product news etc.).||Art. 6 (1) sentence 1 lit. a GDPR (consent). You can revoke your consent at any time with effect for the future.||Until you revoke your declaration of consent.|
4.2 Data transmission to service providers
As part of the above data processing, we transmit data to the service providers listed below:
|Information Factory (IN-FAB) Ltd.||Albersloher Weg 10c, 48155 Münster, Germany|
|Hafven GmbH & Co KG||Kopernikusstr. 14, 30167 Hanover, Germany|
|Amazon Web Services Germany GmbH||Domagkstr. 28, 80807 Munich, Germany|
|ContiTech - Innovation, Business Development & Digital Solutions||Hannoversche Str. 100, 21079 Hamburg, Germany|
|CodeCraft Technologies Pvt Ltd||No. 106, SSS Serene, 3rd Floor, 4th C Cross, Koramangala Industrial Layout, 5th Block, Bengaluru, Karnataka 560095, India|
|Addepto||Bukowińska 22A, 02-703 Warsaw, Poland|
|Department of Heath and Human Performance of the Polytechnic University of Madrid||c/ Rammiro de Maeztu 7, 28040 Madrid, Spain|
The service providers process your data as our order processors on the basis of a corresponding data processing agreement. Insofar as the service providers are located outside the European Economic Area, the transfer takes place on the basis of the standard contractual clauses provided by the EU Commission and further technical and organizational measures to safeguard the security of your data.
A cookie is a small data file that is stored on your terminal device. Cookies are used to analyze user interest and to make our app more user-friendly. In principle, you can also use the app without cookies (except insofar as they are necessary). However, if you want to use the full range of functions of our app in the most user-friendly way, you should accept the cookies that enable the use of certain functions or provide comfort features. The purpose of the cookies we use is shown in the following list.
Unless they are technically necessary cookies, we ask for your consent before storing cookies. You can deactivate and delete technically unnecessary cookies at any time in the app settings.
You can view and disable the currently enabled cookies in the settings of our app.
5.1 Technically necessary cookies
These cookies are technically necessary to provide the following core functions of the app and cannot be disabled by you:
- Display of the content of the app
- Anonymization of IP addresses in log files
- Cookie consent status
- Verify and identify users
- Frontend login for subpages with access restrictions
|Sign in with Apple||Current session||Enables login process via sign-in with Apple (in planning)|
|Sign in with Facebook||Current session||Enables login process via sign-in with Facebook login (in planning)|
|Sign in with Google||Current session||Enables login process via sign-in with Google (in planning)|
|visuals||Close user account or until deletion of the app from the appstore||Maintains the preferred frame rate of the front and rear cameras|
|connectivity||Close user account or until deletion of the app from the appstore||Contains uploadable connection preferences|
|language||Close user account or until deletion of the app from the appstore||Holds the localization preference|
|defaults||Close user account or until deletion of the app from the appstore||Contains temporary lookup values for the user status|
The legal basis for the storage of the cookie is Section 25 (2) TTDSG. The legal basis for the processing of personal data based on the cookie is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to provide you with the functions of our app.
5.2 Cookies for analysis purposes
These cookies are used to measure the performance of the app and user behavior. However, they are not absolutely necessary for the provision of the app and must therefore be activated by you independently as part of your consent. All collected data is evaluated anonymously.
Google Tag Manager
|ad_storage||Enables the storage of advertising-related data such as cookies.|
|analytics_storage||Enables storage of analytics-related data such as cookies, e.g. visit duration.|
|functionality_storage||Enables storage of data that supports the functionality of the web-site or app, e.g. language settings|
|personalization_storage||Enables storage of data related to personalization, e.g. video rec-ommendations|
|security_storage||Enables storage of security-related data, e.g., for authentication features, fraud prevention, and other user protections|
The legal basis for the storage of the cookie is § 25 (1) TTDSG.
6 Deletion of your personal data
Your personal data will only be processed as long as the processing purposes specified in no. 5 exist. In addition, however, there are further retention obligations or legal bases that make longer processing necessary.
6.1 Legal retention periods
Your personal data will be stored if legal retention periods exist, in particular within the scope of the retention periods pursuant to Section 147 of the German Fiscal Code (AO), which provides for a retention period of six years for commercial and business letters including e-mails and ten years for accounting vouchers (e.g. invoices), as well as within the scope of Section 257 of the German Commercial Code (HGB), which provides for a corresponding retention period of six or ten years. Legal basis: Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).
6.2 Statute of limitations
Your personal data may also be stored to preserve evidence for the assertion of or defense against legal claims under the statute of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years. The regular limitation period begins at the end of the year in which the claim arose and the creditor became aware of the circumstances giving rise to the claim and of the person of the debtor or should have become aware of them without gross negligence. Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest: Assertion, exercise or defense of or against legal claim(s)).
Your personal data may be transferred to the following categories of recipients:
- Third parties who provide the contractually agreed services on our behalf and support us in the provision of our services e.g. transport companies;
- If you activate this feature (for a fee, if applicable), your data will be transmitted to a BAL.ON Academy golf coach for evaluation and coaching purposes;
- Affiliated companies in accordance with binding corporate guidelines;
- Providers who receive data for the purpose of arranging and providing services;
- Insurance partner of Benecke-Kaliko AG
- Authorities (e.g. tax authorities)
- Lawyers and courts in the event of legal disputes
8 Necessity of providing your personal data
According to our Terms of Service to use the App, you are contractually obligated to provide the personal data required for user (Sections 1 and 2 under Number 5.1 of this Privacy Information) if you wish to make use of our services offered in the app.
If you do not provide the required personal data, we will not be able to enter into a contract with you or provide you with any services.
However, if it is not necessary to provide personal data and you do not provide it, we will not be able to provide you with separate or individual information (e.g. we will not be able to respond to or process any request or complaint you may have sent to us or send you a newsletter).
9 Transfer of your personal data to third countries
Your personal data is processed on servers within the scope of the GDPR (in the EU / EEA). A transfer to third countries does not take place in principle, unless it is explicitly stated otherwise in this privacy information.
In our App we use the Firebase services described below, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
10.1 Dynamic Links
Dynamic Links is a service from Google that allows deep links to an app. This enables us to take you to a specific area of the app via a link to display content directly in the app, passing information to the app.
Dynamic Links uses device specifications and IP addresses on iOS to open newly installed apps on a specific page or context. These device specifications and IP addresses are stored only temporarily to run the service.
We use the data in this service exclusively to provide app content.
Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest: proper and convenient provision of content).
10.2 Analytics for Firebase
Google Analytics for Firebase is a service from Google that provides event reports that help us understand how users interact with our app. The service provides us with insights into app usage and user engagement, and helps us understand our users' behavior so we can make informed decisions about app marketing and performance optimization.
Analytics for Firebase processes the following categories of data:
- Number of users and sessions
- Session duration
- Operating systems
- Device models
- First time starts
- App executions
- App updates
- In-app purchases
The above information will not be linked to your user account, so we will not identify you as a user with the data.
Analytics for Firebase retains certain data associated with advertising IDs (e.g., Apple's Identifier for Advertisers and Identifier for Vendors, Android's Advertising ID) for 60 days and retains aggregated reports without automatic expiration. Retention of user-level data, including conversions, is set to up to 2 months. For all other event data, the retention period is 2 months.
We use this data solely for the purpose of understanding the behavior of the entirety of our users in pseudonymized form in order to improve the app and related services and other benefits.
In Analytics for Firebase, interactions by you as a visitor with our app are primarily recorded using cookies. For more information about cookies, see para. 5.2.1.
The legal basis for the processing of your personal data within the scope of Analytics for Firebase is your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR, which we request in the settings.
- 10.2.1 Revocation of your consent
You can revoke your consent to the processing of your personal data within the scope of Google Analytics at any time with future effect by deactivating Analytics for Firebase in the settings of our app.
- 10.2.2 Job processing
We have concluded an order processing agreement with Google, which you can access here: Firebase Data Processing and Security Terms.
- 10.2.3 More information about Analytics
10.3 Transfer of personal data to third countries
According to Google, the Firebase services are run on the global Google infrastructure. Your data processed in the Firebase services may also be transferred by Google to third countries (countries outside the EU / EEA, e.g. USA). In these third countries, despite the use of appropriate safeguards by the platforms, an adequate level of protection may not be ensured and you may not be able to assert your data protection rights under the GDPR or not to the same extent. There may be a risk that the personal data are used by government agencies for other purposes (e.g., by security agencies to fight terrorism) due to laws or legal practice in third countries.
If data is transferred to third countries, Google uses the so-called Standard Contractual Clauses (“SCC”). With this contract, Google undertakes to comply with the level of data protection guaranteed by the GDPR when processing in third countries. The contract has its basis in a decision of the EU Commission, according to which the unchanged use of the SCC constitutes appropriate guarantees for data processing in third countries. The corresponding decision of the EU Commission and the SCC can be found here.
However, to the extent possible when using the services, we aim to process in European data centers.
10.4 More information about Firebase
For more information on data privacy and security in Firebase, click here.
11 Google Tag Manager
We use the Google Tag Manager provided by Google Ireland Limited, incorporated and operating under the laws of Ireland (Registered Number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, "Google") in this app.
The Google Tag Manager only manages and implements tags. This means that no cookies are used by the Google Tag Manager and no personal data is collected. The data processed by the Google Tag Manager does not contain user IP addresses or any user-specific identifiers that could be associated with a specific person. Other than data in standard HTTP request logs, all of which is deleted within 14 days of receipt, Google Tag Manager does not collect, store, or share information about visitors to our clients' properties, including page URLs visited.
More information about Google Tag Manager can be found at https://www.google.com/analytics/terms/tag-manager/ and https://support.google.com/tagmanager/answer/9323295?hl=en.
12 Single sign-on login (to be implemented soon)
Single sign-on" or "single sign-on logon or authentication" refers to procedures that allow you to log on to our app using a user account with a provider of single sign-on procedures (e.g., a social network). The prerequisite for single sign-on authentication is that you are registered with the respective single sign-on provider and enter the required access data in the online form provided for this purpose, or are already registered with the single sign-on provider and confirm the single sign-on registration via button.
Authentication takes place directly with the respective single sign-on provider. In the course of such authentication, we receive a user ID with the information that you are logged in under this user ID at the respective single sign-on provider and an ID that cannot be used by us for other purposes (so-called "user handle"). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected during authentication, and also on which data you have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and your choice, this can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us.
Please note that the single sign-on provider can automatically match your data stored by us with your user account, but that this is not always possible or does actually occur. If, for example, your e-mail address changes, you must change them manually in their user account with us.
The legal basis for our processing of your data when using a single sign-on registration is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest is to provide you optionally with an easier way of registration and login.
Services used and service providers:
- Apple Single-Sign-On: Service provider: Apple Inc. , Infinity Loop, Cupertino, CA 95014. Privacy information: https://www.apple.com/legal/privacy/en-ww/
13 Provision of the online offer and web hosting
Data and information is automatically collected from the app users' system and stored in the server log files. This storage includes
- the operating system,
- Date and time of the server request,
- the number of visits,
- the length of stay,
- the IP address of the users is anonymized before it is stored.
The duration of the storage of IP addresses is thirty (30) days. The legal basis for the processing is Art. 6 (1) sentence 1 lit. f GDPR. The legitimate interest for processing the IP address is to enable communication between our server and your end device as well as to ensure the general functionality of our app in order to track attacks on our systems. The processing of the other data serves to create statistics.
Hosting services through a third party provider
We use a third-party provider as a processor to host the services required for the app. For this purpose, we have concluded a data processing agreement with the hosting provider. This serves to protect our legitimate interests within the meaning of Art. 6 (1) sentence 1 lit. f GDPR in the proper provision of our services. All data collected in the course of using this app as described will be stored on the servers of the processor. Processing on other servers only takes place as explained here.
Our hosting provider is:
Amazon Web Services Deutschland GmbH, Domagkstr. 28, 80807 Munich, Germany
14 Your rights in relation to your personal data
The GDPR grants you various rights in relation to your personal data, which we briefly explain below.
Right of Access
You can request information about whether your personal data is being processed. If this is the case, you can request further information, in particular on the purposes of the processing, the categories of personal data processed, the recipients, the storage period or, if this is not possible, the criteria for determining the period, as well as further information.
You can request a copy of your personal data, which will be provided to you in the event of a request by e-mail in a common electronic format, provided that this does not affect the rights or freedoms of other persons. For this purpose, please specify exactly which data you require.
Right to Rectification
You can immediately request the correction of incorrect personal data concerning you as well as the completion of incomplete personal data.
Right to Erasure
You have the right to request the deletion of your personal data, in particular if the data is no longer necessary for the purposes for which it was processed. Your data will be deleted immediately unless an exception applies and your data may continue to be stored. This is the case, for example, if there is an obligation to store it for tax or commercial law reasons. In this case, processing will be restricted and will then only take place for this purpose.
Right to Restriction
You may request the restriction of the processing of your personal data, in particular if
- you dispute their accuracy and the data is verified,
- the processing is unlawful and you object to the erasure,
- the data is no longer required, but you need it for the assertion, exercise or defense of legal claims, or
- you have objected to the processing.
In the event of the restriction of the agreement, your personal data may in principle only be stored and in particular only processed with your consent or for the assertion or exercise as well as for the defense against legal claims.
Right to Data Portability
You may request to receive the personal data concerning you that you have provided in a structured, common and machine-readable format so that you can transfer it to another controller. You also have the right to have this data transferred directly to another controller. However, the prerequisite for this right is that the processing of your data is based on consent, the implementation of pre-contractual measures or the performance of a contract.
Right to Object
You may object to the processing of personal data relating to you if the processing is based on a legitimate interest (Art. 6 (1) sentence 1 lit. f GDPR). Your right to object also exists in the case of any direct advertising carried out (e.g. newsletter dispatch), including any profiling that may be associated with this. The data will then no longer be processed unless compelling reasons for the processing are proven.
Revocation of Consent Given for Data Processing
If you have consented to the processing of your personal data, you can revoke this consent at any time. Processing that has taken place up to the time of the revocation remains unaffected by the revocation.
Assertion of your rights
If you wish to exercise the rights described above, please contact us as the controller (Section 2).
Right of appeal to a data protection authority
You have a right of appeal to a competent data protection authority.
If you have any questions or complaints, please contact us directly first (see Section 2) - surely your concern can be solved there to your satisfaction.
Status: September 2022