Smart Run Privacy Policy
Effective July 22, 2021.
1 Responsible body
The responsible body for processing personal data is Humotion GmbH, Heerdestraße 23, 48149 Münster (hereinafter referred to as ‘we’ or ‘us’).
2 Purpose and legal basis for processing personal data
2.1 Principle
We process personal data that arises as part of app usage and that you expressly and wilfully provide to us when using the app, exclusively in accordance with legal provisions (Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG], the Telemedia Act [Telemediengesetz, TMG], the EU General Data Protection Regulation). This includes processing personal data
- that is required to provide contractual services, or is required by law or
- for which you have given us your express consent or
- based on our legitimate interests (e.g. our interests in security, economic operation and analysis and optimisation of the app to improve user experience).
With respect to processing personal data based on the EU General Data Protection Regulation applicable from 25 May 2018, we refer to the following legal bases for processing personal data:
- Consent: Article 6 Paragraph 1 Littera a and Article 7 of the EU General Data Protection Regulation
- Fulfilling our contractual obligations: Article 6 Paragraph 1 Littera b of the EU General Data Protection Regulation
- Fulfilling our legal obligations: Article 6 Paragraph 1 Littera c of the EU General Data Protection Regulation
- Protecting our legitimate interests: Article 6 Paragraph 1 Littera f of the EU General Data Protection Regulation
The personal data processed by us mainly includes the following:
- Information that you use when registering your user account (e.g. e-mail address and password)
- Information that you add to your personal profile (e.g. first name, surname, height, weight, sport, age/date of birth, gender, photo)
- Data that is recorded by your mobile device’s sensors during training activities (e.g. acceleration sensor, magnetic sensor, etc.)
- Locations that are recorded by your mobile device’s GPS sensors during training activities
- Performance data determined using training activities recorded (e.g. step frequencies, distances, duration, activity charts)
- Data that arises when using the app (e.g. your mobile device’s IP address, error and crash reports, internal app user statistics)
2.2 Processing to fulfil our contractual obligations
To be able to use the app, you have to register and create a user account. We use your e-mail address to contact you if this is necessary for us to provide services offered by us. As an example, this may include welcome e-mails and messages if you have forgotten your password or want to be informed about changes to our data privacy policy. We will send you newsletters only to inform you about new functions if this is legally permissible or you have given your express consent for us to do so. We also use your e-mail address and password to carry out authentication using OAuth2, to ensure that unauthorised third parties are not able to access your personal data on your mobile device.
You can add more information to your personal profile, e.g. a photo. If you do not give express consent to processing this personal data for other purposes, we will only process this information to give you a positive user experience.
You can use the app to receive information about sports facilities in your area that have a SmarTracks system. We also process your mobile device’s current location using GPS data.
If you record training activities, we will process further personal data. For example, this may include GPS locations and data from your mobile device’s acceleration sensor and/or magnetic sensor. We use the data recorded during a training activity to determine performance data that relates to your training. This may include step frequencies, distances and times covered, as well as the cartographic visualisation of routes covered during a training activity. You therefore always have the opportunity to monitor your training progress and performance in the app.
We do not process your mobile device’s location data as standard. So that you can use the app’s location functions, you first have to grant permission for access to your mobile device’s location data. You can grant permission via the dialogue box ‘Grant permission’, which is shown when you first start the app after it has been installed. If you do not grant permission or if you deactivate it in your mobile device’s settings at a later point in time, it will not be possible to record training activities.
Sensor and location data is recorded on your mobile device only until the app is closed. To visualise location data, we use Google Maps API or Apple Maps API, depending on your device (see Section 4 and Section 5 of this data privacy policy).
2.3 Processing to provide statistics about training progress and performance
If you want to compare your training progress and your performance with other users that have a similar user profile, you can authorise us to use recorded activity data and profile information provided by you to create aggregated statistics. The more information you provide, the better we are able to show your performance in comparison to other users. Here, it is not possible to personally identify an individual user through the data used, as processing is carried out only in anonymous form.
By default, we do not use your personal data to create aggregated statistics. So that you can use this function, we first need your express consent to process personal data for the purposes of creating aggregated statistics. You can give us this consent at any time by activating the function in your app’s settings. When you do so, we will log your consent, in order to be able to evidence that consent in accordance with legal requirements (date, time and IP address).
You can withdraw at any time your consent to processing your personal data for the purposes of creating aggregated statistics by deactivating the function in the app’s settings.
2.4 Processing to improve services offered
If you want to help us to improve the services we offer, you can allow us to process error and crash reports (e.g. your mobile device’s hardware and software specifications, event type), internal app user statistics (e.g. frequency of use for individual functions, click behaviour in relation to the app’s controls) and data recorded during training activities. Here, it is not possible to personally identify an individual user through the data used, as processing is carried out only in anonymous form.
By default, we do not use your personal data to improve the services we offer. So that you can use this function, we first need your express consent to process personal data for the purposes of improving the services offered. You can give us this consent at any time by activating the function in your app’s settings. When you do so, we will log your consent, in order to be able to evidence that consent in accordance with legal requirements (date, time and IP address).
You can withdraw at any time your consent to processing your personal data for the purposes of improving the services we offer by deactivating the function in the app’s settings.
2.5 Processing for research purposes
If you would like to contribute to scientific research in relation to training techniques and human movements, you can allow us to process recorded activity data. Here, it is not possible to personally identify an individual user through the data used, as processing is carried out only in anonymous form.
We do not use your personal data for scientific research as standard. So that you can use this function, we first need your express consent to process your personal data for the purposes of scientific research. You can give us this consent at any time by activating the function in your app’s settings. When you do so, we will log your consent, in order to be able to evidence that consent in accordance with legal requirements (date, time and IP address).
You can withdraw at any time your consent to the processing of your personal data for the purposes of scientific research by deactivating the function in the app’s settings.
3 Saving personal data
3.1 Data retention period
We save your personal data for as long as is required for the purposes outlined in this data privacy policy. If these purposes no longer apply and/or if your user account is deleted, all personal data will be deleted, unless a longer retention period is required by law. In this case, we will block your personal data and separate it from active user data.
3.2 Deleting data
If you would like to delete your user account and all of the personal data linked to it, you can contact us at any time. Please use the contact details given in Section 10 to do so.
3.3 Data storage location
We only save your personal data on secure and protected servers in Germany.
4 Sharing personal data with third parties
4.1 Principle
Unless otherwise stated, we do not transmit personal data to third parties on principle, and do not transmit it to countries outside the European Union (EU) or the European Economic Area (EEA).
4.2 Overview of technical service providers
We may use technical service providers to provide our services as part of order data processing, e.g. for hosting. When doing so, we can also use service providers headquartered outside of the EU and the EEA, where different data protection provisions apply.
Service providers in the USA generally offer an appropriate data protection level similar to EU data protection law, provided that they are subject to the EU/US Privacy Shield certification or the agreement of the EU standard contractual clauses with the recipient.
You can find an overview of the technical service providers we use, and their data privacy policies, in the Annex.
4.3 Sharing personal data by law
We only share your personal data with regulatory authorities and law enforcement authorities or other government institutions as part of mandatory national legal regulations.
5 Maps API
On Android: To fulfil our contractual obligations, we use Google Maps API by Google Inc. (‘Google’) to show geographical information about your training activities. When using Google Maps, data is also processed by Google when you use the Maps function. You can find further information in Google’s data privacy policy: https://www.google.de/intl/de/policies/privacy/
On iOS: To fulfil our contractual obligations, we use Apple Maps API by Apple Inc. (‘Apple’) to show geographical information about your training activities. When using Apple Maps, data is also processed by Apple when you use the Maps function. You can find further information in Apple data privacy policy: https://www.apple.com/legal/privacy/en-ww/
6 Required permissions
6.1 Principle
We use permissions granted by you on your mobile device only for the purposes outlined in this data privacy policy. You can cancel permissions in your mobile device’s settings at any time.
6.2 Overview of required permissions
To guarantee that the app is fully functional, you must grant the app permission to access certain functions and data. You can find an overview of the required permissions and the way they are used in the app in the Annex.
7 Obligation to provide personal data
It is not a legal obligation to provide your personal data when registering a user account. It is a contractual obligation to provide information upon registration. You cannot use the app without registering a user account. If you provide personal data that goes beyond registering a user account, this is neither a legal nor a contractual obligation. However, the functionality of the app may be restricted if personal data is not provided.
8 Data subject rights
8.1 Right of withdrawal
If you have consented to our processing of your personal data for the purposes outlined in this data privacy policy, you may withdraw this consent at any time with effect for the future. You can often withdraw consent in the app settings and/or your mobile device’s settings (see Section 2 and Section 6 of this data privacy policy). The legality of processing personal data shall remain unaffected hereby up until the withdrawal date.
If you have questions about this right of withdrawal or if you want to use it, you can contact us at any time using the contact details given in Section 10.
8.2 Data subject rights
You have the right to obtain information about the processing of your personal data at any time free of charge, and to update or correct this where necessary. You also have the right to withdraw, transfer, restrict processing or delete your personal data processed by us, unless any archiving obligations are stipulated by law. If you have questions about these data subject rights or if you want to use them, you can contact us at any time by using the contact details given in Section 10.
8.3 Right of appeal to supervisory authorities
You have the right to submit a complaint to a data protection authority. You can either contact data protection authorities that are responsible in your place of residence or state, or the data protection authorities responsible for us
8.4 California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year.
To request a copy of the information pursuant to Section 1798.83 of the California Civil Code, please contact info@humotion.net.
9 Changes
We reserve the right to change the data privacy policy from time to time. Once we have collected data, we will not subsequently use it for purposes other than those we are entitled to by law without your consent. If we change our data privacy policy, we will inform you of this by e-mail or in the app.
10 Contact
If you have questions or suggestions for Humotion about data protection, you can contact us by e-mail, fax or letter at any time:
Humotion GmbH
Heerdestr. 23
48149 Münster
Fax:+49 (0) 251 / 590 805 99
E-mail: info@humotion.net
11 Annex – Overview of required permissions Android
Permission exact location
Access to the exact location data determined using GPS (e.g. messages for recorded training activities on a map)
android.permission. ACCESS_ FINE_ LOCATION
Permission deactivate standby mode
Deactivate standby mode on the mobile device whilst recording training activities (e.g. with switched-off or locked display)
android.permission.WAKE_LOCK
Permission change or delete USB memory/SD card content
Save app-related data on the mobile device (e.g. sensor data recorded during training activities)
android.permission.WRITE_EXTERNAL_STORAGE
Permission read device memory/SD card content
Read app-related data that is saved on the mobile device (e.g. for assessing recorded training activities and how they are shown in the app)
android.permission.READ_EXTERNAL_STORAGE
Permission access to all networks
Exchange data with Humotion servers (e.g. when creating a user account)
android.permission.INTERNET
Permission in-app billing
Offer in-app purchases
com.android.vending.BILLING
Permission for notifications
Show notifications on the mobile device (e.g. notifications for recording a training activity in the status bar)
android.permission. BIND_NOTIFICATION_LISTENER_SERVICE
Permission for sticky broadcast
Show sensor data if the app is running in the background (e.g. recording sensor data during a training activity, regardless of user interface)
android.permission.BROADCAST_STICKY
Permission for battery statistics
Read the battery level in order to notify about low battery before exercises.
android.permission.BATTERY_STATS
Permissions for bluetooth
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_PRIVILEGED
12 Annex – Overview of required permissions iOS
Permission motion
Access to motion sensors: accelerometer, gyroscope, magnetometer.
ios.permission.NSMotion
Permission photo library
Access to photo library to set profile photo.
ios.permission.NSPhotoLibrary
Permissions for location
Show you and your route on the map.
ios.permission.NSLocation
ios.permission.NSLocationAlways
ios.permission.NSLocationWhenInUse
ios.permission.NSLocationAlwaysAndWhenInUse
Permissions for bluetooth
ios.permission.NSBluetoothAlwaysUsageDescription
ios.permission.NSBluetoothPeripheralUsageDescription
13 Annex – Overview of technical service providers
Supplier Google
Supplier/service: Google Maps API Operator. Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043
Subject: Visualisation of geographic information
Website: https://developers.google.com/maps
Data privacy policy: https://www.google.com/policies/privacy/ Certification for the EU/US Privacy Shield
Objection/general notes: N/A
Supplier Apple
Supplier/service: Apple Maps API Operator. Apple Inc., One Apple Park Way, Cupertino, California, 95014
Subject: Visualisation of geographic information
Website: https://developer.apple.com/maps/
Apple Privacy Policy: https://www.apple.com/legal/privacy/en-ww/ Objection/general notes: N/A