Question 1

GeBioM App Privacy Policy

Hanno Söhngen · Accepted Answer

Privacy Policy As of now the mobile app is not intended for public use. This app is still in active development and being tested. All data collected is either randomly generated or from employees. All data stored will be deleted when the app reaches version 1.0.0 and is released to the public. After the release the following privacy policy is valid. Last updated April 13, 2023 This privacy notice is for the GeBioM mbH ('Company', 'we', 'us', or 'our'), it describes why we collect data and how this data is processed, stored, used, and/or shared ('processed'). This statement covers the usage of all of your information when you use our programs ('Services'), like:

Donwloading the mobile app from servers

Contact us in other wys like sales inquries, marketing, or support

Do you have questions or concerns regarding the processing of your data? Our privacy notice will grant you the knowledge about your privacy rights and choices. In cases where you do not agree with these policies and practices, do not use our Services. If you have further questions or concerns, please contact us at datenschutz@gebiom.group. THE MAIN POINTS OF THE PRIVACY POLICY The following summary gives you a quick overview of the main points from this privacy notice, a detailed description of each point can be accessed by following the link in eachkey point or from the table of contents linking to every section you might be looking for. Which personal information is processed? While using, visiting, or navigating our Services, personal information may be processed depending on the interactions with the Services. You can get more information about personal information you disclose to us by following the link. Is any sensitive personal information processed? No, sensitive personal information is not processed. Are any third parties involved from which we receive data? No, there is no collaboration with third parties. How is your information processed? Your information is processed to administer our Services and to provide and improve them for our customers. Furthermore they are processed to communicate with you, for example for security and fraud prevention, and to comply with laws. If you have given your consent we may process your information for other purposes. In any case we will process your information only when we have a valid legal reason to do so. For a detailed description of how we are processing your information read: how we process your information. With which parties is your personal information shared? We share your personal information with some third parties. Please read when and with whom we share your personal information. Which measures do we take to keep your information safe? There are organisational and technical processes to protect your personal information. But with modern communications no electronic transmission be it while sending over the internet or during storage of the information is guaranteed to be 100% secure, therefore we cannot guarantee or promise that any third party like hackers, governments, cybercriminals, or another unauthorised third party is unable to defeat our security measures. This may lead to the unauthorized collection, access or modification of your information. Please read how we keep your information safe. Which rights protect your personal information? Depending on your geolocation and/or citizenship, the applicable regulations and privacy laws to protect your personal information may differ. Read more about this topic here: your privacy rights. Which actions do could take to exercise your rights? The most common and easiest action to exercise your rights is to visit us at https://gebiom.group, or to contact us via email at datenschutz@gebiom.group. Any request from you will be answered in accordance with applicable data protection laws. If you still want to know more please review the privacy notice in full.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT? 2. HOW DO WE PROCESS YOUR INFORMATION? 3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION? 4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? 5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES? 6. HOW LONG DO WE KEEP YOUR INFORMATION? 7. HOW DO WE KEEP YOUR INFORMATION SAFE? 8. DO WE COLLECT INFORMATION FROM MINORS? 9. WHAT ARE YOUR PRIVACY RIGHTS? 10. CONTROLS FOR DO-NOT-TRACK FEATURES 11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? 12. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? 13. DO WE MAKE UPDATES TO THIS NOTICE? 14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE? 15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us. We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Contact information
- names
- phone numbers
- email addresses
- mailing addresses
- billing addresses
- contact preferences
Account information
- usernames
- passwords
- contact or authentication data
Personal information
- contact points to your bicycle
- sitting positions
- the model and manufacturer of your saddle
- your preferred sitting positions while cycling.

How is sensitive Information processed. We do not collect and process any sensitive information.

Application Data. While using our application(s), if you gave your consent, we collect:

Geolocation Information. Our apps requests permissions to access the permission to track location-based information from your mobile device. You can decide to either continuously allow this or only while you are using our app(s). You can at any time revoke this permission in your device's settings, if you wish. This permission is needed to access the devices bluetooth capabilities. We do not actually track your geolocation.

Mobile Device Access. Our app requests access or permission to some features of your mobile device. You can change the access in your device's settings at any time.

Push Notifications. To provide push notifications from our application(s) to you, you must enable the settings in your mobile phone. If you wish to opt out of the push notifications, you can disable those in your device's settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes. If your personal data is not correct you can always review and change it or contact us and let us change the data in our systems.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your personal information for different reasons: (1) to provide, improve, and administer our Services, (2) to contact you, for security and fraud prevention, (3) to comply with laws. And, if you give your consent we also process your information for other purposes. Depending on the Service you use from us and your interactions with them the reasons for processing your data vary:

We process login and account data to be able to create, manage and authenticate user accounts. If you create accounts for our services we process your data for you to have a working account.

Data we process to facilitate and deliver our services to the user. We process the data you provide to deliver the services requested.

We process your data to request feedback. In cases we need your feedback we may process your information to contact you about your use of our Services.

We process personal information to protect our services. We process information to keep our Services safe and secure, this may include fraud monitoring, fraud prevention as well as Logging the services data to protect against DDoS attacks.

We protect an individual's vital interest to keep you save. When necessary we process personal information to save or protect vital interests, such as to prevent harm.

To provide a better cycling experience.

3. WHAT LAWS AND LEGAL BASES REGULATE HOW WE PROCESS YOUR INFORMATION?

In Short: Your personal information is only processed in cases we believe it is necessary and we have a valid legal reason to do so, reasons to process your data are: you have given your consent, the need to comply with laws (e.g. accounting), the fulfilment of contractual obligations, to protect your rights, or our legitimate business interests. In case your are located in the EU or UK, the following section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR regulate how personal information might be processed. It requires us to explain any valid legal bases on which we rely to process your personal information. We rely on the following legal bases to process your personal information:

Consent. If you have given your consent by giving us the permission to use your personal information (specific purpose), you may withdraw your consent at any time. Her is, how you can withdrawing your consent.

Fulfilment of a Contract. If we have made a contract we might need to process your personal information to fulfil our contractual obligations to you. This includes providing our Services to you, if we requested to close a contract with you prior of the usage of our services.

Legitimate Interests. To erxercise our legal interests we process your information. This includes cases where we believe the process is necessary to achieve our legitimate business interests. In these cases our legitmate interests must outweigh your interests, fundamental rights and freedoms. As an example, we process your personal information for the purposes described below:
- We collect your data like IP addresses or usage data to diagnose problems and/or prevent fraudulent activities.
- We analyze your usage data to understand how our users use our products and services. This is necessary to improve user experience and for the stability of our services.

Legal Obligations. Your personal information is processed when it is necessary for compliance with our legal obligations. For example:
- to cooperate with a law enforcement body,
- a regulatory agency,
- to exercise or defend our legal rights,
- to disclose your information as evidence in litigation in which we are involved,
- for accounting.

Vital Interests. We process your information to protect your vital interests or the vital interests of a third party, if we think it is necessary, such as:
- emergency situations with the potential threats to the safety of any person.

If you are located in Canada, you are affected by the following rights and regulations Your personal information is processed, if you have given us your specific permission (i.e. express consent) to process your personal information. This consent is for a specific purpose, or in situations where your permission can be inferred (i.e. implied consent). If you wish, you can withdraw your consent. In exceptional cases, we may be legally permitted, if some laws are applicable to process your information without needing your explicit consent, those situations include:

The collection is obviously in the interests of an individual and there is no timely way to obtain the consent

To investigate and prevent fraud

If certain conditions are met for business transactions

The information is contained in a witness statement and it is necessary to assess, process, or settle the information in an insurance claim

The information is needed to identifying injured, ill, or deceased persons to communicate with the next of kin

Cases where we have reasonable grounds to believe that an individual has been, is, or may be victim of financial abuse

Cases in which we can reasonably expect that the consent to collect that data would compromise the availability or the accuracy of the information. And the data usage is reasonable for purposes to investigate a breach of an agreement or the contravention of the laws of Canada or a canadian province.

Cases to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records in which the disclosure is required.

Data produced by an individual in the course of their employment, business, or profession where the collection is consistent with the purposes for which the information was produced

The data is collected solely for journalistic, artistic, or literary purposes

The information is publicly available and specified by regulations

4. WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share information in this section with the following third parties, in specific situations described below. In some cases we share your personal information:

Business Transfers. If the business may get transferred in connection with your information, during negotiations, or in case of merge or sale of the company assets, financing, or acquisition of all or a portion of our company.

Affiliates. In some cases we may share your personal imformation with hour affiliates, in this cases we require our affiliates to honour this privacy policy. Affiliates are our parent company and subsidiaries or joint venture partners. Those include other companies we control or that are under common control with us.

Business Partners. In some cases we share your information with our business partners this is needed to offer you roducts, services, or promotions.

5. COOKIES AND OTHER TRACKING TECHNOLOGIES

In Short: Yes we use cookies and depending on our Services use tracking technologies to collect and store your information. Cookies and tracking technologies (like web beacons and pixels) are used to access and store information. Information about the useage of this technologies and your possibilities to refuse tracking cookies is configurable out in our Cookie Notice.

6. HOW LONG DO WE STORE YOUR PERSONAL INFORMATION

In Short: Your personal information is stored for as long as necessary to fulfil the purposes of our Services unless otherwise required by law. Your personal information is stored for as long as it is necessary for the purposes, or as long as you give your cosent outlined in this privacy notice. Unless there are longer retention periods which are required or permitted by law (For example tax documentation, accounting, or other legal requirements). There is no purpose which will require us keeping your personal information after you have deleted your account with us. As soon as there is no ongoing legitimate business, we have no need to process your personal information, in this case we either delete or anonymise all of your information. If this technically not possible (for example, your personal information has been stored in our backup archives), we will store your personal information securely. It will be isolated from further processing until final deletion.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: Our aim is to to protect your personal information. To do this we have a system of organisational and technical security measures. Our Services are implemented with appropriate and reasonable technical and organisational security measures. These protect the security of your personal information we process. Despite these safeguards and efforts, no electronic transmission over any medium or information storage technology grants 100 % security. Therefore no one can promise or guarantee that hackers, cybercriminals, or other unauthorised third parties cannot defeat the security measures taken. We will change the measures, if the need arrives to safe your data from improperly collection, access, stealing, or modifcation. The usage of our Services is at your own risk, altough we will do our best to protect your data during transmission and storage. Please make sure you access our Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: Our Services are not intended for minors and we do not knowingly collect data from them. Neither do we advertis our Services for minors.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your geolocation such as the European Economic Area (EEA), United Kingdom (UK), and Canada, your privacy rights allow you greater access to and control over your personal data. You can review your account and stored data at any time. In the EEA and the UK you have the right to demand the deletion of all of your data stored by our Services unless they need to be stored for legal reasons (accounting, taxes). In these regions (EEA, UK, and Canada), you have the following rights under applicable data protection laws.

you may request access to and obtain a copy of your personal information.
you have the right to request rectification or erasure of your data.
you may restrict the processing of your personal information.
you may ask for a copy of your data, if applicable. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?' below.

We will consider and act upon any request in accordance with applicable data protection laws. You have the right to complain to your Member State data protection authority or UK data protection authority, if you are located in the EEA or UK and doubt the lawful processing of information by us. In Switzerland, you can contact the Federal Data Protection and Information Commissioner.

Withdraw of your consent: In cases where you want to withdraw your consent to process your personal information and we are relying on this we will delete your data. You may withdraw your consent at any time. Just contact us by using the details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?'.

This revocation will not affect the lawfulness of the processing before we received it nor, when applicable law allows or forcse us to process your data. Account Information You are able to review, change or delete your account with all the information, if you wish. To do this you can:

Log into the Service you and change/review the information. If you cannot change the information you can contact us at datenschutz@gebiom.com to let us make the changes for you.
If you are an EU citizen you have the right to ask us for your information at datenschutz@gebiom.com

If you request to terminate your account, the account will be deleted and all information from our active databases is either deleted or if this is technically not possible deactivated and later deleted. Some information may still be stored to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements. Cookies and similar technologies: All modern Web browsers are able to set and accept cookies by default. You can choose the prferences of how your browser handles cookies in the settings of your browser. Here you can remove existing cookies and to reject cookies altogether. When choosing to remove or reject cookies, this will affect some features or services from us. If you want to opt auf advertising/tracking read opt out of interest-based advertising by advertisers. If you have somd doubts or questions feel free to email us at datenschutz@gebiom.com.

10. SETTING DO-NOT-TRACK FEATURES

Modern web browsers and most mobile operating systems as well as mobile applications have implemented a Do-Not-Track ('DNT') feature or settings. This feature is a signal of your wish for your privacy preference to not have your data collected by online browsing activities as well as being monitored and collected. As of today there is not a uniform technology standard which recognises and implements DNT which has been finalised. We do currently not respond to DNT signals or other mechanisms that communicate your choice to not be tracked. As soon as there is a unified standard we will implement this in the future, you can check this privacy policy again in the future to read, if the implementation is finished.

11. SECIFIC RIGHTS OF CALIFORNIA RESIDENTS?

In Short: Residents of California have specific rights to their personal information granted by the 'Shine The Light' law. The 'Shine The Light' law as California Civil Code Section 1798.83 is known as , grants California residents the right to, once a year and free of charge, to request and obtain from us information about categories of personal information (if any) which were disclosed to third parties for direct marketing purposes. Furthermore we must send the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. As a California resident you can make such a request, by submitting your request in writing to us at contact information provided below. All California residents under 18 years of age, who have registered an account with our Services, have the right to request removal of unwanted data, which were publicly posted on our Services. To request removal, contact us using the contact information provided below. Make sure to either use, or include the email address associated with your account. Although state that you reside in California. We will delete all publicly displayed data on the Services. Be aware that this request will not completely or comprehensively remove all your information from our systems (e.g. backups, etc.). CCPA Privacy Notice As of the California Code of Regulations a 'resident' is defined as: (1) all individuals who are residing in the State of California for other reasons than a temporary or transitory purpose and (2) all individuals whose domicile is in the State of California, but are outside the State of California for a temporary or transitory purpose All other individuals are defined as 'non-residents'. We have to follow certain rights and obligations regarding your personal information, if the above definition of 'resident' applies to you. What categories of personal information do we collect? We collected personal information from the following categories in the past twelve (12) months:

Category	Examples	Collected
A. Identifiers	Personal information like: Contact information (real names, aliases, telephone numbers, postal addresses, online identifiers, unique personal identifiers, email addresses, IP addresses and account names)	YES
B. Personal information categories listed in the California Customer Records statute	Name, contact information, education, employment, employment history, and financial information	YES
C. Protected classification characteristics under California or federal law	Gender and date of birth	YES
D. Commercial information	Transaction information, purchase history, financial details, and payment information	NO
E. Biometric information	Fingerprints and voiceprints	NO
F. Internet or other similar network activity	Browsing history, search history, online behaviour, interest data, and interactions with our and other websites, applications, systems, and advertisements	NO
G. Geolocation data	Device location	NO
H. Audio, electronic, visual, thermal, olfactory, or similar information	Images and audio, video or call recordings created in connection with our business activities	NO
I. Professional or employment-related information	Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us	NO
J. Education Information	Student records and directory information	NO
K. Inferences drawn from other personal information	Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics	NO
L. Sensitive Personal Information		NO

We will use and retain the collected personal information as needed to provide the Services or for:

Category A -

Category B -

Category C -

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

Receiving help through our customer support channels;

Participation in customer surveys or contests; and

Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information? More information about our data collection and sharing practices can be found in this privacy notice. You may contact us by email at , or by referring to the contact details at the bottom of this document. If you are using an authorised agent to exercise your right to opt out we may deny a request if the authorised agent does not submit proof that they have been validly authorised to act on your behalf. Will your information be shared with anyone else? We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA. We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be 'selling' of your personal information. has not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. will not sell or share personal information in the future belonging to website visitors, users, and other consumers. Your rights with respect to your personal data Right to request deletion of the data — Request to delete You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities. Right to be informed — Request to know Depending on the circumstances, you have a right to know:

whether we collect and use your personal information;

the categories of personal information that we collect;

the purposes for which the collected personal information is used;

whether we sell or share personal information to third parties;

the categories of personal information that we sold, shared, or disclosed for a business purpose;

the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;

the business or commercial purpose for collecting, selling, or sharing personal information; and

the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights We will not discriminate against you if you exercise your privacy rights. Right to Limit Use and Disclosure of Sensitive Personal Information We do not process consumer's sensitive personal information. Verification process Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you. Other privacy rights

You may object to the processing of your personal information.

You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.

You can designate an authorised agent to make a request under the CCPA on your behalf. We may deny a request from an authorised agent that does not submit proof that they have been validly authorised to act on your behalf in accordance with the CCPA.

You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact us by email at , or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you. 12. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information. Virginia CDPA Privacy Notice Under the Virginia Consumer Data Protection Act (CDPA): 'Consumer' means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context. 'Personal data' means any information that is linked or reasonably linkable to an identified or identifiable natural person. 'Personal data' does not include de-identified data or publicly available information. 'Sale of personal data' means the exchange of personal data for monetary consideration. If this definition 'consumer' applies to you, we must adhere to certain rights and obligations regarding your personal data. The information we collect, use, and disclose about you will vary depending on how you interact with and our Services. To find out more, please visit the following links:

Personal data we collect

How we use your personal data

When and with whom we share your personal data

Your rights with respect to your personal data

Right to be informed whether or not we are processing your personal data

Right to access your personal data

Right to correct inaccuracies in your personal data

Right to request deletion of your personal data

Right to obtain a copy of the personal data you previously shared with us

Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ('profiling')

has not sold any personal data to third parties for business or commercial purposes. will not sell personal data in the future belonging to website visitors, users, and other consumers. Exercise your rights provided under the Virginia CDPA More information about our data collection and sharing practices can be found in this privacy notice. You may contact us by email at , by visiting , or by referring to the contact details at the bottom of this document. If you are using an authorised agent to exercise your rights, we may deny a request if the authorised agent does not submit proof that they have been validly authorised to act on your behalf. Verification process We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorised agent, we may need to collect additional information to verify your identity before processing your request. Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension. Right to appeal If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at . Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal if denied, you may contact the Attorney General to submit a complaint.

13. WILL THIS PRIVACY POLICY RECEIVE UPDATES?

Yes, if we change the data we collect or the usage of the data this policy will receive updates as necessary to stay compliant with these changes or new laws. We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

In case you have any questions, concernes or comments regarding this notice, feel free to write an email to: datenschutz@gebiom.com

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Depending on the laws of your country, you may have rights to request the information we have collected about you, demand to update the data and delete the data. To execute your rights you can write an email to datenschutz@gebiom.com This privacy policy was created using Termly's Privacy Policy Generator.

Question 2

GeBioM App Privacy Policy

Hanno Söhngen · Accepted Answer

Privacy Policy As of now the mobile app is not intended for public use. This app is still in active development and being tested. All data collected is either randomly generated or from employees. All data stored will be deleted when the app reaches version 1.0.0 and is released to the public. After the release the following privacy policy is valid. Last updated April 13, 2023 This privacy notice is for the GeBioM mbH ('Company', 'we', 'us', or 'our'), it describes why we collect data and how this data is processed, stored, used, and/or shared ('processed'). This statement covers the usage of all of your information when you use our programs ('Services'), like:

Donwloading the mobile app from servers

Contact us in other wys like sales inquries, marketing, or support

Do you have questions or concerns regarding the processing of your data? Our privacy notice will grant you the knowledge about your privacy rights and choices. In cases where you do not agree with these policies and practices, do not use our Services. If you have further questions or concerns, please contact us at datenschutz@gebiom.group. THE MAIN POINTS OF THE PRIVACY POLICY The following summary gives you a quick overview of the main points from this privacy notice, a detailed description of each point can be accessed by following the link in eachkey point or from the table of contents linking to every section you might be looking for. Which personal information is processed? While using, visiting, or navigating our Services, personal information may be processed depending on the interactions with the Services. You can get more information about personal information you disclose to us by following the link. Is any sensitive personal information processed? No, sensitive personal information is not processed. Are any third parties involved from which we receive data? No, there is no collaboration with third parties. How is your information processed? Your information is processed to administer our Services and to provide and improve them for our customers. Furthermore they are processed to communicate with you, for example for security and fraud prevention, and to comply with laws. If you have given your consent we may process your information for other purposes. In any case we will process your information only when we have a valid legal reason to do so. For a detailed description of how we are processing your information read: how we process your information. With which parties is your personal information shared? We share your personal information with some third parties. Please read when and with whom we share your personal information. Which measures do we take to keep your information safe? There are organisational and technical processes to protect your personal information. But with modern communications no electronic transmission be it while sending over the internet or during storage of the information is guaranteed to be 100% secure, therefore we cannot guarantee or promise that any third party like hackers, governments, cybercriminals, or another unauthorised third party is unable to defeat our security measures. This may lead to the unauthorized collection, access or modification of your information. Please read how we keep your information safe. Which rights protect your personal information? Depending on your geolocation and/or citizenship, the applicable regulations and privacy laws to protect your personal information may differ. Read more about this topic here: your privacy rights. Which actions do could take to exercise your rights? The most common and easiest action to exercise your rights is to visit us at https://gebiom.group, or to contact us via email at datenschutz@gebiom.group. Any request from you will be answered in accordance with applicable data protection laws. If you still want to know more please review the privacy notice in full.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT? 2. HOW DO WE PROCESS YOUR INFORMATION? 3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION? 4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? 5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES? 6. HOW LONG DO WE KEEP YOUR INFORMATION? 7. HOW DO WE KEEP YOUR INFORMATION SAFE? 8. DO WE COLLECT INFORMATION FROM MINORS? 9. WHAT ARE YOUR PRIVACY RIGHTS? 10. CONTROLS FOR DO-NOT-TRACK FEATURES 11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? 12. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? 13. DO WE MAKE UPDATES TO THIS NOTICE? 14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE? 15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us. We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Contact information
- names
- phone numbers
- email addresses
- mailing addresses
- billing addresses
- contact preferences
Account information
- usernames
- passwords
- contact or authentication data
Personal information
- contact points to your bicycle
- sitting positions
- the model and manufacturer of your saddle
- your preferred sitting positions while cycling.

How is sensitive Information processed. We do not collect and process any sensitive information.

Application Data. While using our application(s), if you gave your consent, we collect:

Geolocation Information. Our apps requests permissions to access the permission to track location-based information from your mobile device. You can decide to either continuously allow this or only while you are using our app(s). You can at any time revoke this permission in your device's settings, if you wish. This permission is needed to access the devices bluetooth capabilities. We do not actually track your geolocation.

Mobile Device Access. Our app requests access or permission to some features of your mobile device. You can change the access in your device's settings at any time.

Push Notifications. To provide push notifications from our application(s) to you, you must enable the settings in your mobile phone. If you wish to opt out of the push notifications, you can disable those in your device's settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes. If your personal data is not correct you can always review and change it or contact us and let us change the data in our systems.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your personal information for different reasons: (1) to provide, improve, and administer our Services, (2) to contact you, for security and fraud prevention, (3) to comply with laws. And, if you give your consent we also process your information for other purposes. Depending on the Service you use from us and your interactions with them the reasons for processing your data vary:

We process login and account data to be able to create, manage and authenticate user accounts. If you create accounts for our services we process your data for you to have a working account.

Data we process to facilitate and deliver our services to the user. We process the data you provide to deliver the services requested.

We process your data to request feedback. In cases we need your feedback we may process your information to contact you about your use of our Services.

We process personal information to protect our services. We process information to keep our Services safe and secure, this may include fraud monitoring, fraud prevention as well as Logging the services data to protect against DDoS attacks.

We protect an individual's vital interest to keep you save. When necessary we process personal information to save or protect vital interests, such as to prevent harm.

To provide a better cycling experience.

3. WHAT LAWS AND LEGAL BASES REGULATE HOW WE PROCESS YOUR INFORMATION?

In Short: Your personal information is only processed in cases we believe it is necessary and we have a valid legal reason to do so, reasons to process your data are: you have given your consent, the need to comply with laws (e.g. accounting), the fulfilment of contractual obligations, to protect your rights, or our legitimate business interests. In case your are located in the EU or UK, the following section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR regulate how personal information might be processed. It requires us to explain any valid legal bases on which we rely to process your personal information. We rely on the following legal bases to process your personal information:

Consent. If you have given your consent by giving us the permission to use your personal information (specific purpose), you may withdraw your consent at any time. Her is, how you can withdrawing your consent.

Fulfilment of a Contract. If we have made a contract we might need to process your personal information to fulfil our contractual obligations to you. This includes providing our Services to you, if we requested to close a contract with you prior of the usage of our services.

Legitimate Interests. To erxercise our legal interests we process your information. This includes cases where we believe the process is necessary to achieve our legitimate business interests. In these cases our legitmate interests must outweigh your interests, fundamental rights and freedoms. As an example, we process your personal information for the purposes described below:
- We collect your data like IP addresses or usage data to diagnose problems and/or prevent fraudulent activities.
- We analyze your usage data to understand how our users use our products and services. This is necessary to improve user experience and for the stability of our services.

Legal Obligations. Your personal information is processed when it is necessary for compliance with our legal obligations. For example:
- to cooperate with a law enforcement body,
- a regulatory agency,
- to exercise or defend our legal rights,
- to disclose your information as evidence in litigation in which we are involved,
- for accounting.

Vital Interests. We process your information to protect your vital interests or the vital interests of a third party, if we think it is necessary, such as:
- emergency situations with the potential threats to the safety of any person.

If you are located in Canada, you are affected by the following rights and regulations Your personal information is processed, if you have given us your specific permission (i.e. express consent) to process your personal information. This consent is for a specific purpose, or in situations where your permission can be inferred (i.e. implied consent). If you wish, you can withdraw your consent. In exceptional cases, we may be legally permitted, if some laws are applicable to process your information without needing your explicit consent, those situations include:

The collection is obviously in the interests of an individual and there is no timely way to obtain the consent

To investigate and prevent fraud

If certain conditions are met for business transactions

The information is contained in a witness statement and it is necessary to assess, process, or settle the information in an insurance claim

The information is needed to identifying injured, ill, or deceased persons to communicate with the next of kin

Cases where we have reasonable grounds to believe that an individual has been, is, or may be victim of financial abuse

Cases in which we can reasonably expect that the consent to collect that data would compromise the availability or the accuracy of the information. And the data usage is reasonable for purposes to investigate a breach of an agreement or the contravention of the laws of Canada or a canadian province.

Cases to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records in which the disclosure is required.

Data produced by an individual in the course of their employment, business, or profession where the collection is consistent with the purposes for which the information was produced

The data is collected solely for journalistic, artistic, or literary purposes

The information is publicly available and specified by regulations

4. WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share information in this section with the following third parties, in specific situations described below. In some cases we share your personal information:

Business Transfers. If the business may get transferred in connection with your information, during negotiations, or in case of merge or sale of the company assets, financing, or acquisition of all or a portion of our company.

Affiliates. In some cases we may share your personal imformation with hour affiliates, in this cases we require our affiliates to honour this privacy policy. Affiliates are our parent company and subsidiaries or joint venture partners. Those include other companies we control or that are under common control with us.

Business Partners. In some cases we share your information with our business partners this is needed to offer you roducts, services, or promotions.

5. COOKIES AND OTHER TRACKING TECHNOLOGIES

In Short: Yes we use cookies and depending on our Services use tracking technologies to collect and store your information. Cookies and tracking technologies (like web beacons and pixels) are used to access and store information. Information about the useage of this technologies and your possibilities to refuse tracking cookies is configurable out in our Cookie Notice.

6. HOW LONG DO WE STORE YOUR PERSONAL INFORMATION

In Short: Your personal information is stored for as long as necessary to fulfil the purposes of our Services unless otherwise required by law. Your personal information is stored for as long as it is necessary for the purposes, or as long as you give your cosent outlined in this privacy notice. Unless there are longer retention periods which are required or permitted by law (For example tax documentation, accounting, or other legal requirements). There is no purpose which will require us keeping your personal information after you have deleted your account with us. As soon as there is no ongoing legitimate business, we have no need to process your personal information, in this case we either delete or anonymise all of your information. If this technically not possible (for example, your personal information has been stored in our backup archives), we will store your personal information securely. It will be isolated from further processing until final deletion.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: Our aim is to to protect your personal information. To do this we have a system of organisational and technical security measures. Our Services are implemented with appropriate and reasonable technical and organisational security measures. These protect the security of your personal information we process. Despite these safeguards and efforts, no electronic transmission over any medium or information storage technology grants 100 % security. Therefore no one can promise or guarantee that hackers, cybercriminals, or other unauthorised third parties cannot defeat the security measures taken. We will change the measures, if the need arrives to safe your data from improperly collection, access, stealing, or modifcation. The usage of our Services is at your own risk, altough we will do our best to protect your data during transmission and storage. Please make sure you access our Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: Our Services are not intended for minors and we do not knowingly collect data from them. Neither do we advertis our Services for minors.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your geolocation such as the European Economic Area (EEA), United Kingdom (UK), and Canada, your privacy rights allow you greater access to and control over your personal data. You can review your account and stored data at any time. In the EEA and the UK you have the right to demand the deletion of all of your data stored by our Services unless they need to be stored for legal reasons (accounting, taxes). In these regions (EEA, UK, and Canada), you have the following rights under applicable data protection laws.

you may request access to and obtain a copy of your personal information.
you have the right to request rectification or erasure of your data.
you may restrict the processing of your personal information.
you may ask for a copy of your data, if applicable. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?' below.

We will consider and act upon any request in accordance with applicable data protection laws. You have the right to complain to your Member State data protection authority or UK data protection authority, if you are located in the EEA or UK and doubt the lawful processing of information by us. In Switzerland, you can contact the Federal Data Protection and Information Commissioner.

Withdraw of your consent: In cases where you want to withdraw your consent to process your personal information and we are relying on this we will delete your data. You may withdraw your consent at any time. Just contact us by using the details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?'.

This revocation will not affect the lawfulness of the processing before we received it nor, when applicable law allows or forcse us to process your data. Account Information You are able to review, change or delete your account with all the information, if you wish. To do this you can:

Log into the Service you and change/review the information. If you cannot change the information you can contact us at datenschutz@gebiom.com to let us make the changes for you.
If you are an EU citizen you have the right to ask us for your information at datenschutz@gebiom.com

If you request to terminate your account, the account will be deleted and all information from our active databases is either deleted or if this is technically not possible deactivated and later deleted. Some information may still be stored to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements. Cookies and similar technologies: All modern Web browsers are able to set and accept cookies by default. You can choose the prferences of how your browser handles cookies in the settings of your browser. Here you can remove existing cookies and to reject cookies altogether. When choosing to remove or reject cookies, this will affect some features or services from us. If you want to opt auf advertising/tracking read opt out of interest-based advertising by advertisers. If you have somd doubts or questions feel free to email us at datenschutz@gebiom.com.

10. SETTING DO-NOT-TRACK FEATURES

Modern web browsers and most mobile operating systems as well as mobile applications have implemented a Do-Not-Track ('DNT') feature or settings. This feature is a signal of your wish for your privacy preference to not have your data collected by online browsing activities as well as being monitored and collected. As of today there is not a uniform technology standard which recognises and implements DNT which has been finalised. We do currently not respond to DNT signals or other mechanisms that communicate your choice to not be tracked. As soon as there is a unified standard we will implement this in the future, you can check this privacy policy again in the future to read, if the implementation is finished.

11. SECIFIC RIGHTS OF CALIFORNIA RESIDENTS?

In Short: Residents of California have specific rights to their personal information granted by the 'Shine The Light' law. The 'Shine The Light' law as California Civil Code Section 1798.83 is known as , grants California residents the right to, once a year and free of charge, to request and obtain from us information about categories of personal information (if any) which were disclosed to third parties for direct marketing purposes. Furthermore we must send the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. As a California resident you can make such a request, by submitting your request in writing to us at contact information provided below. All California residents under 18 years of age, who have registered an account with our Services, have the right to request removal of unwanted data, which were publicly posted on our Services. To request removal, contact us using the contact information provided below. Make sure to either use, or include the email address associated with your account. Although state that you reside in California. We will delete all publicly displayed data on the Services. Be aware that this request will not completely or comprehensively remove all your information from our systems (e.g. backups, etc.). CCPA Privacy Notice As of the California Code of Regulations a 'resident' is defined as: (1) all individuals who are residing in the State of California for other reasons than a temporary or transitory purpose and (2) all individuals whose domicile is in the State of California, but are outside the State of California for a temporary or transitory purpose All other individuals are defined as 'non-residents'. We have to follow certain rights and obligations regarding your personal information, if the above definition of 'resident' applies to you. What categories of personal information do we collect? We collected personal information from the following categories in the past twelve (12) months:

Category	Examples	Collected
A. Identifiers	Personal information like: Contact information (real names, aliases, telephone numbers, postal addresses, online identifiers, unique personal identifiers, email addresses, IP addresses and account names)	YES
B. Personal information categories listed in the California Customer Records statute	Name, contact information, education, employment, employment history, and financial information	YES
C. Protected classification characteristics under California or federal law	Gender and date of birth	YES
D. Commercial information	Transaction information, purchase history, financial details, and payment information	NO
E. Biometric information	Fingerprints and voiceprints	NO
F. Internet or other similar network activity	Browsing history, search history, online behaviour, interest data, and interactions with our and other websites, applications, systems, and advertisements	NO
G. Geolocation data	Device location	NO
H. Audio, electronic, visual, thermal, olfactory, or similar information	Images and audio, video or call recordings created in connection with our business activities	NO
I. Professional or employment-related information	Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us	NO
J. Education Information	Student records and directory information	NO
K. Inferences drawn from other personal information	Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics	NO
L. Sensitive Personal Information		NO

We will use and retain the collected personal information as needed to provide the Services or for:

Category A -

Category B -

Category C -

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

Receiving help through our customer support channels;

Participation in customer surveys or contests; and

Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information? More information about our data collection and sharing practices can be found in this privacy notice. You may contact us by email at , or by referring to the contact details at the bottom of this document. If you are using an authorised agent to exercise your right to opt out we may deny a request if the authorised agent does not submit proof that they have been validly authorised to act on your behalf. Will your information be shared with anyone else? We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA. We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be 'selling' of your personal information. has not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. will not sell or share personal information in the future belonging to website visitors, users, and other consumers. Your rights with respect to your personal data Right to request deletion of the data — Request to delete You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities. Right to be informed — Request to know Depending on the circumstances, you have a right to know:

whether we collect and use your personal information;

the categories of personal information that we collect;

the purposes for which the collected personal information is used;

whether we sell or share personal information to third parties;

the categories of personal information that we sold, shared, or disclosed for a business purpose;

the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;

the business or commercial purpose for collecting, selling, or sharing personal information; and

the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights We will not discriminate against you if you exercise your privacy rights. Right to Limit Use and Disclosure of Sensitive Personal Information We do not process consumer's sensitive personal information. Verification process Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you. Other privacy rights

You may object to the processing of your personal information.

You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.

You can designate an authorised agent to make a request under the CCPA on your behalf. We may deny a request from an authorised agent that does not submit proof that they have been validly authorised to act on your behalf in accordance with the CCPA.

You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact us by email at , or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you. 12. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information. Virginia CDPA Privacy Notice Under the Virginia Consumer Data Protection Act (CDPA): 'Consumer' means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context. 'Personal data' means any information that is linked or reasonably linkable to an identified or identifiable natural person. 'Personal data' does not include de-identified data or publicly available information. 'Sale of personal data' means the exchange of personal data for monetary consideration. If this definition 'consumer' applies to you, we must adhere to certain rights and obligations regarding your personal data. The information we collect, use, and disclose about you will vary depending on how you interact with and our Services. To find out more, please visit the following links:

Personal data we collect

How we use your personal data

When and with whom we share your personal data

Your rights with respect to your personal data

Right to be informed whether or not we are processing your personal data

Right to access your personal data

Right to correct inaccuracies in your personal data

Right to request deletion of your personal data

Right to obtain a copy of the personal data you previously shared with us

Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ('profiling')

has not sold any personal data to third parties for business or commercial purposes. will not sell personal data in the future belonging to website visitors, users, and other consumers. Exercise your rights provided under the Virginia CDPA More information about our data collection and sharing practices can be found in this privacy notice. You may contact us by email at , by visiting , or by referring to the contact details at the bottom of this document. If you are using an authorised agent to exercise your rights, we may deny a request if the authorised agent does not submit proof that they have been validly authorised to act on your behalf. Verification process We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorised agent, we may need to collect additional information to verify your identity before processing your request. Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension. Right to appeal If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at . Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal if denied, you may contact the Attorney General to submit a complaint.

13. WILL THIS PRIVACY POLICY RECEIVE UPDATES?

Yes, if we change the data we collect or the usage of the data this policy will receive updates as necessary to stay compliant with these changes or new laws. We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

In case you have any questions, concernes or comments regarding this notice, feel free to write an email to: datenschutz@gebiom.com

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Depending on the laws of your country, you may have rights to request the information we have collected about you, demand to update the data and delete the data. To execute your rights you can write an email to datenschutz@gebiom.com This privacy policy was created using Termly's Privacy Policy Generator.