As of April 2020
Responsible in the sense of the General Data Protection Regulation (GDPR):
Active Giving GmbH
What data is collected and how is it collected?
With regard to the data collected about the user, a distinction must be made between data that the user himself/herself enters via the user interface of the app or website (“Data entered by the user”) and data that is independently collected and stored in the background by the app or website (“Data collected by the Active Giving app” or “Data collected by the website »).
Data entered by the user
When creating a user account, the following data is requested from the user, which is entered into the corresponding text fields:
Name (can be first and last name).
Data collected by the Active Giving App.
In addition to the personal data entered by the user, data is collected and stored in the background with the installation and use of the Active Giving App.
The following device-related data is collected and stored:
- Devices Operating software
- Version of the operating software
- Device model
The following activity-related data is collected and stored:
- the type of activity,
- the duration of the activity,
- to calculate the distance and country: the live location when recording an activity via the GPS module of the cell phone as well as
- the donation organization selected by the user for the respective activity.
- The recording of the user’s live location is only used to determine the user’s location and to calculate the total distance. The so-called waypoints are not stored.
User behavior of the users
Furthermore, data is collected that relates to the usage behavior and the use of the app. This includes the areas of the app which users visit and how long the user visits them.
Import of activity data via a third-party provider
If the user imports activity data into the Active Giving App via a third-party provider, the following data points are stored:
- User authorization data to query activity data from the third party provider after the user explicitly gives consent for access,
- The relevant activity data to calculate the donation generated by the user, and
- The country and time in which the activity was completed.
- Although additional data points can be transmitted via the interface offered by the respective third-party provider, these are not stored by the Active Giving App.
Data collected by the website
- The following data is collected and stored when visiting the website: User data (IP address, browser and device information).
- Data about the use of the website
The website uses the WP Statistics plugin. More information is available here: https://wordpress.org/plugins/wp-statistics/#gdpr%20compliant%3F.
For what purposes is the data collected?
The personal and technical data collected by Active Giving is used for the following purposes:
- For the calculation of generated funds through the sports activities. We will perform these activities in order to manage our contractual relationship with the user and/or to comply with a legal obligation. Legal bases for the processing in this case are Art. 6 para. 1 sentence 1 lit. b) and/or lit. f) of the GDPR.
- To provide information, emails (e.g. newsletters) and success reports to users. We will perform this activity with the consent of the user or, if consent is not required, if we have a legitimate interest. Legal bases for the processing in this case are Art. 6 para. 1 sentence 1 lit. a) or lit. f) GDPR.
- To be able to use basic features of the app (such as GPS tracking) or the website. We will perform this activity with the consent of the user, or if consent is not required to manage our contractual relationship with the user, or if we have a legitimate interest. Legal bases for processing in this case are Art. 6 para. 1 sentence 1 lit. a), lit. b) or lit. f) GDPR.
- To be able to use extended features (access to third-party providers, teams, standard donation organization), of the app. We will perform this activity with the consent of the user, or if consent is not required to manage our contractual relationship with the user, or if we have a legitimate interest. Legal bases for the processing in this case are Art. 6 para. 1 sentence 1 lit. a), lit. b) or lit. f) GDPR.
- In order to be able to improve or simplify the use of the Active Giving app or website and other Active Giving services. We will carry out this activity if we have a legitimate interest. In this case, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.
- To make the content of the Active Giving app or website more relevant to the user. We will carry out these activities to manage our contractual relationship with the user or if we have a legitimate interest. Legal bases for the processing in this case are Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR.
- To send the user background information about Active Giving and Active Giving’s partners. We will perform this activity with the consent of the user or, if consent is not required, if we have a legitimate interest. Legal bases for the processing in this case are Art. 6 para. 1 sentence 1 lit. a) or lit. f) GDPR.
- For the evaluation and analysis of activity data for internal business purposes. We will perform this activity if we have a legitimate interest. The legal basis for the processing in this case is Art. 6 para. 1 sentence 1 lit. f) GDPR.
We retain personal information for as long as is necessary or permissible in light of the purposes for which it was collected and in accordance with applicable law. The criteria used to determine our retention period include:
- The period of time over which we have an ongoing contractual relationship with a user and provide the app or website to the user (for example, as long as the user has an account with us or continues to use the app);
- Whether there is a legal obligation to which we are subject (for example, some laws require us to retain records of transactions with users for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (for example, in relation to relevant statutes of limitations, litigation or regulatory investigations).
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees are in place (e.g. binding internal company data protection regulations or an agreement of the EU Commission’s standard contractual clauses). Detailed information on this and on the level of data protection at service providers in third countries is available from the contact details above.
Third party integration
Hosting and App Infrastructure
The Active Giving App, and therefore user and activity-related data, is hosted by Amazon Web Services Inc. (hereinafter “Amazon”) hosted on servers in Germany.
Active Giving has entered into standard contractual clauses with Amazon for commissioned data processing, with which Amazon undertakes to comply with the EU level of data protection and to handle our users’ data only in accordance with Active Giving’s instructions. Information about Amazon’s data protection can be found at https://aws.amazon.com/de/compliance/eu-data-protection/.
Amazon has joined the EU-US Privacy Shield if Active Giving users’ data is transferred to the US.
Email for Strava Generated Activities
In order to notify our users about the download of new activity data from Strava, Active Giving makes use of Amazon Simple Email Service (see section “Email Service” below).
This will continue to receive a message in addition to the email address as the recipient of the message, but this message will not contain any personally identifiable information.
The user can stop receiving emails at any time in the Active Giving app.
E-mail service for newsletters
In order to reach the user with information and reports via email, Active Giving transmits the message to be sent as well as the email address of the respective user to the technical service provider Amazon so that it can send the email to the user.
The user can object to the sending of the messages at any time in the settings, whereby Active Giving will then no longer send the messages to this user until the sending is reactivated.
For sending newsletters we use the service provider Mailchimp. More information is available here: https://mailchimp.com/legal/privacy/.
Shared information from the Active Giving App.
Reference to and links to third parties in the Active Giving App or website.
The business model of the Active Giving App is based on companies acting as sponsors for the funding of donations to fundraising organizations. For this purpose, we present the user with the sponsor who is funding the donation. Accordingly, the sponsor is named to the user in the form of a logo or lettering.
The Active Giving app or website may also contain links that lead to third-party providers or companies that are justified by a business relationship established with Active Giving.
However, these third parties do not collect or receive any information about the user from Active Giving until the time the user is directed to the respective link. Furthermore, Active Giving is not responsible for the information provided by the third parties, even if it is loaded in browser-like (webview) windows within the Active Giving app.
No banner ads will be displayed within the Active Giving App by third parties that are not either a sponsor, fundraising organization, or other entity related to the financial support of an activity.
Subject to the legal requirements, you have the right to obtain information (Art. 15 GDPR) about your processed personal data and to request the rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of your personal data or the restriction of processing (Art. 18 GDPR) using the contact details above.
Please clearly indicate in your request which personal data you would like to have changed or if you would like your personal data to be removed from our database. For your protection, we can only respond to requests related to the personal data associated with the particular email address you use to send us your request, and we may need to verify your identity before we begin processing your request. We will attempt to respond to your request as soon as practicable.
In addition, you have the option of contacting the relevant supervisory authority.
If we process your data to protect legitimate interests (Art. 6 (1) sentence 1 lit. f) GDPR), you may object to this processing if reasons arise from your particular situation that conflict with this data processing (right of objection, Art. 21 GDPR). Please address your objection to the contact details provided above.
If we process your personal data on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), e.g. for sending newsletters, you can revoke this consent at any time (right of revocation, Art. 7 para. 3 GDPR). Please address your revocation to the contact details provided above.
If we process your personal data on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), you have the right to receive the personal data concerning you in a structured, common and machine-readable format (right to data portability, Art. 20 GDPR).
When operating the Active Giving app or website, market physical and electronic security standards are used to protect personal information.
This includes restricting access to personal information to individuals who perform related functions at Active Giving and need access to personal information to do so. In addition, employees at Active Giving are informed about how personal information should be handled and that under no circumstances should the information be shared with other third parties without the customer’s consent.
Further, other technical enhancements will be implemented to better protect customer data over time.
While the above safeguards are implemented and adhered to, electronically processed or stored data is never 100% secure from attack.
Changes to the privacy statement
This statement may be updated from time to time as new policies, data points, or changes in data processing occur.
Therefore, we encourage you to periodically review this Privacy Statement to be informed of Active Giving’s most current practices regarding data processing.
If you have any further questions, please feel free to contact our team at firstname.lastname@example.org.