Live Demo

Privacy Policy App

Last updated: 13.06.2025

1. Introduction and Controller Contact Details

 1.1. We are pleased that you are using our application (hereinafter “App”). Below we inform you about the handling of your personal data when using our App. Personal data means all data by which you can be personally identified.

1.2. The controller for data processing in connection with this App within the meaning of the General Data Protection Regulation (GDPR) is MYOact GmbH, Kaiserstrasse 61, 60329 Frankfurt am Main, Germany, Telephone: +49 (0) 69 – 24751025, Email: info@myoact.de. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3. For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this App uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.

2. Log files when using our mobile App

When you download our App from an app store, the necessary information is transmitted to the app store, in particular your username, email address and customer number of your account, time of the download, payment information, and the individual device identifier. We have no influence on this data collection and are not responsible for it. We process the data only insofar as it is necessary to download the mobile App to your mobile device.
When using our App, we collect the personal data described below to enable convenient use of the functionality. If you wish to use our App, we collect the following data, which are technically necessary for us to offer you the functions of our App and to ensure stability and security:

  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request
  • Access status / HTTP status code
  • Amount of data transferred in bytes
  • Source/referrer from which you reached the page
  • Browser used
  • Language and version of the browser software
  • Operating system used and its interface
  • IP address used (where applicable, in anonymised form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our App. There is no disclosure or other use of the data. However, we reserve the right to subsequently check the aforementioned log files if there are specific indications of unlawful use.
We also require your device’s unique number (IMEI = International Mobile Equipment Identity), the subscriber’s unique number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), where applicable the MAC address for Wi-Fi use, and the name of your mobile device.

3. Hosting & Content-Delivery-Network

For hosting our App and displaying page content, we use a provider that performs its services itself or through selected subcontractors exclusively on servers within the European Union. All data collected on our website are processed on these servers. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.

4. Cookies

To make our App attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are placed on your device. We use only so-called session cookies, which are automatically deleted after closing the App. These session cookies serve to facilitate the use of the App and to maintain certain functions during your current session.

Since only session cookies are used, no permanent (so-called persistent) cookies are stored on your device. This means no personal data are collected or processed over longer periods.
The use of session cookies is based on our legitimate interests in a functioning and user-friendly App, Art. 6(1)(f) GDPR.

You can configure your mobile operating system and the App settings according to your preferences. Please note that if you disable session cookies, not all functions of our App may be fully usable.

5. Use of your photos

At the start of using our mobile App, we ask you in a pop-up for permission to use your photos. If you do not grant consent, we will not use this data. In this case you may not be able to use all functions of our App. You can grant or revoke consent later in your operating system settings.
If you permit access to this data, the mobile App will access and transmit it to our servers only insofar as necessary to provide the functionality. We will treat your data confidentially and delete it when you revoke the right to use it or when it is no longer required for the provision of services and no legal retention obligations exist. The legal basis for processing is Art. 6(1)(f) GDPR.

6. Data processing when opening a customer account

Pursuant to Art. 6(1)(b) GDPR, personal data are also collected and processed if you provide them to us for the purpose of performing a contract or when opening a customer account. Which data are collected can be seen from the respective input forms. You can delete your customer account at any time by sending a message to the controller’s address stated above. We store and use the data you provide for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or we have reserved a legally permitted further data use, about which we inform you below.

7. Registration in the App

You can register in our App by providing personal data. Which personal data are processed for registration results from the input mask used for registration. We use the so-called double-opt-in procedure, i.e., your registration is only complete once you have confirmed your sign-up by clicking on the link in a confirmation email sent to you for this purpose. If your confirmation is not received within 24 hours, your registration will be automatically deleted from our database. The provision of the data mentioned above is mandatory. You can provide any further information voluntarily by using our portal.
When you use our App, we store the data required for contract performance, including any payment method details, until you permanently delete your access. We also store the data you voluntarily provide for the duration of your use of the portal, unless you delete them earlier. You can manage and change all information in the protected customer area. The legal basis is Art. 6(1)(f) GDPR.

8. Processing of health data

Insofar as processing of health data is required to fulfill our contractual performance obligation, such data will be collected and processed strictly for the intended purpose and in accordance with the applicable statutory data protection provisions. Health data are a special category of personal data that allow direct or indirect conclusions about a person’s physical and/or mental health status. Your health data will not be disclosed to third parties. The health data you provide will be collected by us for the purpose of performing the contract only if you have given us explicit consent within the meaning of Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future vis-à-vis the controller.

9. Tools and Other

9.1. Services for creating automatic error and crash reports:

Firebase Crashlytics

We use “Firebase Crashlytics,” a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland, to create anonymized crash reports in order to improve the stability and reliability of our App.

Exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR, anonymous information is transmitted to Google’s servers in the event of an App crash (state of the App at the time of the crash, installation UUID, crash trace, handset manufacturer and operating system, last log messages). Transfers to Google LLC in the USA are also possible. This information does not contain personal data.

When using an iOS-based device, you can give consent in the App settings or after a crash. When using an Android-based device, you have the option during setup to generally consent to the transmission of crash notifications to Google and app developers.
You can revoke your consent at any time by

  • in iOS: deactivating the “Crash Reports” function in the App settings
  • in Android: adjusting the system settings. To do so, open the device settings, select “Google,” and then, in the three-dot menu at the top right, the “Usage & diagnostics” item. There you can disable the sending of the corresponding data.

Further information on data protection can be found in Firebase Crashlytics’ privacy notices at firebase.google.com/support/privacy.

9.2. Google Maps

This App uses an online map service from the following provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service for displaying interactive (land) maps in order to present geographic information visually. Using this service allows our location to be displayed to you and may facilitate any directions.
As soon as you access those App layouts in which the Google Maps map is embedded, information about your use of our App (such as your IP address) is transmitted to Google’s servers and stored there; this may also involve transmission to servers of Google LLC in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data are directly assigned to your account. If you do not wish the assignment to your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
Collection, storage, and evaluation are carried out pursuant to Art. 6(1)(f) GDPR on the basis of Google’s legitimate interest in displaying personalized advertising, market research, and/or needs-based design of Google websites. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google. If you do not agree to the future transmission of your data to Google within the scope of using Google Maps, you also have the option to completely deactivate the Google Maps web service by disabling JavaScript in your browser. Google Maps and thus the map display on this website can then no longer be used.
Where legally required, we have obtained your consent pursuant to Art. 6(1)(a) GDPR for the processing of your data described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option to object described above.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision of the European Commission, ensures compliance with the European level of data protection.
Further information on Google’s privacy policies can be found here: business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy

9.3 Sending emails

Brevo

For sending emails in the context of registration and other communications related to the use of our App, we use the “Brevo” service (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany). Brevo processes personal data on our behalf (e.g., name, email address, communication content) pursuant to Art. 28 GDPR under a data processing agreement.
Processing is based on our legitimate interest in efficient and user-friendly communication (Art. 6(1)(f) GDPR) or, where necessary, for the performance of a contract or the implementation of pre-contractual measures (Art. 6(1)(b) GDPR).
Transfers of personal data to third countries occur only where appropriate safeguards in accordance with Art. 44 et seq. GDPR are in place. Further information on data processing by Brevo can be found in Brevo’s privacy policy at:
https://www.brevo.com/legal/privacypolicy/

10. Data subject rights

10.1. Applicable data protection law grants you the following rights against the controller with regard to the processing of your personal data (rights of access and intervention), with the respective prerequisites for exercise referenced to the legal basis cited:

  • Right of access pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to notification pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent granted pursuant to Art. 7(3) GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

10.2. RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

11. Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the processing purpose, and—where relevant—also by the respective statutory retention period (e.g., commercial and tax retention periods).
Where personal data are processed on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, such data are stored until you revoke your consent.
If statutory retention periods exist for data processed on the basis of Art. 6(1)(b) GDPR in the context of contractual or quasi-contractual obligations, these data are routinely deleted after the retention periods expire, provided they are no longer required for contract performance or initiation and/or there is no legitimate interest on our part in continued storage.

Where personal data are processed on the basis of Art. 6(1)(f) GDPR, such data are stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where personal data are processed for the purpose of direct advertising on the basis of Art. 6(1)(f) GDPR, such data are stored until you exercise your right to object pursuant to Art. 21(2) GDPR.
Unless otherwise stated in the other information in this notice regarding specific processing situations, personal data stored will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.