Privacy Policy for the "FitFlow" app

For detailed information on data protection on our website, please refer to our Privacy Policy.
The following additional information on data processing applies to using the "FitFlow" app:

FitFlow is a digital platform that allows customers and potential customers of the provider to use their mobile device (camera and scanner for facial recognition) to measure their face and create a portrait photo for trying on virtual glasses on the provider's website. FitFlow is provided by Edeloptics GmbH (hereinafter referred to as "we" or "us") as the data controller within the meaning of the applicable data protection law.

When using FitFlow, we process personal data about the users. Personal data is all information that relates to an identified or identifiable natural person. Because protecting the privacy of those using our app is important to us, we want to use the information below to help you understand what personal data we process when you use the app and how we handle this data. In addition, we will inform you about the legal basis for processing your data and, insofar as the processing is necessary to safeguard our legitimate interests, also about these interests.

1. Who is responsible for data processing and who can I contact?

This Privacy Policy applies to data processing by:

Data controller:
Edeloptics GmbH
Nobistor 16
22767 Hamburg
Germany
Phone: 0800 29 9 29 29 (Mon to Fri, 10 a.m. to 7 p.m.)
Email:info@edel-optics.com

The company data protection officer can be reached at the above address, for the attention of the data protection officer, or by email at datenschutz@edel-optics.de.

2. Information on the processing of your data

Certain information is processed automatically as soon as you use the app. We have listed which personal data is processed for you below:

a) Information collected during the download

When downloading the app, certain required information is transmitted to the app store you have selected (e.g., Google Play or Apple App Store): in particular, the username, email address, customer number of your account, time of download, payment information and individual device code can be processed. This data is processed exclusively by the app store in question, and is beyond our control.

b) Information collected automatically

As part of your use of the app, we automatically collect certain data that is required to use the app. This includes:

• Internal device ID
• The version of your operating system
• The time of access
• IP address

This data is automatically transmitted to us in order to (1) provide you with the service and the associated functions or (2) improve the functions and features of the app.

This is necessary for the smooth operation and use of the app. The legal basis for this data processing is Art. 6 (1) (1) (b) of the General Data Protection Regulation (GDPR). In addition, we also process this data to prevent and eliminate misuse and malfunctions. The legal basis for this is Art. 6 (1) (1) (f) GDPR. Our overriding, legitimate interest is to ensure the functionality and error-free operation of the app and to be able to offer a service that is in line with the market and interests.

c) Establishing contact

You can get in touch with us by phone or email. Your name, if necessary, a valid email address and your request are required, so we know who sent the enquiry and can respond to it. Further information can be provided voluntarily.

Data processing for establishing contact is carried out in accordance with Art. 6 (1) (1) (a) GDPR on the basis of your voluntary consent or in accordance with Art. 6 (1) (1) (b) GDPR to fulfil a contract with you or to undertake measures leading to such a contract.

d) Use of the app

You can use our app to collect data with the camera and the scanner for face recognition on your mobile device (portrait photo, width of your face, distance of your pupils and distance between your eyes, right and left, hereinafter collectively referred to as "data").
In principle, this data is collected voluntarily and at your request. Initially, the data will only be processed in the memory of your mobile device and will only be transmitted to the servers by us after you have given your express consent. From there, the data is integrated into our website and can be used by you for trying on virtual items on our website. The data is then retrieved from our server by your browser and displayed in the browser. You can access the data stored on your mobile device for as long as FitFlow is installed on your device.
If you delete FitFlow from your device, the data stored on the device will also be deleted. We store the data transmitted to us as long as there is a session running in your internet browser for trying on virtual items. We will delete or anonymise the data.
If you have registered as a customer of ours and have an account, then the data relating to your account will be stored. If you log in with your account, you can access the data on our website and therefore also try on virtual items at a later time.

In addition, so-called TrueDepth data is processed only on your mobile phone, which is used to measure the distance of your face from your mobile phone during facial recognition so that the width of your face, the distance of your pupils and the distance between your eyes, right and left, can be calculated. This TrueDepth data is processed exclusively on your mobile phone, not passed on to third parties, and we do not have access to this data.

Usage data is processed and used for providing the service and our services. This data processing is justified by the fact that the processing is necessary to fulfil the contract between you as the data subject and us in accordance with Art. 6(1) (b) GDPR for using the app. However, the data is transferred to our servers on the basis of your consent, Art. 6 (1) (1) (a) GDPR, which you can revoke at any time with effect for the future, e.g., by email to info@edel-optics.de.

3. Sharing of data:

In addition to the cases explicitly mentioned in this Privacy Policy, your personal data will only be passed on without your express prior consent if it is legally permissible or necessary.

In the context of fulfilling the contract, we will, if necessary, share the required data with third parties that we use to provide the services (e.g., hosting of the website and other service providers). These companies work for us as data processors in accordance with Art. 28 GDPR and are not entitled to process the data for their own purposes.

If required to investigate the unlawful or improper use of the app or for prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, as appropriate, to injured third parties or legal advisers. This only happens when there are indications of illegal or abusive conduct. Your personal data may also be shared if this serves to enforce terms of use or other legal claims. We are also required by law to provide information to certain public authorities upon request. These include law enforcement agencies, authorities enforcing civil penalties and fines, and tax authorities.

Any transfer of personal data is justified by the fact that (1) processing to fulfil the contract between you as the data subject and us in accordance with Art. 6 (1) (b) GDPR is necessary for using the app; (2) processing is necessary for fulfilling a legal obligation to which we are subject in accordance with Art. 6 (1) (f) GDPR in conjunction with national laws governing the transfer of data to law enforcement agencies, or (3) we have a legitimate interest in disclosing the data to the named third parties in the event of indications of abusive behaviour or to enforce our terms of use, other terms or legal claims, and your rights to, and interests in, the protection your personal data within the meaning of Art. 6(1) (f) GDPR do not outweigh this.

4. Duration of storage of your data:

Unless otherwise stated in Section 2, your data will be processed and stored for the duration of our business relationship. In addition, we are subject to various retention and documentation obligations on the basis of the German Commercial Code (HGB) and the Tax Code (AO). The periods for storage or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Special statutory provisions may require a longer storage period, e.g., preservation of evidence for the duration of the applicable statute of limitations. According to Sections 195 et seqq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also apply.

If the data is no longer required for the fulfilment of contractual or legal obligations and rights, it will be deleted on a regular basis.

5. Your data protection rights:

Under certain conditions you can assert your data protection rights against us:

• You have the right to receive from us information about your data stored by us according to the rules of Art. 15 GDPR (possibly with restrictions according to Section 34 FDPA).
• At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
• If you wish, we will delete your data according to the principles of Art. 17 GDPR, provided that other legal regulations (e.g., legal storage obligations or the restrictions according to Section 35 FDPA) or a predominant interest on our part (e.g., to defend our rights and claims) do not oppose this.
• Taking into account the requirements of Art. 18 GDPR, you can ask us to limit the processing of your data.
• You can also object to the processing of your data in accordance with Art. 21 GDPR, which requires us to stop processing your data. However, this right of objection only applies in the event of very special circumstances of your personal situation, whereby our company's rights may conflict with your right of objection.
• You also have the right to receive your data in a structured, common and machine-readable format or to transmit it to a third party under the conditions of Art. 20 GDPR.
• In addition, you have the right to revoke any agreement in the processing of personal data at any time with effect for the future.
• You also have a right to appeal to a data protection supervisory authority (Art. 77 GDPR).

6. Scope of your obligations to provide us with your data:

If you provide us with personal data, this is done voluntarily and solely for the purpose of using FitFlow and trying on virtual items on our website. Without this data, we usually cannot offer the trying-on of virtual items on our website, as we do not have the relevant data. Regardless of this, however, there will be no disadvantages for you if you do not provide us with data about FitFlow. The use of FitFlow is voluntary and under no circumstances is the use of this service necessary to conclude a contract with us.

7. The existence of automated decision-making in individual cases (incl. profiling)

We do not use purely automated decision-making procedures in accordance with Art. 22 GDPR.

8. Right of objection in accordance with Art. 21 GDPR

If your personal data is based on legitimate interests in accordance with Art. 6(1) (1) (f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data if this is due to reasons which arise from your particular situation or if the objection is raised against direct advertising. In the latter case, you have a general right of objection, which we will implement without the need for you to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an email to info@edel-optics.de

9. Validity of and amendment to this Privacy Policy:

This Privacy Policy is currently valid as of November 2021.
It may be necessary to change this Privacy Policy from time to time as a result of the further development of our app and services or due to changes in the statutory or regulatory requirements. You can access and print out the current Privacy Policy at any time in the app under the "Data Protection" menu item.