개인정보처리방침

Pepaminto Data Privacy Policy

Version 1 April, 2024

 

Introduction

 

This policy outlines how we process any personal data collected from you or provided by using Pepaminto ('Our App and Topper'). It is important to carefully review the following to understand our views and practices regarding your sensitive information and how we handle it. 

 

You retain ownership and control of your personal data. To empower you, we provide multiple avenues to manage the privacy of your information and continuously enhance functionalities for your control. By default, your health-related personal data is solely stored locally on your device. While the app is programmed to transmit personal information (such as preferred thermal setting) and technical data (such as Machine ID) to us in specific instances, we cannot access or control your health data without your explicit consent.

 

How we use your information

 

Our primary aim in collecting and utilizing your data is to effectively measure and design a customized path to improve your sleep experience. Utilizing your personal sleep data is integral for Pepaminto to provide services that involve analyzing and assessing sleep conditions and solutions. It is guaranteed that your data will not be sold to third parties.

The information you provide will be used for the following purposes:

 

·      To deliver our services to you

·      To allow you access to our app and help you to use our services to access or provide content through the Pepaminto.

·      To improve our service continually, along with our app and user experience

 

We gather log data regarding user trends on our app, which we use internally to comprehend user interactions with businesses, brands, and each other online, and to provide insights in these areas. These data will be protected internally as well. The log data originate from a dataset containing information that could identify you, but will be protected with a high level of confidentiality internally.

 

Data we gather from you

 

We will gather and handle the following data about you:

 

Information provided by you: This comprises data you provide us with by completing forms within our shop website (pepaminto.shop) or by communicating with us via phone, email, or other means. It encompasses information you provide upon subscribing to our service through our app. We will only request from you the essential data required for utilizing our service. At a minimum, the information you provide us will include your name and email address.

 

Information automatically collected about you:

 

(1) If you wish to use our mobile application, we will process the following data, which is technically necessary for us to offer you the functions of our mobile application and to ensure its stability and security. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR:

 

- IP address

- Date and time of request

- Time zone difference to Greenwich Mean Time (GMT)

- Content of the request (page visited)

- Access status/HTTP status code

- Amount of data transferred

- Previously visited page

- Browser

- Operating system

- Language and version of browser software

 

In addition, to provide the services of the application, we need your device identification, the unique number of the mobile device (IMEI = International Mobile Equipment Identity), the unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), the mobile phone number (MSISDN), the MAC address for WLAN use, the name of your mobile device, your e-mail address.

 

The technical structure of the mobile application requires us to use technologies, in particular cookies. Without these technologies, our application cannot be used (fully correctly) or the support functions cannot be activated. In principle, these are temporary cookies that will be deleted at the end of the usage process, at the latest after 30 days. You cannot disable these cookies if you want to use our application. The legal basis for this processing is Art. 6 par. 1 sentence 1 lit. f GDPR.

 

(2) When using our mobile app, we will also collect and process the following data necessary for the fulfilment of our contract.

 

·      Temperature logs for each zone (lumbar, feet) recorded every 5 minutes

·      Required temperature settings for each zone (lumbar, feet)

·      Time stamps indicating when users activate/deactivate the topper

·      Room temperature and air quality

·      Date and time of data transfer

 

Apple Health Kit

 

Our app supports the use of Apple Health Kit functionality. If enabled within Pepaminto, our app can access heartbeat data, but we will not store it. We will only use it for "sleep onset" or "later in the night" features.

 

 

How we manage and use your information

 

The data and content stored in our system is strategically distributed geographically to enhance the user experience. All personally identifiable information about individuals within the European Union is stored only within the European Union.

 

Your sleep data will be used to provide your daily Pepaminto usage by running engines based on your measured personal sleep status. This provides the necessary insight, advice and education to improve your understanding of your sleep condition. Personalized solution recommendations, which may include general product or service categories or specific products or services, are dependent on your personal information.

 

In addition, your information is used for a variety of purposes, including troubleshooting performance issues, product analysis (such as tracking preferred thermal settings), and marketing (such as sending emails about new content and features).

 

Our data is hosted on the Bosch IoT Portal Engine, which is provided by Bosch Global Software Technologies GmbH, Stuttgart, Germany, which acts for us as a processor within the meaning of Art. 28. Art. 28 GDPR.

 

General information about data processing

 

Unless otherwise stated, Variowell GmbH is the data controller of personal data collected through the products and services covered by this statement. Our contact details are set out below: 

 

Variowell Development GmbH

Fridtjof-Nansen-Weg 5a

48155 Münster, Germany

Phone: +49 (0)251 2031 989-0

Email: contact @variowell-development.com

Homepage: www.variowell-development.com

 

If you have any questions about our privacy practices or this statement, please contact us at datenschutz@variowell-development.com or at our postal address (see above) with the words "Data Protection Officer" in the subject line.

 

We process our users' personal data only to the extent necessary to provide our content and services.

 

Legal basis for processing personal data: Where we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing necessary for the performance of pre-contractual measures. If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

 

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies, i.e. regularly at the end of the contract. Data may also be retained where required by European or national legislation, EU regulations, law or other rules to which the data controller is subject.

 

As a matter of principle, we do not disclose personal data to third parties without your express consent. However, if we do disclose, transfer or otherwise give access to your data to third parties in the course of processing, we will do so only on the basis of one of the above legal bases. For example, we will transfer data to payment service providers if this is necessary for the fulfilment of the contract. If we are required to do so by law or court order, we must disclose your information to the appropriate authorities. In some cases, we use carefully selected external service providers to process your data. If data is transferred to service providers in the context of so-called order processing, this is done based on Art. 28 GDPR. Our processors are carefully selected, bound by our instructions and regularly monitored by us. We only use processors who provide sufficient guarantees that appropriate technical and organizational measures are taken to ensure that the processing is carried out in accordance with the requirements of data protection legislation and guarantees the protection of your rights.

 

The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we process data outside the European Union or the European Economic Area when using third party services.  We will only allow your data to be processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. As a rule, we will obtain your consent in accordance with Art. 49 GDPR. Alternatively, your data may be processed on the basis of special safeguards, such as the EU Commission's official recognition of an EU-compliant level of data protection or compliance with officially recognized special contractual obligations, the so-called "standard contractual clauses".

 

We do not use automated decision making or profiling.

 

Your rights

 

You can exercise many of your rights directly in the Pepaminto application. You can also contact us directly at pepaminto@variowell-development.com and we will help you with your request.

 

You have the following rights with respect to your personal information, unless restricted by law:

Right of access,

Right to rectification or erasure,

Right to restrict processing,

Right to object to processing,

Right to data portability,

 

You also have the right to complain to a data protection authority about the processing of your personal data by us. The competent supervisory authority for Variowell Development GmbH is

 

The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia

Kavalleriestr. 2-4

40213 Duesseldorf

Telephone: 0211/38424-0

Fax: 0211/38424-999

E-mail: poststelle@ldi.nrw.de

 

Revocation or objection to the processing of your data: If you have given your consent to the processing of your data, you may revoke it at any time. Such revocation will affect the lawfulness of the processing of your personal data after you have given it to us. The lawfulness of the processing of your data up to the time of your revocation remains unaffected.

                   

 

How to contact us 

 

If you have any technical or support questions, please contact us at pepaminto@variowell-development.com.

 

If you have any questions about our privacy practices or this statement, please contact us at datenschutz@variowell-development.com or at our postal address (see above) with "Privacy Officer" in the subject line.

 

 

April 2024