European Data Protection Supervisor (EDPS):
In brief: Neonish itself does not collect ANY Personal Information about you.
We are pleased about your interest in neonish products. The protection of your personal data is an important concern for us. This page informs you of our policies regarding the collection, use, and disclosure of personal data and on what legal basis this is done.
Neonish ("we", "us", or "our") operates this website ("Website") and several mobile applications ("Apps") (Mobile applications and website together the "Services")
The use of our services is possible without any indication of personal data. Preferences and user input made in the apps are, if at all, stored locally on the device and are not transmitted to us. However, processing of personal data may become necessary if a data subject wants to use special features via our services, e.g. use a contact form.
The processing of personal data (e.g. name, address, e-mail address) shall always be in line with the General Data Protection Regulation (GDPR).
Collection and processing of personal data
We only store personal data if the data subject provides this data voluntary, e.g. by using a contact form, and only as this is permitted to us on the basis of a consent given by the data subject or in accordance with the applicable legal provisions.
Our services automatically collect a series of general data and information when a data subject uses them. This general data is stored in the server log files. Collected data and information of the accessing system may contain the browser type and version, the operating system, the referring website from which an accessing system reaches our website, the sub-website, the timestamp of the access, an IP-address, the Internet service provider and similar data and information about the accessing device which can be used in the event of an attack on our IT systems. When using such collected data and information, we do not draw any conclusions about the data subject. The anonymous data of the server log files are stored separately from all personal data provided elsewhere by a data subject. The gathered information is only needed to deliver the content of our services, optimize the content of our services and advertisement, ensure the viability of our services on the long-run, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. We may analyze anonymously collected data and information statistically to increase our data protection and data security, and to ensure the best protection of the personal data we process.
We do not use automatic decision-making or profiling.
This website and some of our services are hosted by an external service provider (one.com). The personal data collected on this website is stored on the host's servers. This can be v. a. IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para 1 lit. b GDPR). 1 lit. f GDPR).
Our hoster will only process your data to the extent necessary to fulfill his performance obligations and follow our instructions in relation to this data.
We use the following hoster:
One.com Group AB
211 20 Malmö
For general information on ad serving companies and how to opt out of their targeted advertising, please visit: https://www.networkadvertising.org/choices/.
Contact possibility via the website
If the data subject chooses to contact the controller by e-mail or via a contact form, the voluntarily provided personal data is automatically stored. The personal data transmitted by the data subject will not be transferred to third parties and is only stored for the purpose of contacting or processing the data subject.
We have implemented numerous technical and organizational measures to our services to ensure the best protection of personal data processed by us possible. However, Internet-based data transmissions may always have security gaps, so absolute protection can not be guaranteed.
Legal bases of processing
If we obtain consent for the processing of a data subjects personal data, that consent is the legal basis for the processing operations as stated in Art. 6(1) lit. a GDPR. If the processing of personal data is necessary for the execution of a contract to which the data subject is party, the processing is based on Art. 6(1) lit. b GDPR. If the processing of a data subjects personal data is necessary for the fulfillment of our legal obligations (e.g. for the retention of data), the processing is based on Art. 6(1) lit. c GDPR.
The processing of personal data may be necessary to protect the vital interests of the data subject or those of another natural person. In those rare cases we are authorized to process the data subjects personal data based on Art. 6(1) lit. d GDPR.
Finally, we may process personal data for the purposes of safeguarding our legitimate interests and the legitimate interests of third parties based on Art. 6(1) lit. f GDPR. Our legitimate interest is to carry out our business in favor of the well-being of our companies employees and shareholders.
Deletion of personal data
The period of storage of personal data is the respective statutory retention period. The data is deleted regularly after expiration of that period unless it is necessary for the fulfillment of the contract or the initiation of the contract. Personal data will be deleted as soon as the purpose for which it was collected and processed ceases to apply. Beyond that it will only be stored as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If you wish for the deletion of your personal data, please formally notify us by sending an email.
Provision of personal data if necessary
The provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions. At times it may be necessary to conclude a contract that the data subject provides us containing personal data, which must subsequently be processed by us. E.g. the data subject is compelled to provide us with personal data when we sign a contract with him or her. A contract without the personal data would have the consequence that it could not be concluded. Before personal data is provided this way by a data subject, he or she has to contact us so that we can clarify whether the provision of that personal data is required by law or contract or is necessary for the conclusion of the contract and the consequences of non-provision of the personal data.
Rights of the data subject
As a data subject, you have the right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and right to data portability (Art. 20 GDPR).
Furthermore, the data subject has the right to withdraw his or her consent to processing of his or her personal data at any time. The legality of processing the personal data before withdrawal remains unaffected.
The data subject has the right to object at any time to the processing of his or her personal data based on Art. 6(1) lit. e GDPR (data processing in the public interest) or Art. 6(1) lit. f GDPR (data processing on the basis of a balance of interests) on grounds relating to his or her particular situation. In this case, we can only process the data subjects personal data if we can prove compelling legitimate reasons that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
We ask you to address your declarations or claims to the following contact: firstname.lastname@example.org
Each data subject shall have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR), if he or she believes that the processing of his or her personal data violates legal requirements.
This data protection declaration is based on the terminology used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). We would like to explain the terms used to make our data protection declaration legible and understandable for the general public. We use, amongst others, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
We use the Google Maps map service so that you can access interactive maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use
this feature to present our service area on a map, for example. Location data that is sent to Google is always made anonymous.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored by Google on servers in the United States. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google can use Google Web Fonts for the purpose of uniformly displaying the fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
We use an API of the map service of OpenStreetMap (OSM). The provider is the Open Street Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.
When you visit a website on which OpenStreetMap is integrated, among other things, Your IP address and further information about your behavior on this website are forwarded to the OSMF. OpenStreetMap may save cookies in your browser or use comparable recognition technologies.
Your location can also be recorded if you do this in your device settings - e.g. B. on your mobile phone. The provider of this site has no influence on this data transfer. Details can be found in the data protection declaration of OpenStreetMap under the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
The use of OpenStreetMap takes place in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 lit. . 1 lit. a GDPR; the consent can be withdrawn at any time.
We use RevenueCat for subscription and purchase management within our products. The provider is RevenueCat, Inc. a Delaware corporation with a place of business at 237 A St. PMB 65402 San Diego, California 92101-4003. Any purchase you make via in-app purchases, such as one-time purchases, tokens, or subscriptions, may be sent to RevenueCat for validation, processing, and storage. This allows us to conveniently track income among our services and products, and provide a better purchase, restore, and refund experience to our end users. Please note that we reserve the right to change this approach or switch to a different processor at any time.
Your billing information, address and name are neither visible to neonish, nor RevenueCat. Any necessary, non-personally identifiable data will be shared and saved anonymously.
We use the Firebase service from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in order to derive application behavioral analytics. We use that information to see how users interact with our website and app.
Firebase is part of the Google Cloud Platform and offers numerous services for developers. A list can be found here: https://firebase.google.com/terms/. Some Firebase services process personal data. In most cases, the personal data is limited to so-called “instance IDs”, which are provided with a time stamp. These “Instance IDs” assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not represent personally identifiable information for us, nor do we make any efforts to personalize it subsequently. We process these aggregated data to analyze and optimize usage behavior, for example by evaluating crash reports.
Whenever possible, we use servers located within the EU. However, it cannot be ruled out that data will also be transferred to the USA. You can find more information about Google Firebase and data protection at https://policies.google.com/privacy and firebase.google.com.
Currently, we use the following Firebase services:
Firebase Firestore Database: Firebase Firestore Database is a hosting and backend service provided by Google LLC.
Purpose: Providing of hosting & backend infrastructure for our apps
Cloud Functions for Firebase: Firebase Cloud Functions is a backend service provided by Google LLC.
Purpose: Providing of backend infrastructure for our apps
Firebase Hosting: Firebase Hosting is a hosting service provided by Google LLC.
Purpose: Proviging hosting infrastrucure for our testimonial website.
Firebase Dynamic Links: Dynamic Links uses device specs on iOS to open newly-installed apps to a specific page or context. Dynamic Links only stores device specs temporarily, to provide the service.
Firebase will use this information on our behalf for the above mentioned reasons.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation http://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
If you have any question about this Privacy Statement, please contact us via email@example.com.
If any provision of these Terms is held to be unenforceable or invalid, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.