Privacy Policy

Last updated: February 12, 2022

This privacy policy informs you of practices when handling your Information collected or submitted through the Services "Grit - Time Management" mobile app and gritapp.info website. If you disagree with this Policy, you must not use any of the Services. If you change your mind and disagree in the future, you must stop using the services and you may exercise your rights in relation to your information as set out in this Policy.

1. Entity Responsible for Data Processing (Data Controller)

The entity responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Rix Data UG (haftungsbeschränkt)
Oranienstr. 187
10999 Berlin
Email: contact@rixdata.net

2. Information we collect

We will collect and use the following information about you:
- Your consent, dissent and revocation to process your data for analytics purposes
- Phone locale
- Time zone
- Phone model
- App usage data (settings, tasks, activities, goals and in app purchases)

3. What do we use your data for

We collect, process and use data for the following purposes:
- to support the improvement of the Grit - Time Management App product
- to provide recommendations for using the app more efficiently
- to comply with our legal obligations

4. How long is the data stored?

Your personal data collected for the purpose of supporting product improvements will be deleted after 12 months.
Your personal data collected for the purpose of fulfillment of legal obligations will be stored for as long as this is necessary for achieving the defined purposes of processing.

5. Legal bases for processing of your data

We process your data relying on the following legal bases:
- if you have given us your consent to process your data, Art. 6(1)a
- realization of our Services, Art. 6(1)b
- legitimate interest relating to our Services, Art. 6(1)f
- if it is necessary for us to conform to a legal obligation Art. 6(1)c.
We may also process the data if it is necessary to protect vital interests of our users or other people, or for the fulfilment of an obligation to carry out in the public interest pursuant to Art. 6(1) (d) and (e).

6. Transfer of data to third parties

We use cloud computing services. This means we will transfer your data to a third party - the cloud services provider - and store data on the servers of that provider. In some cases, your data may also be stored abd processed on servers outside the European Union (EU). We either ensure through appropriate contracts that such service providers guarantee the same level of data privacy to which you are entitled in the EU or we use only providers that are EU-US Privacy Shield certified in order to ensures a suitable level of data privacy.
Otherwise your personal data will only be transferred to third parties if we have a legal obligation to do so.

7. Data Security

We apply security measures to protect against misuse, loss, and alteration of personal information under our control. We follow industry best practices when transferring and storing your data. For instance, all communication with the app and website requires HTTPS and passwords are hashed, not stored. Though we cannot guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.

8. Websites of third parties

Our Service may contain links to other websites that are not operated by us. We carefully select such third parties, however we assume no liability for the correctness or completeness of content or data security of any third-party websites. Nor does this Policy apply to linked third-party websites. We assume no responsibility for data privacy policies or content of any other websites.

9. California Online Privacy Protection Act Compliance

We comply with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.

10. Children's Online Privacy Protection Act Compliance

We never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

11. Your rights: information/revocation/erasure and data controller

You may ask us to provide you information about your personal data that are processed by us, correction of any errors in your personal data, termination of processing of your personal data, or deletion of your personal data - subject to mandatory legal provisions or obligations to the contrary. In particular, if you qualify as the “data subject” under GDPR, you have the right to:
- request details on personal data processed by us about you (Art. 15 GDPR).
- request the correction or completion of personal data stored with us (Art. 16 GDPR).
- demand deletion of your personal data stored by us, unless the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims (Art. 17 GDPR).
- request the restriction of the processing of your personal data as far as the accuracy of the data is disputed by you or the processing is unlawful (Art. 18 GDPR).
- obtain your personal data provided to us in a structured, standard and machine-readable format or to request transmission to another controller (Art. 20 GDPR).
- revoke at any time your consent. As a result, we will be no longer able to continue the data processing based on this consent (Art. 7 (3) GDPR)
- file a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters for this purpose (Art. 77 GDPR).
- if your personal data is processed based on legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons based on your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which shall be implemented by us without you specifying any particular situation.

12. Contacting Us

If you have questions regarding this privacy policy, you may email info@gritapp.info.