Last Update: March, 30th 2023
Exakt Health is deeply committed to protecting and respecting the privacy of its customer data.
We handle all information in compliance with applicable law and in a manner compliant with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), where applicable. If you are located in the European Union, please click here to review our Privacy Notice for the E.U.
- “App” refers to a downloadable application owned and operated by Exakt Health. This reference includes all functionalities, features, tools and content available on or through such application;
- “Services” refers to any and all Websites, Apps and Content made available to you by Exakt Health;
- “Users” refers to any and all persons that use or access the Services. “You”, “your” or similar terms will be used to refer to Users;
- "Exakt Health", "we," or "us" refer to Exakt Health, our employees, and team members;
- “Content” is referred to any and all videos, text, information, photos and other content provided or made available by Exakt Health on or through the Services, including information, videos, text, photos and other content relating to physical conditions and/or exercise programs;
- “Website” refers to any website owned and operated by Exakt Health. References to the "Website" include any and all features, functionality, tools and content available on or through each such website.
- “Controller or controller responsible for the processing”: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Types of Information Collected
Information Provided to Us
Information provided when you register for our App, update your e-mail preferences, respond to a survey, or provide feedback are stored with Exakt Health.
Exakt Health also collects and stores information provided directly to us. If a User contacts the controller by e-mail or via a contact form, the personal data transmitted by the User are automatically stored. Such personal data transmitted on a voluntary basis by a User to the data controller are stored for the purpose of processing or contacting the user.
Exakt Health does not require the input of a User’s personally identifiable information in order to gain access to the company’s Services. We will not ask for or request any sensitive material such as financial information, except in connection with payments. Please do not provide this information to us through the use of e-mails, contact forms or otherwise.
Information Obtained While Using Our Services
Exakt Health collects a series of general data when a User accesses the website. This data is stored in server log files. This information is essential in delivering the Content of our Website correctly, optimising the Content as well as the Website’s advertisements, ensuring the long term viability of our information technology systems and website technology and provide law enforcement authorities with the necessary information for criminal prosecution in case of a cyber attack. Therefore, Exakt Health analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a User.
Collected may be:
- browser types and versions used
- the operating system used by the accessing system
- the website from which an accessing system reaches our website (so-called referrers)
- the sub-websites
- date and time of access
- an Internet Protocol address (IP address)
- the internet service provider of the accessing system
- any other similar data and information that may be used in the event of attacks on our technology systems
Our Website contains a contact form that allows direct communication with us, which also includes a general e-mail address. If a User contacts the controller by e-mail or via a contact form, the personal data transmitted by the User are automatically stored. Such personal data transmitted on a voluntary basis by a User to the data controller are stored for the purpose of processing or contacting the User. We use the services of Google workspace operated by Google Ireland Limited to receive and answer your requests as well as Freshdesk operated by Freshworks Inc.
Subscription to our Newsletter
On our website, users can subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as the start of the subscription.
We inform our users and business partners regularly by means of a newsletter about our offering. The newsletter may only be received by the user if (1) they have a valid e-mail address and (2) they subscribed to the newsletter. A confirmation e-mail will be sent to the e-mail address entered by the user when they subscribe, for legal reasons, in the double opt-in procedure.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the user at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a user at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. The subscription to our newsletter may be terminated by the user at any time. The consent to the storage of personal data, which the user has given for sending the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter or it can be communicated to us directly by email.
For registering new subscribers and sending the newsletter we use the functions of the online marketing platform Mailchimp operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States. Mailchimp acts as a data processor on our behalf. Mailchimp will receive your personal information such as name, email address and expressed newsletter interests as indicated when subscribing to the newsletter. When you interact with an email campaign that you receive from us, mailchimp will automatically collect information about your device and interaction with the email. Further information about mailchimp and its privacy practices can be found here: https://mailchimp.com/legal/privacy/.
This automatic newsletter tracking is based on so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the we may see if and when an e-mail was opened by a user, and which links in the e-mail were called up by users. Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by us in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the user.
Users are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.
How Your Information is Used
Information collected by the User is used to different purposes, some of which are to:
- manage your access to our Services;
- contact you directly about activity on your account;
- carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including billing and collection;
- send the User important information to enable them to use our services;
- enable Exakt Health to correctly operates its Services which include but are not limited to internal operations, payment processing, data analysis and troubleshooting;
- comply with all applicable laws and regulations;
- notify Users of significant changes to our Services;
- protect and maintain security of our Services;
- in any other way that we describe when you provide the information; and
- for any other purpose for which you may provide consent
For certain cases, how Exakt Health treats and uses the provided information depends on the type of information provided. Some of this information may be Personally Identifiable Information which is provided by the User while using our Services or communicating. Such Personally Identifiable Information may contain your e-mail address, billing information, address or phone number and will be treated as such.
Information that we gain from your use of our Services or communications with us, such as email address, will only be used for that specific intended purpose. We may use your information, provided to us, for:
- responding to inquiries, feedbacks or requests through e-mail;
- provide you with information about our company or products and services (newsletter);
- send you e-mails regarding updates, information or alerts regarding our Services.
Our Website may also collect non-Personally identifiable information, as mentioned before. This information is used as following:
- serve advertisements through our Services;
- improve our Services and present content in the most desirable way for the User;
- safeguard our technical systems and ensure long term viability of our technology systems and website technology.
How Your Information is Shared
Exakt Health does not engage in the activity of selling any personal information of our Users to any third party company.
We may disclose your Personal Information to:
- investigate illegal or unauthorised use of our Services;
- comply with court order, law or legal processes, including responding to any government request;
- protect rights and assets of Exakt Health;
- for any other purposes disclosed by us and when providing the information.
In the event that we receive a request from a governmental entity to provide it with your Personally Identifiable Information, we will make reasonable attempts to notify you of such request, to the extent reasonably possible and legally permissible.
We may also share non-Personally Identifiable information with:
- search engines, analytics or other service providers which will help us improve our Services;
External services used by Exakt Health
As part of our Analytics, Exakt Health uses Branch on our website and application. This service allows us to better understand our end users’ application experiences, and derive additional insights into how our Users download and utilize our application.
Information collected by Branch as a result of URLs used by us and pixels placed on our Website include but are not limited to your IP address, Engagement Data, Cookies and Referer.
Collected data is limited to what is strictly required by Branch in order to provide good results. Names, email addresses, physical addresses or SSNs are types of personal data not collected by Branch. Branch also only shows us actual User data. Which means an end User must visit the Website or download the App before Exakt Health receives data on the customer’s advertising identifier. Data collected by Branch is also not sold or made available to any other entity except for its customer, in this case Exakt Health. Data acquired from Users can also be requested to be deleted at any time by the User.
We are using the component of Google Analytics (with the anonymiser function) on our website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimisation of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
For the web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the user is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the user. The definition of cookies is explained below. With the setting of the cookie, Google is enabled to analyse the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the user will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the user, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the user. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the user, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The user may, as stated below, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the user. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
We are using Google Analytics and Crashlytics for Firebase in our mobile applications.
Google Analytics for Firebase collects user and event data during the use of the mobile application that helps us understand how the App is being used and how we can improve the overall In-App experience as well as user acquisition. Firebase collects the information using identifiers for mobile devices and utilises technologies similar to cookies. The following type of information is collected during the process: number of users and App session, session duration, operating systems, device models, geography, first App launch, App opens and App updated. The full list of events captured in our implementation can be found here. You can find a full list of user-dimensions collected here. All data on an individual level is deleted latest after 14 months after it has been collected.
Firebase Crashlytics allows us to collect technical data about App crashes and monitor the technical stability of the App. The collected data consists of a crashlytics installation ID and crash traces when an App crash occurs. The data will be deleted after 90 days.
The operator of the Google Analytics and Crashlytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. Find more information about the privacy and security measures in Firebase to protect your data here.
You are able to object to a collection of data generated by Google Analytics and Crashlytics for Firebase. Go to the settings page of the App and move the respective toggle for Google Analytics and Crashlytics to Off.
We are using Google AdWords on our website. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google’s search results only then displayed, when the user utilises the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.
The operating company of Google AdWords is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website.
If a user reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the user through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the user. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimise our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the user.
The conversion cookie stores personal information, e.g. the Internet pages visited by the user. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the user, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The user may, at any time, prevent the setting of cookies by our website, as stated below, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the user. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.
The user has a possibility of objecting to the interest based advertisement of Google. Therefore, the user must access from each of the browsers in use the link www.google.de/settings/ads and set the desired settings.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.
We are using the services of OneSignal that allow us to send you in-app messages and mobile push notifications. With In-App messages we can inform you about new product features or collect your feedback about the App via surveys. If you allow notifications, we will send you push notifications as reminders to help you stay on track with your training program. You can disable push notifications at any time via the settings of your mobile device.
In order to use OneSignal’s services we share information such as device information, a push token, language, country and last time of app open with them.
You can find further information and applicable data protection provisions of OneSignal under: https://onesignal.com/privacy_policy
The Exakt Health Premium subscription uses RevenueCat. RevenueCat’s platform allows us to integrate with Apple’s App Store and Google’s Play Store and offer you our Premium content as a convenient In-App Subscription. In order to create and manage your subscription with the mobile stores we share an anonymous ID, mobile device and country information of the user with RevenueCat. In addition, RevenueCat collects anonymous purchase history limited to Exakt Health subscriptions only, for the purpose of managing access to the paid content of Exakt Health.
We don’t share any sensitive personal identifiable data with them. RevenueCat does not collect payment information from users and they are obligated not to disclose or use any information for any other purpose.
You can find further information and applicable data protection provisions of RevenueCat under: https://www.revenuecat.com/privacy/
For registering new subscribers and sending the newsletter we use the functions of the online marketing platform Mailchimp operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States. Mailchimp acts as a data processor on our behalf. Mailchimp receives a user’s personal information such as name, email address and expressed newsletter interests as indicated when subscribing to the newsletter, and only after a (double-opt-in) confirmation by the user with the intent of receiving email communication from Exakt Health. When a user interacts with an email campaign sent from us, mailchimp will automatically collect information about the user’s device and interaction with the email.
Further information about mailchimp and its privacy practices can be found here: https://mailchimp.com/legal/privacy/.
How to Review and Change Personal Information
If you create a Exakt Health account, you may review your personal information by visiting the Exakt Health mobile application and accessing the “Settings menu.” To change or remove any information, please contact us through the application, or email@example.com.
How We Protect Your Information
The security and protection of your information is vital to us. Therefore, we have established multiple technical and organisational measures to ensure the safeguarding and protection of personal data provided through the website or mobile application. However, no system can guarantee a complete protection of your information. Due to this, Exakt Health cannot ensure that your personal information is secure from unauthorised third parties. This is especially true for information that is in transit. As a result, use of our services will come at your own risk.
To maximise efficacy, we periodically review and update our security standards and safeguards.
Cookies are text files stored inside a computer system via the internet browser. Many of these cookies contain a Cookie ID which is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of users from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified using the unique cookie ID.
The User may, at any time, prevent the setting of cookies through our Website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the User deactivates the setting of cookies in the Internet browser used, not all functions of our Website may be entirely usable.
Our Services are only intended for the use of individuals of or above the age of 18. Exakt Health does not collect information from anyone below the age of 18. Any individual below the age of 18 is not allowed to submit any personally identifiable information to us including but not limited to name, email-address and address. If an account is identified to belong to an individual below the age of 18, we will take appropriate steps to suspend the account and remove all related data from our database. You, as a User, justify that by using Exakt Health’s Services, you are of or above the age of 18.
Exakt Health GmbH