Our Privacy Policy will inform you about the processing of personal data when using our app and online shop. This Privacy Policy applies to all platforms and all versions of the LILLYDOO App, as well as to their contents, functions and services.
The term “personal data” means information that refers to an identified or identifiable person. This includes all details that permit the deduction of your identity, for instance is your name, telephone number, address or email address. The term “personal data” does not include statistical data, for instance that we collect when you visit our website and that cannot be associated with you personally.
The contact partner and so-called “controller” for the processing of your personal data in the meaning of the EU General Data Protection Regulation (GDPR) when visiting this app is Lillydoo (Lillydoo GmbH, Hanauer Landstraße 147-149, 60314 Frankfurt am Main; telephone: +31 (0) 85 888 8043; email: info@lillydoo.com).
Kindly contact our Data Protection Officer (DPO) at any time if you have questions about data protection in connection with the use of our website. The DPO can be reached at the postal address above or by email to privacy@lillydoo.com.
In order to download and install our app from an app store (e.g. Google Play, Apple AppStore), you must first register a user account with the individual app store provider and must conclude the necessary usage agreement. We do not have any influence over its contents and, in particular, we are not a party to this usage agreement.
When you download and install the app, the necessary information will be transferred to the individual app store provider (e.g. Google, Apple), in particular your user name, email address and the customer number of your account, the time of your download and the individual device code (as well as payment information if in-app purchases apply). We also do not have any influence over this data collection and cannot be held responsible.
We collect data each time our app is used. Your device automatically transmits this data to enable your visit to our app. In particular, this data is the
Data processing is necessary to enable your visit to the app, to detect and rectify any security risks and malfunctions and to guarantee permanent functionality and security of our systems. In addition to the purposes described above, the aforementioned data is also stored for temporary periods in internal log files in order to prepare statistical information about the use of our app and to enhance our app to reflect visitor habits (e.g. if the proportion of mobile devices used to access the app with a particular operating system rises) and to administrate our app in general.
In addition, the app sends us error reports in the event that it crashes (i.e. if the app ends unexpectedly due to a programming error or it no longer responds to your input) for the purposes of improving the app. The error reports only contain the aforementioned device information, as well as information on which point of the app’s software code caused the error.
The information stored in the log files does not permit us to make any direct deductions as to identifiable persons.
The legal grounds for this data processing are set out in Art. 6 paragraph 1 points b) and f) GDPR based on the use of our app and our aforementioned legitimate interest.
Some of the app functions require access to certain services and data on your device. In this case, you must explicitly allow this access, for instance if you wish to receive push notifications from us when you are not currently using the app. The legal grounds for this data processing are set out in Art. 6 paragraph 1 point b) GDPR based on the use of our app. You can adjust the app settings or the settings on your device at any time to change or reset any permissions.
You have the option to register on our app in order to use the full functionality of our app (for instance to like or dislike certain baby names in a gamification element or to connect two app accounts). A Lillydoo account will be created automatically for you when you register on our app. This enables you to purchase our Lillydoo products at any time (kindly take note that in this case our Terms and Conditions and our Privacy Statement will apply separately). You can recognise in the individual input fields which data you are required to provide or may provide voluntarily (e.g. first name and surname, gender, email address, password). Registration is not possible without the compulsory information. The legal grounds for this data processing are set out in Art. 6 paragraph 1 point b) GDPR based on your registration and your use of the app functions.
We offer you standard forms of payment, such as credit card, PayPal, or payment on account for orders in our online shop. To do so, we collaborate with payment services providers from which we receive or to which we transfer your payment data. Settlement of payment and contractual performance are not possible without this payment data and the payment services provider. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point b GDPR. If you select payment on account as your payment method, our payment service providers will use payolution (payolution GmbH, Am Euro Platz 2, 1120 Vienna, Austria) in order to check your creditworthiness. You will find further information about payolution in its Privacy Policy.
You have a variety of options to make contact with us (e.g., by email or telephone). In this context, we process your contact data exclusively for the purpose of communicating with you. Communication with you is not possible without this data. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point b GDPR.
We use the Service Cloud service of salesforce.com, inc. 415 Mission Street, 3rd Floor San Francisco, CA 94105 (hereinafter "Salesforce") for users within the European Economic Area.
It is a customer relationship management ("CRM") solution that we use to provide optimal support to existing customers, e.g., through live chat and community software, and to optimize sales processes. The joint CRM platform enables us to optimally manage customer relationships and support a perfect customer experience.
By using the service, personal data such as device type, browser ID, contact ID, case ID, name of the customer and provided e-mail address of the customer are processed. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b, f DSGVO. The data is deleted as soon as it is no longer required for the processing purposes.
According to Salesforce, the data accruing in this context is only stored on servers within the EU. We have concluded an order processing agreement with Salesforce, which guarantees the rights of the data subjects and in which Salesforce undertakes to process data only in accordance with the DSGVO. In the event that personal data is transferred to the USA after all, we have concluded standard contractual clauses with Salesforce and Salesforce has integrated "Binding Corporate Rules".
You can also find more information about data processing by Salesforce in the Salesforce privacy policy.
With the personalizable feed on the homescreen of our app, we offer you various content on the topic of pregnancy and everyday life with baby and toddler. In order to personalize the content, i.e., to display only the content that is currently relevant to you, you can voluntarily provide additional information, such as the status of your pregnancy/the pregnancy of your partner or about your family. This data will be stored securely with us. The legal basis for the data processing is your explicit consent according to Art. 6 para. 1 lit. a DSGVO.
You have the option to order our newsletter in which we will inform you regularly about new developments in our product range. We use the double opt-in procedure for ordering our newsletter; this means we will not send you our newsletter by email until you have confirmed that you wish to receive our newsletter by clicking on a link in our activation email. To do this, we store your email address, the time of registration and the IP address used for registration (“newsletter registration”) until such time as you unsubscribe to our newsletter. The exclusive purpose of this storage is to send you the newsletter and to provide evidence of your registration. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 point a GDPR For certain newsletters (e.g., the #momlife newsletter), we store additional personal data (e.g., your calculated childbirth date and your week of pregnancy for the #momlife newsletter); this information, which we require to send you the newsletter, is evident in the input fields during registration. The legal grounds for this form of processing are also set out in Art. 6 paragraph 1 point a GDPR.
In addition, we send you advertising mails in which we request your feedback on orders and other information. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 point f GDPR. In order to send you our newsletter and advertising mails, we collaborate with service providers to which we transfer your email address and your newsletter registration, among other things, in order to be able to send you the newsletter and advertising mails. The legal grounds for this form of processing are set out in Art. 6 paragraph 1 sentence 1 point b, f GDPR.
You are entitled to unsubscribe to our newsletter and advertising mails at any time and without charge, or to object to their receipt. A corresponding unsubscribe link is contained in each newsletter and advertising mail. Alternatively, you may contact us at any time.
In our newsletters and advertising mails, we use industry-standard technologies that enable us to measure your interaction with the newsletter (e.g., opening the email, links that you click on). We use this data to optimise and develop our content and customer communication and to be able to send you individualised offers. Among the technologies used for this purpose are small graphic elements embedded in the messages (so-called pixels). We are able to associate the data and IDs with your personal data. The legal grounds for this are set out in the requirement for legitimate interest according to Art. 6 paragraph 1 sentence 1 point of GDPR. Where you do not wish us to analyse your usage habits, you are entitled at any time to unsubscribe to our newsletter and advertising mails without charge.
For marketing purposes (e.g., to send our newsletters and informational emails) we use the customer relationship management module "Salesforce Marketing Cloud" from Salesforce.com Inc, The Landmark @ One Market Street, Suite 300, San Francisco, California, CA 94105, USA ("Salesforce").
Salesforce is used to tailor our offerings and services to your interests and to improve our advertising and communications to you. Your contact data (e.g. name, address, email address, IP address) will be transferred to the Salesforce Marketing Cloud for the purposes mentioned above. The Salesforce Marketing Cloud data is stored and processed on Salesforce servers in the USA. Salesforce undertakes by means of binding internal data protection rules pursuant to Art. 46 (2) b) and Art. 47 DSGVO (so-called Binding Corporate Rules) to maintain an adequate level of data protection even when processing data outside the European Union. Salesforce has also implemented standard contractual clauses (SCCs) in an order processing agreement.
The collection and evaluation of interactions is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO.
For more information about the Salesforce Marketing Cloud and Service and the processed data, please visit https://www.salesforce.com/nl/company/privacy/.
It is necessary that we use cookies, tokens, configuration files or equivalent technologies for some of our app functions. They are small text files or data parcels that are placed on your device and stored there. They improve ease of use and, for instance, ensure user-friendly operation or store whether you wish to receive notifications. They do not execute any programs or install viruses. Our intention is to enable more convenient and individual use of the app. The legal grounds for this data processing are set out in Art. 6 paragraph 1 points b) and f) GDPR based on your use of the app and our legitimate interest. You can alter your device settings at any time to manage the use of cookies, tokens or configuration files. In this case, however, it is possible that the ease of use for our app will be restricted if you disable cookies, tokens or configuration files.
Our apps also use the web analysis service Google Firebase by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Firebase allows us to compile statistical analyses and information about our app based on your usage behaviour or to display real-time notifications in our app. This service is an integral part of our app and is used for the continuous improvement and needs-based design of our app. The legal grounds for this data processing are set out in Art. 6 paragraph 1 points b) and f) GDPR and are based on your use of the app and our aforementioned legitimate interest. The data collected in this way may be transferred to a Google server in the United States for analysis and stored there. In the event that personal data is transferred to the United States, Google has agreed to comply with the EU-US Privacy Shield. For further information about data processing by Google, please refer to the Google Privacy Policy.
To optimize our marketing activities, we use the service provider Adjust (adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin). The data collected via Adjust informs us, for example, about the download of the LILLYDOO app, the online advertising channel through which the download was generated, the time the app was opened, the duration of app use and about particularly used app functions. Adjust uses IP and Mac addresses of the users for the analysis, which, however, are hashed after collection and are used by Adjust exclusively in pseudonymized form. The data is stored on the servers of adjust GmbH in Germany. For more information, please see Adjust's privacy policy: https://www.adjust.com/terms/privacy-policy/. We have concluded an order processing agreement with adjust GmbH. The processing of your personal data collected by Adjust when using the app is based on the legal basis pursuant to Art. 6 (1) lit. b and f) DSGVO based on your use of the app and our legitimate interest.
The data we collect will only be transferred where this is necessary for the performance of a contract, to ensure the technical functionality of the app, or where other legal grounds apply to the transfer of data (e.g., where we are required by law to disclose data (disclosure of information to criminal investigation agencies and courts; disclosure of information to public sector agencies that receive data based on statutory provisions, e.g. social insurance agencies, tax offices and suchlike), or when we are required, for the exercise of our claims, to commission the services of third parties who are professionally bound to duties of confidentiality).
Some of the data processing can be executed by service providers. In particular, they may include data centers that host our website and databases, IT service providers that maintain our system, logistics and transport service providers or marketing and customer service providers, as well as consulting companies. Where we transfer data to service providers, they shall be entitled to use the data exclusively for the performance of their tasks. We carefully selected and commissioned the third parties. They are contractually bound to adhere to our instructions, obliged to maintain confidentiality, have the appropriate technical and organizational measures in place to protect the rights of the individuals concerned, and are audited by us on a regular basis.
As a rule, we only store your personal data for as long as is necessary for the satisfaction of our contractual or lawful obligations for which we collected the data, after which time we will erase the data without undue delay, except where we require the data until the end of the statutory period of limitations for the purposes of evidence in civil law claims or based on statutory retention periods. For example, we are required for evidential purposes to store contractual data for a period of three years from the end of the year in which the contractual relationship with you is terminated, as any claims will only lapse after this period at the earliest based on the regular limitation periods. In some cases we will be required to continue storing your data, even beyond the end of the regular limitation periods. We may be obliged to do so pursuant to statutory documentation obligations set forth in the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Anti-Money Laundering Act (GWG) and the German Securities Trading Act (WpHG). The retention periods stipulated therein for the storage of documents are between two and ten years.
Provided you fulfil the legal conditions according to Art. 15 to 22 GDPR, you have the right to information, rectification, erasure, restriction of processing and data portability. You can also withdraw your consent at any time; in the event that you withdraw consent, the processing according to your consent will not continue in the future, without affecting the lawfulness of processing carried out until the withdrawal of your consent. Moreover, you may object to any processing that is based on Art. 6 paragraph 1 point f) GDPR and have the right to object to all forms of direct marketing. You have the right according to Art. 77 GDPR to lodge a complaint at any time with a competent supervisory authority (the supervisory authority responsible for us in Frankfurt is: The Hesse State Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, https://datenschutz.hessen.de/).
We maintain state-of-the-art technical measures to guarantee data security, in particular the protection of your personal data against risks associated with data transfer or unauthorised access by third parties. These technical measures are adapted to remain state-of-the-art. For the protection of the personal data input by you on the app we use the Secure Sockets Layer (SSL) standard, which encrypts the information you enter.
We amend this Privacy Policy from time to time, for instance if we revise our app or if the statutory requirements change. Where we make changes or introduce updates, we will inform you (if technically possible) the next time that you open the app. Kindly read the Privacy Policy from time to time if you use our app; data processing takes place according to the latest version of the Privacy Policy published in the app (kindly take note that our Terms and Conditions and our Privacy Statement apply separately to our website and the use of our online shop).
© Lillydoo – Version: April 2022
