GreenMates - Good For You. Good For the Planet. 

I. General Information

The protection of your personal data is very important to us. Therefore, we want to provide you with comprehensive transparency regarding the processing of your data in our app. For more information on how personal data is processed when using our website, please refer to a separate privacy policy.

The following notices aim to inform you about how we use your personal data, what data is involved, and your rights concerning data processing. Personal data, according to Art. 4 No. 1 GDPR (hereinafter also referred to as "data"), includes all information that allows for the identification of a person, directly or indirectly, or relates to an already identified person.

II. Responsible Entity

The entity responsible under the General Data Protection Regulation (GDPR) is:

GreenMates GmbH

Luisenstraße 53
10117 Berlin

Represented by the Managing Director: Pauline Emke and Hannah Freese
Email: info@greenmatesberlin.com
Phone: +49 (0) 174 1972456

Hereafter referred to as "Responsible Entity" or "we."

III. Data Processing in Connection with the Use of Our App

Using our app with all its features requires the processing of certain personal data. All data is securely hosted by our processors. We process personal data only for specific purposes (Art. 5 para. 1 lit. b GDPR). Once the purpose of processing is fulfilled, your personal data will be deleted unless legal or contractual obligations require retention (e.g., according to the German Commercial Code (HGB); the Fiscal Code (AO)).

1. Download
When downloading the app, certain required information is transmitted to the app store you select (e.g., Google Play or Apple App Store), including the username, email address, account number, time of download, payment information, and individual device identifier. The processing of this data is solely handled by the respective app store and is beyond our control.

2. Automatically Processed Information
We collect certain data automatically during your use of the app, necessary for using the app. This includes:IP address, Internal device ID, Operating system version, Time of access

Additionally, we require the following to provide the app's services: Device identifier (IMEI), Subscriber identity (IMSI), Phone number (MSISDN), MAC address for WLAN use, Name of the mobile device, Email address.

This data is automatically transmitted to us but not stored to provide the service and its associated features; to improve the app's functionality and prevent and correct misuse and malfunctions.
This data processing is justified because it is necessary for fulfilling the contract between you as the user and us according to Art. 6 para. 1 lit. b) GDPR for using the app, and we have a legitimate interest in ensuring the app's functionality and error-free operation and offering a market-appropriate and user-oriented service. This outweighs your rights and interests in protecting your personal data according to Art. 6 para. 1 lit. f GDPR.

3. Registration and Login
To use the GreenMates app, you must first log in. We create a user profile to which your personalized goals for healthy and sustainable nutrition can be assigned, allowing personalized nutrition plans. Various options are available for registration or login, such as using your email address or a single sign-on process.

If you create a user account or log in, we use your access data (email address, username, and password) to grant you access to your user account and manage it ("required information").

The required information is used to authenticate you during login and to handle password reset requests. The data you provide during registration or login is processed and used to verify your authorization to manage the user account; 

• enforce the app's terms of use and all associated rights and obligations; 

• and to contact you for technical or legal notices, updates, security alerts, or other messages related to the user account.

The app also requires the following permissions:
Internet access: This is required to store your inputs on our servers.
To process the registration and login procedures, we use Google Firebase Authentication. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. In exceptional cases, this data may be transferred outside the EU or the EEA to the United States and processed there by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043.

Google acts as a data processor under Article 28 of the GDPR, and we have concluded a corresponding data processing agreement with them. To secure data transfers to third countries, Google uses Standard Contractual Clauses (SCCs). These safeguards ensure an adequate level of data protection. Further information on Google’s privacy policy can be found here: https://policies.google.com/privacy.

Please note that Google has its own privacy policies, which are independent of ours. Therefore, we assume no responsibility for Google’s policies and procedures.

A list of the service providers used by Google Firebase can be found here: https://firebase.google.com/terms/subprocessors.
Further information on the data processed by Google Firebase Authentication can be found here: https://firebase.google.com/support/privacy.

This data processing is justified by the fact that the processing is necessary for the performance of the contract between you, as the data subject, and us under Article 6(1)(b) GDPR for the use of the app. Additionally, we have a legitimate interest in ensuring the functionality and proper operation of the app, which outweighs your rights and interests in the protection of your personal data under Article 6(1)(f) GDPR.

The data will be deleted as soon as it is no longer required for the purposes mentioned, unless there are statutory retention obligations.

a) Registration with Email Address
If you register using your email address, the email address you provide, in addition to an individual user ID, will be stored.

b) Login with Single Sign-On
If you use the single sign-on (SSO) process, you can conveniently log in with your Apple or Google account.

After verification, we receive a token along with your login name, confirming that you have an account with the specified login credentials with the respective third-party provider. Additionally, the third-party providers typically transmit other basic information about your user profile (e.g., email address, profile picture, etc.) via Google Firebase Authentication. You can restrict this information transfer during the login process. We have no control over whether and which information is transmitted to us. For more information, refer to the respective third-party providers:

Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland: Apple Privacy Policy

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland: Google Privacy Policy

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland: Facebook Privacy Policy

c) Account Deletion
Your user account will be deleted upon termination by you or us, e.g., due to a violation of the terms of use. Additionally, a legal obligation for longer storage or disclosure to third parties (especially law enforcement agencies) may arise. Otherwise, the storage duration and type of data collected and the type of data processing depend on which functions of our app you use in each case.

4. App Usage
a) Profile Creation
After registering, you can fill out your profile. We process various data for this purpose:

• Public name

• Birthday (not public)

• Gender

b) Capturing Personalized Sustainability and Health Goals/Preferences
To offer you our service in the best possible way, we process your personalized sustainability and health goals/preferences. This includes capturing your personalized goals/preferences and considering your intolerances and allergies.

You will receive personalized nutrition plans and can save, access, and adjust your personalized health and sustainability goals. We store your personalized goals to better tailor future nutrition plans and individualized product recommendations to your needs. Therefore, we assign this data to your user profile.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR.

Additionally, to improve suggestions, you can provide the following information:

• Dietary preferences e.g. vegan, vegetarian, etc.,

• food intolerances, allergies

• Height, weight and activity level (to calculate calories).

• Health goals: Muscle building, weight loss, weight maintenance, etc. 

• Sustainability goals: CO2 footprint, resource-saving production, etc.

The legal basis for this processing is Art. 6 para. 1 lit. a in conjunction with Art. 9 para. 2 lit. a GDPR.

We also capture the following additional information related to the selected recipes (if the recipes include details):

• Calories

• Macronutrients

• Food categories

• Approximate nutrients

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR.

Your profiles are deleted either by manual deletion through the app, by deleting your user account, or by termination by us (e.g., due to a violation of the terms of use), unless legal retention obligations oppose this.

This processing is carried out with the involvement of various services (such as Google Cloud Storage, Google Cloud Firestore), which act as processors for us. We have concluded corresponding processing agreements with the respective service providers. If the service providers process the data outside the EU/EE standard contractual clauses or other guarantees (e.g., EU-US Data Privacy Framework) are used.

c) Own Recipes

We process your shared recipes in accordance with our terms of use and always link them to your profile. The data is then processed according to Art. 6(1)(b) GDPR and further processed based on our legitimate interest in optimizing our business offerings, in accordance with Art. 6(1)(f) GDPR.

d) Affiliate Partners

We incorporate so-called affiliate links or other references (such as transmitting shopping lists, widgets, or discount codes) to the offers and services of third parties (collectively referred to as "affiliate links") into our online offerings. If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third parties (collectively referred to as "commission").

To track whether users have taken advantage of the offers provided by the affiliate links we use, it is necessary for the respective third parties to know that the users have followed an affiliate link deployed within our online offerings. The assignment of affiliate links to the respective transactions or other actions (e.g., purchases) serves solely the purpose of commission billing and is deleted once it is no longer necessary for this purpose.

For the purposes of the aforementioned assignment of affiliate links, the affiliate links may be supplemented with certain values that are part of the link or can be stored otherwise, e.g., in a cookie. These values can include, in particular, the referring website (referrer), the time, an online identifier of the operators of the website where the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer, and an online identifier of the user.

If we ask users for their consent to use third-party providers, the legal basis for processing the data is the consent given under Art. 6(1)(a) GDPR. Additionally, their use may be part of our (pre-)contractual services if the use of third-party providers has been agreed upon in this context. Otherwise, users' data will be processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies.

Our current affiliate partner is: 

• Wholey (GreenGrizzly GmbH) - https://wholeyorganics.com/pages/datenschutz

• We are Besties (Taste Transformers GmbH) - https://besties-tastetransformers.com/policies/privacy-policy

• Reoat (Gut und besser GmbH) - https://www.reoat.de/pages/datenschutz

e) Profile Picture

You can add a profile picture to your user profile from your photo library or take a new one with your camera. If you sign in using the Single Sign-On procedure with your Google account, your profile picture will be transmitted, which you can remove or replace with another image.

The legal basis for the transmission is your consent in accordance with Art. 6(1)(a) GDPR.

f) Contacting Us

You can contact us with questions or comments. If you contact us via email, we will record your name, email address, time and date, and your message. If you contact us via social media, we may view and process the information publicly available on your profile (e.g., name or profile picture) as well as the time, date, and content of your message. Please also note that, depending on your privacy settings, we, like all other users, can access the information stored in your profile (e.g., your name, profile picture, or age).

The mentioned data is processed for the purpose of responding to your inquiries. The processing is based on the legal basis of our legitimate interest in accordance with Art. 6(1)(f) GDPR, as we have an interest in resolving your questions and concerns.

Your data will be stored by us until the inquiry is completed unless legal retention obligations contradict this.

g) In-App Purchases

To purchase the Pro version of GreenMates, you must make an in-app purchase. The Pro functionalities are outlined in our Terms of Use.

The payment processing for the Pro subscription is handled through the Apple App Store (iOS devices) or the Google Play Store (Android devices) and is supported by RevenueCat. Upon completing the Pro subscription, an immediate confirmation is sent to the respective provider. We do not transmit any data to Apple, Google, or RevenueCat.

For more information on data processing by the recipients and payment processing supporters, please refer to the following:

• Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland: https://www.apple.com/privacy/

• Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland: https://policies.google.com/privacy

• RevenueCat, Inc., 1032 E Brandon Blvd #3003, Brandon, FL 33511, USA: https://www.revenuecat.com/privacy/

h) Access Permissions

To use all the functions of the app, we require access to certain functions on your smartphone. The access permissions serve the following purposes. You grant us these permissions voluntarily and exclusively for the purposes listed below, and you can revoke them at any time in the settings of your smartphone. Additionally, you will be informed about the necessity of the permission at the appropriate point in the app. The legal basis for data processing is thus your consent according to Art. 6(1)(a) GDPR.

Camera and Photo Library Access: This permission is required if you want to set or change your profile photo in the app. You can grant us this permission voluntarily and revoke it at any time in the settings of your smartphone.

Internet Access: This is needed to use the services of the app.

Location: To display the nearest partners on the map, access to your location data is required. Access is only granted when you use the location function of the map. You can grant us this permission voluntarily and revoke it at any time in the settings of your smartphone or disable location sharing in the settings.

For this function, we use Google Maps and the Google Firestore Cloud service. Google acts as a processor according to Art. 28 GDPR, with whom we have concluded an appropriate data processing agreement. Google also relies on the use of standard contractual clauses. More information about the data processed by Google Maps and Google Firebase Cloud can be found here:

https://policies.google.com/privacy?hl=de&gl=de

https://firebase.google.com/support/privacy

Notifications (Push Notifications): We use push notifications to keep you informed, for example, about new updates to the app or new businesses and partners.

The permissions are partially required to provide the services, so we process your data in accordance with Art. 6(1)(b) GDPR. If the functionalities are voluntary, we process the data subject to your explicit consent according to Art. 6(1)(a) GDPR. You can grant us this permission voluntarily and revoke it at any time in the settings of your smartphone.

To provide this function, we use the technology of Google Firebase Cloud Messaging by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google acts as a processor according to Art. 28 GDPR, with whom we have concluded an appropriate data processing agreement. Google also relies on the use of standard contractual clauses.

More information about the data processed by Google Firebase Cloud Messaging can be found here: https://firebase.google.com/support/privacy

IV. Analysis Tools

To optimize our offering, eliminate technical weaknesses, and ensure smooth usage of our app, we use various integrated services that capture specific technical data or information about your usage behavior.

Google Analytics for Firebase: We use Google Analytics for Firebase for the purpose of statistically evaluating the usage of our app. Your user ID is transmitted in an altered form so that it cannot be associated with your user profile. The collected data is transmitted to Google Ireland Ltd.: number of sessions, session duration, your operating system, your device model, the region you are in, initial starts, the app version, and other events and user properties.

To prevent Google from using this data for its own advertising purposes, you can limit ad tracking on your iOS device under Settings > Privacy > Advertising and reset your ad ID.

If you are using an Android device, you can reset your advertising ID under Settings > Google > Advertising.

• A/B Testing: To improve our offering, we use a testing procedure provided by Google Firebase through Google Firebase Remote Config, where users are divided into two groups (A/B) based on the data transmitted via Firebase Analytics and are provided with slightly different versions of the app or service, or sent different notifications. This allows us to verify how new features of our app are received based on the user behavior determined by Firebase Analytics. User interactions can also be determined using an embedded tracking pixel and transmitted to Google.

• Crash Reports: We use Google Firebase Crashlytics to determine the causes of errors or crashes in the app. If the app crashes, device information (operating system, operating system version, device type, device status information), information about our app (app version), your location data (country), the time of the crash, your user ID, or alternatively, the device ID (IMEI) is transmitted.

We point out that Google has its own privacy policies that are independent of ours. Therefore, we assume no responsibility for Google's policies and procedures. More information about Google's privacy policies can be found at: https://policies.google.com/privacy?hl=de&fg=1. A list of the service providers used by Google Firebase can be found here: https://firebase.google.com/terms/subprocessors.

If we have not requested your consent under Art. 6(1)(a) GDPR, the legal basis for data processing is our legitimate interest under Art. 6(1)(f) GDPR to improve the reliability of our app and ensure consistent service.

Please note that in addition to the data collected through Firebase Crashlytics, other analytical data may be collected by Apple (iOS devices) and Google (Android devices) that includes the usage of our app. We have no control over this data collection.

V. Data Transfer

Your personal data is not generally transferred to third parties. Exceptions may occur if:

1. You have given your explicit consent under Art. 6(1)(a) GDPR.

2. The disclosure is necessary under Art. 6(1)(f) GDPR for the assertion, exercise, or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data.

3. There is a legal obligation to disclose under Art. 6(1)(c) GDPR.

4. It is legally permissible and necessary for the performance of contractual relationships with you under Art. 6(1)(b) GDPR.

5. The data is transferred to a service provider acting on our behalf and according to our exclusive instructions, which we have carefully selected (Art. 28(1) GDPR) and with whom we have concluded a corresponding data processing contract (Art. 28(3) GDPR) that obliges our contractor to implement appropriate security measures and grants us comprehensive control rights.

We may also use external service providers, such as Google Cloud (hosting provider), for data processing. These service providers are carefully selected, bound by our instructions, and regularly monitored. Our data processing agreements comply with the strict requirements of Art. 28 GDPR.

VI. Rights of Data Subjects

As a data subject, you have the right to:

1. Request information about your personal data processed by us under Art. 15 GDPR. This includes information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

2. Request the correction of inaccurate personal data under Art. 16 GDPR or

3. Request the erasure of your personal data stored by us under Art. 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims.

4. Request the restriction of processing of your personal data under Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data, but you require it for the assertion, exercise, or defense of legal claims, or you have objected to processing under Art. 21 GDPR.

5. Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or request the transfer to another controller under Art. 20 GDPR.

6. Lodge a complaint with a supervisory authority under Art. 77 GDPR. Typically, you can contact the supervisory authority of your usual place of residence, workplace, or our business location.

To exercise your rights as a data subject, simply send an email to info@greenmatesberlin.com.

VII. Right to Object

If your personal data is processed based on legitimate interests under Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data under Art. 21 GDPR, provided there are reasons arising from your particular situation. If your objection is against direct marketing, you have a general right to object without needing to provide a reason.

If you wish to exercise your right to object, simply send an email to info@greenmatesberlin.com.

VIII. Right to Withdraw Consent

If your personal data is processed based on your consent under Art. 6(1)(a) GDPR, you have the right to withdraw your consent at any time without providing any reason. This means that we can no longer continue data processing based on this consent in the future. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent until the withdrawal.

If you wish to exercise your right to withdraw consent, simply send an email to info@greenmatesberlin.com.

IX. Updates and Changes to this Privacy Policy

This privacy policy is current as of November 2024. Due to the further development of our app and services or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed at any time via the provided link.