Privacy Policy

To keep your data YOUR data is very important to Synaptikon GmbH (hereafter "Synaptikon" or "we/us"). The collection, processing and utilization of data stays in accordance with the strict requirements of GDPR in the EU and DSGVO in the Federal Republic of Germany under the principle of privacy by design, data avoidance, data transparency and data security.

With this privacy statement we would like to inform you transparently and comprehensively how we handle data.

I. Name and address of the responsible person and the company data protection officer

1. Responsible

The person responsible within the meaning of the EU General Data Protection Regulation (GDPR/DSGVO) and other national data protection laws of the EU Member States as well as other data protection provisions is:

Synaptikon GmbH
represented by the managing directors Rojahn Ahmadi and Jakob Futorjanski

Ritterstraße 3

10969 Berlin

GERMANY

2. GDPO

Data Protection Officer is:

Ahmadi, Rojahn

c / o Synaptikon GmbH

Ritterstraße 3

10969 Berlin

GERMANY

3. Further contact options

E-Mail: info@neuronation.de

Websites:
www.neuronation.de
www.neuronation.com


II. General information on data processing

Synaptikon uses appropriate technical and organizational security measures to protect users' personal data stored by Synaptikon against manipulation, partial or total loss and against unauthorized access by third parties. This includes the state-of-the-art encryption methods on our websites as well as in the context of the use of cookies and analytics tools. Synaptikon's security measures are continually being improved in line with technological developments.

1. Scope of processing of personal data

In principle, we collect and use personal data of our users and customers only insofar as this is necessary and permitted for the provision of a well-functioning website and our services, for contractual obligation with the customer and for marketing purposes within the scope of applicable law. The collection and use of personal data takes place only within the consent of the user or if the processing of that data is permitted by law.

2. Disclosure of personal data to third parties

A transfer of personal data to third parties is strictly controlled and only possible in the cases specified in this Privacy Statement, to the service providers mentioned here or as far as you have given us in individual cases, your consent. Authorities or other state institutions are given information and personal data only in the context of statutory information obligations or on the basis of official or judicial decisions.

3. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

4. Data deletion and storage duration

Personal data of data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of data for conclusion of a contract or fulfillment of the contract.

III. Logfiles when visiting the website

(1) When you visit our websites, your browser automatically sends information to our server. This information is stored temporarily in a log file and is automatically deleted after six months.

The following information will be collected without your intervention and stored by us or on our behalf by external web hosting providers until automated deletion:

- IP address of the requesting computer,

- date and time of access,

- Name and URL of the retrieved file as well

- used browser and possibly the operating system of your computer.

The data mentioned are processed by us for the following purposes:

- ensuring a smooth connection of the website,

- ensuring comfortable use of our website,

- Evaluation of system security and stability.

(2) The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest follows from the data collection purposes listed above. In no case we use the collected data for the purpose of drawing conclusions about you.

IV. Registration as a user at Synaptikon

1. Description and scope of data processing

On our websites and the products offered there, you can register free of charge as part of the use of a so-called "Freemium account" or for a fee with the use of a "premium account". When registering for a free "freemium account", you enter your personal data in an input mask and submit it to us. The following data is collected, stored and processed:

• Username (mandatory)

• E-mail address (mandatory)

• self-selected password (mandatory)

In addition, you may voluntarily submit the following information to us to personalize your password-protected account and to compare your results obtained in our tests and exercises with the results of your respective peer group:

• Gender

• Date of birth

• User Profile Photo

The password you have chosen will only be stored encrypted in the database. The clear recovery of the password from the encrypted data is not possible in principle, neither by Synaptikon nor by third parties.

When entering and transmitting this data, the following information is automatically collected:

• IP address / server logfile

• language

• Time Zone

• Country from which you register

For “Premium” users further data is collected, stored and processed:

• Surname and first name (mandatory for payment procedures)

• Desired payment method and payment information (mandatory)

• Date and time of the upgrade of your Freemium account to a Premium account (automatically saved)

2. Purposes of data processing

The truthful input of the above-mentioned mandatory information is required so that you can fully use the services provided by us and that we can duly fulfill and settle our obligations under the contracts concluded with you.

This personal data is also required by Synaptikon to provide you with all the benefits of using NeuroNation, to personalize the training and to optimally identify and offer evaluations and benchmarks. In addition, the data for processing and administration, to check the entered data for plausibility and age of the users required, i. E. to justify, formulate, process and modify the agreements you have concluded with us about the use of NeuroNation and to be able to process any inquiries.

3. Payment for Premium Services

Synaptikon has contracted reliable and trusted payment service providers to process payments. These are depending on the desired payment method:

• Novalnet AG

• Stripe, Inc.

• PayPal

For the purpose of billing premium services, it is necessary that we provide the billing information to our payment service providers required for this purpose.

If you choose the payment method "direct debit / SEPA mandate" or "credit card", we will have to post Novalnet AG your name and address, IBAN and BIC or credit card number (including validity period) as well as the invoice amount, the currency and the transaction number. Novalnet AG may only use this information for the purpose of processing payments under this specific contractual agreement.

If other payment service providers are selected at the time of purchase, they will only receive the information they need for billing purposes.

When choosing the payment method "PayPal" or "Stripe", your payment data, your e-mail address as well as your existing account with one of these service providers will transfer your valid user ID to "PayPal" or "Stripe".

Stripe, Inc. is certified under the EU-US Privacy Shield Agreement and ensures compliance with European privacy legislation.

We urge the aforementioned payment service providers to treat your data confidentially and in accordance with the applicable data protection laws. We only pass data to the designated service providers for the purposes described here.

4. Legal basis for data processing and transfer to payment service providers

The processing of data collected as part of the registration as well as the transfer of payment to external payment service providers serves the fulfillment of contracts of which you are a party or the implementation of pre-contractual activities. The legal basis for processing the data is Art. 6 para. 1 lit. b DSGVO.

5. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Even after conclusion of the contract, there may be a need to store and process personal data of the contracting party in order to fulfill contractual or legal obligations, e.g. for the processing of claims from the respective contract of use. In addition, the requirement of data storage for tax and / or commercial purposes must be observed. For tax purposes, storage periods of ten years apply (for invoices, books, records, accounting documents, etc.) or six years (for correspondence and other), § 147 Abs. 3 AO.

V. Processing of data during usage of our services by registered users

(1) For the continuous improvement of the services offered by us, Synaptikon collects data for statistical purposes during usage by registered users.

(2) Depending on the user's request, the data

a) can be displayed in the profile so that they are visible to other users of our services or

b) can only be visible to the respective user.

The default setting is set to <anonymous> so that only the respective user can view his data. Visibility settings can be managed by the user in the user profile.

These data include:

• User's performance ("Brainscore", "Exercise score", etc.)

• User Comments,

• Log files to exercises and visited pages,

• • a) when was the user's last login,

• • b) which pages has the user viewed.

VI. Processing of anonymized data when using our services by registered users

To improve the content and user experience and to optimize the services we provide, we evaluate the points reached by the users at the individual exercises which are calculated after values ( "brain power") anonymously in the sections "brain comparison" and "best list " out. The age and gender of the users are included in this evaluation in anonymised form, provided that these data were provided at registration. A conclusion on your identity Synaptikon is not possible through this evaluation.

VII. Personal data of people with limited contractual capability

The services of NeuroNation can also be used by people with people with limited contractual capability, especially those who are at registration not yet 18 years old, when an effective consent of the parent or in other cases where the conclusion of contracts by law are permissible. Same data privacy rules apply here. If parent/legal guardian find out that a person with limited contractual capability provided data without their consent, please contact Synaptikon so that this data is deleted.

Synaptikon is entitled to demand the presentation of proof of legitimacy (for example a copy of the identity card) in order to verify legal representation by guardians. Upon presentation of a corresponding proof of legitimacy, Synaptikon will promptly delete the user account and all data.

VIII. Use of cookies and analytics tools

1. Use of cookies

On our websites we use so-called cookies. Cookies are small files that are stored in the Internet browser on the user's device. This cookie contains a characteristic string that allows a clear identification of the browser when the website is called up again. In the used cookies no personal data is stored, so that we cannot draw conclusions about your identity by means of cookies. Only pseudonymized information is generated.

We use "session-based", temporary cookies: these do not remain on your computer. If you leave our pages, the temporary cookie will also be discarded. With the help of the gathered information we can analyze usage patterns and structures of our website and optimize the website by improving the content or the personalization and simplifying the usage.

We use cookies to make our website user-friendly and functional. Some elements of our website require that the calling browser be identified even after a page break.

When you visit our website, users are informed on the homepage by an info banner about the use of cookies and referred to this privacy policy.

2. Use of Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (hereafter "Google"), for the purpose of designing and continuously optimizing our websites as required. Google is certified under the EU-US Privacy Shield Agreement and ensures compliance with European privacy legislation. When visiting the online portal, the following data will be collected and stored until automated deletion by Google without any action by the visitor as part of an automated procedure:

• the IP address of the requesting computer,

• the date and time of access,

• the name and URL of the retrieved file,

• the website from which the access was made,

• the operating system of the visitor's computer and the browser used by the visitor and other technical data,

• the visitor's internet access provider,

• Language settings,

• geographical location.

Google uses cookies, which are text files that are stored on the user's computer and that enable an analysis of the user's use of the Synaptikon online portal. The information generated by the cookie about the use of the online portal Synaptikon by the user is usually transmitted to a Google server in the USA and stored there.

However, in the case of the activation of IP anonymization on the website of Synaptikon, the IP address of Google will be shortened beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

On behalf of Synaptikon, Google will use this information to evaluate the use of the online portal, to compile reports on website activity and to provide other services related to website and internet usage to Synaptikon. The IP address submitted by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google.

The user can prevent the storage of cookies by a corresponding setting of his web browser software. Synaptikon points out to the user, however, that the user may not be able to use all the functions of NeuroNation in full.

Furthermore, the user can prevent the collection of the data generated by the cookie and its use of NeuroNation (including the IP address) to Google as well as the processing of this data by Google by the user using the browser available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

Accordingly, the user has the opportunity to object to this data collection and use at any time. Google Analytics uses DoubleClick DART cookies and may use information about the user's visit to the NeuroNation website and other websites to display ads about products and services that interest users (interest-based ads). The information generated by the cookies about the use of NeuroNation, including the IP address, is transmitted to and stored by Google's servers. Google will also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google declares that it will never merge or associate your IP address with other Google data. Google participates in the Safe Harbor program of the European Union and the United States. The information transmitted as part of this service does not include the user's name, address, e-mail address or telephone number.

If the user does not wish to use DoubleClick DART cookies, they may disable them through the Ads Preferences Manager at http://www.google.com/settings/ads/onweb/?hl=en.

3. Use of Google Adwords Conversion Tracking

To statistically record the use of our website and to evaluate our website for you and for marketing purposes, we also use Google conversion tracking. In doing so, Google Adwords will set a cookie (see paragraph 1) on your computer if you have reached our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

Every Adwords customer receives a different cookie. Cookies cannot be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers hear the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users.

If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com".

4. Use of other analysis tools

In addition, we use the following additional web analytics services:

-New Relic for optimizing our websites

-Logentries, Logfiles, Firebase, Adjust and Google Tag Manager for statistical purposes

For this purpose, the providers of these analysis tools set cookies on users' devices, but do not store any personal data of users. We also use IP anonymization so that referencing a specific person is excluded. To disagree and remove cookies, please read the comments below under point 8.

5. Use of the customer support platform "Zendesk"

We use Zendesk's Zendesk web-based ticketing system, 1019 Market St., San Francisco, California 94103, USA ("Zendesk"), to provide you with effective customer support. We carefully control these external service providers and the processing of the data. Zendesk is certified under the EU-US Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG). The service manages requests placed on our site. If you do not agree with Zendesk's data processing, alternative contact options are available, in particular by telephone or by post. When using Zendesk, the IP address and visited page are also recorded. The IP address is anonymized. Zendesk also uses cookies and similar technologies. The information generated by cookies on the use of this website (including the anonymized IP address) is transmitted to and stored by a Zendesk server in the USA. Performed chats are logged and saved. You can prevent the storage of cookies by setting your browser accordingly; However, we point out that in this case you may not be able to fully use all functions of our website. For more information, see the Zendesk Privacy Policy (https://www.zendesk.com/company/customers-partners/ # privacy-policy).

6. Legal basis for data processing

The legal basis for the processing of personal data using cookies, the analytics tools mentioned here and the customer support platform "Zendesk" is Art. 6 para. 1 lit. f DSGVO.

7. Purposes of data processing

The purpose of using cookies is to make the use of websites easier for users and to make our websites functional and user-friendly. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. We use cookies for the following applications:

• Log Entries and User Log-In Information / Account Settings

• Applying language settings

The user data collected by technically necessary cookies will not be used by us to create user profiles. In the aforementioned purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f DSGVO.

Our legitimate interest in the processing of personal data through the use of Google Analytics, Google Adwords, the other analytics tools mentioned here as well as the customer support platform "Zendesk" within the meaning of Art. 6 para. 1 lit. f DSGVO consists in the optimization and improvement of our online offer.

8. Duration of storage of cookies, objection and removal possibility

Cookies are stored on the computer of the user and transmitted by this to our site. Therefore, as a user, you have control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Most browsers (such as Firefox, Chrome, Internet Explorer, Safari, etc.) accept cookies by default. However, in the security settings, you can allow or deny temporary and persistent cookies independently of each other. However, we point out that certain features on our websites are not available to you and some websites may not be displayed correctly if you deactivate cookies. The data stored in our cookies will not be linked to your personal data (name, address, etc.) without your express consent.

IX. E.Mail dispatch via "MailChimp" and "SendGrid"

1. Description, scope and purpose of the data processing

In order to be able to inform you about the latest news about our platforms, services, styles and products that you might like, you can subscribe to a free newsletter on our websites.

The newsletters are distributed via MailChimp, a mailing product of the US company Rocket Science Group // 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA and SendGrid of SendGrid, Inc., 1801 California Street, Suite 5000, Denver, Colorado 80202 USA. MailChimp and SendGrid do not use the data of our newsletter recipients to write them down or to pass them on to third parties.

When registering for the newsletter, the following data from the input mask will be sent to us:

• E-mail address

• username

In addition, the following data is collected upon registration:

• IP address of the calling computer

• Date and time of registration

• selected language

For the processing of the data, your consent to the Double-Opt-In procedure will be obtained during the registration process. After registration, you will receive an e-mail asking you to confirm your registration. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements.

The e-mail addresses of our newsletter recipients, as well as their other information described in these notes, are stored on the servers of MailChimp or SendGrid in the USA. MailChimp and SendGrid use this information to send and evaluate the newsletters on our behalf. Furthermore, these service providers may, according to their own information, use the data to optimize or improve their own services, e.g. for the technical optimization of the shipping and the presentation of the newsletter or for economic purposes, to determine from which countries the recipients come.

MailChimp and SendGrid are certified under the US-EU privacy shield "Privacy Shield" and are thus committed to complying with EU data protection requirements. You can view the privacy policy of MailChimp here: https://mailchimp.com/legal/privacy/. You can view SendGrid's privacy policy here: https://sendgrid.com/policies/tos/#data-privacy

In order to sign up for the newsletter, we only need your e-mail address. Other voluntary information about you is only intended to personalize the newsletter.

2. Legal basis for data processing

The legal basis for the processing of the data after the user signs up for the newsletter is Art. 6 para. 1 lit. a GDPR

3. Duration of storage / revocation

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The e-mail address of the user is therefore stored as long as the subscription to the newsletter is active. You can terminate the receipt of our newsletter at any time without giving reasons and revoke your consent to receive the newsletter. At the same time, your consent to their dispatch via MailChimp and SendGrid expires. You will find a link to unsubscribe at the end of every newsletter.

X. Use of Facebook and Google Plus Plugins

NeuroNation's online portal uses social plug-ins (hereafter "plug-ins") of Facebook social networks (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and Google Plus (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94943, USA).

When the user accesses a website of the NeuroNation online portal containing such a plugin, the user's web browser establishes a direct connection to the Facebook or Google servers. The content of the plugins is transmitted by Facebook or Google directly to the user's web browser and incorporated by the user into the website. NeuroNation therefore has no influence on the extent of the data collected by Facebook or Google with the help of this plugin, and informs the user according to his level of knowledge:

As soon as you call up one of our internet pages, which is provided with an activated plugin, a connection to the servers of the provider of the respective plugin is established. Both contents of the servers of the provider are loaded, as well as information transmitted to the provider. This information includes z. For example, your IP address and information about which page you have just visited. This happens regardless of whether you are logged in to the respective social network or not. If you are logged in to the respective network at the same time, the respective provider can identify you as a concrete user, because in addition to the address of the visited website, the date, time and browser-related information, your user ID will also be recorded. Logging out of the relevant network may prevent the assignment of the data to your user account. Alternatively, you can also prevent data transmission to the network by using special browser add-ons (eg Facebook blocker).

If you recommend content using the activated plugins, for example by clicking on a "Like" button, the corresponding information is transmitted directly to the respective social network and stored there as well. The data collected by the provider can be used to create usage profiles.

For more information on the collection and use of data by the provider of the plugins and your rights in this regard and ways to protect your privacy, see the privacy policy for

- Facebook at http://www.facebook.com/policy.php

- Google Plus at: https://www.google.com/intl/en/policies/privacy/

XI. Social media

In addition to our websites, we are also present in social networks.

Examples:

- Facebook

- Twitter

- Google+

In these networks we inform interested users about our offer. We draw your attention to the fact that the data processing in these social networks are subject to the terms and conditions of use as well as the privacy policy of the respective operators of these social networks and we have no influence on this. If you contact us via the social networks mentioned, we use your personal data only for the purpose of communication with you.

XII. Rights of the person concerned

If you process personal data, you are i.S.d. DSGVO and you have the following rights to the person responsible:

1. Right to information

According to Art. 15 GDPR, you may request information about your personal data processed by us. In particular, you can provide information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a The right to complain, the source of their data, if not collected from us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about their details.

2. Correction

Pursuant to Art. 16 GDPR, you may request the correction to be incorrect or to complete your personal data stored with us.

3. Deletion

Pursuant to Art. 17 GDPR, you may request the deletion of your personal data held by us, unless such processing is for the purpose of exercising the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required.

4. Restriction of processing

According to Art. 18 GDPR you can demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their deletion and we no longer need the data, but you assert this, Exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

5. Data transmission

According to Art. 20 GDPR you may request to receive your personal data provided to us in a structured, common and machine-readable format. You may also request the transfer to another person in charge.

6. Revocation

According to Art. 7 para. 3 DSGVO, you can revoke your consent to data processing at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future.

7. Right of appeal

According to Art. 77 DSGVO you can complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

8. Right of objection

If your personal data are based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO are processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 DSGVO, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which must be implemented by us without stating a particular situation.

If you would like to exercise your right of revocation or objection, please send an e-mail to us at the o.g. Contact possibilities.

XIII. Changes to the privacy policy

Synaptikon reserves the right to update its privacy policy to protect the user's personal information or from time to time due to legal or regulatory changes. We encourage you to review our privacy policy from time to time to keep abreast of how NeuroNation protects your information and improves the content of our sites. Should Synaptikon make significant changes to the collection, use and / or transfer of the personal information provided by Synaptikon to Users, Synaptikon will alert the User by providing a clear and visible reference to our Websites.

This Data Privacy Statement is prepared to support you, please refer to the German version for any specific requests: https://www.neuronation.com/lp/data_privacy?lang=de

May 2018

Login

Sign in with Google