Privacy policy app

On this page you will find the privacy policy for our app. The privacy policy for the website can be viewed here.

Below we inform you about the processing of your personal data in connection with the use of the mijo app (hereinafter referred to as the “App”).

Personal data is all data that can be related to a specific natural person, e.g. your name or your IP address.

Zur besseren Lesbarkeit wird in dieser Erklärung das generische Maskulinum verwendet. Sämtliche verwendeten Personenbezeichnungen beziehen sich auf alle Geschlechter.

‍

1. Overview

1.1. Controller

The controller responsible for data processing in the App pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is: mijo sports GmbH, Marktplatz 4, 85567 Grafing, Deutschland, E-Mail: privacy@mijo.team

‍

1.2. Data Protection Officer

Our Data Protection Officer is Johannes Piller, mijo sports GmbH, Marktplatz 4, 85567 Grafing, www.mijo.team. Erreichbar unter privacy@mijo.team und unter +49 151 20157715.

‍

1.3. Scope of Data Processing, Purposes and Legal Bases

We explain the scope of processing, the purposes, and the legal bases in detail under Section 2.
The following legal bases generally apply:

Art. 6(1)(a) GDPR – if we obtain your consent for processing.
Art. 6(1)(b) GDPR – if processing is necessary for the performance of a contract, e.g. to fulfill obligations under the terms of use, or for pre-contractual measures.
Art. 6(1)(c) GDPR – if processing is necessary to comply with a legal obligation (e.g. tax law).
Art. 6(1)(f) GDPR – if processing is based on our legitimate interests (e.g. responding to user inquiries).

‍

1.4 Disclosure to Third Parties

Where necessary, we transmit personal data to processors and in particular to the following external service providers:
• Hosting & cloud services: Hetzner, All-Inkl
• Identity management: Auth0
• Error tracking: Sentry

‍

1.5. Data Processing Outside the EEA

If we transfer data to service providers or other third parties outside the European Economic Area (EEA), adequacy decisions of the European Commission pursuant to Art. 45(3) GDPR ensure the security of the transfer where available (e.g. United Kingdom, Canada, Israel).

If no adequacy decision exists, the legal basis for the transfer is generally Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, unless otherwise stated. These are contractual provisions adopted by the EU Commission ensuring data protection standards.

Many providers also offer additional contractual safeguards beyond the Standard Contractual Clauses, such as encryption guarantees or obligations to inform data subjects if law enforcement authorities request access.

‍

1.6. Storage Duration and Deletion

Unless specific retention periods are stated, stored data will be deleted once it is no longer necessary for its intended purpose and no statutory retention obligations apply.

If an account remains inactive for 12 months, it will be automatically deleted. Before deletion, affected users will receive an email notification with the opportunity to prevent deletion by logging in again.

If deletion is not possible because the data is required for other legally permissible purposes, processing will be restricted (data will be blocked and not processed for other purposes), e.g. for commercial or tax retention obligations.

‍

1.7. Rights of Data Subjects

You have the following rights regarding your personal data processed by us:
• Right of access
• Right to rectification or erasure
• Right to restriction of processing
• Right to object to processing based on legitimate interests pursuant to Art. 6(1)(f) GDPR
• Right to data portability
• Right to withdraw consent at any time (without affecting the lawfulness of processing prior to withdrawal)

You can exercise these rights using the contact details provided in this policy.

You also have the right to lodge a complaint with a data protection supervisory authority. Contact details can be found at:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

‍

1.8. No Obligation to Provide Data

You are neither contractually nor legally obliged to provide personal data. However, if you refuse to provide data required for using the App or data we are legally required to collect, you may not be able to use the App or only with limitations.

Mandatory fields are marked as such in the App.

‍

1.9. No Automated Individual Decision-Making

We generally do not use fully automated decision-making pursuant to Art. 22 GDPR. If we do so in individual cases, we will inform you separately.

‍

2. Specific Data Processing Activities

2.1. Downloading the App

The App is available in Google’s Play Store and Apple’s App Store (“Stores”).

When downloading the App, necessary information is transmitted to the Stores, in particular:
• Username
• Email address
• Customer account number
• Time of download
• Payment information
• Device identifier

We have no influence over this data collection and are not responsible for it. We process data only to the extent necessary for downloading the App to your mobile device.

‍

2.2. Information Security

When you use our App, we collect data required to ensure stability and security. The legal basis is Art. 6(1)(f) GDPR (legitimate interest).

‍

2.3. Collection of Personal Data

During registration, we collect the following mandatory information:
• Email address (for login and communication)
• Password (stored in encrypted form)

You may voluntarily provide additional profile information, such as:
• First and last name
• Nickname
• Favorite club
• Jersey number
• Profile picture
• Date of birth
• Preferred foot

These details are voluntary and serve only to personalize your profile.

Voluntary profile data is not used for personalized advertising or external analysis. It may be used in anonymized form for internal statistics (e.g. age structure analysis). You can edit or delete this data at any time in your profile settings.

‍

Access to Camera, Microphone and Speech Recognition

Our App requires access to:

Camera
To record your shot on video and analyze it afterward.
Videos are stored temporarily within the App and processed locally on your device.
Videos are explicitly not uploaded to any server.

Microphone
To allow voice commands to start video recording.
No audio recordings are stored.

Speech recognition
To enable your smartphone to process voice commands.

Access is granted only with your explicit consent and can be revoked at any time in device settings.

‍

Shot Analysis

We collect data when analyzing your shot.

Depending on the selected target area, we calculate a precision value. We also calculate the distance to the goal and the speed of the ball based on the image data. From these values, a score is calculated. mijo does not guarantee the accuracy of these values.

Data is stored on our servers as long as the player is active and deleted upon request. We explicitly do not store videos on external service provider servers.
Your videos remain exclusively on your smartphone. mijo has no access to them.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in offering an engaging performance comparison feature).

You may object to the display of your data at any time. We will then remove your profile from the App.

‍

2.4. User Account

You can create a user account in the App. The data requested and displayed in your profile in this context is initially processed on the basis of Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest is to provide you with the functions of the user account.

If you register your user account and agree to our Terms of Use, the data processing is carried out for the performance of the concluded user contract in accordance with Art. 6(1) sentence 1 lit. b GDPR.

As a verified user, you may voluntarily add further data to your user account. More information can be found in your user account.

‍

2.5. Single-Sign-On

Our App offers you the option to log in using Single Sign-On (SSO) with your existing Google or Apple account. Authentication is carried out directly by the respective provider (Google LLC or Apple Inc.), so we do not have access to your login credentials (e.g. password).

After successful authentication, the respective provider transmits certain data to us (e.g. name, email address), provided that you have consented. This data is used exclusively for creating and managing your user account in our App.

Please note that Google and Apple act as independent controllers for the processing of your login data.

Providers of the offered services are:

Apple Inc., Infinite Loop, Cupertino, CA 95014, USA
(Privacy Policy: https://www.apple.com/legal/privacy/de-ww/)

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
(Privacy Policy: https://policies.google.com/privacy)

‍

2.6. Contact

When you contact us, e.g. via email or telephone, the data you provide (e.g. names and email addresses) will be stored by us in order to answer your questions.

The legal basis for processing is our legitimate interest (Art. 6(1) sentence 1 lit. f GDPR) in responding to inquiries addressed to us. If the communication concerns the initiation of a user relationship or an existing user relationship, the legal basis is Art. 6(1) sentence 1 lit. b GDPR.

‍

2.7. Surveys

From time to time, we conduct surveys to better understand our users and their wishes. In doing so, we collect the requested data.

It is our legitimate interest to better understand our users and their needs, therefore the legal basis for the associated data processing is Art. 6(1) sentence 1 lit. f GDPR.

We delete the data once the survey results have been evaluated.

‍

2.8. Subscriptions

The mijo App contains functions to purchase paid content via the provider of the respective device’s App Store (Google for Android devices and Apple for iOS devices).
The mijo App uses the technical interface provided by the store provider to determine whether a purchase has been made. Communication with the provider’s App Store takes place in this context. The transmitted data is processed in accordance with the provider’s privacy policy and is not accessible to us.

The legal basis for the data processing associated with the initiation, execution, and termination of a subscription is Art. 6(1) sentence 1 lit. b GDPR.

‍

2.9. Newsletter

If you would like to subscribe to the newsletter offered in our App, we require your email address and information that allows us to verify that you are the owner of the email address and agree to receive the newsletter. No further data is collected.

This data is used exclusively for sending the requested information and is not passed on to third parties. The legal basis for data processing is your consent (Art. 6(1) lit. a GDPR).

You may withdraw your consent to the storage of data, the email address, and its use for sending the newsletter at any time, e.g. via the “unsubscribe” link in the newsletter. The legality of data processing carried out before the withdrawal remains unaffected.

If you are an existing customer, we may send you information about features, updates, and content of mijo via newsletter to your email address. The legal basis is our legitimate interest in providing further useful information about our offer, which outweighs your interest in non-processing (Art. 6(1) lit. f GDPR). You may object to receiving the newsletter at any time, e.g. via the link in the newsletter.

The data stored for newsletter purposes will be kept until you unsubscribe and deleted afterwards.

‍

2.10. Backup and Recovery Process

We regularly create backups of our systems to ensure the security and integrity of stored data. These backups serve exclusively to restore the system in case of technical problems or data loss.

Please note that personal data deleted at your request may not be immediately removed from backups. Such data may remain in backup systems for a limited period. Backups are stored in a defined rotation cycle and are automatically overwritten after a maximum of 90 days.

Backup management follows established security standards to prevent unauthorized access or misuse.

‍

2.11. Third-Party Tools

2.11.1. Hetzner Germany

We use Hetzner Germany for hosting.
Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

The provider processes usage data (e.g. interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

It is our legitimate interest to provide an App; therefore, the legal basis is Art. 6(1) sentence 1 lit. f GDPR. If hosting is necessary to fulfill obligations under our Terms of Use, the legal basis is Art. 6(1) sentence 1 lit. b GDPR.

Further information: https://www.hetzner.com/de/legal/privacy-policy/

‍

‍2.11.2 Auth0

We use Auth0 as an identity and access management provider.
Provider: Okta, 100 First Street, 6th Floor, San Francisco, CA 94105, USA.

Auth0 contributes to the security of the App. The legal basis is Art. 6(1) sentence 1 lit. f GDPR.

If no adequacy decision exists, Standard Contractual Clauses pursuant to Art. 46(2) lit. c GDPR apply.

Further information: https://www.okta.com/de/privacy-policy/

‍

2.11.3. Sentry

We use Sentry for application monitoring and error tracking.
Provider: Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA.

The provider processes usage data (e.g. interest in content, access times), content data (e.g. entries in online forms), and meta/communication data (e.g. device information, IP addresses).

Legal basis: Art. 6(1) sentence 1 lit. f GDPR (legitimate interest in providing a functioning App).

If you do not want error reports containing personal data to be transmitted to Sentry, you may object. Please contact privacy@mijo.team and we will disable error logging for your account.

Further information: https://sentry.io/privacy/

‍

2.11.4 ALL-INKL

We use All-Inkl for hosting (in particular for the LimeSurvey survey function and our email mailboxes).
Provider: ALL-INK.COM, Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

Legal basis: Art. 6(1) sentence 1 lit. f GDPR (legitimate interest in providing a functional App).

Further information: https://all-inkl.com/datenschutzinformationen/