Privacy Policy

Data Protection Information for Neroia GmbH

Status: 01.25.2025

In order for you to understand the processing of your data in connection with the use of the Neroia App (hereinafter "Neroia App"), we provide an overview of this processing. This data protection information contains general information about how we handle your data and details about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Table of Contents

I. General Information

Contact Us

The controller responsible for data processing is:

Our Data Protection Officer can be reached at: datenschutz@neroia.com or at our postal address with the addition "the data protection officer."

Legal Basis

The term "personal data" refers to all information that relates to an identifiable individual, such as names, email addresses, and data related to user behavior. We process personal data in compliance with GDPR and BDSG, based on legal permissions including:

• Your consent (Art. 6 (1) (a) GDPR),
• Fulfillment of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR),
• Compliance with legal obligations (Art. 6 (1) (c) GDPR), or
• Our legitimate interests, provided they are not overridden by your interests or rights (Art. 6 (1) (f) GDPR).

Duration of Storage

We store personal data only for as long as necessary to achieve the processing purpose or meet contractual and legal obligations, such as retention periods under tax or commercial law. Anonymized data may be retained indefinitely for statistical or product development purposes.

Recipients of the Data

We engage service providers to process data, such as hosting and maintaining the Neroia App. Service providers are contractually obligated to process data under strict confidentiality and data security measures. In specific circumstances, data may be shared with:

• IT service providers for application support,
• Analytics providers for anonymized performance monitoring, and
• Regulators or legal authorities, if required by law.

Transfer of Data to a Third Country

Personal data may be transferred to third countries outside the European Union (EU) or European Economic Area (EEA) only when adequate safeguards are in place, such as:

• EU Commission adequacy decisions,
• Standard contractual clauses, or
• Additional technical measures to ensure data security.

Data Security

We implement technical and organizational measures to protect your data from unauthorized access, manipulation, and other risks. These measures include:

• End-to-end encryption of transmitted data,
• Role-based access controls for internal data processing,
• Regular vulnerability assessments and audits.

Your Rights

You have the right to:

• Request access to your personal data (Art. 15 GDPR),
• Request rectification of inaccurate data (Art. 16 GDPR),
• Request deletion of your data (Art. 17 GDPR),
• Restrict processing (Art. 18 GDPR), and
• Data portability (Art. 20 GDPR).

You can revoke your consent at any time (Art. 7 para. 3 GDPR) and lodge complaints with a supervisory authority.

Right of Objection

You have the right to object to data processing based on legitimate interests (Art. 6 (1) (f) GDPR). If you object, we will evaluate your objection and either cease processing or provide compelling reasons for continuing.

Changes to Privacy Policy

We reserve the right to modify this privacy policy to reflect new legal requirements or improvements to the Neroia App. The latest version will apply upon your next visit.

II. Specific Data Processing

Purpose and Scope

The Neroia App is a B2B SaaS platform designed for corporate use. Personal employee data is anonymized and aggregated to support personalized recommendations and improve the platform through machine learning.

Download and Installation of the Neroia App

When downloading the Neroia App from the Apple App Store or Google Play Store, data such as username, email address, device identifiers (e.g., IMEI), and OS version are collected by the app stores. These providers act as independent controllers under GDPR.

Data Collected During Usage

When using the Neroia App, we collect anonymized data such as:

• Location data for activity suggestions,
• Interaction data for recommendation optimization,
• Preferences for personalization of activities and content.

Employee Data Anonymization

All personal data of employees is anonymized and aggregated. This ensures that individual users cannot be identified. Aggregated data is utilized solely for:

• Product improvement through machine learning,
• Enhancing the relevance of activity suggestions.

Location Data

Location data is collected with user consent for the purpose of providing location-based recommendations. This data is anonymized and not used to create movement profiles.

Behavioral and Interaction Data

User behavior data, including interactions within the app, is collected to enhance personalization and app functionality. Processing is based on legitimate interest (Art. 6 (1) (f) GDPR).

Aggregated Data Usage for Machine Learning

Aggregated, anonymized data is used to improve the platform's algorithms. This data supports:

• Enhanced activity recommendations,
• Customization for corporate partners,
• Predictive analytics for employee engagement.

Data Transfers to Third-Party Services

We use cloud-based services for hosting and data storage. These services comply with GDPR requirements and use secure data transfer mechanisms.

III. Compliance and Transparency

User Rights and Transparency

Users may inquire about their anonymized data usage and request deletion of their personal profile within the platform.

Reporting Violations or Concerns

If you believe your data has been misused, you can report this to our Data Protection Officer or file a complaint with the relevant supervisory authority.

Supervisory Authority Contact Information

You can find a list of supervisory authorities at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.