This Application collects some Personal Data from its Users.
This document contains a section dedicated to Users in the United States and their privacy rights.
This document contains a section dedicated to Brazilian Users and their privacy rights.
This document can be printed for reference by using the print command in the settings of any browser.
Unless otherwise specified, all references made within this document refer to Users (Users, are referred to as 'you', 'your', yours') in the European Union and the European Economic Area
In principle, we do not use fully automated individual decision-making, including profiling, in
application of article 22 of the GDPR
Legal basis of processing for users in EU countries
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR.
Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
The provider Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (hereinafter referred to as "Strato") allows you to view content hosted on the Strato Platform. When you visit our app, Strato records logfiles.
We use Strato to ensure the functionality of our app and thereby to enhance the learning experience of our app by downloading content from Strato. Our app uses Strato’s servers located in Germany to download videos displayed to our users. This use of Strato is based on our legitimate interest in presenting our content in an appealing manner. Strato allows us to securely store and deliver necessary content to our users. Strato is used on the basis of Art. 6 (1)(f) GDPR. We have a legitimate interest in ensuring that our learning content is presented as reliably as possible.
Data processed: IP address; name of the requested video file; date and time of the request, status code (meaning for example, if the video could successfully be downloaded, or if the download failed or was rejected); size of the downloaded video file; user agent (this means information about the programming language "Dart" and language version e.g. "Dart/2.19" used for programming the Moreover app).
For more information, please consult the Strato Data Privacy Policy: https://www.strato.de/datenschutz/ and https://www.strato.de/blog/dsgvo-logfiles/
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR:
https://www.strato.de/agb/avv/
For the transmission and verification of in-app purchases we use RevenueCat, a service provided by RevenueCat, Inc., 633 Tarava St. Suite 101, San Francisco, CA 94116, USA (“RevenueCat”).
As part of processing via RevenueCat, data may be transferred to the USA. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards.
The SCC: https://www.revenuecat.com/dpa
RevenueCat makes use of anonymous identifiers and does not collect any Personally Identifiable Information (PII). For more information, please see RevenueCat's page on Privacy-Focused In-App-Subscriptions: https://www.revenuecat.com/blog/engineering/privacy-focused-subscriptions-in-your-swift-app/
The legal basis for the processing is Art. 6 (1)(b) GDPR and Art. 6 (1)(f) GDPR.
If you do not want RevenueCat to process your data, please do not make in-app purchases.
For more information, please see RevenueCat’s Terms (https://www.revenuecat.com/terms/) and Privacy Policy (https://www.revenuecat.com/privacy/).
a) This type of service allows you to view content hosted on Vimeo. Vimeo is a video content visualization service provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA, that allows this Application to incorporate content.
If you are not logged in within the app with the email address of a partnering university located in the European Union, a connection will be established with Vimeo's servers when starting a lesson within our app. As a consequence, the Vimeo server will receive your IP address. The information recorded by Vimeo will be transmitted to Vimeo’s server in the United States. Vimeo processes the IP address to prevent cyber attacks (Denial of Service attacks).
The use of the Vimeo API is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the EuropeanCommission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
For more information on how Vimeo handles user data, please consult the Vimeo Data Privacy Policy under: https://vimeo.com/privacy.
b) If you are logged in within the app with the email address of a partnering university located in the European Union, no connection will be established with Vimeo’s servers and hence, no data will be transmitted to Vimeo.
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
Supabase is a registration and authentication service provided by Supabase, Inc., 970 Toa Payoh North #07 -04, Singapore 318992 (“Supabase ”).
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards. The SCC: https://supabase.com/legal/dpa.
The legal basis for the processing is Art. 6 (1)(b) GDPR and Art. 6 (1)(f) GDPR.
For more information, please see Supabase´s Privacy Policy under: https://supabase.com/privacy
Personal Data processed: email address; password; IP address; date and time of registration and last login
Pseudonymisation and encryption: Stored Data is encypted where appropriate, including any backup copies of the data. All hard discs are encrypted-at-rest using the industry-standard AES-256 algorithm. Regularly scheduled backups are also encrypted-at-rest using AES-256 algorithm. The encryption keys are in turn protected by keys stored using FIPS 140-2 compliant HSMs. All data is encrypted in transit using TLS with modern cyphersuits.
User passwords are hashed with bcrypt.
Place of processing: Germany, Frankfurt
This Application may send push notifications to the User to achieve the purposes outlined in this privacy policy.
Users may in most cases opt-out of receiving push notifications by visiting their device settings, such as the notification settings for mobile phones, and then change those settings for this Application, some or all of the apps on the particular device.
Users must be aware that disabling push notifications may negatively affect the utility of this Application.
GbR Philipp Laurenz, Peter Laurenz, Paula Patel
Mendelstraße 11
48149 Münster
Germany
Owner contact email: info@moreover.app
GbR Philipp Laurenz, Peter Laurenz, Paula Patel
Mendelstraße 11
48149 Münster
Germany
Owner contact email: info@moreover.app
The owner does not provide a list of Personal Data types collected.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools — by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
The Owner may process Personal Data relating to Users if one of the following applies:
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.
Therefore:
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following, to the extent permitted by law:
Users are also entitled to learn about the legal basis for Data transfers abroad including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Owner will inform them about those recipients.
This section of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the entity running this Application and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).
This section applies to all Users in Brazil (Users are referred to below, simply as “you”, “your”, “yours”), according to the "Lei Geral de Proteção de Dados" (the "LGPD"), and for such Users, it supersedes any other possibly divergent or conflicting information contained in the privacy policy.
This part of the document uses the term “personal information“ as it is defined in the LGPD.
We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:
To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.
To find out what categories of your personal information are processed, you can read the section titled “Detailed information on the processing of Personal Data” within this document.
To find out why we process your personal information, you can read the sections titled “Detailed information on the processing of Personal Data” and “The purposes of processing” within this document.
You have the right to:
You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.
You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this document, or via your legal representative.
We will strive to promptly respond to your requests.
In any case, should it be impossible for us to do so, we’ll make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests, if we are in the position to do so.
In the event that you file an access or personal information processing confirmation request, please make sure that you specify whether you’d like your personal information to be delivered in electronic or printed form.
You will also need to let us know whether you want us to answer your request immediately, in which case we will answer in a simplified fashion, or if you need a complete disclosure instead.
In the latter case, we’ll respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.
In the event that you file a rectification, deletion, anonymization or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to enable such third parties to also comply with your request — except in cases where such communication is proven impossible or involves disproportionate effort on our side.
We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:
This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running this Application and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).
The information contained in this section applies to all Users (Users are referred to below, simply as “you”, “your”, “yours”), who are residents in the following states: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon and Montana.
For such Users, this information supersedes any other possibly divergent or conflicting provisions contained in the privacy policy.
This part of the document uses the term Personal Information.
The following Notice at collection provides you with timely notice about the categories of Personal Information collected or disclosed in the past 12 months so that you can exercise meaningful control over our use of that Information.
While such categorization of Personal Information is mainly based on California privacy laws, it can also be helpful for anyone who is not a California resident to get a general idea of what types of Personal Information are collected.
ℹ️ You can read the definitions of these concepts inside the “Definitions and legal references section” of the privacy policy.
To know more about your rights you can refer to the “Your privacy rights under US state laws” section of our privacy policy.
For more details on the collection of Personal Information, please read the section “Detailed information on the processing of Personal Data” of our privacy policy.
We won’t process your Information for unexpected purposes, or for purposes that are not reasonably necessary to and compatible with the purposes originally disclosed, without your consent.
We collect the above-mentioned categories of Personal Information, either directly or indirectly, from you when you use this Application.
For example, you directly provide your Personal Information when you submit requests via any forms on this Application. You also provide Personal Information indirectly when you navigate this Application, as Personal Information about you is automatically observed and collected.
Finally, we may collect your Personal Information from third parties that work with us in connection with the Service or with the functioning of this Application and features thereof.
You may exercise certain rights regarding your Personal Information. In particular, to the extent permitted by applicable law, you have:
In addition to the rights listed above common to all Users in the United States, as a User residing in California, you have
In addition to the rights listed above common to all Users in the United States, as a User residing in Virginia, Colorado, Connecticut, Texas and Oregon, you have
In addition to the rights listed above common to all Users in the United States, as a User residing in Utah, you have
To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this document.
For us to respond to your request, we must know who you are. We will not respond to any request if we are unable to verify your identity and therefore confirm the Personal Information in our possession relates to you. You are not required to create an account with us to submit your request. We will use any Personal Information collected from you in connection with the verification of your request solely for verification and shall not further disclose the Personal Information, retain it longer than necessary for purposes of verification, or use it for unrelated purposes.
If you are an adult, you can make a request on behalf of a child under your parental authority.
In addition to what is stated above, to exercise your right to opt-out of Sale or Sharing and Targeted Advertising you can also use the privacy choices link provided on this Application.
If you want to submit requests to opt out of Sale or Sharing and Targeted Advertising activities via a user-enabled global privacy control, such as for example the Global Privacy Control (“GPC”), you are free to do so and we will abide by such request in a frictionless manner.
We will respond to your request without undue delay, but in all cases within the timeframe required by applicable law. Should we need more time, we will explain to you the reasons why, and how much more time we need.
Should we deny your request, we will explain to you the reasons behind our denial (where envisaged by applicable law you may then contact the relevant authority to submit a complaint).
We do not charge a fee to process or respond to your request unless such request is manifestly unfounded or excessive and in all other cases where it is permitted by the applicable law. In such cases, we may charge a reasonable fee or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind them.
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) or use other Personal Data (such as the IP Address) for this purpose.
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.