Note: This Privacy Policy is a translation from German to English. The German version is legally binding. You can find it here.

Privacy Policy

“kula” (short: website or app) is a (cloud) service of kula app GmbH (short: kula), company registration number FN 584452 p, Taubstummengasse 11, 1040 Vienna, with multiple clients (iOS apps, Android apps, web client), to offer various creative digital services. We inform you in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG) about what information we collect, how we use data, and what choices you have as a visitor to the website or user of the apps.

1. Automatic Data Storage

1.1 When you visit our website or use our apps, our web server automatically stores data such as the address (URL) of the accessed webpage, browser and browser version, the operating system used, the address (URL) of the previously visited page (referrer URL), the hostname and IP address of the device from which access is made, and date and time in files (web server log files).

1.2 Web server log files are generally stored for two weeks and then automatically deleted. We do not share this data, but cannot exclude that it may be viewed in the event of unlawful conduct. The legal basis pursuant to Art. 6(1)(f) GDPR (lawfulness of processing) is that there is a legitimate interest in enabling the error-free operation of this website by recording web server log files.

2. Storage of Personal Data

2.1 Personal data that you transmit to us electronically on this website or the apps, such as name, email address, address or other personal details as part of submitting a form or comments on the platform (in the app), is used by us together with the time and IP address only for the stated purpose, stored securely and possibly passed on to our service providers (provider, cloud).

2.2 We use your personal data only for communication with those visitors who expressly wish to make contact and for the processing of services and products offered on this website. We do not pass on your personal data without consent, but cannot exclude that this data may be viewed in the event of unlawful conduct.

2.3 If you send us personal data by email — thus outside this website — we cannot guarantee secure transmission and the protection of your data.

2.4 The legal basis pursuant to Art. 6(1)(a) GDPR (lawfulness of processing) is that you give us consent to process the data you have entered. You can withdraw this consent at any time — an informal email is sufficient; you can find our contact details in the imprint.

3. Use of Apps

3.1 We point out that for the purpose of easier ordering and subsequent contract processing, the IP data of the connection holder is stored via cookies, as well as the name, address and credit card number of the buyer.

3.2 Furthermore, the following data is also stored with us for the purpose of contract processing: name and contact details of the institution, organization or company you represent. The data you provide is necessary for the fulfillment of the contract or for carrying out pre-contractual measures. Without this data, we cannot conclude the contract with you. Data is not transmitted to third parties, with the exception of the transmission of credit card data to the processing banking institutions / payment service providers for the purpose of debiting the purchase price, as well as to our tax advisor or legal advisor to fulfill our legal obligations.

3.3 After abandonment of the ordering process, the data stored with us is deleted. In the event of a conclusion of contract, all data from the contractual relationship is stored until the expiry of the tax retention period (7 years). The data processing is based on the legal provisions of § 96(3) TKG and Art. 6(1)(a) (consent) and/or (b) (necessary for contract fulfillment) of the GDPR.

4. User Registration

4.1 The data entered by the user during registration on all websites or in apps is used for the purposes of using the service. We store the personal data provided during registration with consent as a personal profile so that future visits can be made with username and password.

4.2 By registering, the user consents to the use and exploitation of the personal data provided by them, such as name, address, email, phone number, bank details for proper contract fulfillment, for billing and for advertising purposes or feedback. User-related data is stored and processed for customer care and only passed on to third parties if this is necessary for contract fulfillment.

4.3 We also send administrative notifications by email that are part of the use of the respective product. Service notifications inform about important changes regarding the subscribed product. Unsubscribing from these email notifications is only possible if the contractual relationship regarding the use of the product has been terminated.

Data categories: Order data, customer data, contact data, bank data, user data

Purpose: Providing online products, registration function, user account, account management, billing

Legal basis: Contract fulfillment, legitimate interest, consent, legal obligation

4.4 If registration takes place via a campaign with one or more partner companies, customer data may be shared with the partner companies within the scope of contractually agreed support services and app publication. These companies, also listed per campaign under point 12, use the data exclusively to provide support and for app publication and do not process it for other purposes. Which partner companies are involved can be recognized by the attached logos of the companies on our campaign-related landing pages.

5.1 Children who wish to order our digital content (via the app) before the age of 14 require the consent of their guardians (especially parents).

6. Rights

6.1 According to the provisions of the GDPR and DSG, you generally have the following rights:

Rectification (Art. 16 GDPR)
Erasure (“right to be forgotten”, Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Notification — obligation to communicate in connection with rectification or erasure of personal data or restriction of processing (Art. 19 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Not to be subject to a decision based solely on automated processing — including profiling (Art. 22 GDPR)

6.2 If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated, you can complain to the supervisory authority, which in Austria is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/

7. Automated Individual Decisions

7.1 We do not use applications that make automated individual decisions or profiling.

8. TLS Encryption with HTTPS

8.1 We use HTTPS to transmit data securely on the internet. By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small padlock symbol in the browser and the use of the scheme https (instead of http) as part of our internet address.

9. Cookies

9.1 Our websites use HTTP cookies to store user-specific data. A cookie is a short data packet exchanged between web browser and web server, which has no significance for them but gains meaning for the web application, e.g. an online shop, such as the contents of a virtual shopping cart. If no cookie banner is visible, we do not use cookies.

9.2 There are two types of cookies: first-party cookies are created by our website, third-party cookies are created by other websites (e.g. Google Analytics). Three categories of cookies can be distinguished: strictly necessary cookies to ensure basic website functions, functional cookies to ensure website performance, and targeting cookies to improve the user experience.

9.3 We use cookies to make our website more user-friendly. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit.

9.4 If you want to determine which cookies are stored in your browser, change cookie settings or delete cookies, you can find this in your browser settings. If you do not want data to be stored in cookies, you can set up your browser to inform you when cookies are set and only allow this in individual cases. You can delete cookies already on your computer at any time or deactivate cookies. If you generally do not allow us to use cookies, i.e. deactivate them via browser settings, some functions and pages may not work as expected.

10. Analytics

10.1 We use Google Analytics by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on some of our websites to statistically evaluate visitor data. Google Analytics uses targeting cookies for this purpose. More information on terms of use and privacy can be found at http://www.google.com/analytics/terms/de.html.

10.2 Our concern in terms of GDPR is the improvement of our offer and our web presence. Since the privacy of our users is important to us, user data is pseudonymized. Data processing is based on the legal provisions of § 96(3) TKG and Art. 6(1)(a) GDPR (consent) and/or (f) (legitimate interest).

10.3 Using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js), website visitors can prevent Google Analytics from using their data.

10.4 You can prevent the collection of data generated by the cookie and related to your use of the website to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

10.5 If you click on the deactivation link on our website, you can prevent Google from recording further visits to this website. Note: Deleting cookies, using incognito/private mode in your browser, or using a different browser will result in data being collected again.

11.1 We embed elements of social media services on our website to display images, videos and texts. By visiting pages that display these elements, data (IP address) is transmitted from your browser to the respective social media service and stored there. We have no access to this data. You can recognize the corresponding services by the plug-ins or buttons, and we ask you to read the relevant privacy notices of these third-party providers.

12. Third Parties

12.1 We currently use the services of the following providers:

Auth0: User Authentication Management https://auth0.com/privacy
SendGrid: Mail provider for automatic emails https://sendgrid.com/policies/privacy/
Heroku: Cloud service provider (server cluster) https://www.heroku.com/policy/promise
Amazon Web Services AWS: Various services for cloud applications and communication with clients are used here. AWS S3 File Storage is also used for storing media files in the system. See https://aws.amazon.com/privacy
Internex: Database and Redis cache with server location in Vienna. https://www.internex.at/de/datenschutz-erklaerung/
CloudAMQP: RabbitMQ message broker, used for communication within cloud processes. Also running on AWS in the EU West (Ireland) region. https://www.cloudamqp.com/privacy_policy.html
Cloudflare: DNS layer, protection for our domains. https://www.cloudflare.com/security-policy/
Stripe: Service for processing automatic payments https://stripe.com/at/privacy
Google Analytics: Website analysis tools https://policies.google.com/privacy
Sentry: Crash reports and error detection of cloud software
loader.io: Performance and load benchmarks https://sendgrid.com/policies/privacy/
Coralogix: Server log collection, processing and analysis https://www.solarwinds.com/legal/privacy
Logentries: Alternative to Coralogix https://www.rapid7.com/privacy-policy
Librato: Real-time cloud metrics monitoring. Used to analyze system health https://www.solarwinds.com/legal/privacy

12.2 In mobile apps, we additionally use:

Fabric Crashlytics: Collecting crash reports, part of Firebase https://fabric.io/terms
Fabric Answers: Event-based analytics. The app can record various events and thus enable anonymous usage analysis. https://fabric.io/terms
Google AdMob: Provider for app advertising (only integrated in selected apps) https://support.google.com/admob/answer/6128543?hl=en
Apple Developer: Used for distribution and sales (Apple Pay, iTunes) of apps in the macOS and iOS App Store https://www.apple.com/legal/privacy/en-ww/
Google Developer: Used for distribution and sales (Google Pay) of apps in the Google Play Store https://policies.google.com/privacy

12.3 For support, marketing and app publication, we additionally work per campaign with:

12.3.1 Campaign “Appful” (https://web.kula.app/campaign/appful)

Appful GmbH: (https://home.appful.io/de/appful-agb/)

12.3.2 Campaign “BTV” (https://web.kula.app/campaign/btv)

Appful GmbH: (https://home.appful.io/de/appful-agb/)
HEIMSPIELE GmbH & Co (https://heim-spiele.com/datenschutz/)
Badischer Tennisverband e.V. (https://www.tennis.de/footer/datenschutzerklaerung.html)

These partners are clearly identified on the respective campaigns and landing pages through logos and links.

13. Contact Details

13.1 Contact us at legal@kula.app for further questions and suggestions. The imprint can be found at www.kula.app/imprint. Contact person for data protection matters: Mag. Philip Raffling at philip.raffling@meta-legal.at