Data Policy

General information on data protection

1. Subject of the data protection information

The privacy policy covers information on data processing in the context of accessing our website and using our app.

2. Responsibility and contact

The controller responsible for the processing of personal data is Fell Ventures 1 GmbH. Further information can be found in our legal notice (Impressum). You can reach us in matters of data protection via e-mail at privacy@ria-care.de.

Data processing when accessing our website

  1. Logfiles
    When our websites are accessed, a log data record (server logfiles) is stored on our web server, which includes, among other things, the IP address. The data within these server logfiles is required, among other things, to display the contents of our websites correctly and to ensure the secure operation of our IT infrastructure (Art. 6 para. 1 f) GDPR; Sec. 25 para. 2 TDDDG). The logfiles are deleted regularly and automatically. Should you require further information, please feel free to contact us at any time using the contact details provided above.
  2. Cookies
    We use cookies on our websites. Details on the cookies used when you visit our website, their storage duration, and information on how you can delete the data collected here can be found in the data protection settings. We distinguish between necessary cookies, which are required, for example, to provide the basic functions of the website. The legal basis for these cookies is Sec. 25 para. 2 no. 2 TDDDG. Cookies that enable us, among other things, to analyze visits to the website or to display targeted marketing measures, require prior consent (the legal basis here is Sec. 25 para. 1 TDDDG). The same applies in cases where access is otherwise taken to information stored on your end device (e.g., IP address).
  3. Tools
    Our website and our app use various services and applications (collectively “tools”), which are offered either by us or by third parties. These include in particular tools that use technologies to store or access information on the end device (e.g., cookies, web storage, JavaScript, or pixels). Details on the tools, in particular the cookies used, can be found in the data protection settings. We distinguish between tools that are absolutely necessary, for example to provide the basic functions of the website or to make an expressly requested service available (the legal basis for the use of these tools is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR, or Sec. 25 para. 2 no. 2 TDDDG), and tools that are not strictly necessary and that, for example, enable us to analyze visits to the website or display targeted marketing measures. For the use of these tools, we require your prior consent, Art. 6 para. 1 a) GDPR or Sec. 25 para. 1 TDDDG.
  4. Management and configuration of tools and cookies
    Our website uses a so-called cookie consent management tool to manage and control the consents that may be required for storing or loading certain tools. The data processing associated with this is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis is Art. 6 para. 1 c), f) GDPR, particularly based on our interest in fulfilling the legal requirements for consent management (Sec. 25 para. 2 no. 2 TDDDG). You can withdraw your consent for specific tools at any time. To do so, click on the data protection settings. There you can also change the selection of tools for which you wish to give consent and obtain additional information about the cookies and their respective storage duration. Alternatively, you can assert your withdrawal directly with the provider for certain tools. Should you have questions about the provider or require further information, you may contact us at any time using the contact details provided above.

Data processing when using the Ria app

  1. Profile creation
    When creating a profile for the use of the app, we collect your personal data as the account holder in the scope indicated there. This initially includes contact and registration data (name, email, password, telephone number). The data processing serves the purpose of setting up the Ria user account and creating and managing the persons (in particular the storyteller) who ultimately wish to record and share their stories, among other things, or wish to listen to stories. The processing is carried out on the basis of Art. 6 para. 1 b) GDPR and additionally on the basis of consent to data processing under Art. 6 para. 1 a) GDPR. In this case, you may withdraw your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of the consent until withdrawal.
  2. Use of the Ria app
    In the context of using the Ria app and the functions available through it, we process the contact data of the respective users (name, address, date of birth, email, telephone number) as well as the stories, narratives, and information provided (text and voice messages as well as uploaded photos). However, we process this data exclusively insofar as this is necessary to provide the app and to record and reproduce the stories and narratives as well as to handle any inquiries and recommendations via our chatbot, Art. 6 para. 1 f) GDPR.
    If and insofar as we cooperate with service providers, for example to host the app or maintain it technically, we have ensured that this always takes place on the basis of the necessary agreements on commissioned processing and that the implemented technical and organizational measures guarantee the highest possible level of data security. Your data is not passed on, disclosed, or processed otherwise. In all cases we strictly comply with the statutory requirements. The scope of data transmission is limited to a minimum.
    Should you have questions regarding this, we are happy to assist at privacy@ria-care.de.
  3. Use of AI
    In connection with the use of our chatbot, personal data may be processed using artificial intelligence. Automated/autonomous answers and/or recommendations are created based on the input content and information provided. In particular, contact data as well as form or chat content are recorded and analyzed by AI models. The legal basis for this is Art. 6 para. 1 a) GDPR, Sec. 25 para. 1 TDDDG (i.e., your consent).
    To generate chatbot responses, the Azure OpenAI Service of Microsoft Ireland Operations Ltd. is used. Processing by Azure OpenAI takes place exclusively in European data centers. No further transmission and/or provision of data to third parties takes place. Further information on data processing by Microsoft can be found in the Privacy Policy of the Microsoft Azure OpenAI Service.
    Your inputs or information are processed exclusively temporarily (for the duration of the existence of a Ria account plus an additional period of six (6) months thereafter to download the content) and serve solely for recording and processing the information and stories provided. There is no permanent storage of chat content (after deletion of the Ria account), no profiling, and no automated decision-making with legal effect. Should you voluntarily provide personal data in the course of usage, this data will likewise be used exclusively for the purpose of story creation and will also not be stored permanently.
    If we additionally collect data or process it for other purposes (e.g., in connection with statistical or scientific analyses), we will obtain separate consent for this (Art. 6 para. 1 a) GDPR, Sec. 25 para. 1 TDDDG).
  4. Data processing when downloading and using the app
    When downloading our mobile app, the necessary information is first transmitted to the App Store, in particular your username, email address and customer number of your account, time of download, and the individual device identifier. The respective App Store also independently collects various data and provides you with analysis results. We have no influence on this data processing and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile app onto your mobile device.
    When you use our mobile app, we process (in addition to the data mentioned above) the following data, which is technically necessary for us in order to offer you the functions of our mobile app and to ensure stability and security, so that it must be processed by us. The legal basis is Art. 6 para. 1 f) GDPR (IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (visited page), access status/HTTP status code, amount of data transferred, previously visited page, browser, operating system as well as language and version of browser software. Furthermore, to provide the services of the app, we require your device identification, unique device number (IMEI = International Mobile Equipment Identity), unique subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN usage, name of your mobile device, email address).
    In addition to the data mentioned above, technical tools for various functions are used when you use our mobile app, particularly cookies that may be stored on your end device (Sec. 25 para. 2 no. 2 TDDDG).
    In iOS, you have various options to largely restrict advertising and tracking. Tracking generally operates via the so-called “Advertising Identifier” (IDFA). This is a unique, yet not personalized and not permanent identification number for a specific end device, provided by iOS. The data collected via the IDFA is not linked to other device-related information. We use the IDFA to provide you with personalized advertising and to be able to analyze your usage.
    If you open the “Privacy” option in the iOS settings, you can largely deactivate advertising analysis under “Tracking”. If you activate the function “Allow apps to request to track”, our app will ask you upon first usage whether you agree to advertising measures, and you can activate or deactivate advertising. Furthermore, in the “Privacy” option you can select “Apple Advertising” and deactivate “Personalized Ads”. In the “Analytics & Improvements” option, you can also deactivate the functions “Share iPhone Analytics” and “Improve Siri & Dictation”, which means that no statistical information about your use of iOS is transmitted to Apple. We point out that you may not be able to use all functions of our app if you restrict the use of the IDFA.

Social media

We operate presences on online platforms and social networks to interact with potential or existing customers, exchange with interested parties and users, or promote offers and services. We operate our presences in so-called joint (data protection) responsibility with the providers. Data that you share or publish directly via the online platforms and networks (e.g., via comment and chat functions) are processed by us as controllers in order to interact with you where applicable or to exchange with you. In the context of this interaction, we may also receive statistical data from the platform operators on the use of our “channels and fan pages”. This includes, for example, information on interactions, likes, comments, or aggregated information and statistics (e.g., IP address; origin of followers), which help us learn more about interactions with our page. The legal basis for data processing within our area of responsibility is Art. 6 para. 1 sentence 1 f) GDPR.
However, the providers also process data under their own responsibility. We have no influence on data processed by the provider under its own responsibility according to its own terms of use and privacy conditions. We point out that when accessing the providers mentioned above, additional data (e.g., your “usage” and “browsing behavior”) may be collected and possibly transmitted to the provider. Please also note that in the event of interaction via the aforementioned media, data may also be processed outside the territory of the European Union. Furthermore, user data is generally processed for market research and advertising purposes. For example, usage profiles may be created from usage behavior and resulting interests of users. These usage profiles can, in turn, be used to display advertisements within and outside the platforms that are presumed to match the interests of the users. Further information can be found in the privacy information of the respective providers.
If we hold personal data concerning you in connection with the use of the online platforms and networks, please direct your concerns to us. If you additionally wish to assert rights against a specific provider, please contact the respective provider.

Your rights

You may assert your rights regarding your processed personal data at any time towards us using the contact details provided at the beginning. In particular, you have the following rights:

Art. 15 GDPR: Right of access to your data processed by us
This includes in particular access to the processing purposes, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details.

Art. 16 GDPR: Right to rectification of incorrect data or completion of your data stored by us.
The right to rectification means in particular that you have the right to demand from us without delay the correction of inaccurate personal data concerning you and the completion of incomplete personal data.

Art. 17 GDPR: Right to erasure of your data stored by us.
The right to erasure means that you generally have the right to demand that personal data concerning you be deleted without delay, and we are obliged to delete personal data without delay. This may be the case, for example, if personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

Art. 18 GDPR: Right to restriction of processing.
The right to restriction may be relevant if you contest the accuracy of personal data.

Art. 20 GDPR: Right to receive your data ("data portability").
The right to receive means that you generally have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us.

Art. 21 GDPR: Right to object to processing, insofar as processing is based on Art. 6 para. 1 sentence 1 e) or f) GDPR.
As the data subject, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6 para. 1 e) or f) GDPR; this applies also to profiling based on these provisions. Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this applies also to profiling to the extent that it is related to such direct marketing.

Art. 77 GDPR: Right to lodge a complaint with a supervisory authority.