Personal Data Processing Policy

Version 1.7, 20 December 2023

This is Dappre B.V.’s Personal Data Processing Policy regarding the use of the Dappre App with its Cards, Clubs and Coins modules and the websites dappre.com and scoorvoorjeclub.nl (collectively ‘Dappre’). This privacy policy explains how you can collect, use, process and control your personal data when you use our app and services. Your privacy is important to us, and we are committed to protecting the data that you provide to us.

1. When does this policy processing personal data apply?

Personal data: you can use the Dappre App Cards module and the Clubs and Coins services provided by Dappre to process personal data. Dappre will not have access to this data.

On the websites of Dappre and in the Dappre App you may find one or more links to third party websites. You are free to use or not to use those links. However, we do not accept responsibility for the processing of your personal data by the operators of these websites. This policy does not apply to the use of such websites.

By using the Coins module in the Dappre App you can collect distance, time, cadence and heart rate data of your cycling and walking activities. The data thus collected by your device will be processed on your device to calculate the number of Coins to which you are entitled. You can share the outcome of this calculation with Dappre in order to claim the Coins to which you are entitled. The outcome of the calculation on the client side does not contain personal data.

2. Legal context

In the Dappre App Cards module and in the context of the Clubs and Coins services, Dappre processes personal data as an information service provider on the basis of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), as transposed into the Law of The Netherlands in section 196c Boek 6 BW (Book 6 Civil Code) jo. section 15, lid 3 Boek 3 BW (Book 3 Civil Code).

3. Who is responsible for your data?

In cases in which the Dappre app or Dappre services process personal data, the private limited liability company Dappre B.V. is the controller: Dappre B.V.
Eindhovenseweg 22a
5281 RA Boxtel
Netherlands
Chamber of Commerce number: 72325747

4. What data can you process on your device?

If you choose to use the Coins module in the Dappre App you can collect the following health-related data:

1. CyclingPedalingCadenceRecord: Information about your cycling pedaling cadence to be able to reward you with (Fit-)Coins.
2. DistanceRecord: Distance covered through cycling and walking activities, which is the basis of the (Fit-)Coins reward program.
3. ExerciseSessionRecord: Walking and cycling exercise sessions, as these generate rewards.
4. HeartRateRecord: Heart rate data to enhance the accuracy of activity tracking within the app.
5. StepsCadenceRecord and StepsRecord: These records are used to track your steps within the app to be able to reward you accurately.

The websites dappre.com and scoorvoorjeclub.nl

On our websites dappre.com and scoorvoorjeclub.nl we keep track of general visiting data. These data are used for analysis of visiting and clicking behavior on the website. Dappre B.V. uses this information to improve the functioning of its websites. These data are anonymized as much as possible and are not shared with others.

Google Analytics

On our websites dappre.com and scoorvoorjeclub.nl we use Google Analytics. We have concluded a processing agreement with Google. The last octet of the IP address is masked. ‘Data sharing’ in the administration environment is disabled. We do not use other Google services in combination with the Google Analytics Cookies. We have not given Google permission to use Analytics information obtained through dappre.com or scoorvoorjeclub.nl for other Google services and incidentally Google Analytics set up in accordance with the recommendations of the Data Protection Authority of The Netherlands.

Google Firebase Services

Our Dappre App makes use of Google Firebase Services. Firebase gives us insight into the performance and stability of our app, so we can troubleshoot and make improvements. Firebase itself does not collect any personal data.

By default, Firebase’s SDK (‘software development kit’) collects ‘identifiers’ for mobile devices (e.g. Android ‘Advertising ID’ and ‘Advertising Identifier’ for iOS). In doing so, the SDK uses technologies similar to cookies. This ‘Advertising ID’ can be reset on the mobile device. If the Advertising ID is not available, the hardware ID of the device, for example the Android ID (SSAID), is collected instead. This alternative Advertisement ID generally cannot be reset. We have not given Google permission to use data obtained through the Dappre App for other Google services.

Dappre via Social Media

Dappre B.V. can be active, just like you, on various social media platforms, such as Twitter and YouTube. When you interact with us via social media (for example when you post a comment, upload media or send a personal message it is possible that we receive personal data from you (such as your username, profile picture, place of residence, email address or your gender). In such a case, we will only process the personal data we need to handle your message, question or complaint as described in this policy on processing personal data.

The use of social media websites is subject to the terms and conditions (including the policy on processing personal data) of the relevant social media websites. We recommend that you also read those terms of use and other statements carefully. These may differ from Dappre’s Personal Data Processing Policy. Dappre’s Terms and Conditions, Cookie Policy and this Personal Data Processing Policy do not apply to the use of such social media platforms.

Automated decision-making

Dappre does not make decisions based on automated processing about matters that could (significantly) affect you. These are decisions made by computer programs or systems, without a human being (for example an employee of Dappre) being involved.

5. Which third parties have access to your data?

Dappre B.V. engages external processors in the performance of its services and other business activities. Insofar as these processors process your data in the performance of the services and business activities in question, they do so on behalf of Dappre B.V. and Dappre B.V. has taken the necessary legal, technical and organizational measures to ensure that your data is processed only in accordance with the instructions of Dappre B.V.

Personal data will only be supplied to supervisory authorities, tax authorities and investigation agencies if Dappre B.V. is legally obliged to do so. Your personal details can in this context also be passed on to recipients in countries outside the European Economic Area. In such cases Dappre B.V. will take appropriate measures which are prescribed by law or which are reasonably necessary to ensure that your details are protected as well as possible.

6. How do we secure your data?

Dappre B.V. takes the protection of your data seriously and takes appropriate measures to prevent abuse, loss, unauthorized access, unwanted disclosure and unauthorized changes.

If you have the impression that your data is not properly secured or there are indications of abuse, please contact us by sending an e-mail to [email protected].

7. Ask a question or make a complaint

You can ask us at any time to see your personal data, correct it, add to it, restrict its processing or delete it. In addition you have the right to withdraw your possible consent for the data processing or to object to the processing of your personal data by Dappre B.V.. You can also request us to send you the personal data we have in our possession in a computer file.

If you want us to send your data directly to another party, we will do this for you as well, if this is technically possible.

You can send your request or objection regarding the processing of your personal data to [email protected]. We will respond to your request as soon as possible, but at the latest within 4 weeks. If you wish, we will send your data in an electronic format such as XML or PDF.

To make sure that the request for access was made by you, we will ask you to identify yourself by means of a driver’s license, identity card or passport. This to make sure that the data in which you request access belongs to the applicant, as well as to prevent a possible infringement of your personal data.

When you ask Dappre B.V. a question about Dappre or file a complaint or when you contact Dappre B.V. by phone, email, social media or by mail, we will process your contact data, as far as this is necessary for the handling of your question or complaint and possibly also to contact you later with additional information related to your question or complaint. We use this personal data only for this purpose and your personal data is only accessible to those within Dappre B.V. who are involved in the handling of your question or complaint.

What data do we process for this purpose?

In order to register your question or complaint, we record it in our registration system. In this system, we also include contact information such as your name, address, telephone number, email address and/or social media account. You can decide for yourself which contact details you do or do not want to share with us for the handling of your question or complaint.

How long do we keep your data for this purpose?

We keep questions, complaints, and contact information for no longer than 2 years, unless the nature of the question or complaint requires us to keep it longer. You can always ask us to remove your contact details earlier.

For any questions or complaints, you can contact Dappre B.V. by sending an email to [email protected].