Balm takes your privacy seriously. We use industry-leading security to protect your personal information and follow all health data privacy regulations. Balm is not a substitute for medical care.
In the following, we provide information about the processing of personal data when using our web app (hereinafter referred to as the “Balm” app). Personal data are all data that can be related to a specific natural person, e.g., their name or IP address.
The controller pursuant to Art. 4 (7) GDPR is Significo GmbH, Cuvrystraße 1, 10997 Berlin, Germany, email: contact@significo.com. We are legally represented by Richard McCartney.
Our data protection officer can be contacted via heyData GmbH, Schützenstraße 5, 10117 Berlin, Germany, www.heydata.eu, email: datenschutz@heydata.eu.
The scope of data processing, processing purposes and legal bases are explained in detail below. The following legal bases for data processing can generally be considered:
Unless expressly stated otherwise, data are deleted as soon as they are no longer required for their intended purpose and no statutory retention obligations prevent deletion. Specifically, we store data generated when using the Balm app for as long as the corresponding user contract exists; thereafter, the data are deleted or anonymized. If data are required for other legally permissible purposes, processing is restricted (blocking).
Data subjects also have the right to complain to a supervisory authority. Contact details can be found at bfdi.bund.de.
Only the personal data necessary for entering into, performing, and terminating a business or other relationship—or that we are legally obliged to collect—must be provided. Without these data we may be unable to conclude a contract or provide a service.
We generally do not use fully automated decision-making pursuant to Article 22 GDPR. If used in individual cases, we will provide separate information where legally required.
When you contact us (e.g., by email or phone), the data you provide (e.g., names and email addresses) are stored to answer your inquiry (Art. 6(1)(f) GDPR). We delete these data once storage is no longer necessary or restrict processing where statutory retention applies.
When users use the Balm app, we collect the data necessary to offer functions and ensure stability and security (Art. 6(1)(f) GDPR): IP address; date/time of request; content of the request (specific interface); access/HTTP status; amount of data transferred; operating system and interface; language and version of the operating system; log files.
We process data in the Balm app to provide app functionalities under the user agreement. Mandatory registration fields are required to conclude the contract; without them, use is not possible. Processed data: user-entered data in the Balm app and automatically generated data.
Users may open a user account (Art. 6(1)(b) GDPR). We delete the data when users delete their account, including contact data provided at registration (name, email address, password). We use your email to correspond about Balm, invite you to suitable studies, and obtain feedback.
| Type of data | Purpose of data processing | Legal basis |
|---|---|---|
| Pseudonymous user ID; demographic data; data from your responses to questionnaires; your logs and elements of Balm used; your feedback. | All these data are used to fulfill the user contract with you and to provide you with the app.* | Art. 6(1)(a) GDPR; Art. 9(2)(a) GDPR (consent)* |
| Pseudonymous user ID; data from your responses to questionnaires; demographic information; your logs and elements of Balm used; your feedback; technical usage and history data. | Statistical (pseudonymous) evaluation for research purposes. | Art. 6(1)(a) GDPR; Art. 9(2)(a) GDPR (consent) |
| Your pseudonymous user ID; data from your responses to questionnaires; demographic information; your logs and elements of Balm used; your feedback; technical usage and history data. | Aggregated use for research into the effectiveness of Balm; ongoing product development; to gauge user interest in potential future content; to gather users’ views on Balm and its content; to select and invite users for suitable studies in Balm. | Art. 6(1)(a) GDPR; Art. 9(2)(a) GDPR (consent) |
| Technical data such as login data (user ID, date/time) in the form of technical log files. | To investigate and rectify any errors or faults. | Art. 6(1)(f) GDPR (legitimate interests) |
* Consents can be withdrawn at any time with effect for the future. Withdrawal does not affect the lawfulness of processing before withdrawal. After withdrawing the consent marked with “*”, you will no longer be able to use Balm.
We generally do not transfer your personal data to third parties, except: external processors in accordance with Art. 28 GDPR (in particular our hosting provider and the tool providers listed below); and courts/authorities/state institutions where required by law.
With your consent we use Posthog for analysis (Posthog Inc, 2261 Market Street #4008, San Francisco, CA 94114). The provider processes usage and meta/communication data in the EU. Legal basis: Art. 6(1)(a) GDPR. Further information: posthog.com/privacy.
We use Zitadel to manage authentication (ZITADEL (CAOS Ltd.), Lerchenfeldstrasse 3, 9014 St.Gallen, Switzerland). The provider processes contact, meta/communication and master data. Legal basis: Art. 6(1)(f) GDPR. Further information: zitadel.com … privacy-policy.
With your consent we use Customer.io for analysis (Peaberry Software, Inc). The provider processes usage and meta/communication data in the EU. Legal basis: Art. 6(1)(a) GDPR. Further information: customer.io/legal/privacy-policy.
We use “Private Captcha” (Intmaker OÜ, Estonia) to distinguish humans from automated programs. Private Captcha analyzes various information (e.g., IP address, time on page, mouse movements). Legal basis: Art. 6(1)(f) GDPR. Further information: privatecaptcha.com/legal/privacy-end-user.
We reserve the right to amend this policy with effect for the future. A current version is always available here.
If you have questions or comments regarding this privacy policy, please contact us using the details above. Back to top
If you or someone else is in crisis or at risk, please do not use this site. Instead, reach out to these resources for immediate assistance.
