VimWell Privacy Policy

Last modified: December 12, 2023

Your privacy and the security of your data is our primary concern.

Maintainer and Data Processor of the VimWell app and of the websites www.vimwell.eu and www.vimwello.com is:

VimWello GmbH i.L., FN 542088p, Am Hofacker 7A/1, 8010 Graz, Austria, office@vimwell.eu.

Purposes of Data Processing

You must agree to our Terms and Conditions after installing the app. In order to fulfil our contract about providing you with the functionality of the app and of our services, including our websites, we process on your device and on our secured servers the data you provide us. The processing of your data is either necessary to provide the services included in the app (Art 6 P 1 lit b GDPR), or it is based on another legal basis, as mentioned below.

We request your consent to data processing during the installation or during the usage of the app for the data processing operations listed below. You can withdraw your consent at any time - please be aware that, in that case, you cannot use the entire app functionality any more. You consent to process following data:

• Login Data: among others, IP addresses, password hash, username, randomized unique identification number of your user account, model name of your device and OS version of your device to ensure your login to the app as a unique user and to provide you with messages about new logins to a named device with a named OS version as a security feature for you (the legal basis is your consent or acc. to Art 6 P 1 lit f GDPR). If you choose so, your Login Data will be processed by third-party authentication providers such as Google, Facebook, or Twitter.

• Data you choose to be publicized: you can upload different types of data to VimWell, including personal data, such as name, e-mail address, phone number, Facebook account name, your birth date, the city from which you interact, your language and language interests, or any other data which can be used to identify you. In some cases, you may restrict the public of other users who are able to see your data. In those cases, you will find information symbols near to the input fields to control the publicity. In some other cases, we will notify you by showing you textual information before publishing your data.

• In-app choices and User data, such as scores about your activity in the app, are made accessible to other users automatically in order to provide a better user experience (legal basis is your consent or acc. to Art 6 P 1 lit f GDPR). The processing and publicizing of such data is also in our interest to further develop new features to improve the user experience, and to be able to provide and maintain a service that is competitive (legal basis is your consent or acc. to Art 6 P 1 lit f GDPR).

• Data about the amount of playtime and of VimCoins, in order to provide our services or to be able to refund you. You can buy VimCoins using the Google Play Store or the IOS App Store. Moreover, you can exchange VimCoins for virtual items in the app. You can also trade VimCoins for playtime in Vimwell.

• Data about your virtual items: in VimWell you can make use of virtual items, such as VimCoins. Your virtual balance for each type of virtual item is processed in VimWell and shows the number of virtual items you have.

• Your location as submitted by your device (GPS, Wifi, mobile locating service etc.) over the last three months while you use the app, in order to ensure the core functionality of the app and to provide the localization of app features in the real world.

• Statistics: anonymized data about the usage of the app (see above) for statistical purposes (user preferences, development of new features) in order to improve the app and to be able to provide and maintain a service that is competitive (legal basis is your consent or acc. to Art 6 P 1 lit f GDPR).

• Logging and diagnostic Data: anonymous data for service needs such as improving the user experience, debugging, and error reporting, including anonymized IP address, OS version, and type of OS. It is in our legitimate interest to be able to provide and maintain a service that is competitive (legal basis is your consent or acc. to Art 6 P 1 lit f GDPR).

• Your contact data, in order to contact you for marketing purposes about new products. It is in our legitimate interest to be able to provide our services and expand our business (legal basis is your consent or acc. to Art 6 P 1 lit f GDPR).

Data about you we receive from third parties and the purposes of the processing of this data:

• If applicable, your payment data, generated by our payment processor (see below), including the amount paid, the payment currency, the unique ID of your payment and your contact data. We process this data in order to be able to credit you playtime or VimCoins in the app and, if necessary, to refund you. This allows us to fulfil the contract with you about providing you the app (legal basis is your consent or acc. to Art 6 P 1 lit b GDPR).

Our Service Providers

The Service Providers we use in order to provide the app and our services, acc. to Art 28 GDPR, are listed below together with the address of their Data Privacy Policy:

• As payment service provider, provider of operating system functions and Google Analytics, and authentication provider: Google Ltd. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy, https://support.google.com/analytics/answer/3379636

• As hosting provider of our servers and database: Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Irland, https://privacy.microsoft.com/privacystatement

• As authentication provider and provider of our Facebook page: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, https://www.facebook.com/about/privacy, https://www.facebook.com/legal/terms/page_controller_addendum

• As authentication provider: Twitter, International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, https://twitter.com/privacy

We submit Data to service providers that are located in the European Union and at the same time located in the USA, according to Art 28 GDPR. Please see the names and addresses of those providers in the list of service providers above. Your consent does include the use of those service providers and data processing by them, hence data transmission to the providers in the USA by VimWello GbmH. In order to ensure further protection (safety and security) of your data, if possible, we have also agreed upon standard contractual clauses with those service providers according to 2010/87/EC and/or 2004/915/EC. To review the contracts please contact us.

We submit Data to non-EU entities mentioned above for the purposes mentioned above, according to your consent according to Article 49 /1 /a GDPR.

In-app Advertisements

in order to provide advertisement in our app, we use Google AdMob, Google Ltd. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy. The EU User Consent policy requires us to get consent from you to use AdMob. We use Google’s Funding Choices consent management tool to gather consent, manage privacy standards and customize our messages. Only after you give your consent, we let AdMob start collecting and providing us (and possibly Google) with user metrics such as rewarded ads reports, as well as critical user metrics, including sessions/user, session duration, ad exposure/session, daily active users (DAU) and more. Be aware that third-party advertisement providers can use cookies to provide their services. You can manage and change their cookie settings through the provided Funding Choices consent management tool in the app menu: "Consent for advertisers". You can read more about EU user consent policy on this website: https://www.google.com/about/company/user-consent-policy.

Our websites

Our Websites are published using Microsoft Ireland Operations Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland, https://privacy.microsoft.com/privacystatement

Our websites use so-called cookies. Cookies are small text files which store settings and data on your device. Cookies are transmitted to us each time you access our websites and enable us to identify your device and, if present, to remember and load your settings such as the chosen language. They serve to make our websites more user-friendly, effective and secure. Cookies are only set with your consent acc. to Art 6 P 1 lit a GDPR. Some cookies can remain stored for up to 2 years and are automatically deleted afterwards. You can also use our websites without cookies by setting your browser so that you generally reject cookies. You can withdraw your consent for our use of cookies at any time by deleting cookies in your browser through the appropriate browser function.

Your Rights

You have the right to withdraw your consent to these data processing at any time either within the app or by writing us to support@vimwell.eu.

Moreover, you have the following rights:

You have the right to request from us access to (Art 15 GDPR) and rectification (Art 16 GDPR) or erasure of your personal data (Art 17 GDPR). You have the right to restriction of processing (Art 18 GDPR) concerning you or to object to processing (Art 19 GDPR), as well as the right to data portability (Art 20 GDPR). You have the right to withdraw any given consent to data processing at any time -please be aware that we do not use consent as a basis of data processing. You have the right to lodge a complaint with a supervisory authority against the processing of your personal data, if you conceive it to be in breach of the statutory; in Austria, this is the Austrian Data Protection Authority: Barichgasse 40-42, 1030 Vienna, Austria.

To exercise your right to data portability please use the feature "Access your Information" in the app.

Delete your user account

You can use our in-app feature "Delete your user account" to delete your data we store.

You can request the deletion in the app settings and follow the guided procedure. You will get a mail containing a link to confirm your request through your Contact Email Address.

If you can’t delete your user account within the app then send us your request to support@vimwell.eu. Your request must contain enough information (preferably your user ID) to identify your account. You will get a mail containing a link to confirm your request through your Contact Email Address.

Please be aware that, by deleting your account, you lose all VimCoins you earned or purchased, other virtual objects, credits, and achievements, etc. Therefore, if you wish to keep your data but disable your account, please use the feature "Terms of Service" or "Privacy Policy" and revoke your consent. Your account will be held on pause for 1 year. After that, if you do not reactivate it, all your data including the above-mentioned will be deleted.

Retention Time

Your personal data is stored as long as it is needed to provide our services to you. When you delete your user account, we will delete the data processed about you after 6 months in order to ensure that your user profile is not vanished if you decide to return (if you do not want that, please tell us upon cancellation of your account), exempt that we are legally obliged to keep the data. For instance, we are obliged to retain payment data for 7 years, according to §132 Austrian Federal tax code. Moreover, other data that is relevant to establish, exercise or defend legal claims is kept for 3 years, although in special situations data can be chosen to be kept for 30 years to defend against legal claims.

About our Facebook Fanpage

Our Facebook "fan" page is available at https://www.facebook.com/VimWell. We have this page for the purpose of informing our customers and interested parties, i.e. out of our legitimate interest in accordance with Art 6 P 1 lit f GDPR. We do not save any data resulting from the use of this site longer than is necessary to fulfil our contractual or legal obligations, or to defend against any liability claims during the applicable limitation periods.

The Facebook page is provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland ("Facebook") as jointly responsible according to Art 26 GDPR. See the agreement between us and Facebook:
https://www.facebook.com/VimWell/settings/?tab=page_info
https://www.facebook.com/legal/terms/page_controller_addendum

Facebook's data protection information is available at the following link: https://www.facebook.com/about/privacy.

With regard to cookies, the information is available at https://www.facebook.com/policies/cookies

The information about your rights as a data subject is available under the heading "How can you exercise your rights provided under the GDPR?" These are the right to information, correction, portability and deletion, as well as objection to processing and the right to restriction of processing. Please note that when you visit the Facebook page, Facebook first processes your IP address and your personal data in accordance with the data protection information above, and only then displays the content of the Facebook page that you entered. To assert their rights towards Facebook, data subjects (including you) can refer to the address Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, or https://www.facebook.com/help/2069235856423257.

Facebook processes your data according to their privacy policy https://www.facebook.com/about/privacy for the purposes of "Provide, personalize and improve our Products", "Provide measurement, analytics, and other business services", "Promote safety, integrity and security", and "Communicate with you", "Research and innovate for social good".

Facebook forwards the processed user data to the parent company in the USA, among others (see heading "How do we operate and transfer data as part of our global services?" at https://www.facebook.com/about/privacy). Facebook USA participates in the Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

All quotations of the content of Facebook pages were retrieved on 6.2.2021.

The Irish Data Protection Authority is responsible for Facebook and can be reached at the following address: Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland +353 (0) 761 104 800