PRIVACY POLICY

This privacy policy governs your use of the software application horseshape smart3Dscanner (“Application”) for mobile devices that was created by TEC Competence UG (haftungsbeschränkt) & Co. KG. The Application allows users to scan horsebacks using TrueDepth technology.

This document is the privacy policy agreement (the „Privacy Policy“) between (TEC Competence UG (haftungsbeschränkt) & Co. KG (“horseshape”) and its users (“Users”) and extends the agreement both parties consented to by the terms and conditions (the „Terms”) regarding the horseshape platform (the "Platform") and the services provided on the Platform (the "Services") defined in the Terms. All definitions from the Terms apply.

By accessing or using the Platform and Services, Users agree to be bound by the Terms and any additional terms that may be provided by horseshape from time to time, including but not limited to the Privacy Policy. If Users do not agree to the Terms or to the Privacy Policy, they are not authorized to use the Platform or Services.

horseshape is committed to complying with the General Data Protection Regulation („GDPR“) and ensuring the protection of personal data of Users as defined by the Terms. The Privacy Policy explains how horseshape collects, uses, and discloses personal information from Users.

What information does the Application obtain and how is it used?

User Provided Information

If you fill out the in app survey, we may use the information you provided us to contact you in the future if you requested us to do so.

When creating an account, we store your personal email-address, and when personalizing the account, the data fields for it will be stored. This may include names, contact details, and a photo. Providing this additional information is optional for the User. Personal data generated by using the Application, for example horseback scans, are automatically collected and stored.

Automatically Collected Information

The Application may collect certain anonymous usage statistics information and non-personal technical metrics for monitoring and improvement purposes. The Application generates and stores personal, generated content, such as horseback scans, preferences, and chat history.

Does the Application collect or share any camera imagery or TrueDepth data?

This Application never shares your captured scans or imagery with third parties without your explicit consent. Your data remains on your device and your cloud account on our servers in Germany.

Does the Application collect precise real time location information of the device?

This Application does not collect precise information about the location of your mobile device.

Do third parties see and/or have access to information obtained by the Application?

Only aggregated, anonymized usage statistics data is periodically or in case of an app crash is transmitted to external services to help us improve the Application and decide what features to build.

The Platform is made for two types of users: (i) end users (End Users), who are consumers and have End User access to the Platform and the Application and (ii) business users (Business Users), who represent a valid business, trying to connect to End Users and promote or sell their services to the End Users.

Data can only be shared between different Users if they establish a connected relation between them. End Users can connect with Business Users by adding them as suppliers for at least one of the service types, which are available to choose from. After establishing a connection, the End User's primary personal data, such as email address and name are shared, and the Business User's full personal contact data set is shared including, company details, and personal details of the connected company representative/employee. The initial access rights to the shared data are limited to viewing it and consenting in being contacted. End Users extended contact details such as but not limited to addresses and phone numbers need additional explicit consent to be shared and viewed by other Users. Sharing horseback scans requires individual sharing and consent by the End User.

End Users' personal data, which a Business User of the Platform provided to the horseshape Platform, generally remains on the platform upon deletion of the Business User account if the End User account remains active. To have this data proactively deleted, Business Users can contact horseshape with an End User data deletion request at support@horseshape.com, which will be handled manually by horseshape within a reasonable time frame. In some cases, not all personal data may be deleted, because this could cause malfunctioning of the Platform or infringe the End User's rights on the Platform.

Sharing personal data generally requires the consent of the person which is associated with the personal data. Horseback scans are considered personal data if the scan data is associable to the horse owner. By default, horseback scans are linked to an End User account at the moment of creation, thereby establishing an association of ownership between the End User and the horse. Business users, can gain access to End Users' horseback scans with implicit or explicit consent in three ways: The End User makes a scan and shares access with a Business User by using a sharing button on the Platform. The sharing functionality includes options to share an access link, to send an in-Platform notification to a listed Business User, or by presenting a QR-code to be scanned by the Business User using the Application. Sharing access in this sense means to grant a Business User access to view the scan, keep it locally on the device as well as gain online access until the consent is revoked, and use or share the scan data with associates, suppliers, and subcontractors in the context of the task/purpose for which the End User shares access with the Business User. The context is technically limited to the services, for which the Business User is activated as potential or default supplier in the End User's account.

All Business Users who are associated with an End User as connected service provider can gain access to personal scan data in the context of the service, they are associated with by making the horseback scan on behalf of the End User. The End User must have either made a request to have the horseback scanned by sharing a QR-code (implicit consent) or given his consent by confirming the request in automatically generated verification emails, in which the End User grants access to the scan data. The confirmation must be given within 24 hours, else the End User will be disassociated from the scan data, and the scan data will be retracted from the Business User's account, anonymized, and retained by horseshape as data sample. The data will neither be retracted, nor in any way anonymized or disassociated, if either a paid product or a paid service provided by horseshape have been ordered by the End User with the Business User being the supply partner. horseshape assumes conclusive consent due to the contractual relationship.

What can a business user do with my personal data, when I share something with the business user?

The first-tier Business User is the Business User you have shared your information with. Veterinarians, or trainers might use the shared horseback scans as a sort of over time documentation of the horseback, because the 3d-view rendered by the Application is more insightful than a 2d-photo. If the Veterinarian is paid for his/her services, he/she might need to keep records of the shared horsebacks for documentational purposes required by law.

Depending on the context of you sharing the data, additional rights may be granted. If, for example, you choose to connect with a saddle fitter for the service “saddle retail sales”, you grant the saddle maker the rights to share the information with saddle manufacturers as second-tier Business Users. If you have additionally opted-in for direct shipment by manufacturer, your personal contact details will also be shared with the second-tier Business User chosen by your saddle fitter.

Second-tier Business Users can gain access to personal scan data indirectly through a first-tier Business User, who has gained the End User's explicit consent, and is allowed to share the data. The second-tier Business User is allowed to view, access, and use the scan data to perform a final task i.e., realizing the purpose, for which the data has been shared in the first place. The second-tier Business User may share the scan data with associates, suppliers, employees, and other parties that make part of the fulfilment process. Scan data passed to third-tier Business Users is anonymized and cannot be associated with the End User. In cases of contractual data, such as but not limited to current offerings, closed purchase contracts, finalized orders, shipping documentation, tax or duty registrations, Business Users may be required by law to keep specific records of the associated End User's personal data. This personal data may not be used otherwise.

What are my opt-out rights?

You can stop all collection of information by the Application easily by deleting your Account and uninstalling the Application.The option to delete your Account is accessible via the settings menu in the Application - we require you to login beforehand in order to prevent you from performing this unintentionally. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

In the context of supply chain data sharing, i.e., that End Users share personal data, such as but not limited to horseback scan data with Business Users, who in their turn share the data with second-tier Business Users and so forth, the revoking of data access by the End User can have different effects depending on the state of the contractual relationship of the End User to the first-tier and second-tier Business Users.

Revoked access falls through to all Business Users. Business Users generally lose access to the personal data of the End User, and the personal data of the End User will be disassociated from the Business Users accounts including deletion of locally stored data copies on Business Users' access points (computers, laptops, mobile devices, etc.) as soon as synchronization with the servers is possible.

Revoked access does not affect personal data, which must be kept for documentation reasons, because a Business User must comply with the law and all derived legal requirements. Contractual relationships documented on the Platform serve automatically as proof to why the Business User cannot delete all personal End User data. The Business User must make sure to only keep the relevant End User data for documentation purposes and delete or allow deletion of all irrelevant personal data.

In accordance with the GDPR, Business Users must honor any deletion requests received from End Users, their own employees, and/or their associated subcontractors. horseshape facilitates the deletion request by providing a deletion request mechanism on the Platform.

Data Retention Policy, Managing Your Information

We will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate.

If an End User requests the deletion of personal data or 3D scan data that was shared with a Business User, horseshape will notify the Business User of the deletion request and provide them with a period of 30 days to provide feedback. If the Business User does not provide feedback within 30 days, horseshape will proceed with the deletion of the data in accordance with the GDPR and our data retention policies. If the Business User provides a valid reason for retaining the data, such as a selling contract and the corresponding date, horseshape will retain the data for a period of 10 years as required by law or regulatory requirements.

On Account Deletion all collected data is anonymized immediately on the production system. After a Backup Retention time of 3 months we don't have any non-anonymized copies of your data left.

Children

We do not use the Application to knowingly solicit data from or market to children under the age of 13.

Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

Changes

This Privacy Policy may be updated from time to time for any reason. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

Your Consent

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. "Processing,” means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information, all of which activities will take place in Germany. If you reside outside of Germany your information will be transferred, processed and stored there under German privacy standards.

By using the Platform and Services as well as the Application, Users consent to horseshape's processing of their information as set forth in the Privacy Policy now and as amended. "Processing” means accessing, touching, using, sharing or altering information in the ways described in the Privacy Policy, including, but not limited to, collecting, storing, deleting, using, combining, aggregating, and disclosing information as well as using cookies on a computer/handheld device. All data processing activities, which are not bound to the Business Users' local access points, such as handheld devices or computers, will take place in Germany under German privacy standards and GDPR, except for transferring the data from the local device to the Platform's servers, which due to the nature of the internet can pass through several internet nodes in different countries. Data transfer is secured by HTTPS standard.

Contact us

If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at support@horseshape.com.