Privacy Policy

This Privacy Policy explains how the SMAAT platform processes your personal data, including data collected through our website, mobile application, and other online services. It applies to all data processing activities conducted by us, including sensor data collection, experience sampling, and user interactions with our web platform. Our goal is to provide transparency about the types of data we collect, the purposes for processing, and your rights as a data subject. Terms used are gender-neutral.
Last Updated: April 25, 2025

SMAAT Platform
Email: info@open-lab.online
Legal Notice: /legal-notice

We process various types of data for specific purposes, affecting different data subjects. Below is a summary:

• Categories of Data: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., survey responses), sensor data (e.g., GPS, accelerometer), usage data (e.g., app interactions), meta/communication data (e.g., IP addresses).
• Data Subjects: Researchers, participants, business partners, website visitors, app users.
• Purposes: Providing mobile and web services, conducting research studies, user authentication, customer support, security, analytics, and direct marketing (with consent).

We process personal data under the General Data Protection Regulation (GDPR) based on:

• Consent (Art. 6(1)(a)): When you explicitly agree to data processing, e.g., for newsletters or cookies.
• Contract Performance (Art. 6(1)(b)): To fulfill agreements, such as providing research tools or participant services.
• Legal Obligation (Art. 6(1)(c)): To comply with laws, e.g., tax requirements.
• Legitimate Interests (Art. 6(1)(f)): For purposes like improving services or ensuring security, unless overridden by your rights.

National data protection laws, such as Germany’s Federal Data Protection Act (BDSG), may also apply, particularly for employment-related data processing.

We implement technical and organizational measures to protect your data, including:

• End-to-end encryption for data collected via the mobile app and web platform.
• IP masking to anonymize IP addresses where possible.
• SSL/TLS encryption (https) for secure data transmission.
• Access controls and secure storage to ensure confidentiality, integrity, and availability.

We follow privacy-by-design principles, embedding data protection into our development processes.

Your data may be shared with third parties (e.g., IT service providers, cloud hosting) only when necessary for service provision, legal compliance, or with your consent. We ensure data protection through contracts with recipients, such as standard contractual clauses for third-country transfers.

If data is processed outside the EU/EEA, we ensure compliance with GDPR through recognized data protection levels, standard contractual clauses, or your explicit consent. For details, see the EU Commission’s data protection page: EU Data Protection.

We use cookies to enhance user experience and analyze usage. Types include:

• Necessary Cookies: Essential for app and website functionality (e.g., login status).
• Analytics Cookies: Measure usage (e.g., page visits) with consent.
• Temporary Cookies: Deleted after your session.
• Permanent Cookies: Stored up to two years unless specified.

You can manage cookies via browser settings or opt-out platforms like YourOnlineChoices. Consent is obtained via our cookie banner, and you can revoke it anytime.

We process data to provide the SMAAT mobile app and web platform, including:

• User account data (e.g., name, email, password) for authentication and study management.
• Sensor data (e.g., GPS, accelerometer) and survey responses for research purposes.
• Usage data for improving services and ensuring security.

Data is deleted after account termination or statutory retention periods (e.g., 4 years for contractual data, 10 years for tax purposes).

Users can create accounts to access the SMAAT platform. We store login data (e.g., email, password) and IP addresses to prevent misuse. Accounts are not public, and data is deleted upon termination unless legally required to retain.

We offer single sign-on (SSO) via providers like Google and Facebook. Only minimal data (e.g., user ID, email) is received, based on your SSO provider settings. You can unlink SSO accounts via the provider’s settings.

When you contact us (e.g., via info@open-lab.online or contact form), we process your data (e.g., name, email, message) to respond to inquiries, based on contract performance or legitimate interests.

Newsletters are sent only with your consent or legal permission, using a double opt-in process. You can unsubscribe anytime via the newsletter’s unsubscribe link. We retain unsubscribed emails for up to three years to prove consent.

We maintain profiles on platforms like Facebook to communicate and share updates. Data processed may be stored outside the EU, and we recommend reviewing the providers’ privacy policies (e.g., Facebook Privacy Policy).

Data is deleted when no longer needed for its purpose or upon your request, unless required for legal reasons (e.g., tax compliance). Processing may be restricted instead of deleted if legally necessary.

Under GDPR, you have rights including:

• Access: Request information about your data.
• Rectification: Correct inaccurate data.
• Erasure: Request data deletion.
• Restriction: Limit data processing.
• Portability: Receive or transfer your data.
• Objection: Object to processing for legitimate interests or marketing.
• Withdraw Consent: Revoke consent anytime.
• Complain: Contact a supervisory authority.

To exercise these rights, contact us at info@open-lab.online.

We may update this policy to reflect changes in our data practices. Significant changes requiring your consent will be communicated. Check this page regularly for updates.