Data Privacy Policy ("Policy")

The controller within the meaning of the General Data Protection Regulation (“GDPR”):

CYBEX GmbH (“CYBEX”)
Represented by Managing Directors: Dr. Raoul Bader, Johannes Schlamminger
Register number: HRB 3792
Riedinger Str. 18, 95448 Bayreuth, Germany
Tel. +49 (0)92178511-0
E-Mail: info@cybex-online.com

Data protection officer: Zanda Vevere-Nandori E-Mail: dpo@goodbabyint.com

This Privacy Policy governs the use of the CYBEX software application BabyCam– Baby Sleep Monitor and SensorSafe (“Application”) for mobile devices.

BabyCam is a video and audio baby monitor application for your phone or tablet (two devices are necessary: a parental and a child unit). It is a tool to hear noise around your baby, to stream live audio and video, and to comfort your child remotely. BabyCam works with diverse communication channels (eg. 3G, LTE, WiFi) and uses secure communication, using end-to-end encryption.

SensorSafe is an application that connects your mobile device to the sensor technology located in the chest clips of your child’s seat. User can activate the application and connect to SensorSafe receiver (connected to OBD port of the vehicle or otherwise) when his/her mobile phone is within range of the vehicle and remains connected while the user is inside. User is notified, if one or more of chest clips have come undone, when a child is buckled in his or her seat for over two hours, and if a child remains fastened in his or her seat and therefore gets left alone after the driver has left the vehicle.

In USA: the application registers whether the car is in motion or has stopped for an extended period of time, and sends alerts if a child is still in a car seat.

In EU: the application registers when the user moves away from the SensorSafe receiver (eg. vehicle (OBD port)) and the Bluetooth connection breaks and sends alerts if a child is still in a car seat.

Minors

The Application is not targeted to minors and, hence, we do not intentionally collect, store or process personal information of minors.

If young people under the age of 16 wish to use our services and provide their personal data to us, this is only allowed if a consent by the parent/ legal guardian is given. This may be reached if the contact details of the parent/ legal guardian, including the statement on the consent, are sent to us. These data as well as the data of the minor will then be processed in accordance with stipulations of this Policy.

Obtained Information and purpose

User Provided Information

We collect information, including personal information, that you provide to us when you download and register the Application. Registration with us via e-mail or your Facebook Account is mandatory in order to be able to use the basic features of the Application. When you register with us and use the Application, you are asked to or may provide:

Automatically Collected Information

Application will automatically obtain the following data:

The collected and stored information is mandatory for the registration and also for a proper functioning of the Application.

Access permission to camera and microphone

In order to use the features of the BabyCam (to hear noise around your baby, to stream live audio and video, and to comfort your child remotely) the Application needs an access to the camera and microphone of user’s device.

When installing the SensorSafe, we will give you an option to choose your model of the child car seat by scanning the bar code on the car seat box, in that way allowing the Application to select your car seat model automatically. Besides, users are able to customize their profile by using a camera directly in the Application to take a new photo. For these purposes, the Application needs access to the camera of user’s device.

In installation process or in using particular features of the Application, we will ask for your permission to access your device’s camera or microphone. The collected data will be used only for purposes mentioned above.

If you do not want us to access your camera or microphone for the purposes set forth above, you can revoke your permission in the settings of your mobile device. Please be informed, by revoking your permission to access your device’s camera or microphone, the functionality of the Application will be restricted or disabled.

Real time location

In order to use the features of SensorSafe we need to collect information about the precise location of your mobile device. The location information is needed for functions such as:

By enabling location function for your devices, you agree and consent to the transmission, collection, maintenance, processing, and use of your location data by us to provide and improve location-based services and functions of SensorSafe.

If you do not want us to use your location information for the purposes set forth above, you should not enable the location permission when prompted in the application or turn off the location permission for SensorSafe in the settings of your mobile device.

Please be informed, by turning off the location function or by revoking your permission to collect and store such information, the functionality of the SensorSafe will be restricted or disabled.

How and on which basis we use collected information

We use the information we collect to provide, maintain, protect, and improve our current services and products and to develop new ones as well as for other purposes.

The processing of personal data takes place in accordance with Art. 6 Para 1 GDPR on the basis of the consent granted (Art. 6 Para 1 lit. a)), to fulfill contracts (Art. 6 Para 1 lit. b)) or to fulfill a legal obligation or perform a task in the public interest (Art. 6 Para 1 lit. c)). If necessary, we also process your data in order to protect legitimate interests of CYBEX or third parties (Art. 6 Para 1 lit. f)). A legitimate interest may be for purposes such as to prevent fraud, for internal administrative purposes relating to employees and customers, to ensure network and information security, for optimizing and improving the usability of the services we offer, further development of our products and services.

We use personal information collected through Application as described below and described elsewhere in this Policy to:

Disclosure of data

Personal data may be disclosed to third parties who act on our behalf for further processing in accordance with the purpose for which the data was originally collected or for other lawful processing, such as delivery of services, marketing, data management, development and maintenance of the Application, customer service or technical support.

We may also disclose your personal data based on legitimate interests to other CYBEX affiliates for internal administrative purposes:

A transfer of data to institutions in countries outside the European Union (“EU”) or the European Economic Area (“EEA”) takes place insofar as:

In the case your data is processed outside EU/EEA, our service providers or affiliated companies are contractually bound to our instructions and are obliged to ensure strict technical and organizational measures. Besides, personal data is transferred to third countries based on the EU Commission's decision on adequacy pursuant to Art. 45 GDPR, including the EU-U.S. Privacy Shield, or based on the decision of the EU Commission of 05.02.2010 (2010/87/EU) on standard contractual clauses pursuant to Art. 46 para. 2 lit. c) GDPR.

Security

We have taken technical and organizational security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. Connections between the server and Application are protected by employing HTTPS protocol using the SSL/TLS layer. The identity of the server can be verified with the provided X.509 certificate. All media streams sent between the parent device and baby station are securely encrypted, enacted through standardized and reliable encryption protocols. Data streams are encrypted using Datagram Transport Layer Security (DTLS), and media streams are encrypted using Secure Real-time Transport Protocol (SRTP). For this purpose, only authorized persons have access to the user’s provided data. All our employees and all individuals involved in information processing are under an obligation to observe user privacy and to ensure the confidential use of personal data.

Opt-Out Rights

You may uninstall the Application at any time. You may use the standard uninstall process that may be available as part of your mobile device or via the mobile application marketplace or network. You can also request to opt-out via e-mail at support@babycamapp.com.

In case of deactivation of Application, please inform us, via e-mail at the above address, if you would like us to delete your personal data that we store, since technically we are not able to track this information. We will comply with such request unless we have a legitimate ground to not delete the data.

Right of access, objection and further rights of the data subject

You may contact us at any time, if you have questions relating to the collection, processing, or use of your personal information; or if you wish to request the correction, restriction, transmit or deletion of the same; or if you wish to explicitly cancel your granted consent with effect for the future. In addition, you also have the right to object to the processing in accordance with the statutory provisions. Please note that you have the right to have personal data deleted, where such claim is not barred by any legal obligation to retain this data or we do not have a legitimate ground to keep this data.

Any requests for information or objections can be sent in writing to the postal address given below or sent by e-mail to dpo@goodbabyint.com or support@babycamapp.com

Right to lodge a complaint with a supervisory authority

According to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

In Bavaria, the competent supervisory authority is the Data Protection Authority of Bavaria for the Private Sector

Third party services

We are constantly working on ensuring high quality and reliable functioning of the Application, and we improve the Application with new features and strive to guarantee every user an error free experience. For these purposes, we use third-party services that may result in collection of certain information. The data processing hereto is based on our legitimate interests according to Art. 6 Para 1 lit. f) GDPR.

Fabric.io Crashlytics

We use a tool Crashlytics, owned by a business division of Google Inc., (herein referred to as “Crashlytics”) that provides us with information about the functioning of publicly released and beta versions of our mobile applications. We use this tool for monitoring the Application’s stability and receiving the reports in case the Application crashes during its usage. The tool helps us to identify and fix the issue. The services automatically collect certain information that does not personally identify end users who access or use the Application. This information includes, but is not limited to, device state information, unique device identifiers, device hardware and OS information, information relating to how an application functions, and the physical location of a device at the time of a crash. More information: http://try.crashlytics.com/terms/

Firebase

We use a messaging tool Firebase owned by Google Inc. that allows us to send you instant notification messages. These messages are essential part of our services and functioning of the Application (SensorSafe). We will notify you in cases eg. when one or more chest clips of your child’s seat have come undone, when a child is buckled in his or her seat for over two hours, and if a child remains fastened in his or her seat after the driver has left a vehicle. Firebase Messaging Service uses Instance IDs (it is unique ID to a particular app and device, that give Firebase services a way to refer to specific app instances) to determine which devices to deliver messages to. Firebase services encrypt data in transit using HTTPS and logically isolate customer data.

More about Privacy and Security in Firebase: https://firebase.google.com/support/privacy/
Privacy Policy of Google: https://policies.google.com/privacy

Mixpanel

We use functions of the mobile phone analysis service Mixpanel. This service is provided by Mixpanel Inc., incorporated under the laws of the State of Delaware, U.S.A. Mixpanel uses cookies that are stored on the user's device, which enable us to analyze the use of Application by the user. The information generated by the cookies is transmitted to Mixpanel and sent to a Mixpanel Inc. server in the U.S. and stored there. On our behalf, Mixpanel will use the logged page views and page activity within the scope of their analysis. Mixpanel collects and stores user data in alias profiles, which are not linked to personal data. Information on the use of logged data can be viewed on Mixpanel's Privacy policy. The user can prevent the recording of protocols about their activities by activating the 'Opt-Out-Cookie'. Please, note that this 'Opt-Out-Cookie', which prevents the recording of data, will be deleted when all cookies are deleted in the user's browser history.

Facebook Account Kit

We are using the Facebook Account Kit, which helps you quickly and easily register and log in to the App using your phone number or e-mail address as credentials, without a password. Facebook Account Kit is powered by Facebook's e-mail and SMS sending infrastructure for reliable scalable performance with global reach. In order to authenticate through the Facebook Account Kit, you do not have to be registered Facebook user.


Contact information

If you have any questions regarding using the Application, Service or these Policy, please email us at support@babycamapp.com or contact us via post to the address given below.

CYBEX GmbH
Represented by Managing Directors: Dr. Raoul Bader, Johannes Schlamminger
Register number: HRB 3792
Riedinger Str. 18, 95448 Bayreuth, Germany
Tel. +49 (0)92178511-0
E-Mail: info@cybex-online.com