1. General

1.1 Understanding Your Privacy

At Codebay, we value your concerns regarding your personal information's privacy. Hence, we have drafted this privacy policy to elucidate how we gather, utilize, and share your information with third parties.

1.2 Commitment to Responsible Data Handling

We aim to demonstrate our commitment to handling your personal information with utmost confidentiality and responsibility. Our processing of your personal information adheres to the stipulations of the General Data Protection Regulation ("GDPR"), as well as relevant local data privacy laws, such as the Austrian Data Protection Act ("DSG") and the California Consumer Privacy Act ("CCPA").

1.3 Security Measures

To ensure the security and integrity of your personal data and prevent unauthorized access, we employ encrypted transmission and encrypted storage. These protective measures are continually reviewed to align with the latest advancements in technology.

1.4 Privacy Policy Updates

We reserve the right to update our privacy policy to reflect changes in our information handling practices. If such updates are substantial, we will prominently display a notice of the changes on the Websites for a minimum of 7 days after the modifications have been implemented. We will seek your consent if required, and the date of the most recent revisions will be indicated at the footer of the privacy policy. Any revisions to this privacy policy will take effect either (i) at the conclusion of the 7-day period or (ii) when you first access or utilize the Services following such changes, whichever occurs earlier.

2. Information Collection

2.1 Data Collected from Website Visits

When you register for, access, or use the Services, we handle specific personal information ("Data" or "Information").

If you visit the Websites, we only process the Data that your browser communicates to our servers. This Data is vital for the accurate display of the Website and to ensure necessary stability and security. The collected Data includes:

• IP address
• Date and time stamp
• Time difference to GMT
• Requested site
• Access status/HTTP status code
• Transmitted data volume
• Site from which the request originated
• Browser type
• Operating system and interface
• Language and version of browser software

2.2 Registration-Dependent Data

Depending on your chosen method of registration, we handle the following Data:

2.2.1 Apple Single Sign-On Application

When users opt to log in using their Apple credentials, our application may collect the following information from their Apple accounts:

• Email Address: We may collect the user's email address to uniquely identify them and facilitate communication.
• Language, Country, Time Zone: This information helps us customize the user experience based on their language preferences, country-specific features, and local time zone.
• Device Details:We collect information about the user's device to ensure compatibility and optimize the application for their specific device type.
• IP Address:We collect the user's IP address for security purposes and to detect and prevent fraudulent activities.

Please note that the information collected through Apple Single Sign-On is used solely for the purpose of enhancing the user experience within our application. We do not share this information with any third parties without explicit user consent, except as required by law or as outlined in this privacy policy.

Users who choose Apple Single Sign-On acknowledge and agree to the collection and use of their information as described in this privacy policy. It's recommended that users review Apple's privacy policy for a comprehensive understanding of how their data is handled by Apple services.

2.2.2 Google Single Sign-On Application

When users choose to log in using their Google credentials, our application may collect the following information from their Google accounts:

• Email Address: We may collect the user's email address to uniquely identify them and facilitate communication.
• Language, Country, Time Zone: This information helps us customize the user experience based on their language preferences, country-specific features, and local time zone.
• Device Details:We collect information about the user's device to ensure compatibility and optimize the application for their specific device type.
• IP Address:We collect the user's IP address for security purposes and to detect and prevent fraudulent activities.

Please note that the information collected through Google Single Sign-On is used solely for the purpose of enhancing the user experience within our application. We do not share this information with any third parties without explicit user consent, except as required by law or as outlined in this privacy policy.

It's important to emphasize that by using our application and opting for Google Single Sign-On, users acknowledge and agree to the collection and use of their information as described in this privacy policy. Additionally, users should review Google's privacy policy (https://policies.google.com/privacy) for a comprehensive understanding of how their data is handled by Google services.

2.3 Data for Purchases

When you make purchases within the Services, we process the following Data:

• Country
• Credit card information
• Subscription status

2.4 Data Usage within the Services

When you utilize the Services, we process the following Data:

• Launching, signing up for, logging into, and logging out of the Services
• Purchase activities within the Services
• Details of completed tracks, courses, and exercises

3. Use of Information

3.1 Purpose of Data Processing

The processing of Data serves the following objectives ("Purposes"):

• Providing the Services
• Customer relationship management (e.g., support)
• Marketing of our own products (newsletters, push messages)
• Personalizing your Services experience
• Research and development
• Communication concerning the Services
• Marketing, promotion, and engagement enhancement for the Services
• Ensuring safety and security
• Safeguarding our legitimate business interests and legal rights

3.2 Lawfulness of Processing

The lawfulness of processing (Art. 6 GDPR) is derived from:

• Consent as per para. 1 subpara. a of GDPR upon registration
• Necessity for contract fulfillment pursuant to para. 1 subpara. b of GDPR, as your Data is essential for effective use of the Services
• Necessity for the legitimate interests pursued by the Company or a third party

4. Updating or Deleting Information

4.1 Data Retention

We retain your Data as long as you remain a registered user of the Services. When we preserve information for the enhancement and advancement of our Services throughout your membership, we ensure to eliminate data that directly identifies you. We solely utilize this information to extract aggregated insights regarding our Services' usage, rather than engaging in specific analysis of personal details about you.

4.2 Post-Account Deletion Data Retention

Following the deletion of your account, we maintain Data only if legally mandated (due to warranty, limitation, or retention periods) or if otherwise required.

4.3 Data Deletion Criteria

Data will be deleted if:

• You revoke your consent for storage
• Data is no longer necessary for the fulfillment of the user contract pertaining to the Services
• Storage becomes legally impermissible

A deletion request will not impact Data retention if storage is legally required, such as for accounting purposes.

5. Updating or Deleting Information

5.1 Data Retention During Membership

Your Data will be retained throughout your tenure as a registered user of the Services. When we retain information for the purpose of enhancing and developing our Services during your membership, we undertake measures to anonymize data that directly identifies you. This information is used solely for generating collective insights about the utilization of our Services, without engaging in specific analysis of your personal details.

5.2 Post-Account Deletion Data Retention

Upon the deletion of your account, we will only retain Data if it is legally mandated (due to warranty, limitation, or retention periods) or if required for other legitimate reasons.

5.3 Data Deletion Criteria

Data will be deleted if:

• You withdraw your consent for storage
• The Data is no longer necessary to fulfill the user contract related to the Services
• Storage becomes legally impermissible

It's important to note that a deletion request will not impact Data storage if it is legally required, such as for accounting purposes.

6. Rights

6.1 Requesting Exercise of Rights

To exercise the rights outlined in Sections 6.2 to 6.8, please submit a request via email to the provided Email Address.

6.2 Revoking Consent

You have the right to revoke your consent for future data processing at any time. However, the lawfulness of Data processing based on consent prior to the revocation remains unaffected. If Data processing is lawful due to other reasons stated in 4.2, we may continue processing your Data on those grounds.

6.3 Right to Information

You possess the right to receive (i) confirmation on whether your Data is being processed by us and, if so, (ii) detailed information about the processing. Specific details encompass processing purposes, Data categories, potential recipients, and storage duration, among others.

6.4 Right to Rectification

You hold the right to request us to rectify inaccurate Data concerning you. In instances where Data processed by us is incorrect, we will promptly rectify it and notify you of this correction.

6.5 Right to Erasure

If you decide to cease further data processing, please send a request via email to the Email Address. We will promptly erase your Data and inform you about the process. In cases where mandatory legal provisions prevent such erasure, we will notify you promptly.

6.6 Right to Restriction of Processing

You have the right to request a restriction of Data processing in the following cases:

• If you make an inquiry pursuant to para. 7.4, upon your request.
• If you believe that Data processing is unlawful, yet you oppose Data erasure.
• If you still require the Data for establishing, exercising, or defending legal claims.
• If you have objected to processing as per para. 7.8.

6.7 Right to Data Portability

You are entitled to (i) receive your Data in a structured, commonly used, and machine-readable format and (ii) transmit this Data to another controller without hindrance from us.

6.8 Right to Object

You have the right to object at any time to Data processing based on our legitimate interests, including profiling and direct marketing purposes.

6.9 Right to Lodge a Complaint

You can file a complaint with a supervisory authority if you believe that Data processing violates applicable law, particularly the GDPR.

7. Cookies

7.1 Use of Cookies

The Websites may employ cookies, which are small text files placed on your computer, smartphone, and/or stored by the browser. When you revisit our Website, your browser sends the previously received cookie back to the server. The server can analyze the information received in various ways. Cookies might be utilized to manage advertisements on the Website or facilitate webpage navigation.

7.2 Disabling Cookies

You can deactivate cookies by adjusting the settings in your browser software (e.g., Internet Explorer, Mozilla Firefox, Opera, or Safari). However, such action could potentially impact your ability to utilize the complete range of functions available on the Websites.

7.3 Further Information

For additional details, please refer to our cookie policy.