Notice: This privacy policy only applies to the app. If you are interested in the privacy policy of our website, please follow this link.
Introduction
At iTrain GmbH, we respect your privacy. We believe that the less we know about you, the better; that is why we aim to limit the information we collect to the minimum necessary. The purpose of this privacy policy (“Privacy Policy”) is to inform you in detail what personally identifiable information or personal information we collect from you when you use our application, how we use such information, and the choices you have regarding our use of, and your ability to review and correct, the information.
We reserve the right to change this policy, which we will do through online posting. We use your data solely to provide you with services in which you enroll.
For purposes of this Privacy Policy, the terms iTrain GmbH, “we,” “us” and “our” refer to the company iTrain GmbH; the terms “Application“, “Service” and “Product” refer to the iTrain software and related services; and “You” refers to you, as a user of the application as applicable.
Who We Are
iTrain GmbH is a Swiss company located in Seefeld 4/5, 8716 Schmerikon. We comply with the Swiss Federal Act on Data Protection (“FADP”) and the European General Data Protection Regulation (“GDPR”). The European Union acknowledges, that Switzerland has an adequate level of data protection.
Processing of Personal Data
We process personally identifiable information in compliance with Swiss law. Furthermore, if the GDPR is applicable, we process personal data in accordance with the following provisions:
- Art. 6(1)(a) GDPR: You have given clear consent for us to process your personal data for a specific purpose.
- Art. 6(1)(b) GDPR: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Art. 6(1)(c) GDPR: The processing is necessary for us to comply with the law (not including contractual obligations).
- Art. 6(1)(d) GDPR: The processing is necessary to protect someone’s life.
- Art. 6(1)(f) GDPR: The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms.
What Information We Collect and How We Use It
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). We collect solely information that is necessary to provide you with our services and to improve our product. Personally identifiable information may include, but is not limited to:
Basic User Information
To authenticate and authorize you across multiple devices, we collect your email address, first name, last name and profile image. To manage and verify your subscription, we collect your digital purchase receipts from Apple. The digital purchase receipts only include information about the type and the time of a purchase. We do not see any payment information. We also do not have access to your Apple ID. In addition to the basic purchase information, we collect data about redeemed trial and promotional codes. – Legal basis Art. 6(1)(b) GDPR
Flight Data
To send you push notifications, we collect a unique identifier for each flight you subscribe to. – Legal basis Art. 6(1)(b) GDPR
If you enable Cloud Sync, we must store your flight data on our server. This includes but is not limited to:
- Flight number;
- Airline designator;
- Aircraft designator;
- Departure and arrival details (assigned or user-reported dates, airport codes, terminal and gate designations, baggage claims);
- Flights status;
- Ticket information (booking reference number, seat number, seat type, booking class, flight class, passenger details);
- User-provided notes;
- Verification details (start date and end date of verification).
We won’t collect this data unless you enable the Cloud Sync feature. – Legal basis Art. 6(1)(a) GDPR
Purchase Statistics
For statistical reasons and fraud protection, we collect pseudonymized data about the time and type of a purchase or the redeemed trial or promotional code, the unique user identifier, an anonymous device identifier, the version of the app and the language settings. – Legal basis Art. 6(1)(b+f) GDPR
Usage Data
To improve our services we periodically collect pseudonymized data about the number and types of devices you use, the operating systems installed on those devices, the version of the app and the language setting. – Legal basis Art. 6(1)(f) GDPR
Diagnostic Data
To help identify and solve specific problems with our products and services, we occasionally solicit diagnostic reports and other troubleshooting, bug, and crash reports from customers. This includes but is not limited to:
- The timestamp of when the crash occurred;
- The app’s bundle identifier and full version number;
- The device’s operating system name and version number;
- A boolean indicating whether the device was jailbroken/rooted;
- The device’s model name, CPU architecture, amount of RAM and disk space;
- The uint64 instruction pointer of every frame of every currently running thread;
- If available in the runtime, the plain-text method or function name containing each instruction pointer;
- If an exception was thrown, the plain-text class name and message value of the exception;
- If a fatal signal was raised, its name and integer code;
- For each binary image loaded into the application, it’s name, UUID, byte size, and the uint64 base address at which it was loaded into RAM;
- A boolean indicating whether or not the app was in the background at the time it crashed;
- An integer value indicating the rotation of the screen at the time of crash;
- A boolean indicating whether the device’s proximity sensor was triggered;
- The device’s physical orientation (integer), current amount of RAM used, and current amount of disk space used.
We won’t collect this data unless you opt-in to Crash Reporting. – Legal basis Art. 6(1)(a+f) GDPR
Where We Store Your Data
Basic User Information
Your email address, first name, last name and profile image are stored on servers of Auth0. The digital purchase receipts, as well as the redeemed trial or promotional codes, are stored in Apple’s CloudKit to sync your subscription data between your Apple devices. We do not have direct access to any data stored in your iCloud account.
Flights
Your flight data is not stored on our servers unless you agree to do so. If you choose to enable Cloud Sync, your flight data is stored on servers hosted by Realm. If you choose to not enable Cloud Sync, your data is stored as human-readable text files locally on your iOS device. Additionally, we store the identifiers for your subscribed flights on servers hosted by Microsoft Azure.
Purchase Statistics
The purchase statistics are stored on servers of Apple.
Usage Data and Device Information
The usage data and device information are stored on servers hosted by Microsoft Azure and Apple.
Diagnostic Data
Crash reports of the application are collected and sent to Apple and Crashlytics by users who explicitly opt into our beta software programs or who explicitly choose to provide diagnostic data to us.
How Long We Store Your Data
We store your data for as long as Swiss law requires, or as is necessary for the fulfillment or the initiation of a contract, or as long as we claim legitimate interests. After the expiration of that period, the corresponding data is routinely deleted or completely anonymized. Statistical and diagnostic data is generally never deleted.
Your Privacy Rights (Under GDPR)
- Right to Access. You can request iTrain GmbH to provide you with information on how we collect, use, and store your personal information, and to provide you with a copy of your personal information we store. – Legal basis Art. 15 GDPR
- Right of Rectification. You can request that we correct inaccurate information about you. – Legal basis Art. 16 GDPR
- Right to Erasure. You can request that we delete information collected about you, given that we are not required by law to preserve it, that it is not necessary for contract fulfillment and that we can still identify your records. – Legal basis Art. 17 GDPR
- Right to Data Portability. If requested, we will provide you all data under our control in common, machine-readable formats. If requested, we will provide you with instructions to obtain your data, in cases where we do not have direct access. – Legal basis Art. 20 GDPR
- Right to Object. You can object to the processing of your information in certain cases, as well as request that iTrain GmbH does not use your personal information for direct marketing purposes. – Legal basis Art. 21 GDPR
Data Processors
Depending on the usage of our services your personal data might be processed by the following services:
Apple
CloudKit database service and iCloud Drive file storage service provided by Apple Inc, USA.
Personal Data: Digital purchase receipts, usage of promotions and trials, pseudonymized user identifier
Country of Data Processing: Asia, Europe or USA
To learn more, check out their Privacy Policy.
Auth0
Universal authentication and authorization platform provided by Auth0 Inc, USA.
Personal Data: Usage Data, Name, Email Address and Profile Image
Country of Data Processing: Europe
Auth0 complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Auth0, including Auth0 Inc. and its wholly-owned US subsidiaries, has certified that it adheres to the Privacy Shield Principles. Furthermore, Auth0 is committed to compliance with the General Data Protection Regulation. To learn more, check out their Privacy Statement.
Crashlytics
Software development kit for crash reporting, application logging, online review and statistical analysis of application logs provided by Google LLC, USA.
Personal Data: Diagnostic Information
Country of Data Processing: USA
Google complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Google, including Google LLC and its wholly-owned US subsidiaries, has certified that it adheres to the Privacy Shield Principles. Furthermore, Google is committed to compliance with the General Data Protection Regulation. To learn more, check out their Privacy Statement.
Google Maps
Mapping service provided by Google LLC, USA.
Personal Data: Usage Data and Device Information
Country of Data Processing: USA
Google complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Google, including Google LLC and its wholly-owned US subsidiaries, has certified that it adheres to the Privacy Shield Principles. Furthermore, Google is committed to compliance with the General Data Protection Regulation. To learn more, check out their Privacy Statement.
Microsoft Azure
Hosting service provided by Microsoft Corporation, USA.
Personal Data: Usage Data, Flight identifiers and Device Information
Country of Data Processing: Europe
Mircosoft complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Microsoft, including Microsoft Corporation and its wholly-owned US subsidiaries, has certified that it adheres to the Privacy Shield Principles. Furthermore, Microsoft is committed to compliance with the General Data Protection Regulation. To learn more, check out their Privacy Statement.
Realm
Hosting service provided by Tightdb, Inc., USA.
Personal Data: Flight Data
Country of Data Processing: USA
Realm complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Realm, including Tightdb, Inc. and its wholly-owned US subsidiaries, has certified that it adheres to the Privacy Shield Principles. To learn more, check out their Privacy Policy.
Contact for Data Privacy
If you have any questions regarding your personal data as well as your privacy rights, please contact
iTrain GmbH
Seefeld 4/5
8716 Schmerikon
Switzerland
Email: privacy@itrain.ch
Contacting You
We may use your contact information to communicate with you about our product, diagnostic data and error reports.
Breach Notification
If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation. – Legal basis Art. 33 GDPR
Consent for Underage Enrollment
Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian.