Privacy policy.

1. Introduction

With the following information, we would like to give you, as the "data subject", an overview of the processing of your personal data by us and your rights under data protection laws. When using the Wingio app (hereinafter: app), the processing of personal data is necessary.

The processing of personal data is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the applicable country-specific data protection regulations. By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data we collect, use and process when using our app. As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website.

2. Person responsible

The responsible party within the meaning of the GDPR is Tabnova

3. Definitions

The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy we use, among others, the following terms:

- Personal data

Personal data is all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

- Affected person

A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

- Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

- Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

- Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

- Recipient

Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular investigation in accordance with Union or Member State law shall not be considered recipients.

- Third

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct responsibility of the controller or processor.

- Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her.

4. Legal basis for processing

Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary to fulfill a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 (1) sentence 1 lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) sentence 1 lit. c GDPR.

Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this respect, it was of the opinion that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 GDPR).

5. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

1. you have given your express consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR,

2. the transfer is permissible in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not sharing your data,

3. in the event that there is a legal obligation to disclose data pursuant to Art. 6 (1) sentence 1 lit. c GDPR, and

4. this is legally permissible and is necessary for the processing of contractual relationships with you according to Art. 6 Paragraph 1 Clause 1 Letter b of GDPR.

6. Download the app

Description: When you download the app from the Google Play Store, personal data will be transferred to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Please note that Google claims to have taken strict technical measures to protect personal data. Google may transfer your personal data to third parties who provide Google products and services or who assist Google in marketing to customers. In addition, data collected by Google may be transferred to companies that provide services to Google. Google will also transfer the information to countries outside the European Economic Area ("EEA").

Data processed:

-     Unique identifiers (e.g. browser type and settings, device type and settings, operating system, mobile network information such as mobile operator name and phone number

-     Data about how your apps, browsers and devices interact with our services (e.g. IP address, crash reports, system activity, date and time of the request, referring URL of the request).

Purpose of processing:

-     Making the app available[1] 

Legal basis: The data processing takes place in the exercise of public authority, which has been transferred to the controller on the basis of the data protection laws and the school laws of the respective federal state (Art. 6 Para. 1 Clause 1 Letter e GDPR).

Further information, in particular on the specific data processed, can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

7. Data processing when using the app

Description: When the device is setup.The technical communication takes place either via WiFi or via a cloud solution. If a cloud solution is used, the controller and the cloud provider have concluded a data processing agreement within the meaning of Art. 28 GDPR (see point 9 ).

Data processed:

- Name

- E-mail address

- Password

- Child Name

- Usage data and metadata (e.g. unique ID, login ID, login time, device ID number)

Purpose of processing:

- Implementation of the solution

Legal basis: The data processing takes place in the exercise of public authority, which has been transferred to the controller on the basis of the data protection laws

8. App access rights

Description: The use of functions in our app or the app as a whole requires access to certain data or functions on the device you are using. Please note that if you do not have the necessary authorization, you may not be able to use all functions in our app.

Legal basis: The data processing takes place in the exercise of public authority, which has been transferred to the controller on the basis of the data protection laws

8.1 Access to the device’s memory

Description: When you use our app, we have access to files stored on your device.

Purpose of processing:

-     Exchange of files(provided files are stored locally on the devices).

Data processed:

-     Saved files (e.g. image files, documents)

9. Your rights as a data subject

9.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

9.2 Right to information Art. 15 GDPR

You have the right to obtain from us at any time, free of charge, information about the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

9.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

9.4 Deletion Art. 17 GDPR

You have the right to request that we delete the personal data concerning you immediately if one of the legally stipulated reasons applies and if the processing or storage is not necessary.

9.5 Restriction of processing Art. 18 GDPR

You have the right to request that we restrict processing if one of the legal requirements is met.

9.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have made available to us, in a structured, common and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data was made available without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 Para. 1 GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

9.7 Objection Art. 21 GDPR

You have the right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing based on a balance of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

In individual cases, we process personal data in order to conduct direct advertising. You can object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right to object to the processing of personal data concerning you which we carry out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to perform a task carried out in the public interest, for reasons related to your particular situation.

You are free to exercise your right of objection by automated means using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.

9.8 Revocation of data protection consent

You have the right to revoke your consent to the processing of personal data at any time with future effect.

9.9 Complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

10. Duration of storage of personal data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal provisions to which our company is subject.

All files can be deleted by the teaching staff at the end of a lesson.

11. Current status and changes to the privacy policy

This privacy policy is currently valid and is dated September 2025.

Due to the further development of our websites and offers or due to changes in legal or official requirements, it may become necessary to change this privacy statement. The current privacy statement can be accessed and printed out at any time on the website at …..

@raj@tabnova.com hi Rajiv, its not really an app correctly? Here it would be if you parental control website linked with the dedicated kids phone? As well probably one sentence about children data protection would be good?