Content

1. Introduction
2. Definitions
3. Identity and contact details of controller
4. Purposes and legal basis for data processing
5. Recipients or categories of recipients
6. Transfer to third country
7. Period for storing
8. Rights of data subject
9. Provision of personal data
10. Status of data protection notice

1. Introduction

We would like to explain how we handle your data when you visit our website and use our products.

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH (hereinafter referred to as ginlo.net GmbH) appreciates your interest in ginlo. The protection of your personal data during processing throughout the entire business process is an important concern for us and we want you to feel secure when visiting our website and using our services.

With this data protection notice, we are fulfilling our duty to provide information in accordance with Art. 13 GDPR (General Data Protection Regulation). We explain which personal data we process for which purposes when you visit our website, when you fill out forms on it or when you use our apps. We explain the storage period of your data and inform you about your rights under the GDPR. We also explain the reasons for providing your data.

2. Definitions

The following terms are used in data protection and we would like to briefly explain them to you:

Personal data

This is any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. This includes information such as your real name, your address, your telephone number or your e-mail address. Information that is not directly associated with your real identity – such as the number of users of a page – is not personal data.

Processing

This means, for example, collecting, recording, organizing, sorting, storing, forwarding or deleting personal data – automatically or manually.

Controller

This is the natural or legal person who decides on the type of processing of personal data.

Processor

These are entities that process your data on our behalf. These may be Internet companies based in Germany that are responsible for the transportation of your communication, or payment service providers, for example.

Consent

This is a voluntary declaration of consent to the processing of your personal data. This can be done on the Internet, for example, by actively clicking on a checkbox. This expresses your consent.

3. Identity and the contact details of the controller

Please feel free to contact this address with any questions concerning data protection:

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH

Rupert-Mayer-Str. 44

DE-81379 Munich / Germany

Telephone: +49 89 215305770

E-Mail: datenschutz@ginlo.net

4. Purposes and legal basis for the data processing

When you visit our website, our servers store the usual standard data.

When filling out forms, we restrict ourselves to requesting necessary communication or contract data.

In our products, we only process functionally necessary data in encrypted form.

The legal basis for processing is Art. 6 of the GDPR.

4.1 Use of our website

4.1.1 General

When you access an individual page, our web servers record the address (URL) of the page accessed, the date and time of access, any error messages, the operating system and browser software of your device and the website from which you are visiting us in a log file as standard.

We only store the IP address of your device in our log files in abbreviated form by deleting the last block of numbers (octet). The IP address is a number that your internet provider assigns to your device for a certain period of time.

The legal basis for the storage of log data – insofar as this constitutes personal data – is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in ensuring system security, error analysis, protection against misuse and the needs-based design of our website.

4.1.2 Contact Forms

We provide various forms so that you can contact us. The form data is processed in a special system (CRM), which can only be operated with certain access rights.

Support forms

If you need help with our products, you can fill out a contact form. We ask for your name and e-mail address so that we can address you correctly and reply to you.

Order forms

We provide various order forms for your interest in chargeable products. We ask for the address of your company or institution, your VAT identification number (if applicable), your domain, a contact person, an e-mail address and a mobile phone number. This data is used for the technical setup of our products and for billing purposes. Specifically, this involves setting up the Administrator Cockpit for managing ginlo Business accounts. This is a web application which, for security reasons, is protected with a personal password login and optional 2-factor authentication via one-time token.

Registration for the beta tester

If you apply to us as a beta tester, we need your title, your first and last name and your e-mail address. We will use this information to contact you about your application and, if you are accepted, as part of the beta test. We will send an individual link to your e-mail address. By clicking on it, you confirm that you are the owner of the e-mail address. We may also send you information about our products and services in the area of online confidentiality and privacy to this e-mail address.

Legal basis for processing

The legal basis for the processing of your data in the support form is Art. 6 para. 1 lit. a GDPR, as your consent is required for this.

The personal data processed in our order forms and in the “beta tester” form lead or may lead to a contractual relationship and are therefore based on Art. 6 para. 1 lit. b GDPR.

4.2 Use of ginlo

ginlo is an internet-based, cross-platform service for the secure exchange of messages between users of mobile devices.

No personal data is required for registration or after invitation via “ginlo now!”.

The following personal data may be processed during the use of ginlo

Mobile phone number

Optionally, every ginlo user can enter their mobile phone number in their profile. This data is then stored on the ginlo server as a hash value and therefore cannot be restored in plain text.

ginlo users who have already saved their mobile phone number in their phone book will be informed of their registration when their ginlo contacts are synchronized.

When users search for a cell phone number, only hash values are compared with each other. If there is a match, a hit is displayed.

Profile name and profile picture

Optionally, every ginlo user can enter a display name and/or a picture (avatar) in their profile. This data is also stored in encrypted form on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID that is assigned to exactly one account and can be used when logging in, as a search function or to invite other users. It is part of all ginlo contacts and is also displayed in your own profile. A QR code is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data, including all files and their metadata, are stored locally on your device in encrypted form and are also encrypted during transportation. We are talking about genuine full encryption. Your data is also encrypted during intermediate storage on our servers.

Legal basis for processing

Searching and being found via the hash value of the mobile phone number, the display of your profile name and your profile picture as well as the transmission of your encrypted communication data require your consent; therefore, in these cases, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR.

4.3 Use of ginlo business

ginlo Business is an internet-based, cross-platform service for the secure exchange of messages between users of mobile and desktop devices. It can be used by individuals, groups and even large institutions or companies. The following personal data is processed during registration and while using ginlo Business

Mobile phone number / e-mail address

Your mobile phone number or e-mail address is initially used to send you a confirmation code during the registration phase. This data is then stored on the ginlo server as a hash value and therefore cannot be restored in plain text. If you register with ginlo and explicitly agree to access the phonebook contacts on your smartphone, this data is uploaded to the ginlo server as a hash value for comparison and then deleted again.

ginlo users who have already saved their mobile phone number or e-mail address in their phone book will be informed of their registration when their ginlo contacts are synchronized.

As an individual user, you can decide for yourself whether you want to be found via your mobile phone number or your e-mail address.

If ginlo Business is used by an institution or a company, a domain is often specified, so that registration usually takes place via the e-mail address of the institution or company. However, every ginlo Business user can also enter their mobile phone number.

Profile name and profile picture

Optionally, every ginlo Business user can enter a display name and/or a picture (avatar) in their profile. This data is stored in encrypted form on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID, which is assigned to exactly one account and can be used when logging in, as a search function or to invite other users. It is part of all ginlo contacts and is also displayed in your own profile. A QR code is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data, including all files and their metadata, are stored locally on your device in encrypted form and are also encrypted during transportation. We are talking about genuine full encryption. Your data is also encrypted during intermediate storage on our servers.

Legal basis of the processing

The processing of your mobile phone number or your e-mail address during the registration process is based on Art. 6 para. 1 lit. b GDPR and is necessary for the performance of a contract to which you are a party.

Searching and being found via the hash value of the mobile phone number or the e-mail address, the display of your profile name and your profile picture as well as the transmission of your encrypted communication data require your consent; therefore, in these cases, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR.

5. Recipients or categories of recipients

ginlo.net GmbH does not pass on your personal data to third parties and will not do so in the future unless this is required by law, necessary for the purpose of the contract or you have expressly consented.

We use contract processors. The external service providers process the personal data only on the documented instructions of ginlo.net GmbH. External service providers include, for example, operators of data centers and Internet services as well as line providers or payment service providers based in Germany.

6. Transfer to a third country

Third country transfer means that personal data is transferred to or accessed from a country outside the European Economic Area (EEA). The processing of your data in a third country does not take place at ginlo!

This does not affect the use of our services by you in a third country.

7. Period for storing

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies.

Data may also be stored due to statutory retention periods. The data will also be blocked or deleted if a legally prescribed storage period expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Website

The data processed when you visit our website is automatically deleted after 7 days.

Form data is converted into tickets and processed together with support emails in a CRM system. This data is deleted at the end of the year following the last contact, as we are also subject to a duty of proof. Data relevant for billing purposes is deleted after the statutory retention period has expired.

ginlo app

Messages are encrypted and only stored temporarily on our servers. Every message is deleted from the server 30 days after it is sent in ginlo and 90 days after it is sent in ginlo Business. Messages that are available on the server during this time are synchronized between several end devices of the same ginlo user account so that these messages are available on all connected end devices.

When sending a message, each ginlo user can specify whether this message is automatically deleted after a certain time, at a certain time or after it has been read. Parts of chats or complete individual chats can also be deleted by the user.

A user account, including all its files on our servers, can be completely deleted by the user themselves in the profile settings. To do this, the device password must be entered.

User accounts that are no longer used are automatically deleted at the end of the calendar year following their last use. During this time, it is possible for the user to reactivate the account. From the time of deletion at the latest, the search function of other users will be unsuccessful.

8. Rights of the data subject

The General Data Protection Regulation grants you certain rights in relation to the personal data that a controller processes about you.

You are entitled to these rights under the conditions of the respective data protection regulations. The following description does not grant you any further rights.

Right to information

You have the right to request confirmation from us as to whether we process personal data concerning you; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data, Art. 16 GDPR.

Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

Right to restriction of processing

You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to processing.

Right to data portability

You have the right to receive the personal data you have provided to a controller in a structured, commonly used and machine-readable format and you have the right to have this data transmitted to another controller, provided that the basis for the processing was either your consent or a contract (Art. 6 para. 1 GDPR).

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. We will then no longer process this data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Your special rights

You have the right to withdraw your consent at any time (Art. 13 para. 2 lit. c GDPR), in particular if the purpose of processing your data no longer exists or has changed. This does not affect the lawfulness of the processing based on the consent until revocation.

We would like to expressly draw your attention to your right to lodge a complaint with a supervisory authority (Art. 13 para. 2 lit. d in conjunction with Art. 77 GDPR).

The Bavarian State Office for Data Protection Supervision (BayLDA) in 91522 Ansbach, Promenade 25, is responsible for us.

Further information can be found at this link: www.lda.bayern

A complaint can be lodged with any supervisory authority within the EU.