We would like to explain how we handle your data when you visit our website and use our products.

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH (hereinafter referred to as “ginlo.net GmbH”) is pleased about your interest in ginlo. Protecting the security and privacy of your personal data during the entire business process is important to us and we want you to feel secure when you visit our website and use our services.

With this data protection information, we comply with our duty to provide information in accordance with art. 13 GDPR (General Data Protection Regulation). We explain which personal data we process for which purposes when you visit our website, when you fill out forms on it or when you use our apps. We explain the storage period of your data and inform you about your rights which you are entitled to according to the GDPR. We also explain the reasons for providing your data.

2. Definitions

The following terms, among others, are used in data protection and we would like to explain them briefly to you:

Personal data

This is any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. This includes information such as your real name, address, telephone number or e-mail address. Information that is not directly related to your real identity – such as the number of users of a page – is not personal data.

Processing

This includes, for example, the collection, recording, sorting, storage, forwarding or deletion of personal data – automatically or manually.

Controller

This is the natural or legal person who decides on the type of processing of personal data.

Processor

These are facilities that process your data on our behalf. These can be Internet companies based in Germany, which are responsible for the transport of your communication, or, for example, payment service providers.

Consent

This is a voluntarily given statement about the processing of our own personal data. This can be done on the Internet, for example, by actively clicking on a checkbox. This is an expression of your consent.

3. Identity and the contact details of the controller

Please feel free to contact this address with any questions concerning data protection.

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH

Rupert-Mayer-Str. 44

DE-81379 Munich / Germany

Telephone: +49 89 215305770

E-Mail: datenschutz@ginlo.net

4. Purposes and legal basis for the data processing

When visiting our pages, our servers store the usual standard data.

When filling out forms, we limit ourselves to requesting necessary communication or contract data.

In our products we only process functionally necessary data in encrypted form.

The legal basis for processing is art. 6 of the GDPR.

4.1 Use of our website

4.1.1 General

When you call up an individual page, our web servers record in a log file by default the address (URL) of the page called up, the date and time of the call, any error messages, the operating system and browser software of your device and the website from which you visit us.

In our log files we save the IP address of your device only in abbreviated form by deleting the last number block (octet). The IP address is a number that your Internet provider assigns to your device for a certain period of time.

The legal basis for the storage of log data – insofar as these represent personal data – are our legitimate interests (art. 6 (1) lit. f GDPR) in ensuring system security, error analysis, protection against misuse and the design of our website to meet your needs.

4.1.2 Contact Forms

In order to be able to get in contact with us, we provide various forms. The form data is processed in a special system (CRM), which can only be used with certain access rights.

Support Forms

If you need help with our products, you can fill out a contact form. To enable us to address you correctly and to answer you, we ask for your name and e-mail address.

Order forms

For your interest in paid products we provide different order forms. We ask for the address of your company or institution, if applicable your VAT identification number (VAT ID), your domain, a contact person, an e-mail address and a mobile phone number. This data is used for the technical installation of our products and for billing purposes. Specifically, this involves setting up the Administrator Cockpit for managing ginlo business accounts. This is a web application that is protected for security reasons (2-factor authentication) with a personal browser certificate and a password login.

Registration for the beta tester

If you apply to us as a beta tester, we need your title, your first and last name and your e-mail address. We use this information to be able to contact you for your application and in case you are accepted as a beta tester. We will send an individual link to your e-mail address. By clicking on it you confirm that you are the owner of the e-mail address. We can also send you information about our products and services in the area of confidentiality and privacy on the net to this e-mail address.

Legal basis of the processing

The legal basis for the processing of your data in the support form is art. 6 (1) lit. a GDPR, as your consent is required for this.

The personal data processed in our order forms and in the “beta tester” form lead to or may lead to a contractual relationship and are therefore based on art. 6 (1) lit. b GDPR.

4.2 Use of ginlo private

ginlo Private is an internet-based, cross-platform service for the secure exchange of messages between users of mobile devices.
For registration or after invitation by means of “ginlo now!” no personal data is required.
During the use of ginlo Privat the following personal data may be processed:

Mobile phone number

Optionally, every ginlo private user can store his mobile phone number in his profile. Afterwards, this data is stored on the ginlo server as a hash value and thus cannot be reconstructed in plain text.
ginlo users who have already stored your mobile phone number in their phone book will be informed about your registration after synchronizing their ginlo contacts.
During the user search for cell phone number only hash values are compared. In case of a match, a hit is displayed.

Profile name and profile picture

Optionally, every ginlo Private user can add a display name and/or an image (avatar) to his profile. This data is also stored encrypted on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID that is assigned to exactly one account and can be used for login or as a search function. It is part of all ginlo contacts and is also displayed in your own profile. A barcode is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data, including all files and their metadata, are stored locally on your device in encrypted form and are also encrypted during transport. We are talking about true full encryption. Your data is also encrypted during intermediate storage on our servers.

Legal basis of the processing

The processing of your mobile telephone number is based on art. 6 (1) lit. b GDPR and is necessary for the fulfilment of a contract in which you are involved.

Searching and being found using the hash value of the mobile telephone number or e-mail address, the display of your profile name and profile picture and the transmission of your encrypted communication data require your consent; therefore, in these cases, processing takes place in accordance with art. 6 (1) lit. a GDPR.

4.3 Use of ginlo business

ginlo Business is an internet-based, cross-platform service for the secure exchange of messages between users of mobile and desktop devices. It can be used by individuals as well as by groups up to large institutions or companies. During registration and while using ginlo Business, the following personal data is processed:

Mobile phone number / e-mail address

Your mobile phone number or your e-mail address is first used to send you a confirmation code during the registration phase. This data is then stored on the ginlo server as a hash value and therefore cannot be restored in plain text. If you register with ginlo and explicitly agree to access the phonebook contacts of your smartphone, this data is uploaded to the ginlo server as a hash value for comparison and then deleted again.

ginlo users who have already saved your mobile phone number or email address in their phone book will be informed about your registration when synchronizing their ginlo contacts.

As an individual user, you can decide for yourself whether you want to be found via your mobile phone number or your e-mail address.

If ginlo Business is used by an institution or company, a domain is often specified, so that the registration is usually done via the institution’s or company’s e-mail address. However, here too, every ginlo Business user can additionally store his or her mobile phone number.

Profile name and profile picture

Optionally, every ginlo Business user can add a display name and/or an image (avatar) to their profile. This data is stored in encrypted form on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID that is assigned to exactly one account and can be used for login or as a search function. It is part of all ginlo contacts and is also displayed in your own profile. A barcode is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data, including all files and their metadata, are stored locally on your device in encrypted form and are also encrypted during transport. We are talking about true full encryption. Your data is also encrypted during intermediate storage on our servers.

Legal basis of the processing

The processing of your mobile telephone number or your e-mail address during the registration process is based on art. 6 (1) lit. b GDPR and is necessary for the fulfilment of a contract in which you are involved.

Searching and being found using the hash value of the mobile telephone number or e-mail address, the display of your profile name and profile picture and the transmission of your encrypted communication data require your consent; therefore, in these cases, processing takes place in accordance with art. 6 (1) lit. a GDPR.

5. Recipients or categories of recipients

ginlo.net GmbH does not pass on your personal data to third parties and will not do so in the future, unless this is required by law, necessary for the purpose of the contract or you have expressly consented.

We use contract processors. External service providers process personal data only on documented instructions from ginlo.net GmbH. Examples of external service providers are operators of computer centres and internet services as well as line providers or payment service providers based in Germany.

6. Transfer to a third country

Transfer to a third country means that personal data is transferred to or accessed from a state outside the European Economic Area (EEA). The processing of your data in a third country does not take place at ginlo!

This does not affect your use of our services in a third country.

7. Period for storing

Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies.

In addition, storage may take place due to statutory retention periods. A blocking or deletion of the data also takes place if a legally prescribed storage period expires, unless there is a necessity for the further storage of the data for a contract conclusion or a contract fulfillment.

Website

The data processed when you visit our website is automatically deleted after 7 days.

Form data is converted into tickets and processed together with support e-mails in a CRM system. This data is deleted at the end of the year following the last contact, as we are also subject to a duty of proof. Data relevant for billing purposes will be deleted after expiry of the legal retention period.

ginlo app

Messages are only temporarily stored encrypted on our servers. On the server, each message is deleted 30 days after being sent in ginlo Private and 90 days in ginlo Business. Messages that are available on the server during this time are synchronized between all end devices of the same ginlo user account, so that these messages are available on all connected end devices.

When sending a message, each ginlo user can define whether the message will be deleted automatically after a certain time, at a certain time or after reading the message. Parts of chats or complete individual chats can also be deleted by the user.

A user account, including all its files on our servers, can be completely removed by the user himself under the profile settings. This requires the entry of the device password.

User accounts that are no longer used are automatically deleted at the end of the calendar year following the last use. During this time, the user can reactivate the account. From the time of deletion at the latest, the search function of other users will remain without results.

8. Rights of the data subject