Privacy Policy

Privacy Policy of ginlo.net GmbH

Content

  1. Introduction
  2. Definitions
  3. Identity and contact details of controller
  4. Purposes and legal basis for data processing
  5. Recipients or categories of recipients
  6. Transfer to third country
  7. Period for storing
  8. Rights of data subject
  9. Provision of personal data
  10. Status of data protection notice

1. Introduction

We would like to explain how we handle your data when you visit our website and use our products.

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH (hereinafter referred to as “ginlo.net GmbH”) is pleased about your interest in ginlo. Protecting the security and privacy of your personal data during the entire business process is important to us and we want you to feel secure when you visit our website and use our services.

With this data protection information, we comply with our duty to provide information in accordance with art. 13 GDPR (General Data Protection Regulation). We explain which personal data we process for which purposes when you visit our website, when you fill out forms on it or when you use our apps. We explain the storage period of your data and inform you about your rights which you are entitled to according to the GDPR. We also explain the reasons for providing your data.

2. Definitions

The following terms, among others, are used in data protection and we would like to explain them briefly to you:

Personal data

This is any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. This includes information such as your real name, address, telephone number or e-mail address. Information that is not directly related to your real identity – such as the number of users of a page – is not personal data.

Processing

This includes, for example, the collection, recording, sorting, storage, forwarding or deletion of personal data – automatically or manually.

Controller

This is the natural or legal person who decides on the type of processing of personal data.

Processor

These are facilities that process your data on our behalf. These can be Internet companies based in Germany, which are responsible for the transport of your communication, or, for example, payment service providers.

Consent

This is a voluntarily given statement about the processing of our own personal data. This can be done on the Internet, for example, by actively clicking on a checkbox. This is an expression of your consent.

3. Identity and the contact details of the controller

Please feel free to contact this address with any questions concerning data protection.

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH

Rupert-Mayer-Str. 44

DE-81379 Munich / Germany

Telephone: +49 89 215305770

E-Mail: datenschutz@ginlo.net

4. Purposes and legal basis for the data processing

When visiting our pages, our servers store the usual standard data.

When filling out forms, we limit ourselves to requesting necessary communication or contract data.

In our products we only process functionally necessary data in encrypted form.

The legal basis for processing is art. 6 of the GDPR.

4.1 Use of our website

4.1.1 General

When you call up an individual page, our web servers record in a log file by default the address (URL) of the page called up, the date and time of the call, any error messages, the operating system and browser software of your device and the website from which you visit us.

In our log files we save the IP address of your device only in abbreviated form by deleting the last number block (octet). The IP address is a number that your Internet provider assigns to your device for a certain period of time.

The legal basis for the storage of log data – insofar as these represent personal data – are our legitimate interests (art. 6 (1) lit. f GDPR) in ensuring system security, error analysis, protection against misuse and the design of our website to meet your needs.

4.1.2 Contact Forms

In order to be able to get in contact with us, we provide various forms. The form data is processed in a special system (CRM), which can only be used with certain access rights.

Support Forms

If you need help with our products, you can fill out a contact form. To enable us to address you correctly and to answer you, we ask for your name and e-mail address.

Order forms

For your interest in paid products we provide different order forms. We ask for the address of your company or institution, if applicable your VAT identification number (VAT ID), your domain, a contact person, an e-mail address and a mobile phone number. This data is used for the technical installation of our products and for billing purposes. Specifically, this involves setting up the Administrator Cockpit for managing ginlo business accounts. This is a web application that is protected for security reasons (2-factor authentication) with a personal browser certificate and a password login.

Registration for the beta tester

If you apply to us as a beta tester, we need your title, your first and last name and your e-mail address. We use this information to be able to contact you for your application and in case you are accepted as a beta tester. We will send an individual link to your e-mail address. By clicking on it you confirm that you are the owner of the e-mail address. We can also send you information about our products and services in the area of confidentiality and privacy on the net to this e-mail address.

Legal basis of the processing

The legal basis for the processing of your data in the support form is art. 6 (1) lit. a GDPR, as your consent is required for this.

The personal data processed in our order forms and in the “beta tester” form lead to or may lead to a contractual relationship and are therefore based on art. 6 (1) lit. b GDPR.

4.2 Use of ginlo private

ginlo Private is an internet-based, cross-platform service for the secure exchange of messages between users of mobile devices.
For registration or after invitation by means of “ginlo now!” no personal data is required.
During the use of ginlo Privat the following personal data may be processed:

Mobile phone number

Optionally, every ginlo private user can store his mobile phone number in his profile. Afterwards, this data is stored on the ginlo server as a hash value and thus cannot be reconstructed in plain text.
ginlo users who have already stored your mobile phone number in their phone book will be informed about your registration after synchronizing their ginlo contacts.
During the user search for cell phone number only hash values are compared. In case of a match, a hit is displayed.

Profile name and profile picture

Optionally, every ginlo Private user can add a display name and/or an image (avatar) to his profile. This data is also stored encrypted on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID that is assigned to exactly one account and can be used for login or as a search function. It is part of all ginlo contacts and is also displayed in your own profile. A barcode is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data, including all files and their metadata, are stored locally on your device in encrypted form and are also encrypted during transport. We are talking about true full encryption. Your data is also encrypted during intermediate storage on our servers.

Legal basis of the processing

The processing of your mobile telephone number is based on art. 6 (1) lit. b GDPR and is necessary for the fulfilment of a contract in which you are involved.

Searching and being found using the hash value of the mobile telephone number or e-mail address, the display of your profile name and profile picture and the transmission of your encrypted communication data require your consent; therefore, in these cases, processing takes place in accordance with art. 6 (1) lit. a GDPR.

4.3 Use of ginlo business

ginlo Business is an internet-based, cross-platform service for the secure exchange of messages between users of mobile and desktop devices. It can be used by individuals as well as by groups up to large institutions or companies. During registration and while using ginlo Business, the following personal data is processed:

Mobile phone number / e-mail address

Your mobile phone number or your e-mail address is first used to send you a confirmation code during the registration phase. This data is then stored on the ginlo server as a hash value and therefore cannot be restored in plain text. If you register with ginlo and explicitly agree to access the phonebook contacts of your smartphone, this data is uploaded to the ginlo server as a hash value for comparison and then deleted again.

ginlo users who have already saved your mobile phone number or email address in their phone book will be informed about your registration when synchronizing their ginlo contacts.

As an individual user, you can decide for yourself whether you want to be found via your mobile phone number or your e-mail address.

If ginlo Business is used by an institution or company, a domain is often specified, so that the registration is usually done via the institution’s or company’s e-mail address. However, here too, every ginlo Business user can additionally store his or her mobile phone number.

Profile name and profile picture

Optionally, every ginlo Business user can add a display name and/or an image (avatar) to their profile. This data is stored in encrypted form on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID that is assigned to exactly one account and can be used for login or as a search function. It is part of all ginlo contacts and is also displayed in your own profile. A barcode is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data, including all files and their metadata, are stored locally on your device in encrypted form and are also encrypted during transport. We are talking about true full encryption. Your data is also encrypted during intermediate storage on our servers.

Legal basis of the processing

The processing of your mobile telephone number or your e-mail address during the registration process is based on art. 6 (1) lit. b GDPR and is necessary for the fulfilment of a contract in which you are involved.

Searching and being found using the hash value of the mobile telephone number or e-mail address, the display of your profile name and profile picture and the transmission of your encrypted communication data require your consent; therefore, in these cases, processing takes place in accordance with art. 6 (1) lit. a GDPR.

5. Recipients or categories of recipients

ginlo.net GmbH does not pass on your personal data to third parties and will not do so in the future, unless this is required by law, necessary for the purpose of the contract or you have expressly consented.

We use contract processors. External service providers process personal data only on documented instructions from ginlo.net GmbH. Examples of external service providers are operators of computer centres and internet services as well as line providers or payment service providers based in Germany.

6. Transfer to a third country

Transfer to a third country means that personal data is transferred to or accessed from a state outside the European Economic Area (EEA). The processing of your data in a third country does not take place at ginlo!

This does not affect your use of our services in a third country.

7. Period for storing

Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies.

In addition, storage may take place due to statutory retention periods. A blocking or deletion of the data also takes place if a legally prescribed storage period expires, unless there is a necessity for the further storage of the data for a contract conclusion or a contract fulfillment.

Website

The data processed when you visit our website is automatically deleted after 7 days.

Form data is converted into tickets and processed together with support e-mails in a CRM system. This data is deleted at the end of the year following the last contact, as we are also subject to a duty of proof. Data relevant for billing purposes will be deleted after expiry of the legal retention period.

ginlo app

Messages are only temporarily stored encrypted on our servers. On the server, each message is deleted 30 days after being sent in ginlo Private and 90 days in ginlo Business. Messages that are available on the server during this time are synchronized between all end devices of the same ginlo user account, so that these messages are available on all connected end devices.

When sending a message, each ginlo user can define whether the message will be deleted automatically after a certain time, at a certain time or after reading the message. Parts of chats or complete individual chats can also be deleted by the user.

A user account, including all its files on our servers, can be completely removed by the user himself under the profile settings. This requires the entry of the device password.

User accounts that are no longer used are automatically deleted at the end of the calendar year following the last use. During this time, the user can reactivate the account. From the time of deletion at the latest, the search function of other users will remain without results.

8. Rights of the data subject

The basic data protection regulation grants you certain rights in relation to the personal data that a controller processes about you.

You are entitled to these rights under the conditions of the respective data protection regulations. No further rights are granted to you by the following presentation.

Right to request
 

You have the right to ask us to confirm whether we are processing personal data relating to you; if this is the case, you have the right to access this personal data and to receive the information specified in art. 15 GDPR.

Right of rectification

You have the right to demand that we correct incorrect personal data concerning you without delay and, if necessary, complete incomplete personal data, art. 16 GDPR.

Right to erasure

You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons listed in art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

Right to restriction of processing

You have the right to request us to restrict processing if one of the conditions listed in art. 18 GDPR is met, e.g. if you have lodged an objection to processing.

Right to data portability

You have the right to receive your personal data provided to a controller in a structured, common and machine-readable format and you have the right to have such data transferred to another controller, provided that the basis for the processing was either your consent or a contract ( art. 6 (1) GDPR).

Right to object

You have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation, provided that we base the processing on Art. 6 (1) lit e. or f GDPR. We will then no longer process this data unless we can demonstrate compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Your special rights

You have the right to withdraw your consent at any time (art. 13 (2) lit. c GDPR), in particular if the purpose for which your data was processed no longer exists or has changed. This does not affect the lawfulness of the processing based on the consent until revocation.

In particular, we would like to draw your attention to your right to lodge a complaint with supervisory authority (art. 13 (2) lit. d in conjunction with art. 77 GDPR). The Bavarian State Office for Data Protection Supervision (BayLDA) in 91522 Ansbach, Promenade 25 is responsible for us.

Further information can be found under this link:
https://www.lda.bayern.de/

A complaint can be filed with any supervisory authority within the EU.

9. Provision of personal data

As a matter of principle, we collect only a minimum of data for the functionality of our secure communication solution:

The data requested when filling in forms on our website is used to contact you or to prepare a contract. Without this data, communication between our interested parties, customers or service providers would not be possible.

Providing your contact information (mobile phone number or email address) is essential for setting up the ginlo app. Without this data, the app could neither be set up nor used. An exception to this is the invitation of ginlo private users by means of “ginlo now! Here, registration is done by scanning the QR code of an inviter. No contact data is required to set up the app.

In order to set up and use the administrator cockpit of ginlo Business, the contact data of the administrator (name, address, mobile phone number), the domain of the institution or company are required. Without this data, the use of the ginlo Business app would be impossible.

10. Status of data protection information

ginlo.net GmbH reserves the right to change its privacy policy at any time with or without prior notice. Please check back regularly to be informed about changes.

Status: March 2023

Contact sales now at:
+49 89 / 215 305 77 00

Contact and support

You want to contact us or you are stuck? Don't worry, you can reach us here and we will help you immediately!

More information on how we use your data and on your rights as a data subject can be found in our Privacy Policy.

Kontakt und Support

Sie wollen mit uns Kontakt aufnehmen oder Sie stecken fest? Keine Sorge, hier erreichen Sie uns und wir helfen Ihnen sofort!

More information on how we use your data and on your rights as a data subject can be found in our Privacy Policy.

Sign up for our 30-day free trial!

More information on how we use your data and on your rights as a data subject can be found in our Privacy Policy and our General Terms and Conditions.

Finally, a messenger for everyone.

Find out more today!

More information on how we use your data and on your rights as a data subject can be found in our Privacy Policy.

ginlo won't do what you want it to do?

Here at ginlo, we care about our customers. And we mean it when we say that we take every issue seriously – we're passionate about solving any problems you may have. So tell us: how can we help you today?

More information on how we use your data and on your rights as a data subject can be found in our Privacy Policy.

The ginlo education tariff:
Schools, colleges and universities can try ginlo for free and with no commitment on a 30-day trial!

Please complete all fields. We'll activate your account as soon as we've verified your eligibility for our educational tariff. After the trial period, you can continue to use ginlo for the discounted monthly price of €1.19 (incl. VAT) per user.

More information on how we use your data and on your rights as a data subject can be found in our Privacy Policy and our General Terms and Conditions.

Vielen Dank, Ihre Nachricht wurde gesendet.

ok