Privacy Policy for Users of the ginlo @work App

Table of contents

  1. What is the purpose of this data privacy policy?
  2. Who is responsible for my data and who can I contact?
  3. What data is collected during the setup of ginlo @work?
  4. What other data is stored when using ginlo @work?
  5. What is encrypted?
  6. How and where is my data stored and encrypted?
  7. What else do I need to know about encryption?
  8. What authorizations does the ginlo @work app require and for what?
  9. What data of mine can other ginlo @work users see?
  10. Will my data passed be on?
  11. Will my user behavior be analyzed and evaluated?
  12. Will I receive advertising?
  13. When and how is my data deleted?
  14. On what legal basis is my data processed?
  15. What are my rights?

1 What is the purpose of this privacy policy?

With this Privacy Policy, we, Brabbler Secure Message and Data Exchange Aktiengesellschaft, Ria-Burkei-Straße 26, 81249 Munich/Germany, explain which personal data we collect and how we use it when you use the ginlo @work app on a smartphone, computer, or other device, and what rights you are entitled to under the General Data Protection Regulation (GDPR) with regard to your data. The organization that has introduced ginlo @work and has invited you as a user may provide you with further information on how your data will be handled.

In a nutshell: The purpose of this policy is to explain how we, the operator of ginlo @work, handle your personal data. Additional information can be obtained from the organization that has introduced ginlo @work and has invited you as a user.

2 Who is responsible for my data and who can I contact?

The data controller for the processing of your data stored and processed in the ginlo @work app in terms of the data protection law is the organization that uses ginlo @work and that has invited you as a user. If you have any questions or if you wish to exercise your data protection rights, please contact the appropriate person in this organization.  

In a nutshell: If you have questions on privacy regarding ginlo @work, please contact the person responsible for data protection in the organization that has invited you as a user.

3 What data is collected during the setup of ginlo @work?

3.1 For you to be able to use ginlo @work, the ginlo @work administrator in the organization needs to invite you as a user. To do so, they need to provide your e-mail address, to which an invitation will be sent. If you accept the invitation by downloading and installing the ginlo @work app and activating it via the invitation e-mail, you will be registered as a ginlo @work user in the organization. In addition, the administrator enters your first and last name and assigns you a user role. This role defines which other users you can see in the ginlo @work app (see section 9).

3.2 Your e-mail address is used as a unique identifier when you use ginlo @work on various smartphones, computers, or other devices. In addition, we may use it for two-factor-authentication (e.g. you need to authorize changes to your password using a confirmation e-mail that is sent to your e-mail address).

3.3 We also record to which ginlo @work team you belong. This team includes all ginlo @work users invited by the organization. The team name is assigned by your ginlo @work administrator.

In a nutshell: Your e-mail address is used as a unique identifier. This also serves your own security.

4 What other data is collected when using ginlo @work?

4.1 The operation of a service such as ginlo @work necessarily generates a range of data in addition to the setup data. Information on this data is provided below:

a Encrypted content, e.g. the ginlo messages you send and receive. This data is already encrypted on your device and is also stored on our server in an encrypted state so that we do not have access to this data. However, an authorized administrator in the organization may have access to it. Details on the encryption can be found in sections 5 and 6 below.

b Your profile picture, if you upload one.

c Metadata such as message send times or message recipient IDs, device and connection data such as the device ID and operating system version.

4.2 We use this data in accordance with this privacy policy to provide ginlo @work, improve the ginlo @work service (e.g. delivery times of incoming and outgoing messages), and fulfill legal obligations of the organization that has invited you. This includes in particular data retention duties.

In a nutshell: Encrypted content (e.g. sent messages), metadata (e.g. the time a message is sent), and device data (e.g. the operating system version).

5 What is encrypted?

5.1 We developed ginlo @work to enable the secure exchange of messages and other content in an organization. This is why we always encrypt all content in a manner that no one other than the intended users (sender, recipient, or an authorized administrator in the organization) can view the data. For more information about our encryption and why it provides the highest level of security, please refer to our whitepaper “Security in ginlo @work”.

5.2 However, we cannot encrypt the following data, or can only encrypt it during transport between your device and our server, which means that we would be able to access this data in plain text:

General data: We would be able to determine with which other ginlo @work users you are connected, i.e. you are able to exchange messages.

b Regarding ginlo messages: We would be able to determine the time and communication partner of a message exchange as well as the type of the message (message text, attachments, photos, etc.), but not its content. We require this data for the synchronization on various devices and for the structured display of conversations.

c Regarding your device: We record the device ID, operating system version and device model. This data is required to manage your devices. The device ID is needed for delivering messages to your device (so-called push messages). This is not the same as the IMEI or MAC address of your device.

In a nutshell: We always encrypt all content (e.g. message and file content), but certain additional information is not encrypted for technical reasons (e.g. the time a message is sent).

6 How and where is my data stored and encrypted?

6.1 Messages, shared files, and other content in ginlo @work are transmitted and stored in an encrypted format. They can only be decrypted and read using your secret private key. This applies to content stored on our server and to content (temporarily) stored locally on your device. In addition, content in ginlo @work can also be decrypted by authorized administrators in the organization. The organization that has invited you as a user can tell you how access to your data is regulated in the organization. 

6.2 Encryption and decryption is performed on your device or on the device of the recipient (end-to-end encryption). We have no possibility of accessing your encrypted data in clear text. 

6.3 We use various encryption algorithms for encryption. For the encryption of files and of content stored on your devices, we use AES-256, and for messages we use the libsodium library. For more details about the algorithms we use and further information about our encryption, please refer to our Whitepaper “Security in ginlo @work”.

6.4 Your data is stored on our servers in an encrypted format. Our servers act as an external storage space with which we can enable a synchronization with all of your devices. 

6.5 We only store personal data (e.g. master data and unencrypted data as per section 5.2) and content created and/or sent by the user on servers in Germany that are operated by certified service providers based in Germany.

In a nutshell: ginlo @work offers secure end-to-end encryption as well as encryption on all devices. We have no possibility of accessing your encrypted data in clear text ourselves. However, authorized administrators in the organization may be able to access this data in clear text. The organization that has invited you as a user can provide you with details on this. We store personal data exclusively in Germany.

7 What else do I need to know about encryption?

7.1 The ginlo @work app generates an individual private key for each ginlo @work user when they register. You can decrypt your content only with your private key. You do not need to memorize the private key (a very long number) because it is stored in the ginlo @work app on your device. 

7.2 We do not have access to your private key. We therefore recommend that you create a backup of your key in your mobile ginlo @work app. To do so, go to “Settings > Security Preferences > Create Key Backup”. With this key backup, you can transfer your key to a new device, e.g. if you lost your primary device or want to use ginlo @work on your computer as well. Setting up the app on a new smartphone also works without your own key backup: In this case, your ginlo @work administrator can help you restore your key.

7.3 ginlo @work encrypts all messages that are exchanged between ginlo @work users.

7.4 For more information about encryption, please refer to our Whitepaper “Security in ginlo @work”.

In a nutshell: Your content can only be accessed using your private key, which is stored on your device. We recommend that you back up your key so you can restore it if you lose your device or want to use multiple devices.

8 What permissions does the mobile ginlo @work app require and for what?

To use the the mobile app to its full extent, the following permissions are required:

8.1 Photos: Sending of photos and videos via ginlo @work

8.2 Camera: Direct recording of photos and videos in ginlo @work and subsequent sending of this content as well as scanning the QR code in the invitation e-mail

8.3 Microphone: Direct recording of videos and voice messages in ginlo @work and subsequent sending of this content

8.4 Notifications: Notification of the user, e.g. on new messages  

In a nutshell: For us to be able to make all ginlo @work features available to you, our mobile app requires a number of authorizations on your device. 

9 What data of mine can other ginlo @work users see?

Whether or not another ginlo @work user in the organization can see data about you depends on the role of this user. This role is assigned by the administrator. Currently, the administrator can assign one of the following roles:

  • Member: Users with the role “Member” can see your e-mail address, your first and last name as well as your profile picture (if you have uploaded one).
  • Guest: Users with the role “Guest” do not see the mentioned data at first. This data will only be visible when you start a conversation with this guest or when you participate in a group conversation with this guest.

Users that have been invited by other organizations cannot find you in ginlo @work. Neither can they see which organization has invited you or that you are a user of ginlo @work at all.

In a nutshell: Other ginlo @work users in the organization can see your e-mail address, your first and last name as well as your profile picture. However, a user with the role “Guest” can only see this data as soon as you have a conversation with this user. ginlo @work users outside your organization cannot see any data of yours.

10 Will my data be passed on?

10.1 We may use technical service providers, e.g. for hosting (server operation; currently PlusServer and ProfitBricks) or to send newsletters (currently Newsletter2Go). We only release data to public agencies (law enforcement agencies, for example) if we are required to do so by law. If law enforcement agencies request data from us, we will inform your ginlo @work administrator of this fact unless we are prohibited from doing so. We will also resist legally questionable requests for information, even in a court of law if necessary.

10.2 In addition, we may distribute data to third parties (e.g. to a court) to the extent necessary to assert, enforce, or defend a right.

10.3 Because sensitive data is encrypted when using ginlo @work and only you and an authorized administrator in the organization can decrypt it, this information will never reach third parties in clear text.

10.4 The organization that has invited you as a user will provide you with information about any other data recipients inside and outside the organization.

In a nutshell: We, too, sometimes need to use service providers, such as for hosting (server operation). We only release data to public agencies if we are required to do so by law. However, since your data is encrypted, sensitive content can never be accessed by third parties in plain text. 

11 Will my user behavior be analyzed and evaluated?

11.1 We do not record your usage behavior and do not have tracking technologies of third parties integrated in the ginlo @work app. 

11.2 However, we are able to anonymously evaluate data found on our servers. For example, we can determine on what type of device the ginlo @work app is most frequently installed, or how many connections an average ginlo @work user has. This data is never associated with you personally. 

11.3 We do not store the IP addresses of devices that connect to our servers. The IP address is a code that your Internet access provider permanently or temporarily assigns to your device. By drawing on additional information from third parties (e.g. via law enforcement agencies), it could be possible to determine the identity of the connection owner using the IP address. 

In a nutshell: No. We made a conscious decision to not evaluate the use of our app. We only maintain anonymous statistics. We never store the IP address.

12 Will I receive advertising?

We finance our operation through user fees and not through advertising. We do not create usage profiles for targeted advertising. We never distribute your data to third parties for advertising purposes or send you advertising from other companies. 

In a nutshell: We finance our operation exclusively though user fees and not through advertising. Data of our customers will never be distributed to third parties for advertising purposes.

13 When and how is my data deleted?

13.1 ginlo @work is a business solution designed to ensure that an organization retains complete control over the data exchanged via ginlo @work and stored in the course of user management. This is why it is up to the respective organization to decide when which data is deleted. If you have any questions in this regard, please contact the organization that has invited you as a user.

13.2 Any data you store outside the ginlo @work app can, of course, neither be deleted by us nor by your administrator. 

In a nutshell: The organization that uses ginlo @work and has invited you as a user, decides which data to delete. If you have any questions in this regard, please contact the organization. 

14 On what legal basis is my data processed?

Unless otherwise communicated by the organization, your personal data will be processed by the organization to safeguard its legitimate interests (Art. 6(1) lit. f GDPR). The organization's interest is to provide a secure communication platform. The storage of communication content may also be necessary for the fulfilment of statutory data retention duties and thus be based on Art. 6(1) lit. c GDPR.

In a nutshell: Your personal data will be processed by your organization in accordance with the General Data Protection Regulation.

15 What are my rights?

You have certain rights with regard to your personal data in accordance with the General Data Protection Regulation, including the right to information about the data stored about you. For details on your rights, please see “Your rights under the General Data Protection Regulation (GDPR)”.

Please note that with regard to ginlo @work you exercise these rights against the organization that has invited you as a user as the data controller.

Version: 20 June 2018

In a nutshell: The GDPR grants you certain rights that you can exercise against the organization that has invited you as a user. These rights will be explained here.