Privacy Policy for ginlo Private

  1. Introduction
  2. Personal data
  3. Name and contact details of the controller and the data protection officer
  4. Responsible supervisory authority
  5. Purpose and legal basis for data processing
  6. Storage duration
  7. Recipients or categories of recipients
  8. Transfer to foreign countries
  9. Rights of the data Subject
  10. Data security
  11. Last Update of this privacy policy

1.    Introduction

Brabbler Secure Message and Data Exchange Aktiengesellschaft (hereinafter Brabbler AG) appreciates your interest in ginlo. We take your privacy seriously and have developed internal systems to ensure the privacy of your personal data during all stages of processing related to our business operations, including visits to our internet pages and the use of our services.

This document details which data we at Brabbler AG collect during your visit to the ginlo website and when you use the ginlo app, and how such data is used.

2.    Personal data

'Personal data' means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as proper names, address, telephone numbers and date of birth. Information that cannot be directly associated with a real identity — such as the total number of users of a site — is not considered personal data.

3.    Name and contact details of the controller and the data protection officer

This data privacy notice applies to data processing at

Brabbler Secure Message and Data Exchange Aktiengesellschaft
Ria-Burkei-Straße 26
81249 Munich/Germany

Phone: +49 89 95 45 94 7-0
E-mail: privacy@brabbler.ag

Please contact our data protection officer with any questions related to the processing of your personal data. The data protection officer is available to assist you with requests for information, comments or complaints.

Brabbler Secure Message and Data Exchange Aktiengesellschaft
- Data Protection Officer -
Ria-Burkei-Straße 26
81249 Munich/Germany

E-mail: dpo@brabbler.ag

4.    Responsible supervisory authority

Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA)
Promenade 25
91522 Ansbach/Germany

For more information, please refer to:
https://www.lda.bayern.de/en/contact.html

You may also lodge a complaint with any other supervisory authority within the EU.

5.    Purpose and legal basis for data processing

5.1    Visit of the website

Brabbler AG is obligated to protect the privacy of the users of our website. When you visit our websites, a certain amount of data must necessarily be collected and stored for connection, configuration, and security purposes. Accordingly, our web servers always temporarily store: the connection data of the computer connecting to our website; a list of which of our web pages you visit; the date and duration of your visit; the IP address of your device; identification data related to the browser and operating system you are using to visit us; and the website from which you were referred to our website. Beyond this, no personal data such as your name, address, telephone number or e-mail address is collected unless offered on a voluntary basis, such as to register for the website, to participate in a survey or prize sweepstakes or as required to perform a contract or informational query.

The legal basis for the processing of the aforementioned data categories is Art. 6 Paragraph 1(f) rev GDPR. For these reasons, and in particular to ensure safe and seamless connection, we have a legitimate interest in the processing of such data.

Any such data is stored for no more than 7 days, after which time it is automatically deleted. We also use cookies, tracking tools and targeting measures.

5.2    Use of ginlo

To provide ginlo for your use, certain pieces of your personal data are required. This data is required to perform the contract regarding the use of ginlo. The legal basis for the processing of the aforementioned data categories is Art. 6 Paragraph 1(b) rev GDPR, as it is related to the performance of a contract into which you have entered. The following sections provide additional information on this.

5.2.1    Collection and processing of data during registration

To register for a ginlo user account, the Messenger records the mobile phone number and, where desired, profile name and profile image of the user. The mobile phone number is then stored in hashed form on the ginlo server.
You can also use ginlo without allowing access to your contacts. If you register with ginlo and explicitly approve access to the phone book contacts on your smartphone, these are then sent to the server for a hashed comparison and then deleted. Contacts who have saved your number in their telephone book and who are also using ginlo are then informed about your registration when they search for other users.

5.2.2    Collection and processing of data during use of Messenger

ginlo stores your login data (profile name, mobile phone number, and password) locally in your Messenger app so that you can remain permanently connected. Your communications data is also stored locally in encrypted form within the messenger. Our servers, which are all based in Germany, solely receive your mobile phone number, your profile photo, and your profile name.
Messages are end-to-end encrypted and are only stored temporarily on our servers. All messages are deleted from the server after 90 days. User accounts and all related data can be completely deleted from our servers by the user from within the profile settings.

5.2.3    Importance and use of the password

When creating a ginlo user account, an RSA key pair is generated on your device. The private key is encrypted based on the device password you select and can only be decrypted using that same device password.
If you forget your password, our only option is to reset your password and you must re-register. We are unable to reset your password or set a new one. As such, your ginlo password is highly important. Even if you allow the app to remain logged in permanently, you must always know your password in case you need to delete your profile or to make changes to the password.

5.2.4    Collection and processing of data for quality assurance purposes

By default, the app will send a crash log in the background, e.g. when the software crashes or in case of a server error. We use this data in accordance with this privacy policy to continuously improve the ginlo app and support troubleshooting. The crash log doesn’t contain any user content or user IDs that allow us to identify you as a person. If you prefer not to send the log, you can deactivate it at any time in Settings.

6.    Storage duration

Your personal data is deleted or locked as soon as the purpose of storage is no longer applicable. Storage may also be extended to meet legal storage requirements. Locking or deletion of the data then occurs once the legally specified storage period has expired, unless further storage of the data is required to conclude or perform a contract.

7.    Recipients or categories of recipients

Brabbler AG does not and will not forward your personal data to third parties, except where required by law, or to fulfill a contractual requirement, or where you have expressly given your consent for it to do so.
External service providers processing the data on our behalf have offered sufficient guarantees that they are working with suitable technical and organizational measures to process the data in compliance with the requirements of the EU General Data Protection Regulation. As per Art. 28 GDPR, they are obligated to strict confidentiality. In this case, Brabbler AG remains responsible for the protection of your personal data. The external service providers process personal data only upon documented instruction to do so by Brabbler AG.

8.    Transfer to foreign countries

Transfer to foreign countries means that data is forward to a state outside the European Economic Area (EEA), or access from within such a state is allowed. Your ginlo-related data will never be processed in such a foreign country.

9.    Rights of the data subject

You as data subject have the following rights:

  • to receive information about your data that we have stored,
  • to obtain rectification if inaccurate data is stored about you,
  • deletion or – where storage obligations exist — limitation of processing to only that specific data necessary for the denoted purpose,
  • to receive data that you have provided in a structured format that is current and can be read electronically,
  • the right to revoke consent if the processing of your data affects a justified interest/against the use of data for advertising purposes/against a decision based solely on automated processing, including profiling.
  • to lodge a complaint with the responsible supervisory authority if you have any doubts that the processing of your data is in compliance with data protection law.

Should you wish to enforce your rights, please contact the following office: by postal mail at Brabbler Secure Message and Data Exchange Aktiengesellschaft, Ria-Burkei-Straße 26, 81249 Munich/Germany or by e-mail to privacy@brabbler.ag. Insofar as you provided consent for a specific type of processing, you can revoke this at any time at the address provided to you at the time of consent.

10.    Data security

Brabbler AG uses all necessary technical and organizational security measures to protect your personal data against loss and misuse. For example, your data is stored in a secure environment that is not accessible to the public. In some cases, your personal data is encrypted during transmission using Secure Socket Layer (SSL) technology. This means that communication between your computer and Brabbler AG servers is handled using an accredited encryption process, presuming your browser supports SSL. The content of e-mail messages can be intercepted and read by third parties. We therefore recommend that you send us any confidential information solely via postal mail.

11.    Last update of this privacy policy

Brabbler AG reserves the right to change its data privacy statement at any time and without prior notice. Please visit our Data Privacy Notice regularly to inform yourself about any changes. This declaration was last updated in June 2019.