Table of contents
- Who is responsible for my data and who can I contact?
- What data is collected during registration in the ginlo Team Manager software on on what basis?
- What other data is collected when using the ginlo Team Manager software and on what basis?
- When is my data deleted?
- Will my data be passed on?
- What are my rights?
More detailed information about privacy in ginlo @work can be found in our whitepaper "Privacy in ginlo @work. For information about data security in ginlo @work, please refer to our whitepaper "Security in ginlo @work".
In a nutshell: The purpose of this policy is to explain how we, the operator of ginlo @work, handle your personal data as an administrator.
2 Who is responsible for my data and who can I contact?
The data controller for the processing of the administrator’s data in the ginlo Team Manager software in terms of the data protection law is:
Brabbler Secure Message and Data Exchange Aktiengesellschaft
Phone: +49 89 95 45 94 7-0
You can reach our data protection officer at:
Brabbler Secure Message and Data Exchange Aktiengesellschaft
- Data Protection Officer -
In a nutshell: If you have questions on privacy regarding the administrator’s data in ginlo Team Manager, please contact firstname.lastname@example.org.
3 What data is collected during registration in the ginlo Team Manager software and on what basis?
3.1 To register in the ginlo Team Manager software, you need to provide master data such as first and last name, an organization name as well as a valid e-mail address. We would be able to access this data in clear text. We will send an e-mail with a confirmation link to this e-mail address. You need to click on this link to complete your registration.
3.2 Your e-mail address is used as a unique identifier and for electronic correspondence. In addition, we may use it for two-factor-authentication.
3.3 We use your first and last name when contacting you regarding the technical and business-related deployment of ginlo @work in your organization.
3.4 Your first and last name as well as your e-mail address will also be displayed in the address books of all users of the ginlo @work messenger app within your organization. This e-mail address is also displayed in the address books of all users.
3.5 We may also use your e-mail address to send you information about the product and the order of the paid subscription.
You have the right to object to the use of your data for these direct marketing purposes: You can unsubscribe from this information at any time by clicking on the appropriate link in the e-mail or by sending an e-mail to email@example.com.
3.6 The legal basis for the use of your data according to numbers 3.1 to 3.4 is our legitimate interests (providing ginlo @work for your organization, Art. 6(1) lit. f GDPR) and the fulfilment of the contract (Art. 6(1) lit. a GDPR) respectively, if you are a contracting party yourself. The legal basis for the use according to number 3.5 is also our legitimate interests, i.e. to contact you for customer loyalty and information purposes.
In a nutshell: First name, last name, organization name, and e-mail address. Your e-mail address is used as a unique identifier. This also serves your own security. We may inform you about ginlo @work topics by e-mail. You can unsubscribe at any time.
4 What other data is collected when using the ginlo Team Manager software and on what basis?
4.2 Error log: If you give your consent, ginlo Team Manager will send us a simple error log in the background, e.g. when the software crashes or in case of a server error. This helps us improve the overall stability of ginlo Team Manager.
The error log does not contain any directly relatable, personal identifying information as also the user ID is one-way encrypted (hashed). We do not trace this data back to your identity.
Your consent to submit the error log is voluntary and can be given either when creating an account or in the settings of ginlo Team Manager. If you change your mind later, you can opt out at any time. The error log will be deleted from our servers after 3 months at the latest. However, for technical reasons, it may then still take up to 30 days to delete the data from all server backups.
For more information about the data contained in the error log, please refer to our ginlo @work Privacy Whitepaper.
The legal basis for the processing of the data in the error log is your consent (Art. 6(1) lit. a GDPR).
4.3 Team Manager log: In addition to the error log, a detailed log is written to a file in the background. This file is constantly updated and stored locally. As an option, you can send this file along with your support request to our Customer Care. With this, you help us find the problem and fix it.
The Team Manager log file contains the admin’s user ID as well as information about system events and device details, but no message content. For more information about the data contained in the Team Manager log, please refer to our ginlo @work Privacy Whitepaper.
The legal basis for the processing of the data in the Team Manager log is our and your legitimate interest in a proper functioning of ginlo Team Manager (Art. 6(1) lit. f GDPR).
4.4 Audit log: The ginlo Team Manager software logs main actions performed by you as an administrator and the users in your team, such as:
- When did an administrator successfully register in ginlo Team Manager?
- When and by whom were users invited to use the ginlo @work messenger app?
- When did a user activate their account?
- When and by whom was content decrypted and exported for which user?
- When was which user archived by whom?
This data enables the organization using ginlo @work to track data processing and identify potential privacy breaches. We as the provider of ginlo @work have no access to this data at any time.
The legal basis for the processing of the data in the audit log is the legitimate interest of your organization in ensuring traceability of actions (Art. 6(1) lit. f GDPR).
In a nutshell: Master data of the users you create in ginlo Team Manager as well as data for error analysis and log data about the actions you as an administrator and the users in your team perform in the software.
5 When is my data deleted?
5.1 Your administrator master data will be deleted no later than 60 days after the termination of the contract of use with your organization. However, for technical reasons, it may take up to 30 days to delete the data from all server backups.
5.2 If you do not complete your registration in ginlo Team Manager as an administrator within 7 days, all collected data will be permanently deleted.
5.3 If a user does not accept their invitation to the ginlo @work messenger app and activate their account within 7 days, their data remains stored until you delete them from ginlo Team Manager.
In a nutshell: Your data will not be retained longer than necessary, in relation to the purpose for which it is processed.
6 Will my data be passed on?
6.1 Your data is visible to your organization, i.e. to authorized administrators. Your organization will provide you with information about any other data recipients inside and outside your organization.
6.2 We may also use technical service providers, e.g. for hosting (server operation; currently PlusServer and ProfitBricks) or to send newsletters (currently Newsletter2Go). We only release data to public agencies (law enforcement agencies, for example) if we are required to do so by law. If law enforcement agencies request data from us, we will inform your ginlo @work administrator of this fact unless we are prohibited from doing so. We will also resist legally questionable requests for information, even in a court of law if necessary.
6.3 In addition, we may distribute data to third parties (e.g. to a court) to the extent necessary to assert, enforce, or defend a right.
6.4 Because sensitive data is encrypted when using ginlo @work and only the users involved and you as an authorized administrator can decrypt it, this information will never reach third parties in clear text.
6.5 We do not distribute your data to a country outside the EU or to an international organization, and we do not plan to do so either.
In a nutshell: We, too, sometimes need to use service providers, such as for hosting (server operation). We only release data to public agencies if we are required to do so by law. However, since your data is encrypted, sensitive content can never be accessed by third parties in plain text.
7 What are my rights?
You have certain rights with regard to your personal data in accordance with the General Data Protection Regulation, including the right to information about the data stored about you. For details on your rights, please see “Your rights under the General Data Protection Regulation (GDPR)”.
Version: 31 January 2019
In a nutshell: The GDPR grants you certain rights which will be explained here.