Privacy Policy for Users of the ginlo Team Manager Software (Administrators)

Table of contents

  1. What is the purpose of this data privacy policy?
  2. Who is responsible for my data and who can I contact?
  3. What data is collected during registration in the ginlo Team Manager software on on what basis?
  4. What other data is collected when using the ginlo Team Manager software and on what basis?
  5. When is my data deleted?
  6. Will my data be passed on?
  7. What are my rights?

1 What is the purpose of this privacy policy?

With this Privacy Policy, we, Brabbler Secure Message and Data Exchange Aktiengesellschaft, Ria-Burkei-Straße 26, 81249 Munich/Germany (data controller), explain which personal data we collect and how we use it when you use the ginlo Team Manager software as an administrator, and what rights you are entitled to under the General Data Protection Regulation (GDPR) with regard to your data. The ginlo Team Manager software is the administration tool of our business messenger solution ginlo @work.

More detailed information about privacy in ginlo @work can be found in our whitepaper "Privacy in ginlo @work. For information about data security in ginlo @work, please refer to our whitepaper "Security in ginlo @work".

In a nutshell: The purpose of this policy is to explain how we, the operator of ginlo @work, handle your personal data as an administrator.

2 Who is responsible for my data and who can I contact?

The data controller for the processing of the administrator’s data in the ginlo Team Manager software in terms of the data protection law is:

Brabbler Secure Message and Data Exchange Aktiengesellschaft
Ria-Burkei-Straße 26
81249 Munich/Germany
Phone: +49 89 95 45 94 7-0
E-mail: privacy@ginlo.net

You can reach our data protection officer at:

Brabbler Secure Message and Data Exchange Aktiengesellschaft
- Data Protection Officer -
Ria-Burkei-Straße 26
81249 Munich/Germany
E-mail: dpo@ginlo.net

Please note: The data controller for the handling of the ginlo @work app’s user data is the respective organization. In this respect, the Privacy Policy for the ginlo @work App applies.

In a nutshell: If you have questions on privacy regarding the administrator’s data in ginlo Team Manager, please contact dpo@ginlo.net.

3 What data is collected during registration in the ginlo Team Manager software and on what basis?

3.1 To register in the ginlo Team Manager software, you need to provide master data such as first and last name, an organization name as well as a valid e-mail address. We would be able to access this data in clear text. We will send an e-mail with a confirmation link to this e-mail address. You need to click on this link to complete your registration. 

3.2 Your e-mail address is used as a unique identifier and for electronic correspondence. In addition, we may use it for two-factor-authentication. 

3.3 We use your first and last name when contacting you regarding the technical and business-related deployment of ginlo @work in your organization.

3.4 Your first and last name as well as your e-mail address will also be displayed in the address books of all users of the ginlo @work app within your organization. This e-mail address is also displayed in the address books of all users.

3.5 We may also use your e-mail address to send you information about the product and the order of the paid subscription.

You have the right to object to the use of your data for these direct marketing purposes: You can unsubscribe from this information at any time by clicking on the appropriate link in the e-mail or by sending an e-mail to support@ginlo.net.

3.6 The legal basis for the use of your data according to numbers 3.1 to 3.4 is our legitimate interests (providing ginlo @work for your organization, Art. 6(1) lit. f GDPR) and the fulfilment of the contract (Art. 6(1) lit. a GDPR) respectively, if you are a contracting party yourself. The legal basis for the use according to number 3.5 is also our legitimate interests, i.e. to contact you for customer loyalty and information purposes.

In a nutshell: First name, last name, organization name, and e-mail address. Your e-mail address is used as a unique identifier. This also serves your own security. We may inform you about ginlo @work topics by e-mail. You can unsubscribe at any time.

4 What other data is collected when using the ginlo Team Manager software and on what basis?

4.1 Master data of users created: The ginlo Team Manager software mainly serves to manage the users of the ginlo @work app in your organization. To allow for this (e.g. to automatically send out invitations), we need to store and process the master data of the users you have created. We process this data on behalf of your organization, which is the data controller in terms of the data protection law. For more details on what data is collected about the users of the ginlo @work app, please refer to the privacy policy of the ginlo @work app

4.2 Error log: If you give your consent, ginlo Team Manager will send us an error log in the background, e.g. when the software crashes or in case of a server error. With this error log, you help us improve ginlo Team Manager and support troubleshooting.
The error log does not contain any directly relatable, personal identifying information as also the user ID is one-way encrypted (hashed). We do not trace this data back to your identity.

Your consent to submit the error log is voluntary and can be given either when creating an account or in the settings of ginlo Team Manager. If you change your mind later, you can opt out at any time. The error log will be deleted from our servers after 3 months at the latest. However, for technical reasons, it may then still take up to 30 days to delete the data from all server backups.

For more information about the data contained in the error log, please refer to our ginlo @work Privacy Whitepaper.

The legal basis for the processing of the data in the error log is your consent (Art. 6(1) lit. a GDPR).

4.3 Audit log: The ginlo Team Manager software logs main actions performed by you as an administrator and the users in your team, such as:

  • When did an administrator successfully register in ginlo Team Manager?
  • When and by whom were users invited to use the ginlo @work app?
  • When did a user activate their account?
  • When and by whom was content decrypted and exported for which user?
  • When was which user archived by whom?

This data enables the organization using ginlo @work to track data processing and identify potential privacy breaches. We as the provider of ginlo @work have no access to this data at any time.

The legal basis for the processing of the data in the audit log is the legitimate interest of your organization in ensuring traceability of actions (Art. 6(1) lit. f GDPR).

In a nutshell: Master data of the users you create in ginlo Team Manager as well as log data about the actions you as an administrator and the users in your team perform in the software.

5 When is my data deleted?

5.1 Your administrator master data will be deleted no later than 60 days after the termination of the contract of use with your organization. However, for technical reasons, it may take up to 30 days to delete the data from all server backups.

5.2 If you do not complete your registration in ginlo Team Manager as an administrator within 7 days, all collected data will be permanently deleted.

5.3 If a user does not accept their invitation to the ginlo @work app and activate their account within 7 days, their data remains stored until you delete them from ginlo Team Manager.

In a nutshell: Your data will not be retained longer than necessary, in relation to the purpose for which it is processed.

6 Will my data be passed on?

6.1 Your data is visible to your organization, i.e. to authorized administrators. Your organization will provide you with information about any other data recipients inside and outside your organization.

6.2 We may also use technical service providers, e.g. for hosting (server operation; currently PlusServer and ProfitBricks) or to send newsletters (currently Newsletter2Go). We only release data to public agencies (law enforcement agencies, for example) if we are required to do so by law. If law enforcement agencies request data from us, we will inform your ginlo @work administrator of this fact unless we are prohibited from doing so. We will also resist legally questionable requests for information, even in a court of law if necessary.

6.3 In addition, we may distribute data to third parties (e.g. to a court) to the extent necessary to assert, enforce, or defend a right.

6.4 Because sensitive data is encrypted when using ginlo @work and only the users involved and you as an authorized administrator can decrypt it, this information will never reach third parties in clear text.

6.5 We do not distribute your data to a country outside the EU or to an international organization, and we do not plan to do so either.

In a nutshell: We, too, sometimes need to use service providers, such as for hosting (server operation). We only release data to public agencies if we are required to do so by law. However, since your data is encrypted, sensitive content can never be accessed by third parties in plain text.

7 What are my rights?

You have certain rights with regard to your personal data in accordance with the General Data Protection Regulation, including the right to information about the data stored about you. For details on your rights, please see “Your rights under the General Data Protection Regulation (GDPR)”.

Version: 23 July 2018

In a nutshell: The GDPR grants you certain rights which will be explained here.