Privacy Policy for ginlo.net

Contents:

  1. What is the purpose of this privacy policy?
  2. General part
    a. Data controller
    b. Data protection officer
    c. Your rights
  3. Additional part for all website visitors (before login)
    a. Newsletter
    b. Customer Care
    c. Default logging
    d. Service providers
    e. Visitor traffic statistics (including cookies)
  4. Special part for ginlo @work users and administrators (after login)

1 What is the purpose of this privacy policy?

In this Privacy Policy, we, Brabbler Secure Message and Data Exchange Aktiengesellschaft, Ria-Burkei-Straße 26, 81249 Munich/Germany, explain which personal data we collect and how we use it when you visit our web pages on ginlo.net including its subdomains, and what rights you are entitled to under the General Data Protection Regulation (GDPR) with regard to your data.

The handling of personal data with regard to the ginlo @work app is explained in the “Privacy policy for the ginlo @work app”.

The handling of personal data with regard to the ginlo Team Manager software is explained in the “Privacy Policy for the ginlo Team Manager Software“.

In a nutshell: Here you will learn which data we, Brabbler AG, collect during your visit to ginlo.net, how we use it, and which rights you have. This policy does not apply for the ginlo @work app and the ginlo Team Manager software.

2 General part

2.a Data controller

The data controller responsible for the data processing in terms of the data protection law is:

Brabbler Secure Message and Data Exchange Aktiengesellschaft
Ria-Burkei-Straße 26
81249 Munich/Germany
Phone: +49-89-954 59 47-0
E-mail: privacy@ginlo.net

In a nutshell: If you have questions on privacy regarding your visit to ginlo.net, please contact privacy@ginlo.net.

2.b Data protection officer

You can reach our data protection officer at:

Brabbler Secure Message and Data Exchange Aktiengesellschaft
- Data Protection Officer -
Ria-Burkei-Straße 26
81249 Munich/Germany
E-mail: dpo@ginlo.net

In a nutshell: If you have questions on the processing of your personal data, please contact dpo@ginlo.net.

2.c Your rights

You have certain rights with regard to your personal data in accordance with the General Data Protection Regulation, including the right to information about the data stored about you. For details on your rights, please see “Your rights under the General Data Protection Regulation (GDPR)”.

In a nutshell: The GDPR grants you certain rights which will be explained here.

3 Additional part for all website visitors (before login)

3.a Newsletter

Optionally, you can subscribe to a newsletter about our products and services, for example, with information about the ginlo @work app, beta programs, or with other topical news. By ordering our newsletter, you give us your consent to inform you by e-mail about our products and services in the field of secure communication. You can revoke this consent at any time with effect for the future by cancelling the newsletter subscription, e.g. by clicking on the corresponding link in the newsletter or by sending an e-mail to us.

We delete your newsletter subscription details as soon as you unsubscribe from the newsletter.

The legal basis for the processing is your consent (Art. 6(1) lit. a GDPR).

In a nutshell: You can subscribe to a newsletter and, of course, unsubscribe at any time.

3.b Customer Care

You can send us your questions or provide feedback about ginlo @work using our contact and support forms. For this, we need your first and last name, as well as your e-mail address to reply to your request.

We use this data in order to address your concern, and if necessary to contact you with regard to your request.

We delete your data after completion of the request. If necessary, however, we store it beyond that if statutory data retention duties require it.

The legal basis for the storage is your and our legitimate interests in electronic communication (Art. 6(1) lit. f GDPR), in the case of statutory retention periods, the fulfilment of these (Art. 6(1) lit. c GDPR).

In a nutshell: We use details from the contact and support forms only to address your concern.

3.c Default logging

When you visit a certain page, the following information is written into a log file: URL of the corresponding page, date and time of the visit, any error messages, the operating system and your browser software as well as the website from which you visit us. The last byte of your device’s IP address will be masked so that only a shortened version of it is stored in our log file. The IP address is a unique ID assigned to your device, either temporarily or permanently.

Information from the log file will be exclusively used to ensure proper functioning of our services (e.g. error analysis, system security, and protection against abuse) as well as for anonymized visitor statistics.

We delete this log data after 3 months at the latest.

The legal basis for the storage of the log data – insofar as this data represents personal data – is our legitimate interests in ensuring system security, protection against misuse, and to tailor the design of our website (Art. 6(1) lit. f GDPR).

In a nutshell: Our servers store the usual standard data. However, to protect your privacy, only a shortened version of your IP address will be logged.

3.d Service providers

For the technical operation of the website, we can use external service providers for commissioned data processing (e.g. hosting). These are located exclusively in Germany.

In a nutshell: Other unaffiliated third parties provide technical services on our behalf; however, your data will always stay in Germany.

3.e Visitor traffic statistics (including cookies)

Web analytics with Matamo

This website uses Matomo, an open source software for the statistical evaluation of visitor traffic. Matomo uses so-called “cookies”: an ID cookie and a session cookie.

Cookies are small text files containing a random ID, which will be saved on your device and will be transferred to our server each time you call a page on our website. We use this information to tailor the design of our website to our visitors’ needs, e.g. to identify the most requested information or need for optimization.

The information generated by the cookies about your use of our website is stored on our server in Germany. The last two octets of the IP address are deleted immediately after processing and before storing it. This means that it is not possible to determine your IP address and thus your identity.

The session cookie will expire after 30 minutes.

The ID cookie will expire after 13 months.

You may opt out of the use of both cookies here. For the technical implementation of your objection it is necessary to install an opt-out cookie on your computer. If you delete the cookies on your device, your objection will end as well. This means that you will need to opt out again.

The legal basis for the data processing as part of the web analysis is our legitimate interests to tailor the design of our website (Art. 6(1) lit. f GDPR).
Analysis data is deleted after 3 months at the latest.

Google AdWords Conversion Tracking

For purposes of promotion, our website also employs the Google ad tool "Google Adwords". In order for us to understand whether our efforts and investment are effective, we employ the analysis service "conversion tracking" by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google“. If you access our website by way of a Google ad, a cookie is placed on your computer. Cookies are small text files that your Internet browser downloads and stores to your computer. These so-called "conversion cookies" cease to be active after 30 days and are not used to identify you personally. If you visit certain pages of our website while the cookie is still active, we and Google know that you, as a user, have clicked on ads placed on Google and were redirected to our website.

Google uses the information obtained through "conversion cookies" to compile visitor statistics for our website. These statistics tell us the total number of users who have clicked on our ad as well as whether certain pages of our website were then accessed by the user. However, neither we nor other advertisers who use "Google Adwords" receive any kind of information that can be used to personally identify users.

The data controller in terms of the data protection law for the collection and evaluation of data in the context of Google AdWords Conversion Tracking is Google.

For more information and to read Google’s privacy policy, please visit http://www.google.com/policies/technologies/ads/ and https://policies.google.com/privacy/update?hl=en.

You can prevent the "conversion cookie" from being set by making the appropriate change to your browser settings, for example by setting your browser so that the automatic placement of cookies is deactivated or by blocking cookies from the domain "googleadservices.com“.

You can obtain the relevant data privacy policy from Google at the following link: https://policies.google.com/privacy/update?hl=en.

If, through conversion tracking, we disclose information about your visit to our site to Google and we are to be regarded as the contoller of this data in terms of the data protection law, the following additionally applies:

The legal basis for the transmission is our legitimate interests to tailor the design of our website and to optimize our advertising campaigns via Google (Art. 6(1) lit. f GDPR). The recipient of the data is Google in the USA. For the United States of America, there is no adequacy decision by the EU Commission, i.e. from a European data protection point of view, the USA does not offer a level of data protection that corresponds to that of the EU. However, Google has a so-called EU-U.S. Privacy Shield certification. The EU-U.S. Privacy Shield Agreement is a data protection agreement designed to ensure an adequate level of data protection for data transfers to certified U.S. companies. The EU Commission has confirmed the adequacy of the guaranteed data protection level according to the EU-U.S. Privacy Shield Agreement by resolution of 12 July 2016 (Az. C(2016) 4176). The decision of the EU Commission can be viewed here: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=DE The current status of Google's certification under the EU-U.S. Privacy Shield Agreement is available at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

In a nutshell: We use a standard web analytics software to better understand how you use our website. This is done without any reference to your name and without storing your full IP address. If you don’t want this either, simply click on the adjacent link: https://www.ginlo.net/en/legal/privacy#cookies-unsubscribe

4 Special part for ginlo @work users and administrators (after login)

As a user of ginlo @work you can log in to the customer portal at work.ginlo.net. Here, all users of ginlo @work can change their account passwords. Administrators can use the portal to manage their subscription and billing data.

After login to work.ginlo.net, in addition to the default logging (number 3.c), we store your login and logout times including IP address and the data of the browser you have used for 7 days. We use this information exclusively to prevent and respond to misuse.

The legal basis for this is our legitimate interests in the prevention and prosecution of abuse (Art. 6(1) lit. f GDPR).

In the course of logging in, the customer portal web application sets a temporary “cookie” with an identifier on your computer. A cookie is a small text file that is saved on your computer. The content of this file is transferred to our server with each call of a ginlo web page. We use the cookie exclusively to recognize you as a logged-in user (a so-called session cookie). The cookie is deleted automatically when you close the browser window. In your browser settings, you can decline the saving of cookies. A use of the customer portal is then no longer possible.

Version: 4 September 2018

In a nutshell: As a logged-in user you can access additional website features. To provide those, we need to use a cookie which is automatically deleted once you close the browser.