Privacy policy of ginlo.net GmbH

  1. Introduction
  2. Definitions
  3. Identity and the contact details of the controller
  4. Purposes and legal basis for the data processing
  5. Recipients or categories of recipients
  6. Transfer to a third country
  7. Period for storing
  8. Rights of the data subject
  9. Provision of personal data
  10. Status of data protection information

1. Introduction

BRIEFLY:

Here we explain how we handle your data when you visit our website and while using our products.

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH (hereinafter referred to as ginlo.net GmbH) is pleased about your interest in ginlo . Protecting the security and privacy of your personal data during the entire business process is important to us and we want you to feel secure when you visit our website and use our services.

With this data protection information, we comply with our duty to provide information in accordance with art. 13 GDPR (General Data Protection Regulation). We explain which personal data we process for which purposes when you visit our website, when you fill out forms on it or when you use our apps. We explain the storage period of your data and inform you about your rights which you are entitled to according to the GDPR. We also explain the reasons for providing your data.

2. Definitions

BRIEFLY:

Here you will find explanations of special terms in data protection.

The following terms are used in this privacy policy:

Personal data

This is any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. This includes information such as your real name, address, telephone number or e-mail address. Information that is not directly related to your real identity – such as the number of users of a page – is not personal data.

Processing

In the legal sense of data protection, this includes, for example, the collection, recording, ordering, sorting, storing, forwarding or deleting of personal data – automatically or manually.

Controller

This is the natural or legal person who decides how personal data are processed.

Processor

These are facilities that process your data on our behalf. These can be Internet companies based in Germany, which are responsible for the transport of your communication, or, for example, payment service providers.

Consent

This is a voluntarily given statement about the processing of our own personal data. This can be done on the Internet, for example, by actively clicking on a checkbox. This is an expression of your consent.

3. Identity and the contact details of the controller

BRIEFLY:

Please feel free to contact this address with any questions concerning data protection.

ginlo.net Gesellschaft für Datenkommunikationsdienste mbH

Rupert-Mayer-Str. 44

81379 München/Germany

Telefon: +49 89 215305770

E-Mail: datenschutz@ginlo.net

4. Purposes and legal basis for the data processing

BRIEFLY:

When visiting our pages, our servers store the usual standard data. When filling out forms, we limit ourselves to requesting necessary communication or contract data. In our products we only process functionally necessary data in encrypted form.

The legal basis for processing is art. 6 of the GDPR.

4.1 Use of our website

4.1.1 General

When you call up an individual page, our web servers record in a log file by default the address (URL) of the page called up, the date and time of the call, any error messages, the operating system and browser software of your device and the website from which you visit us.

In our log files we save the IP address of your device only in abbreviated form by deleting the last number block (octet). The IP address is a number that your Internet provider assigns to your device for a certain period of time.

The legal basis for the storage of log data – insofar as these represent personal data – are our legitimate interests (art. 6 (1) lit. f GDPR) in ensuring system security, error analysis, protection against misuse and the design of our website to meet your needs.

4.1.2 Contact Forms

In order to be able to get in contact with us, we provide various forms. The form data is processed in a special system (CRM), which can only be used with certain access rights.

Support Forms

If you need help with our products, you can fill out a contact form. To enable us to address you correctly and to answer you, we ask for your name and e-mail address.

Order forms

For your interest in paid products we provide different order forms. We ask for the address of your company or institution, if applicable your VAT identification number (VAT ID), your domain, a contact person, an e-mail address and a mobile phone number. This data is used for the technical installation of our products and for billing purposes. Specifically, this involves setting up the Administrator Cockpit for managing ginlo business accounts. This is a web application that is protected for security reasons (2-factor authentication) with a personal browser certificate and a password login.

Registration for the beta tester

If you apply to us as a beta tester, we need your title, your first and last name and your e-mail address. We use this information to be able to contact you for your application and in case you are accepted as a beta tester. We will send an individual link to your e-mail address. By clicking on it you confirm that you are the owner of the e-mail address. We can also send you information about our products and services in the area of confidentiality and privacy on the net to this e-mail address.

Legal basis of the processing

The legal basis for the processing of your data in the support form is art. 6 (1) lit. a GDPR, as your consent is required for this.

The personal data processed in our order forms and in the “beta tester” form lead to or may lead to a contractual relationship and are therefore based on art. 6 (1) lit. b GDPR.

4.2 Use of ginlo private

ginlo Private is an internet-based, cross-platform service for the secure exchange of messages between users of mobile devices. During registration and while using ginlo Private, the following personal data is processed:

Mobile phone number

Your mobile phone number is first used to send you a confirmation code during the registration phase. Afterwards, this number is stored on the ginlo server as a hash value and thus cannot be restored in plain text. If you register with ginlo and explicitly agree to access your smartphone’s phonebook contacts, their mobile phone numbers are uploaded to the ginlo server as a hash value for comparison and then deleted again.

ginlo users who have stored their mobile phone number in their phonebook will be informed of your registration when synchronizing their ginlo contacts.

Email address

Optionally, every ginlo Private user can add an email address to their contacts. This is also stored as a hash value on the ginlo server and can be used by other ginlo users as a search criterion.

Profile name and profile picture

Optionally, every ginlo Private user can add a display name and/or an image (avatar) to his profile. This data is stored in encrypted form on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID that is assigned to exactly one account and can be used for login or as a search function. It is part of all ginlo contacts and is also displayed in your own profile. A barcode is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data including all files are stored locally on your device in encrypted form and are also encrypted during transport. We speak of real end-to-end encryption. Your data is also fully encrypted during intermediate storage on our servers.

Legal basis of the processing

The processing of your mobile telephone number is based on art. 6 (1) lit. b GDPR and is necessary for the fulfilment of a contract in which you are involved.

Searching and being found using the hash value of the mobile telephone number or e-mail address, the display of your profile name and profile picture and the transmission of your encrypted communication data require your consent; therefore, in these cases, processing takes place in accordance with art. 6 (1) lit. a GDPR.

4.3 Use of ginlo business

ginlo Business is an internet-based, cross-platform service for the secure exchange of messages between users of mobile and desktop devices. It can be used by individuals as well as by groups up to large institutions or companies. During registration and while using ginlo Business, the following personal data is processed:

Mobile phone number / e-mail address

Your mobile phone number or your e-mail address is first used to send you a confirmation code during the registration phase. This data is then stored on the ginlo server as a hash value and therefore cannot be restored in plain text. If you register with ginlo and explicitly agree to access the phonebook contacts of your smartphone, this data is uploaded to the ginlo server as a hash value for comparison and then deleted again.

ginlo users who have saved your mobile phone number or your e-mail address in their phonebook will be informed of your registration when synchronizing their ginlo contacts.

As an individual user, you can decide for yourself whether you want to be found via your mobile phone number or your e-mail address.

If ginlo Business is used by an institution or company, a domain is often specified, so that the registration is usually done via the institution’s or company’s e-mail address. However, here too, every ginlo Business user can additionally store his or her mobile phone number.

Profile name and profile picture

Optionally, every ginlo Business user can add a display name and/or an image (avatar) to their profile. This data is stored in encrypted form on the ginlo server and displayed in the message overview and contacts.

ginlo ID / QR code

During registration, ginlo generates an eight-digit ginlo ID that is assigned to exactly one account and can be used for login or as a search function. It is part of all ginlo contacts and is also displayed in your own profile. A barcode is generated for the ginlo ID and made available for scanning by your contacts.

Communication data

Your communication data includingPeriod for storing all files are stored locally on your device in encrypted form and are also encrypted during transport. We speak of real end-to-end encryption. Your data is also fully encrypted during intermediate storage on our servers.

Legal basis of the processing

The processing of your mobile telephone number or your e-mail address during the registration process is based on art. 6 (1) lit. b GDPR and is necessary for the fulfilment of a contract in which you are involved.

Searching and being found using the hash value of the mobile telephone number or e-mail address, the display of your profile name and profile picture and the transmission of your encrypted communication data require your consent; therefore, in these cases, processing takes place in accordance with art. 6 (1) lit. a GDPR.

5. Recipients or categories of recipients

BRIEFLY:

ginlo.net GmbH does not pass on your personal data to third parties and will not do so in the future, unless this is required by law, necessary for the purpose of the contract or you have expressly consented.

We use contract processors. External service providers process personal data only on documented instructions from ginlo.net GmbH. Examples of external service providers are operators of computer centres and internet services as well as line providers or payment service providers based in Germany.

6. Transfer to a third country

Transfer to a third country means that personal data is transferred to or accessed from a state outside the European Economic Area (EEA). The processing of your data in a third country does not take place at ginlo!

7. Period for storing

BRIEFLY:

Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies.

A storage can take place beyond that due to legal retention periods. A blocking or deletion of the data is also carried out when a legally prescribed storage period expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Website

The data processed when you visit our website is automatically deleted after 7 days.

Form data is converted into tickets and processed together with support e-mails in a CRM system. This data is deleted at the end of the year following the last contact, as we are also subject to a duty of proof. Data relevant for billing purposes will be deleted after expiry of the legal retention period.

ginlo app

Messages are only temporarily stored end-to-end encrypted on our servers. On the server, each message is deleted 90 days after sending. Messages that are available on the server during these 90 days are synchronized between multiple devices of the same ginlo Business user account, so that these messages are available on all devices in use.

When sending a message, each ginlo user can define whether the message will be deleted automatically after a certain time, at a certain time or after reading the message. Parts of chats or complete individual chats can also be deleted by the user.

A user account, including all its files on our servers, can be completely removed by the user himself under the profile settings. This requires the entry of the device password.

User accounts that are no longer used are automatically deleted at the end of the calendar year following the last use. During this time, the user can reactivate the account. From the time of deletion at the latest, the search function of other users will remain without results.

8. Rights of the data subject

BRIEFLY:

The basic data protection regulation grants you certain rights in relation to the personal data that a person responsible processes about you.

You are entitled to these rights under the conditions of the respective data protection regulations. No further rights are granted to you by the following presentation.

Right to request

You have the right to ask us to confirm whether we are processing personal data relating to you; if this is the case, you have the right to access this personal data and to receive the information specified in art. 15 GDPR.

Right of rectification

You have the right to demand that we correct incorrect personal data concerning you without delay and, if necessary, complete incomplete personal data, art. 16 GDPR.

Right to erasure

You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons listed in art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

Right to restriction of processing

You have the right to request us to restrict processing if one of the conditions listed in art. 18 GDPR is met, e.g. if you have lodged an objection to processing.

Right to data portability

You have the right to receive your personal data provided to a controller in a structured, common and machine-readable format and you have the right to have such data transferred to another controller, provided that the basis for the processing was either your consent or a contract ( art. 6 (1) GDPR).

Right to object

You have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation, provided that we base the processing on Art. 6 (1) lit e. or f GDPR. We will then no longer process this data unless we can demonstrate compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.


 

Your special rights

You have the right to withdraw your consent at any time (art. 13 (2) lit. c GDPR), in particular if the purpose for which your data was processed no longer exists or has changed. This does not affect the lawfulness of the processing based on the consent until revocation.

In particular, we would like to draw your attention to your right to lodge a complaint with supervisory authority (art. 13 (2) lit. d in conjunction with art. 77 GDPR). The Bavarian State Office for Data Protection Supervision (BayLDA) in 91522 Ansbach, Promenade 25 is responsible for us.

Further information can be found under this link:

https://www.lda.bayern.de/de/kontakt.html

However, you can lodge a complaint with any regulatory authority within the EU!


9. Provision of personal data

BRIEFLY:

As a matter of principle, we collect only a minimum of data for the functionality of our secure communication solution.

The data requested when filling in forms on our website is used to contact you or to prepare a contract. Without this data, communication between our interested parties, customers or service providers would not be possible.

The provision of your contact data (mobile phone number or e-mail address) is essential for setting up the ginlo app. Without this data, the app could neither be set up nor used.

In order to set up and use the Administrator Cockpit of ginlo Business, the contact data of the administrator (name, address, mobile phone number), the domain of the institution or company are required. Without this data, the use of the ginlo Business app would be impossible.

10. Status of data protection information

ginlo.net GmbH reserves the right to change its privacy policy at any time with or without prior notice. Please check back regularly to be informed about changes.

Status: May 2020