PRIVACY POLICY KLAEP APP
Note: The English translation of the privacy policy is intended to enable users who are not German native speakers to crosscheck the policy. In the event of any inconsistencies between the English and the German version, the German version shall prevail.
TABLE OF CONTENTS
SECTION 1: GENERAL INFORMATION
1.1 General, principles of processing
1.2 Responsible party
1.3 Data protection officer
1.4 Your rights
1.5 Objection or revocation to the processing of your data
SECTION 2: PROCESSING OF PERSONAL DATA WHEN USING OUR APP
2.1 Data processing during download and installation of the app
2.2 Use of Google Firebase
2.3 Data processing for informational use of the app
2.4 Requesting permissions
2.5 Registration
2.6 Single sign-on services
2.7 Processing of personal data when using our social network
2.8 Contacting us
2.9 Use of other tools
Status and modification of our privacy policy
SECTION 1: GENERAL INFORMATION
1.1 GENERAL, PRINCIPLES OF PROCESSING
(1) The term "personal data" means, with reference to the definition of Article 4 No. 1 of Regulation (EU) 2016/679 (hereinafter referred to as: "General Data Protection Regulation" or "GDPR" for short), all data that can be related to you personally. This includes, for example, name, address, email addresses, user behavior. With regard to the other terms, in particular the terms "processing", "controller", "processor" and "consent", we refer to the legal data protection definitions of Art. 4 GDPR.
(2) As a matter of principle, we process personal data only to the extent necessary to provide the functionalities of our app and the content and services we offer. Personal data is regularly processed only if you have given us your consent within the meaning of Art. 6 (1) p. 1 lit. a) GDPR or if the processing is permitted by statutory provisions, in particular by one of the legal bases specified in Art. 6 (1) p. 1 lit. b) to lit. f) GDPR.
(3) We explain the purposes underlying the processing of personal data in the following sections for each of the data processing operations mentioned. If we process personal data for another purpose that does not correspond to the purpose for which the personal data was originally collected, we will inform you of this again.
(4) If we use contracted service providers for individual functions of our app or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below.
(5) Please note that you are not legally required to provide personal data. However, we need your personal data to provide our services within the framework of the user relationship entered into with you on the basis of our terms of use for the use of klaep, for its conclusion and for its implementation. In this respect, by accepting our terms of use, you agree to provide the personal data required for the performance of the contract. Insofar as the provision of further personal data is necessary for the use of our app or services offered by us, we require this data for the provision of the respective service. The aforementioned data processing principles apply here. Information that we request from you, e.g. as part of an input form, and which is required for the fulfillment of the contract or the provision of services, is always explicitly marked (e.g. as "mandatory field"). Other information is always voluntary. Please note and weigh in your own interest which further personal data you provide to us, especially by way of using our app and our social network klaep to the public. Please also note that if you do not provide us with required data, we will not be able to provide you with the service in question. On the other hand, failure to provide voluntary information may only mean that we may not be able to provide our services in the same way or to the same extent.
(6) In some cases, we use external service providers for the processing of personal data, which have been carefully selected and commissioned by us. These service providers are bound by our instructions and are regularly monitored by us. You can find more detailed information in the following sections of our privacy policy.
(7) Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by national or European regulations to which we are subject; in these cases, the legal basis for further storage is Art. 6 para. 1 p. 1 lit. c) GDPR in conjunction with the respective national or European regulation. In this case, the data will be blocked or deleted when the storage period prescribed by the respective regulations has expired. The latter does not apply if further storage of the data is necessary for the conclusion or fulfillment of a contract; in these cases, the legal basis for further storage is Art. 6 (1) p. 1 lit. b) GDPR.
(8) Insofar as personal data is passed on to third parties in the course of services that we offer together with partners, you can find more detailed information in the respective descriptions of the individual services.
(9) Insofar as third parties to whom we transfer data have their registered office in a country outside the European Union (EU) and the European Economic Area (EEA), we will inform you separately in the following sections of our privacy policy. We only process data in third countries if an adequate level of data protection within the meaning of Art. 44 to 49 GDPR is given.
1.2 RESPONSIBLE PARTY
The responsible party within the meaning of Art. 4 No. 7 GDPR, the other data protection laws applicable in the Member States of the European Union and other regulations with provisions of a data protection nature is:
Bobbele Ideas GmbH
represented by the managing directors Philip Haberstroh and Tobias Lygren
Paul-Ehrlich-Straße 7
79106 Freiburg im Breisgau
Phone: +49 761 59 32 56 91
Email: hello@klaep.com
Further details can be found in our imprint.
1.3 DATA PROTECTION OFFICER
You can reach and contact our data protection officer at the following address:
Philip Haberstroh
Paul-Ehrlich-Straße 7
79106 Freiburg im Breisgau
Phone: +49 761 59 32 56 91
Email: hello@klaep.com
1.4 YOUR RIGHTS
You have the following rights with respect to the personal data concerning you:
-
the right to information,
-
the right to rectification and deletion,
-
the right to restrict processing,
-
the right to object to processing,
-
the right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
1.5 OBJECTION OR REVOCATION TO THE PROCESSING OF YOUR DATA
(1) You may revoke any consent given to us to process your personal data at any time. The revocation affects the permissibility of the processing of your personal data after its pronouncement to us.
(2) With regard to the processing of your personal data, you may, insofar as this processing is based on a balance of interests, object to the processing. In this context, we ask you to explain the reasons arising from your particular situation why you object to the processing of your personal data by us. In the event that your objection is justified, we will examine the merits of the case. We will then either not further process your personal data, if necessary adjust the further data processing or provide compelling reasons worthy of protection why we continue to process your personal data.
(3) You can also object to the processing of your personal data for the purpose of advertising and data analysis at any time.
(4) Please send your revocation or objection to our contact details above.
SECTION 2: PROCESSING OF PERSONAL DATA WHEN USING OUR APP
Below we inform you about the collection and processing of personal data when using our app and related services.
2.1 DATA PROCESSING DURING DOWNLOAD AND INSTALLATION OF THE APP
(1) When you download our mobile app, the required information is transferred to the respective app store through which our mobile app is offered to you for download. This is in particular the following information:
-
Username
-
Email address
-
Customer number of your account with the respective App Store
-
Depending on the app store: Apple ID / Android ID
-
Individual device identification number
-
Time of the download
-
For paid subscriptions: payment information
We have no influence on this data collection. This data collection is carried out automatically by the operator of the respective app store. We are not responsible for this data processing. To assert your rights, you must contact the operator of the respective app store. For more information about the data processing by the App Store and your rights, please refer to the privacy policy of the operator of the respective App Store:
-
For the Apple App Store (end devices with the iOS operating system):
-
Provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA.
-
Privacy information:
-
-
For the Google Play Store (end devices with the Android operating system):
-
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
-
Privacy information:
-
(2) We process the aforementioned data only insofar as this is necessary for downloading and installing our mobile app on your mobile device and providing the contents of the app on this device. If you choose a paid subscription variant of our mobile app, the processing of the data also serves to carry out the respective transaction. Our legitimate interest also lies in the aforementioned purposes. Insofar as the above data processing serves the fulfillment of the contract and the implementation of pre-contractual measures, the legal basis is Art. 6 para. 1 p. 1 lit. b) GDPR). In the case of legitimate interests, the legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR.
(3) The data will be deleted or blocked as soon as the purpose of storage ceases to apply. Subject to deviating legal retention periods, the data will be stored until 1 year after the deletion of your account for the following purposes:
-
To enable you to return to our social network for this period and to be able to access your previously used profile in the process
-
Enforcement, execution and defense of our rights and claims that we are entitled to against you.
-
Examination of possible remuneration obligations towards GEMA.
Our legitimate interest also lies in the aforementioned purposes. Insofar as this data processing serves the implementation or fulfillment of the user relationship entered into with you on the basis of our terms of use, Art. 6 para. 1 sentence 1 lit. b) GDPR constitutes the legal basis. Insofar as the processing is otherwise based on our legitimate interests, Art. 6 para. 1 p. 1 lit. f) GDPR is a further legal basis.
(4) You can object to the data processing by deleting our mobile app. However, we would like to point out that you will then not be able to use our mobile app.
2.2 USE OF GOOGLE FIREBASE
(1) Our app uses services and functions of Google Firebase, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (hereinafter "Google"). Google Firebase is a service of the so-called "Google Cloud" platform and offers app developers various services and services for the development of apps for mobile devices and websites. For this purpose, Google Firebase provides functions such as analyses, databases, messaging and crash reports as well as the technical infrastructure for the operation of the app via a software development kit (SDK); you can find more information about this on the following Google website: https://firebase.google.com/terms/. Some of the services and features provided by Google Firebase and used by us process personal data that is either provided by you (e.g., in the context of a messaging, chat or comment function, in image, sound or video recordings provided by you) or that is collected automatically (e.g., technical data such as your IP address or the device number of your mobile device). You can find out which data is processed for which purpose and how long it is stored on the following Google website, under the heading "Information on data processing" and in the table following this: https://firebase.google.com/support/privacy/#data_processing_information. Since Google updates this data processing from time to time, we have refrained from reiterating this data processing in detail in our privacy policy, in particular for reasons of clarity.
(2) The processing carried out by Google Firebase is necessary for the provision of the Google Firebase services and functions and thus for the provision of our app as well as the functions and content of our app. Our legitimate interest also lies in the aforementioned purposes. Insofar as the aforementioned data processing serves the fulfillment of a contract and the implementation of pre-contractual measures, in particular of a user relationship entered into with you on the basis of our terms of use, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR). In the case of legitimate interests, the legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR. We also use Google Firebase for the purpose of analyzing the use of our app and to continuously improve individual functions, services and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. This data processing only takes place if you have given us your prior consent. The legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR.
(3) In order to oblige Google to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with Google pursuant to Art. 28 GDPR.
(4) Even though Google Ireland Limited (see above for address) is responsible for all Google services in Europe, we would like to point out that it cannot be completely ruled out that Google Firebase may also process personal data outside the EU or the EEA, such as in the USA, through its parent company Google LLC (see above for address). Insofar as personal data is therefore transferred in individual cases to a third country for which there is no adequacy decision by the Commission, we have concluded a contract with Google incorporating the new EU standard contractual clauses adopted by the EU Commission on 04 June 2021 within the meaning of Article 46 (2) c) GDPR (you can find more information at the following EU website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) in order to ensure an adequate level of data protection for the processing of personal data in the third country.
We additionally obtain specifically informed consent pursuant to Art. 49(1)(a) GDPR prior to any transfer of personal data to a third country for which there is no adequacy decision by the Commission. Additional legal basis for the transfer to the third country is therefore also your consent pursuant to Art. 49 (1) a) GDPR.
In the event of the transfer and processing of personal data in the USA, we would also like to point out that according to the legal opinion of the European Court of Justice (judgment of 16 July 2020, Case C-311/18 - Schrems II), there is currently no adequate level of protection for the transfer of data to the USA in view of the far-reaching access powers of US (intelligence) authorities. From a data protection perspective, the U.S. is a so-called unsafe third country for which there is currently no adequacy decision by the EU Commission. Therefore, please note that US authorities may have unrestricted access to your personal data based on US laws and regulations applicable there (e.g. FISA Section 702, Executive Order 12.333) and that you, as an EU citizen, may not be entitled to any legal remedies against this access. We have no influence on measures and access by US (intelligence) authorities. By giving your consent, you declare that you are aware of these risks and agree to them.
(5) Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
For more information on Google's use of data, on setting and objection options, and on data protection, please refer to the following Google web pages:
-
Terms of use for Google services: https://policies.google.com/terms?hl=de
-
Terms of use for Firebase services: https://firebase.google.com/terms/
-
Privacy policy for Google services: https://policies.google.com/privacy?hl=de
-
Privacy and security in Firebase: https://firebase.google.com/support/privacy/
-
Legal framework for data transfers: https://policies.google.com/privacy/frameworks
-
Data use by Google when you use websites or apps that use Google services: https://policies.google.com/technologies/partner-sites?hl=de
2.3 DATA PROCESSING FOR INFORMATIONAL USE OF THE APP
(1) In the case of informational use of our mobile app, i.e. when you open the app without using any further functions, in particular registering or logging in, we collect the technical data described below:
-
Device identifier
-
IP address
-
Date and time of the request
(2) The above data is technically necessary for the use of the app, in particular the provision of the basic functions and the delivery of the contents of the app to your mobile device. They therefore serve the purpose of being able to offer you the functions and content of our mobile app and to ensure the stability and security of the app. Our legitimate interest also lies in the aforementioned purposes. Insofar as the above data processing serves the fulfillment of the contract and the implementation of pre-contractual measures, the legal basis is Art. 6 para. 1 p. 1 lit. b) GDPR). In the case of legitimate interests, the legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR. For analysis purposes, in particular for proof of activity as well as the evaluation of opening rates after previous marketing measures, we only process the above data if you have given us your prior consent. In this case, the legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR.
(3) We process and/or store the data on servers of our host provider "Google Cloud", a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (server location: Frankfurt am Main, Germany), and thus in the European Union. This ensures that the standards and regulations of European data protection law are complied with. We have concluded an order processing agreement with Google in accordance with Art. 28 GDPR to comply with the applicable data protection regulations.
(4) The above data for the provision of our app will be deleted when the respective session has ended.
(5) The collection of the above data for the provision of our app is mandatory for the use of our app by you. There is no possibility to object.
(6) If you have given us permission to process the above data for analysis purposes, you can revoke this permission at any time. The legality of the data processing already carried out remains unaffected by the revocation. Details on the revocation of your consent can be found in section 1 of our privacy policy.
2.4 REQUESTING PERMISSIONS
(1) When you start using our mobile app, we ask you for permission to use your microphone, camera, and photo gallery via a pop-up notification window. Also, we ask you if you want push notifications. This access is optional and required to use certain features of the app. If you allow us access, the mobile app will only access and transmit personal data to us to the extent necessary for the respective functionalities as described below:
-
In the case of access to the microphone and the cameras, the access is only required for the creation of sound or image or video recordings for Jams or ReJams. Access is therefore for the purpose of you recording your own Jams or ReJams and submitting them to us. Sound, image or video recordings are never recorded automatically. You decide yourself if and when you want to upload such recordings.
-
Access to the photo gallery is only necessary if you want to upload (optionally) already existing picture or video recordings of your Jams or ReJams. Your picture or video recordings will never be processed automatically. You decide yourself if, when and which picture or video recordings you want to upload.
-
In the case of push notifications, permission is required if you want to receive push notifications - even if you do not have our app open at the time - e.g. about posts from other users, comments, likes, claps, etc. We use the Google Firebase service to provide push notifications (for more information, see section 2.2 above). To provide the push notifications, Google Firebase generates a key. This key is calculated from the device ID of your mobile device and the ID of our app. In order to provide you with the push notifications, this key is transmitted to our server and stored there with the settings you have made. In this respect, Google Firebase only serves as a transmitter, but cannot draw any conclusions about your person.
(2) This access is granted voluntarily on the basis of your consent. The legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR.
(3) You can revoke this consent at any time in the system settings of your mobile device. The legality of the data processing already carried out remains unaffected by the revocation. For the sake of completeness, we would like to point out that you may not be able to use all functions of our app if you do not give or revoke your consent.
(4) Your data will be treated confidentially by us and deleted if you revoke the rights to use it or if it is no longer required to provide the services and there are no legal retention obligations that require further storage.
2.5 REGISTRATION
(1) In order to use the functions of our app and the community of the social network klaep, we must collect and process certain personal data from you as your access data. The data is entered in an input mask and transmitted to us and stored. The mandatory information requested during registration is marked accordingly and must be provided in full. Otherwise we will reject the registration. This includes the following access data:
-
Username
-
Email address
The above access data is treated confidentially and is not publicly viewable. Further details, such as a profile name, a biography or a profile photo are voluntary. In addition, the date and time of registration are collected. As part of the registration process, we also obtain your consent to process this data. A transfer of data to third parties - apart from our above-mentioned host provider Google Cloud - does not take place when you use our registration or login process; if we also offer you a registration or login via a single sign-on service ("one-time login service") of a third-party provider, you will find the information on the processing of personal data when using such a single sign-on service in this privacy policy in a separate place. We use the so-called "Magic Link" process for both registration and login. This is a password-free login method in which you enter only your email address at the time of registration and at subsequent logins. This is transmitted to our server and compared with the data stored there; a token is generated in the process. Our server will send you an email with an access link generated from this token. If you click on this access link in the email, you will be redirected to our app. If you have not yet registered, you can complete the registration process by entering the additional data mentioned above. If, on the other hand, you are already registered, a normal login and a redirection to your start page in the app will take place.
(2) Registration is required to provide the content and services of our app and our social network klaep. We use the data entered for this purpose only for the purpose of using our app and the associated services. Apart from registration or login, we use the email address provided during registration to inform you in case of important changes to our services or performances, for example concerning the functional scope of our app or in case of technically necessary changes. The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. a) GDPR. Insofar as the registration serves to conclude or execute a contract, Art. 6 para. 1 p. 1 lit. b) GDPR is an additional legal basis. Insofar as the processing is otherwise based on our legitimate interests, which consist in the aforementioned purposes, Art. 6 para. 1 p. 1 lit. f) GDPR is an additional legal basis.
(3) You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation. Details on the revocation of your consent can be found in section 1 of our privacy policy.
(4) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the registration is cancelled or modified. You have the option to cancel the registration at any time. You can have the data stored about you changed at any time. Legal retention periods remain unaffected. For the rest, we refer at this point to section 2.1 paragraph 3.
2.6 SINGLE SIGN-ON SERVICES
(1) In addition to using our login and registration screen, we offer you the option of using a single sign-on service to register or log in. The respective single sign-on service facilitates registration and login for services on the Internet. Instead of using our registration or login forms, you can enter your login data for the respective single sign-on service and then use our services. We make the following single sign-on services available to you:
-
Sign-on via Google: Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google").
-
Sign-on via Apple: Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (hereinafter "Apple")
When using a single sign-on service, your end device automatically establishes a direct connection with the server of the respective provider of the single sign-on service. To log in, you will be redirected to the page of the respective provider of the single sign-on service. There you can log in with your user data. This will link your user account with the respective provider of the single sign-on service to our service. After you have given your consent to the respective provider of the single sign-on service, we will receive your email address and the public profile data for authentication as part of the registration or login process. You can find more information on the following web pages of the respective provider of the single sign-on service:
Sign-on via Google
-
https://support.google.com/a/topic/7579248?hl=de&ref_topic=7556686
-
https://support.google.com/a/answer/6262987?hl=de&ref_topic=7579248
Sign-on via Apple
-
https://developer.apple.com/documentation/authenticationservices
-
https://support.apple.com/en-au/guide/deployment-reference-ios/apdf5b35aad2/web
If you have agreed to this data transfer, this data will be entered in the fields required for registration. Which data is transmitted to us in individual cases by the provider of the single sign-on service depends on the respective single sign-on service, the respective data releases in the context of authentication, and the (privacy) settings made by you in your user account with the provider of the single sign-on service and the releases granted.
We transmit to the respective provider of the single sign-on service in connection with the authentication process for registration or login, for technical reasons, the data collected in the case of informational use (technical data and your IP address). We do not pass on any other personal data to the respective provider of the single sign-on service.
We expressly point out that we have no influence on the scope and further use of data collected through the use of the single sign-on service by the respective provider of the single sign-on service itself.
If you have a user account with the respective provider of the single sign-on service and are registered, the login/registration for our mobile app can be assigned to your user account with the respective provider of the single sign-on service. Even if you are not registered with the respective provider of the single sign-on service or have not logged in, it is possible that the provider will obtain and store your IP address and possibly other identifying features.
The type and scope of data processing, the purposes pursued by the respective provider of the single sign-on service, your rights in this regard and setting options for protecting your personal data can be found on the websites of the respective providers linked below:
Sign-on via Google
-
Privacy policy: https://policies.google.com/privacy?hl=de
-
Terms of use: https://policies.google.com/terms
Sign-on via Apple
-
Privacy policy: https://www.apple.com/de/privacy/
-
"Sign in with Apple" & Privacy Policy: https://www.apple.com/de/legal/privacy/data/de/sign-in-with-apple/
(2) We use single sign-on services to facilitate and shorten the registration and login process for you. The use therefore serves both our interests and yours as a user to be able to use an effective and secure login system. The legal basis for the processing of the data is basically your consent, Art. 6 para. 1 p. 1 lit. a) GDPR. Insofar as the processing of the above data is carried out for the initiation, establishment, implementation or fulfillment of a contractual relationship with you, Art. 6 para. 1 p. 1 lit. b) GDPR is an additional legal basis. Otherwise, the legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR, insofar as the data processing is based on the legitimate interests underlying the above purposes.
(3) You can revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The non-granting of consent or its revocation does not have any legally disadvantageous consequences for you. In the event of revocation of consent, you can also use the normal registration process offered by us using your access data. If you no longer wish to use the single sign-on service and wish to remove the link to your user account with the respective provider of the single sign-on service, you must remove this link in the settings of your user account with the respective provider of the single sign-on service.
(4) Even if the company of the respective provider of the single sign-on service located above in the EU is responsible for the respective single sign-on service in the European area (for addresses see above), we would nevertheless like to point out that it cannot be completely ruled out that personal data may also be processed outside the EU or the EEA, such as in the USA, by the respective parent company of the provider of the single sign-on service when using the single sign-on service. Insofar as personal data is therefore transferred in individual cases to a third country for which there is no adequacy decision by the Commission, we have concluded a contract with the respective provider of the single sign-on service incorporating the new EU standard contractual clauses adopted by the EU Commission on 04 June 2021 within the meaning of Art. 46 (2) c) GDPR (you can find more information at the following EU website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) in order to ensure an adequate level of data protection for the processing of personal data in the third country.
We additionally obtain specifically informed consent pursuant to Art. 49(1)(a) GDPR before any transfer of personal data to a third country for which there is no adequacy decision by the Commission. Additional legal basis for the transfer to the third country is therefore also your consent pursuant to Art. 49 (1) a) GDPR.
In the event of the transfer and processing of personal data in the USA, we would also like to point out that according to the legal opinion of the European Court of Justice (judgment of 16 July 2020, Case C-311/18 - Schrems II), there is currently no adequate level of protection for the transfer of data to the USA in view of the far-reaching access powers of US (intelligence) authorities. From a data protection perspective, the U.S. is a so-called unsafe third country for which there is currently no adequacy decision by the EU Commission. Therefore, please note that US authorities may have unrestricted access to your personal data based on US laws and regulations applicable there (e.g. FISA Section 702, Executive Order 12.333) and that you, as an EU citizen, may not be entitled to any legal remedies against this access. We have no influence on measures and access by US (intelligence) authorities. By giving your consent, you declare that you are aware of these risks and agree to them.
2.7 PROCESSING OF PERSONAL DATA WHEN USING OUR SOCIAL NETWORK
(1) As a social network, we process personal data in the course of providing our services. Personal data is either provided by yourself and transmitted to us. Technical information is collected automatically. Apart from the data collected for technical reasons in the course of informational use and the data collected in the course of the login or registration process (see above in each case), the following data or categories of data may be collected and processed when using our services:
-
Data you provide to us:
-
Inventory data such as profile name, your biography, your profile photo.
-
Content data such as text entries (e.g. comments, tags, video descriptions), sound, image or video recordings (Jams and ReJams)
-
Likes, shares, claps
-
This data is publicly viewable by other members
-
Usage data such as, web pages visited, interest in content, access times; This data is not publicly viewable.
-
Contractual data such as data in connection with the existing user relationship between you and us (e.g. your requests to us, in the case of a paid subscription, such as payment data, payment history); These data are not publicly viewable.
(2) We process personal data in order to provide and optimize the services and benefits we offer. The above data is processed in order to
-
be able to fully offer you and other users our social network klaep with all its associated services, their functions and content via our mobile app in accordance with the usage relationship entered into with you on the basis of our terms of use;
-
enable you, as a user of our social network klaep, in accordance with the user relationship entered into with you on the basis of our terms of use, to set up an account in our social network klaep and to individualize it;
-
enable you and other users to post your own content such as sound, image or video recordings (Jams and ReJams) in accordance with the user relationship entered into with you on the basis of our terms of use and to interact and communicate with other users within the framework of our social network klaep, for example by Jams and ReJams, collaborations with other users, by commenting, by giving likes and claps;
-
manage our mobile app and social network klaep and their services, features and content, troubleshoot them, and to ensure usability, functionality and stability;
-
optimize our mobile app and social network klaep and their services, features and content for you and other users;
-
to analyze user behaviour for marketing and advertising purposes in order to provide users with suitable and personalized information.
Our legitimate interest also lies in the aforementioned purposes. Insofar as the data processing serves to conclude or implement the user relationship concluded with you via our app, Art. 6 (1) p. 1 lit. b) GDPR constitutes the legal basis. Insofar as the processing is otherwise based on our legitimate interests, which consist in the aforementioned purposes, Art. 6 (1) p. 1 lit. f) GDPR is a further legal basis. For analysis purposes, in particular for marketing and advertising purposes, we process the above data only if you have given us your prior consent. In this case, the legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR.
(3) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data collected via our app for the purpose of fulfilling the user relationship concluded with you will therefore be stored - subject to longer storage periods due to law or official orders - for as long as the user relationship concluded with you exists. If you deactivate your account, the data will be stored for one year following the time of deactivation until it is finally deleted. Personal data that has been collected to protect our legitimate interests will be stored - again subject to longer storage periods due to law or official order - as long as it is necessary to fulfill the underlying purposes. Among other things, we store data for a longer period if this is necessary to fulfill our obligations to you and other users based on our terms of use. This is the case, for example, if further storage is necessary in order to
-
fulfill obligations with regard to the granting of usage rights to other users; this applies in particular to cases in which your Jam or ReJam is part of a co-authored work (e.g. collaboration) and we are contractually obligated to the other users to enable the use of the co-authored work - and thus also of your Jam or ReJam;
-
maintain or restore the usability and functionality of the social network klaep and the services offered by us; this applies in particular to cases in which we provide collaborations, but a Jam or ReJam cannot be removed from these collaborations for technical reasons or can only be removed with considerable effort;
-
avoid distortion of the co-authored work in the case of collaborations by removing individual Jams or ReJams in accordance with Section 14 UrhG;
Our legitimate interest also lies in the aforementioned purposes. Insofar as this data processing serves the fulfillment of our contractual obligations, Art. 6 para. 1 p. 1 lit. b) GDPR constitutes the legal basis. Insofar as the processing is otherwise based on our legitimate interests, Art. 6 para. 1 p. 1 lit. f) GDPR is a further legal basis.
(4) You may revoke your consent to the processing of your personal data at any time. The legality of the data processing already carried out remains unaffected by the revocation. Details on revoking your consent can be found in Section 1 of our Privacy Policy. If the data processing is based on legitimate interests, you can object to the data processing at any time.
2.8 CONTACTING US
(1) If you contact us by email, the personal data you send us with your email will be stored. The data will only be used to answer your questions. The data will not be passed on to third parties.
(2) The processing of your aforementioned personal data is solely for the purpose of handling your inquiries. Our legitimate interest in processing the data also lies in the aforementioned purposes. Insofar as you have given us consent for this, the legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. a) GDPR. Insofar as you would like to work towards the conclusion of a contract through your email, Art. 6 para. 1 p. 1 lit. b) GDPR represents an additional legal basis. Otherwise, the legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. f) GDPR.
(3) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when we have finally processed your requests.
(4) You can revoke the consent given to us to process your personal data at any time. The legality of the data processing already carried out remains unaffected by the revocation. Details on the revocation of your consent can be found in section 1 of our privacy policy. When contacting us by email, you can object to the storage of your personal data at any time. We would like to point out that in this case your request cannot be processed any further. You can also declare the revocation or the objection by sending an email to our email address given in the imprint.
2.9 USE OF OTHER TOOLS
Jira Service Management
(1) In our mobile app, we are using the feedback tool "Jira Service Management", a service provided by Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia (hereinafter "Jira Service Management"). This tool allows us to collect feedback from our users about the use of our mobile app. In this way, we can adapt our mobile app to the wishes of our users accordingly and develop it further in the future. For this purpose, you can use Jira Service Management to report your feedback on the use of the app, in particular errors and optimizations, directly from the app using comments, screenshots, etc. The data you provide in this way, such as text entered, screenshots taken, your email address, as well as technical or device-specific data (e.g. IP address, time and date of the message, language information, operating system used, resolution of the screen of your end device) and, if applicable, other publicly available information (e.g. profile name, profile picture) are transmitted to Jira Service Management. Jira Service Management processes this data solely for the purpose of providing this feedback to us.
(2) Jira Service Management processes the data for the purpose of adapting and further developing our mobile app to the wishes of our users. It also serves the purpose of troubleshooting and thus ensuring the usability, functionality and stability of our mobile app. Our legitimate interest also lies in the aforementioned purposes. Insofar as you have given us consent for this, the legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. a) GDPR. Insofar as you are a tester of our mobile app and your feedback service is based on the content of the user relationship entered into with us, Art. 6 (1) p. 1 lit. b) GDPR represents an additional legal basis. Otherwise, the legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. f) GDPR.
(3) The above data will be stored until Jira Service Management has created and transmitted the feedback to us. Subsequently, the data will be deleted.
(4) In order to oblige Jira Service Management to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with Jira Service Management pursuant to Art. 28 GDPR.
(5) You can revoke your consent to the processing of your data at any time. The legality of the data processing already carried out remains unaffected by the revocation. Details on the revocation of your consent can be found in section 1 of our privacy policy. You can also object to the processing of your data at any time. We would like to point out that in this case, feedback will not be processed further and may not be taken into account. You can also declare the revocation or the objection by sending an e-mail to our e-mail address given in the imprint.
(6) Third-party information: Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia.
For more information about Jira Service Management's data use, opt-out and privacy practices, please visit the following Jira Service Management web pages:
-
Privacy Policy: https://www.atlassian.com/de/legal/privacy-policy
-
Further information on data protection: https://www.atlassian.com/de/trust/privacy and https://www.atlassian.com/de/trust/privacy/country/europe-and-gdpr
IMG.LY
(1) In our mobile app, we use the video editor tool "IMG.LY", a service provided by img.ly GmbH, Kortumstr. 68, 44787 Bochum, Germany (hereinafter "IMG.LY"). This tool allows us to provide an editor for video editing to our users. This allows us to customize our mobile app to the needs of our users for quick and easy video editing. For this, IMG.LY allows you to edit and optimize your video directly from the app using trimmers, video filters, stickers, texts, etc. The data you provide in this way, such as technical or device-specific data (e.g. IP address, time and date of the message, language information, operating system used, resolution of the screen of your terminal device) and, if applicable, other publicly available information (e.g. profile name, profile picture) are transmitted to IMG.LY. IMG.LY processes this data solely for the purpose of providing us with the video editor.
(2) The data processing by IMG.LY is carried out for the purpose of adapting our mobile app to the needs of our users for the provision of a video editor. It also serves the purpose of offering creative design options for video content within the scope of our mobile app. Our legitimate interest also lies in the aforementioned purposes. Insofar as you have given us consent for this, the legal basis for the processing of this data is Art. 6 (1) p. 1 lit. a) GDPR. Otherwise, the legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. f) GDPR.
(3) The above data will be stored until IMG.LY has authorized us to access the video editor. Subsequently, the data will be deleted.
(4) In order to oblige IMG.LY to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with IMG.LY pursuant to Art. 28 GDPR.
(5) You can revoke your consent to the processing of your data at any time. The legality of the data processing already carried out remains unaffected by the revocation. Details on the revocation of your consent can be found in section 1 of our privacy policy. You can also object to the processing of your data at any time. We would like to point out that in this case the creation of videos can no longer be considered. You can also declare the revocation or the objection by sending an email to our email address given in the imprint.
(6) Information of the third party provider: img.ly GmbH, Kortumstr. 68, 44787 Bochum, Germany. Further information on data use by IMG.LY, on setting and objection options as well as on data protection can be found on the following websites of IMG.LY: https://img.ly/privacy-policy
Typesense
(1) In our mobile app, we use the "Typesense" search tool, a service provided by Typesense Inc, 14090 Southwest Freeway, Suite 300, Sugar Land, TX 77478, USA (hereinafter "Typesense"). This tool allows us to execute our users' search queries within the app. In this way, we can adapt our mobile app to the wishes of our users accordingly. For this purpose, you can use Typesense to create search queries directly from the app to find users, hashtags, and texts, etc. The data you provide in this way, such as texts entered, your email address, as well as technical or device-specific data (e.g. IP address, time and date of the message, language information, operating system used, resolution of the screen of your terminal device) and, if applicable, other publicly available information (e.g. profile name, profile picture) are transmitted to Typesense. Typesense processes this data solely for the purpose of providing us with these search queries.
(2) The data processing by Typesense is for the purpose of adapting our mobile app to the search queries of our users. It also serves the purpose of navigation and discovery of new content in our mobile app. Our legitimate interest also lies in the aforementioned purposes. Insofar as you have given us consent for this, the legal basis for the processing of this data is Art. 6 (1) p. 1 lit. a) GDPR. Otherwise, the legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. f) GDPR.
(3) The above data will be stored until Typesense has created and transmitted the search results to us. Subsequently, the data will be deleted.
(4) In order to oblige Typesense to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with Typesense pursuant to Art. 28 GDPR.
(5) You can revoke your consent to the processing of your data at any time. The legality of the data processing already carried out remains unaffected by the revocation. Details on the revocation of your consent can be found in section 1 of our privacy policy. You can also object to the processing of your data at any time. We would like to point out that in this case search requests will not be processed further and may not be considered. You can also declare the revocation or the objection by sending an email to our email address given in the imprint.
(6) Information from the third-party provider: Typesense Inc., 14090 Southwest Freeway, Suite 300, Sugar Land, TX 77478, USA. Further information on data use by Typesense, on setting and objection options, and on data protection can be found on the following web pages of Typesense: https://cloud.typesense.org/legal/privacy
STATUS AND MODIFICATION OF OUR PRIVACY POLICY
We always keep our privacy policy up to date. This privacy policy has the following status: October 27, 2022.
If we further develop our app, services and our offers, it may be necessary to adapt and change our data protection declaration. The same applies if legal or regulatory requirements change.
You can access the current privacy policy at any time in our app under the menu item "Privacy Policy".