This document is the translated version of the original German-language agreement. In the event of any disputes arising out of or in connection with this agreement, in particular regarding its interpretation, the original German version shall prevail.
Preamble
This service (hereinafter “app”) is operated by
DWD Products GmbH, v. d. d. Managing Director Dorothea Utzt and Werner Hoier, Emilienstraße 9, 90489 Nürnberg. Email: hello@junoapp.co, Tel .: +49 911 148 799 210 (hereinafter “we” or “us”)
provided as the person responsible within the meaning of the applicable data protection law.
As part of the app, we enable you to write down and organize important memories for your children, saving pictures, videos and comments, and to share these memories and development steps with other family members. When using the app, we process personal data about you. Personal data includes all information that relates to an identified or identifiable natural person. Because the protection of your privacy is important to us when using the app, we would like to inform you with the following information about what personal data we process when you use the app and how we handle this data. In addition, we will inform you about the legal basis for the processing of your data and, if processing is necessary to safeguard our legitimate interests, also about our legitimate interests.
You can call up this data protection declaration at any time under the menu item “Data protection” within the app.
1. Information on the processing of your data
Certain information is automatically processed as soon as you use the app. We have listed below which personal data is processed for you:
1.1 Information that is collected when downloading
When the app is downloaded, certain required information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store), in particular the user name, email address, customer number of your account, the time of the download, payment information and the individual device code are processed. This data is processed exclusively by the respective app store and is beyond our sphere of influence.
Further information can be found in the data protection information of the app store operators:
-
for the Apple App Store: Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA, available at https://www.apple.com/de/privacy/privacy-policy/
-
for the Google Play Store: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, available at https://www.google.de/intl/de/policies/privacy/
1.2 Information that is collected automatically
As part of your use of the app, we automatically collect certain data that is required to use the app. These include:
-
access data
-
Date and time of access
-
IP address of the current and last logins (this is part of our security concept to be able to block unauthorized users)
-
time zone
-
The local language
-
The operating system you are using with the version number of the operating system
-
The app version number used
-
The type of your smartphone
-
Amounts of data transferred
-
Notification when the app is not successfully called
This data is automatically sent to us, but not stored, (1) to provide you with the service and the functions associated with it; (2) to improve the functions and features of the app and (3) to prevent and eliminate misuse and malfunctions. This data processing is justified by the fact that (1) the processing for the fulfillment of the contract between you as the person concerned and us in accordance with Art. 6 Para. 1 lit. b) GDPR is required to use the app, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a service that is in line with the market and interests, and that is your rights and interests in protection Your personal data within the meaning of Art. 6 Para. 1 lit. f) GDPR prevails.
1.3 Creation of a user account (registration) and registration
When you create a user account or log in, we use your access data to grant you access to your user account and to manage it (“mandatory information”). Mandatory information in the context of registration is required to conclude the usage contract. If you do not provide this data, you cannot create a user account.
You can also provide the following voluntary information:
- You can store an optional profile picture
- Child’s first name
- Calculated date of birth / date of birth
- gender of the child (m / f / d)
You can also invite third parties to your account. You can provide the following information
- Email of the invitee
- Relationship (mother, father, uncle etc.) of the invitee to the child
We use the mandatory information to authenticate you when you log in and to answer requests to reset your password. The data you enter during registration or registration will be processed and used by us (1) to verify your authorization to manage the user account; (2) enforce the terms of use of the app as well as all associated rights and obligations and (3) get in contact with you to send you technical or legal information, updates, security messages or other messages that relate to the management of the user account can.
We use voluntary information to display it in accordance with your settings within the app and to make it accessible to other users of the app at your request.
This data processing is justified by the fact that (1) the processing for the fulfillment of the contract between you as the person concerned and us in accordance with Art. 6 Para. 1 lit. b) GDPR is required to use the app, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the app, which here states your rights and interests in the protection of your personal data within the meaning of Art. 6 para 1 lit. f) GDPR prevails.
1.4 Use of the app
As part of the app, you can enter, manage and edit various information. This information includes in particular the creation and management of images and video sequences as well as the creation and management of notes. It will also be possible to have a photo book created via the app.
The app also requires the following permissions:
-
Internet access : This is required to save your entries on our servers.
-
Push messages: to inform you about family and service activities and about new features.
-
Storage: to add saved images / videos to our service.
The programming of the authorization categories differ according to the manufacturer and the operating system. In an Android operating system, for example, individual authorizations are sometimes grouped into authorization categories and you can only agree or reject the authorization categories as a whole.
The processing and use of usage data takes place to provide the service. This data processing is justified by the fact that the processing for the fulfillment of the contract between you as the person concerned and us according to Art. 6 para. 1 lit. b) GDPR is required to use the app and you have given us your consent with regard to the above-mentioned authorizations, Art. 6 para. 1 lit. a) GDPR.
2. Transfer and transfer of data
2.1 hosting
We use hosting services (in particular storage space, computing capacity, platform services) to make our offer available. As part of this, we and our hosting provider process personal data in accordance with this data protection declaration. The legal basis for hosting services is Art. 6 Paragraph 1 lit. f GDPR. We have a contract for order data processing with our hosting provider. Art. 28 GDPR closed
2.2 Invitations
As a registered member, you can also invite friends and family members. We process the data collected for this purpose only.
The people you invite will first receive an invitation from us by email, in which they can confirm their participation by means of an opt-in.
Every invited person has the opportunity to object to the use of their email address for invitations with future effect.
Please note that the recipient of the invitation will receive the following data from you:
- First and Last Name
- E-mail address
2.3 In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if it is legally permissible or required. This can include be the case if processing is necessary to protect the vital interests of the user or another natural person.
2.4 If it is necessary to clarify an illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement or other authorities as well as to damaged third parties or legal advisors. However, this only happens if there are indications of illegal or abusive behavior. A transfer can also take place if this serves to enforce terms of use or other legal claims. We are also legally obliged to provide information to certain public bodies on request. These are law enforcement agencies, agencies that prosecute administrative offenses that have been fined and the tax authorities.
Any transfer of personal data is justified by the fact that (1) processing is necessary to fulfill a legal obligation that we have pursuant to Art. 6 Para. 1 lit. f) GDPR in conjunction with are subject to national legal requirements for the disclosure of data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to the third parties mentioned, if there are indications of improper behavior or to enforce our terms of use, other conditions or legal claims, and your rights and interests in protecting your personal data within the meaning of Art. 6 Para. 1 lit. f) GDPR does not prevail.
2.5 In the course of the further development of our business, the structure of our company may change by changing the legal form, establishing, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information may be shared with the part of the company to be transferred. Every time personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection declaration and the applicable data protection law.
Any forwarding of the personal data is justified by the fact that we have a legitimate interest in adapting our company form to the economic and legal circumstances as required and your rights and interests in the protection of your personal data within the meaning of Art. 6 Para. 1 lit. f) GDPR does not prevail.
3. Data transfers to third countries
We also process data in countries outside the European Economic Area (“EEA”). This affects in particular:
3.1 Firebase
a) For our app, we use the app developer platform “Firebase” from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 (“Google”). Google Firebase uses tracking technologies that enable an analysis of your use of our app, e.g. B. for performance monitoring, for error logs and for analyzing user behavior z. B. Which screens are viewed and which functions are used and how often. The purpose of using Firebase in our app is also to send push messages and analyze crashes (crashlytics) in order to regularly improve the app. The legal basis for this data processing is Art. 6 Para. 1 S. 1 lit. f GDPR, since we have a legitimate interest in the analysis, optimization and economic operation of our app and data processing is necessary to safeguard this interest.
Firebase collects information about the use of our app and transfers it to Google in Ireland or the USA and stores it there. The data is only collected anonymously and transmitted to Firebase. There is no link to other user data.
Google will use the information mentioned to evaluate your use of our app and to provide us with other services related to the use of apps.
You can find more information on Google Firebase and data protection at [www.google.com/policies/privacy/[(https://policies.google.com/privacy) and [firebase.google.com] (https: // firebase. google.com/)
b) The legal basis for the use of data and the use of Firebase is a legitimate interest (i.e. interest in the analysis, optimization and economic operation of our apps) within the meaning of Art. 6 Para. 1 lit a GDPR
c) The data is processed for the purpose of optimizing our service.
d) Duration of storage, objection and removal options
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. You can object to the use of Firebase at any time. In this case, you can unfortunately no longer use our service.
3.2 SendGrid
a) We use the provider Sendgrid Inc., Suite 500 to send transaction-based emails (e.g. password reset, account confirmations, invitations to family and friends); Denver, CO 80202, USA (hereinafter “SendGrid”), with which we have concluded a contract for order processing in accordance with Art. 28 GDPR. We will therefore pass on the email address to SendGrid. SendGrid stores its data on a server in the USA.
The emails we send contain a way to analyze the behavior of the recipient, in particular to query whether the email was successfully sent or opened, and how often a particular link within an email was clicked by the recipient. The service has been set up by us so that the data relating to the recipient is presented anonymously, so we cannot draw any conclusions about the individual recipient. We have also activated that the full IP address is not collected or processed.
b) The legal basis for the processing of the data that you have transmitted to us when ordering the newsletter is Art. 6 Para. 1 a GDPR (consent of the user).
c) the data is processed for the purpose of sending you transaction-based emails.
d) Duration of storage, objection and removal options
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of transaction types emails, this is the case when your membership with us ends.
3.3 HubSpot
You have the option to order a free newsletter via our app. This will ask for your email address.
In addition, the following data is transmitted to us as part of the registration:
-
your IP address
-
Date and time of the order
As part of the order, we will obtain your consent to the processing of the above data with reference to this data protection declaration. The data will only be used for the newsletter you have subscribed to. The data will not be passed on to third parties.
We use the so-called “double opt-in procedure” in the context of sending the newsletter, within which, for legal reasons, an email is sent to the email address provided before the first newsletter is sent. This is used to check whether the owner of the registered email address has authorized the sending of the newsletter.
To send the newsletter, we use the provider HubSpot (hereinafter “HubSpot”), with whom we have concluded a contract for order processing in accordance with Art. 28 GDPR. We will therefore forward the email address you have given to HubSpot. HubSpot stores its data on the servers located in Germany.
The newsletters we send contain a way to analyze the behavior of the newsletter recipient, in particular to query how many recipients have opened a newsletter and how often a particular link within a newsletter was clicked by the recipients. We have activated that the complete IP address is not collected or processed.
b) The legal basis for the processing of the data that you have transmitted to us when ordering the newsletter is Art. 6 Para. 1 a GDPR (consent of the user). The legal basis for the transfer to HubSpot is Art. 6 Para. 1 lit f GDPR, since the transfer serves our legitimate interest in using a secure and user-friendly newsletter system
c) the data is processed for the purpose of sending you the newsletter.
d) Duration of storage, objection and removal options
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the newsletter, this is basically the case until you unsubscribe from the newsletter. You can cancel the newsletter at any time. In this regard, there is a corresponding note or link in every newsletter. However, if you are still a user of our app, the email address will only be deleted after membership ends.
3.4 Freshdesk
In order to answer your inquiries directly via the app, we use the “Freshdesk” service provided by Freshdesk Inc., 2950 S. Delaware Street, San Mateo CA 94403, USA.
Freshdesk uses cookies for its service, which provides information about your IP address, your operating system and your hardware.
You can find more information on data protection at feststst at: https://www.freshworks.com/de/dsgvo/unternehmen/
b) The legal basis for the processing of the data that you transmit to us when you contact us is Art. 6 Para. 1 lit a GDPR (consent of the user).
c) The data is processed for the purpose of maintaining a positive customer relationship with them.
d) Duration of storage, objection and removal options
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For inquiries, this is the case when the inquiry is completed.
4. Changes in purpose
Your personal data will only be processed for purposes other than those described, insofar as this is permitted by law or you have given your consent to the changed purpose of data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes before further processing and provide you with all other relevant information.
5. Period of data storage
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which we collected or used it in accordance with the preceding paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app plus a period of 14 days during which we keep backup copies after deletion, unless this data is used for criminal prosecution or for Securing, asserting or enforcing legal claims will take longer.
Specific information in this data protection declaration or legal requirements for the storage and deletion of personal data, especially those that we have to keep for tax reasons, remain unaffected.
6. Your rights as a data subject
6.1 Right to information
You have the right to receive information from us at any time on request about the personal data processed by us in the scope of Art. 15 GDPR. To do this, you can submit an application by post or email to the address below.
6.2 Right to correct incorrect data
You have the right to request that we immediately correct your personal data if it is incorrect. To do this, please contact the contact addresses below.
6.3 Right to deletion
You have the right to request us to delete your personal data under the conditions described in Art. 17 GDPR. These requirements provide in particular a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the obligation to erase them under Union law or the law of the Member State to which we are subject. For the period of data storage, see also section 5 of this data protection declaration. To assert your right to deletion, please contact the contact details below.
6.4 Right to restriction of processing
You have the right to request that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data between the user and us is controversial, for the duration that requires the accuracy to be checked, and in the event that the user requests a restricted processing instead of the deletion if there is an existing right to deletion ; furthermore in the event that the data is no longer required for the purposes pursued by us, but the user needs it to assert, exercise or defend legal claims and if the successful exercise of an objection between us and the user is still controversial. To assert your right to restriction of processing, please contact the contact details below.
6.5 Right to data portability
You have the right to receive the personal data relating to you that you have provided to us in a structured, common, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact the contact details below.
7. Right to object
You have the right to object to the processing of your personal data at any time, for reasons that arise from your particular situation, including based on Art. 6 Para. 1 lit. e) or f) GDPR, to object to Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
8th. Right to lodge a complaint
You also have the right to contact the competent supervisory authority in the event of complaints. The responsible supervisory authority is:
Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Telephone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de
If you have any questions or comments about our handling of your personal data or if you would like to exercise the rights mentioned in sections 6 and 7 as a data subject, please contact support@junoapp.co.
10. Changes to this privacy policy
We always keep this data protection declaration up to date. We therefore reserve the right to change it from time to time and to keep up with changes in the collection, processing or use of your data. The current version of the data protection declaration is always available under “Data protection” within the app.
As of July 23, 2020
