Effective date: May 22, 2018
We know that you take your privacy seriously, and so do we! Please read the following to understand how and why your personal information is used and shared. Below we provide you with an overview of what data we collect for what purpose, and how we ensure the protection of your data in short and in a more detailed form.Galatea is a mobile application by Inkitt GmbH
The controller is Rosenstraße 17, 10178 Berlin, Germany represented by its CEO Ali Albazaz (” we/us/our” or ” Inkitt”). We offer services to our users’ (the ” User/you/your”) on our website https://www.inkitt.com/ (each a ” Website”) as well as related services (jointly the ” Service”).For any questions about data protection you may contact us via firstname.lastname@example.org
) and the German Telemedia Act (Telemediengesetz, TMG
).We, as well as our external service partners, receive your data for processing for the purpose of providing our Service. You provide data if this is necessary for the aforementioned purposes. In the event that you refrain from providing such data you may face legal disadvantages, for example, limited or no access to our Service.
Transfer of Data outside of the EU
In the course of data processing by us, data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third party providers such as cloud services and external service partners which process data on our behalf.
You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based in your consent.You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data is incorrect.You have the right to object to the processing of your personal data, for example if your personal data is processed for direct marketing purposes.You are entitled to request the erasure of your data.You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.You also have the right to lodge a complaint with a supervisory authority at your discretion. An overview of the European National Data Protection Authorities can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Period for Storing Data; Deletion
Your data is deleted if such data is no longer necessary for the purpose of processing.
Automated Decision making (including “profiling”)
In general, we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such profiling may happen by third party providers through the Website or Service. We will inform you of this whenever possible.
We have implemented sufficient measures to ensure data and IT security. The Website and applications are operated through a safe SSL-connection. If an SSL-connection is activated, third parties are prevented from reading any data that is transferred by you to us.
MORE DETAILED INFORMATION:
Personal data is any information relating to an identified or identifiable natural person. Personal data includes e.g. name or email address. Personal data also includes information about hobbies, memberships or websites viewed. We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing.How is my Data processed when visiting the Website or applications? Does automated decision making including “Profiling” take place?
When contacting us via email, the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or fulfilling your request based on Art. 6 (1) b. GDPR.
We inform the user about the Website, our Service and us through occasional newsletters.When registering for the newsletter, you have to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below).After registration, you will receive an email to confirm the registration (“double opt-in”). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter according to Art. 6 (1) a. GDPR and we may process such data accordingly.If you purchase goods or services from us, we may in future send you information emails for similar goods or services. Data processing will be based on the business relationship with you (Art. 6 (1) b. GDPR or German Unfair Competition Act (UWG)).In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user’s first and last name and the date of registration.Withdrawal of consent / OPT-OUT: The user can withdraw their consent to the processing of data for the purpose of sending the newsletter at any time. The withdrawal / objection can take place over a link, which is contained in each newsletter, or by separate message to us. You will not incur any costs other than the transmission costs according to the basic tariffs.
Automated Decision Making (including “Profiling”)
In general we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such automated decision making including profiling may happen by third party providers through the Website or Service.We will inform you of this whenever possible.Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips. The data subject shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him or her in a similar manner. [This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is admissible under Union or Member State law to which the data controller is subject and where such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) is taken with the data subject’s express consent. In such exceptional cases, the person responsible shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data subject, to state his own position and to challenge the decision.]III. How is my Data processed when joining the Inkitt Community?
Participation in the Inkitt Community and use of the Service
For taking part in our community through our Website you are asked to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective ‘submit’ button on the Website.These data may include the following information for the following purposes:Your user name is required to log-in to your accountYour email address is required for account verificationYour gender is required for our recommendation engineYour age is required to enforce restrictions of content for under-aged usersYour favorite genre is required to provide you with recommendationsYour interests are required to provide you with recommendations
Join with Facebook
Instead of the aforementioned registration via our website you may use “Facebook Connect” to sign in with an existing account by Facebook of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You may click on the “login with Facebook” button and will be automatically redirected to www.facebook.com
in order to log-in. In this case your Facebook account will be connected with our website. Via this connection we will gain access to your Facebook user data. These are in particular the following data:Your age rangeYour locationYour GenderYour IDYour birthdayA link to your face profileYour hometownYour email addressLiked BooksLiked MusicLiked Videos,Likes in general
In order to offer you a convenient online service featuring numerous functions, our Website uses text files (” Cookies
“) containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.
or the EU-website http://www.youronlinechoices.com/uk/your-ad-choices/
. However, we want to point out that without Cookies the use and comfort of use of our services may be restricted.
We use Google Analytics a web analytics tool offered by Google LLC, Mountain View, CA, USA (” Google
We also use Google Analytics to analyse data of Google Adwords for statistical purposes
We point out that an automated decision making (“profiling”) (see also [“profiling” link]
above) can take place when integrating Google and including an existing Google account.Are my Data transferred to Third Parties?
We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.For more information please refer to email@example.com.Are my Data transferred outside the EU?
When visiting the Website and using our Service data may be transferred to countries outside the EU whereas the services by Google [add link
] and Facebook [add link
] are affected.The US companies providing the services of Google and Facebook are each certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. For more information on EU-US-Privacy-Shield and details about the certificates for Google and Mailchimp please refer to: https://www.privacyshield.gov
We also use the following third party services in which course data may be transferred to countries outside the EU:
Functional Software Inc. (Sentry)Intended Purpose
We use Functional Software Inc. (Sentry), 132 Hawthorne Street, San Francisco, California 94107, USA for the purpose of error tracking. Your device, operating system, visitor_id, country, release version, url and user ID will be processed via servers in the US and EuropeProcessing outside of EU and compliance with EU-Standards
The services of Functional Software Inc. (Sentry) are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.govFurther Informationhttps://sentry.io/privacy/#eu-us-privacy-shield
We use SendGrid, Inc., 1801 California Street, Suite 500Denver, Colorado 80202, USA for the purpose of sending transaction and marketing emails and storing of unsubscription. Your email address will be processed.Processing outside of EU and compliance with EU-Standards
The services of SendGrid, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://sendgrid.com/policies/privacy/services-privacy-policy/
The services of Facebook, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://www.facebook.com/about/privacyshield
Amazon Web Services (AWS)
We use Amazon Web Services by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA for the purpose of hosting our website. Your customer data, such as your email address, will be processed.Processing outside of EU and compliance with EU-Standards
The services of Amazon Web Services, Inc are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.govFurtherInformation
https://aws.amazon.com/compliance/eu-data-protection/ https://aws.amazon.com/compliance/germany-data-protection/GoogleIntended Purpose
We use Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics and marketing. Your data such as browser type/version, operating system used, referrer URL (the site previously visited), host name of the accessing computer (IP address) and time of server enquiry will be processed.Processing outside of EU and compliance with EU-Standards
The services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection zendesk standards is ensured. See: https://www.privacyshield.gov/Further Information https://policies.google.com/privacy
We use Fabric by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics and crash reporting. Your impersonal data such as installation UUDI, IP address (temporarily), user events (button clicks, page views etc.) will be processed. A storage of personal data does not take place.Processing outside of EU and compliance with EU-Standards
The services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://fabric.io/terms?locale=en-us&utm_campaign=fabric-marketing&utm_medium=natural
We use Firebase by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics, sending push notification to users and storing of storing chat messages. Your IP address, Instance IDs, Crash traces, User agents, Mobile ad IDs, IDFVs/Android IDs, Analytics App Instance IDs, All User events (button clicks, page views, etc) will be processed. Personal data is not stored.Processing outside of EU and compliance with EU-Standards
The services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://policies.google.com/privacy
We use Branch Metrics, Inc., 1400B Seaport Boulevard, Redwood City, California 94063, USA for the purpose of deeplinks for marketing purposes. Your iOS or Android identification (IFDA or Android ID), the IP address, the version of the app, information about the terminal used, its manufacturer and the operating system version used, screen size and resolution, start and end of use of our app, type of connection (e.g. WLAN, mobile access), period since installation and since the last update of the app. The listed information is only processed by Branch in anonymous form. An identification of the individual Inkitt user by Branch is thus excluded.Processing outside of EU and compliance with EU-Standards
The services of Branch Metrics, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://branch.io/policies/#privacy
We use Zendesk, Inc 1019 Market Street, 6th Floor, San Francisco, California 94103, USA for support system purposes. Your Information such as last name, first name, and email address is recorded on our platform will be processed in order to answer your questions.Processing outside of EU and compliance with EU-Standards
The services of Zendesk, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://www.zendesk.com/company/customers-partners/privacy-policy/
We use Instabug, Inc., 855 El Camino Real St., Suite 13A-111, Palo Alto, CA. 94301, USA for bug tracking purposes. Your IP address, domain server, type of internet browser will be processed.Processing outside of EU and compliance with EU-Standards
Instabug, Inc. has entered into Standard Contractual Clauses according to Commission Decision C(2010)593 regarding the transfer of personal data to processors established in third countries with us, accordingly the compliance with EU data protection standards is ensured. See: https://instabug.com/dpaFurther Informationhttps://instabug.com/privacy
We use New Relic, Inc., 188 Spear Street, Suite 1200, San Francisco, California 94105, USA for server monitoring purposes. Your system relevant data such as usage times, used hardware and software will be processed.Processing outside of EU and compliance with EU-Standards
The services of New Relic, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://newrelic.com/privacy-shieldVII. Your Rights: Right to access, object, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint
As a data subject you have the right: to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future; to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation; to obtain from us access to your personal data; to obtain from us without undue delay the rectification of inaccurate personal data concerning you; to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.
If you wish to make use of your rights mentioned above please send an email to firstname.lastname@example.org.If you obtain access to your personal data you may, in particular, request access to the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed. We also will, if possible, give information about the envisaged period of time for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority and where the personal data are not collected from the data subject, any available information as to their source and the existence of automated decision-making, including profiling and meaningful information about this event.
You have the right to lodge a complaint vis-á-vis a supervisory authority of your choice.
For example for Berlin/Germany: https://www.datenschutz-berlin.de/kontakt.html
An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Duration of the storage of personal data; deletion periods
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. Your IP-address and server-log-files (as set forth above) are stored for seven days for security and technical reasons.In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB
) and the Tax Code (Abgabenordnung, AO
For any inquiries and additional questions about processing personal data please contact email@example.com. Further details may be found here: https://www.inkitt.com/imprint