Welcome to Memtell. Our app provides you with an application that you can download to your mobile device. Memtell allows people to send personal video messages to friends and family. Data protection is a particularly high priority for us and we want you to feel secure while using our services.
1. NAME AND ADDRESS OF THE RESPONSIBLE PERSON
The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Memtell GmbH, Konrad-Adenauer-Ufer 83, Cologne, 50668, Germany.
Postal address: Memtell GmbH, Konrad-Adenauer-Ufer 83, Cologne, 50668, Germany.
2. DATA SUBJECT RIGHTS
You have the following rights with respect to us regarding personal data concerning you:
a. Right of access
You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this information. You also have a right of access regarding the following information:
the purposes of processing,
the categories of personal data processed,
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations,
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing,
the existence of a right of appeal to a supervisory authority,
if the personal data are not collected from the data subject: any available information on the origin of the data, and,
the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, you have the right to be informed whether personal data have been transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
b. Right to rectification
You have the right to request the immediate correction and/or completion of any personal data concerning you that is inaccurate or incomplete. We shall carry out the rectification without undue delay.
c. Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
The data subject has objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
d. Right to erasure
You have the right to request that we erase the personal data concerning you without undue delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:
The personal data was collected or otherwise processed for such purposes for which it is no longer necessary.
The data subject revokes his or her consent on which the processing was based pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Article 21(1) DSGVO and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21(2) DSGVO.
The personal data have been processed unlawfully.
The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data was collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
If the personal data have been made public by us and we as a controller are obliged to erase the personal data pursuant to Article 17 (1) of the GDPR, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers which process the published personal data, that the data subject has requested from those other data controllers the erasure of all links to the personal data or copies or replications of the personal data, unless the processing is necessary.
The right to erasure does not exist insofar as the processing is necessary:
for the exercise of the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
for the assertion, exercise or defense of legal claims.
e. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against us to be informed about these recipients.
f. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO. This also applies to profiling based on these provisions.
We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You also have the right to object, on grounds relating to your particular situation, to processing of your personal data which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, you may contact us at any time. You are also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
h. Right to revoke a data protection consent
You have the right to withdraw your consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
i. Right to automated decisions in individual cases, including profiling.
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you, unless the decision is
is not necessary for the conclusion or performance of a contract between you and us, or
is permitted by legislation of the Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
Is made with your express consent, or,
the decision is necessary for the conclusion or performance of a contract between you and us, or
it is made with your express consent,
we shall take reasonable steps to safeguard your rights and freedoms and your legitimate interests, which shall include, at a minimum, the right to obtain the intervention of a person on our part to express your point of view and to challenge the decision.
j. Existence of automated decision making
We do not perform automated decision making or profiling.
k. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. The supervisory authority responsible for us is the State Commissioner for Data Protection NRW, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.
3. DATA PROCESSING WHEN DOWNLOADING THE APP
4. ACCESS DATA IN SERVER LOG FILES AND DATABASES
When visiting our website, proactively using the app, registering, logging in, single sign-in, requesting email verification link, update email as well as requesting a new password, we store the access data generated in the process in so-called server log files and partly in databases. This includes date and time of access, amount of data transferred, location and IP address.
The legal basis for the temporary storage of your data and the log files is Art. 6 para. 1 lit. b DSGVO.
This data is evaluated exclusively to ensure the permanent and trouble-free operation of the app and to guarantee the proper functionality of the app, as well as for transmission to law enforcement authorities in the event of a cyber attack and to ensure the security of our information technology systems. An evaluation of your data for marketing purposes does not take place in this context.
The collection of data for the provision of our services and the storage of data in log files is absolutely necessary for the operation of our website or our app. Consequently, there is no possibility to object.
5. DATA PROCESSING FOR THE OPERATION OF THE APP
If you open a user account via the app, we process the data required to operate the app, such as the selected user name, email address, uploaded content, etc. The data processed in this way can be adjusted and changed by the user at any time via the profile settings.
The legal basis for the processing of personal data is Art. 6 para. 1 lit. b DSGVO.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for data collected during the registration process when the user account is deleted.
Our services are hosted in a secure EU cloud of the provider Amazon Web Services, Inc. (AWS). AWS is ISO27001 certified and thus meets the highest security standards. In addition, we have concluded a contract with AWS for commissioned processing in accordance with Art. 28 DSGVO, in which AWS undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection.
6. e-mail, contact form and customer support
Customer support via Jira helpdesk
The satisfaction of our customers is our primary goal. Therefore, we place special emphasis on always being at their side with our customer support. To handle customer inquiries as well as for user testing, we use the Jira Helpdesk, a service of Atlassian Pty Ltd, c/o Atlassian, Inc, 350 Bush Street, Floor 13 San Francisco, CA 94104 USA (hereinafter: "Jira"), on the basis of Art. 6 para. 1 lit. b) DSGVO. You are free to contact us at any time. If you use one of the contact options offered, the data generated in the process, such as in particular, name, e-mail address and the information provided, will be processed via Jira's servers and stored there.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. b DSGVO.
The data collected in this way will not be passed on to third parties. We have concluded a contract with Jira for commissioned processing in accordance with Art. 28 DSGVO, in which Jira undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection.
Contact via e-mail or contact form
Due to legal requirements, we provide information on our website that enables you to contact us electronically and to communicate directly with us. This includes our e-mail address as well as our contact form. If you contact us by e-mail or via our contact form, the personal data you provide will be stored automatically. The other personal data processed during contact serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. b DSGVO.
We use the personal data transmitted by you exclusively for processing your specific request. The data provided will always be treated confidentially. Your information may be stored in a customer relationship management system (so-called CRM system) or another organizational tool for customer data, for example the Jira helpdesk mentioned above.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.
7. DATA PROCESSING IN THE ONLINE STORE
To provide our online stores and to process purchases on our site, we use the store solutions of Shopify, a service of Shopify Inc, 126 York Street, Suite 200, Ottawa, ON, Canada (hereinafter: "Shopify"). If you place an order via this store, the data entered by you, in particular name, e-mail, details of your order, payment details, etc., will be processed via the servers of the respective provider. This data processing is based on Article 6 (b) DSGVO and is necessary to ensure the smooth processing of your order. We have entered into an order processing agreement with Shopify pursuant to Art. 28 DSGVO, in which Shopify undertakes to process the data received only in accordance with our instructions and to comply with the EU data protection level.
8. GOOGLE ANALYTICS
The cookie has a storage period of 2 months. The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Deletion of user-level and event-level data linked to cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) takes place no later than 14 months after their collection.
You can object to this data processing at any time with effect for the future by clicking this link. Alternatively, you can disable the use of Google Analytics for this browser on this website by setting the slider under this paragraph to "off". This will place an opt-out cookie in your browser. If you delete your cookies in this browser, you will need to toggle the slider again.
9. GA AUDIENCES
For the purpose of enabling interest-based targeting of our campaigns within the Google advertising network, we use the web analytics service of GA Audiences, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"), on the basis of Art. 6 (1) f) DSGVO. In this context, pseudonymized usage profiles can be created and cookies can be used. The information generated by the cookie about your use of this website, such as browser type/version, device name, operating system used, referrer URL (the previously visited page), keywords/specific search query, service provider, host name of the accessing computer (IP address),time of server request are transmitted to a Google server and stored there.
The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. a DSGVO.
The cookie used by Google makes it possible to recognize the visitor when he calls up websites that belong to Google's advertising network. On these pages, the visitor can then be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function. The storage period is a maximum of 180 days. You can object to this processing at any time with effect for the future by following the instructions of this link: https://myaccount.google.com/not-supported#display_optout.
For the purpose of demand-oriented design and continuous optimization of our websites, we use the analysis service Doubleclick, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Doubleclick"), on the basis of Art. 6 (1) a) DSGVO. In the process, a pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were called up. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet. The information generated by the cookie about your use of this website, such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of server request, are transmitted to a Google server and stored there. The storage period is a maximum of 180 days. The information is used to evaluate the use of the website, to compile reports on activities and to provide other services related to the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. We have concluded a contract with Doubleclick for commissioned processing in accordance with Art. 28 DSGVO, in which Doubleclick undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection. You can object to this processing at any time by either downloading and installing the browser add-on available at the following link or by deactivating the Doubleclick cookies on the Digital Advertising Alliance site at the following link http://www.aboutads.info/choices/ .
12. LINKEDIN INSIGHT TAG
We have concluded a contract with LinkedIn for commissioned processing pursuant to Art. 28 DSGVO, in which LinkedIn undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection. The legal basis for the processing of users' personal data is Art. 6 (1) lit. a DSGVO.
The data generated via Insight Tag is stored for 90 days according to our configuration and then automatically deleted.
You can object to this special data processing at any time as follows: If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website and link it to your membership data stored at LinkedIn, you can control the use of your personal data for advertising purposes in your account settings. Otherwise, you can declare the opt-out here under "Decline".
13. GOOGLE FIREBASE
In order to provide our app together with all functionalities, in particular the chat function, we use the technology of Google Firebase, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Firebase"). Firebase is part of the Google Cloud Platform and offers numerous services for developers. A listing of these can be found here: https://firebase.google.com/terms/. Firebase provides a Firebase real-time database where we store user and chat data. Here, user data is transmitted to Firebase in order to use the database.
The processing of the data is based on Art. 6 para. p. 1 lit. b DGSGVO, as the functions can only be guaranteed via Firebase.
The data processed by Firebase may be processed via servers outside of Europe, for example from the USA. We have concluded a contract with Firebase for commissioned processing in accordance with Art. 28 DSGVO, in which Firebase undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection. Further information on data protection in connection with Google Firebase can be found at: https://www.firebase.com/terms/privacy-policy.html. Finally, we have concluded a contract with Google for commissioned data processing in accordance with Art. 28 DSGVO. In this agreement, Google undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection provisions and, in particular, not to pass it on to third parties.
For Firebase, Google also uses the advertising ID of the mobile device in addition to the "instance ID" described above. In the device settings of your mobile device, you can restrict the use of the advertising ID by changing your menu settings as follows:
For Android: Settings→Google →Advertising →Reset Ad ID.
For iOS: Settings→Privacy→Advertising→Restrict ad tracking.
For our Services, we use Mixpanel, a service provided by Mixpanel, Inc, 405 Howard St, Floor 2, San Francisco, CA 94105, USA (hereinafter "Mixpanel"). Mixpanel stores and processes information about your user behavior on our website. We use Mixpanel for marketing and optimization purposes, in particular to analyze the use of our service and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user.
The processing of the data is based on Art. 6 para. p. 1 lit. a DGSGVO, as the functions can only be guaranteed via Firebase.
You can prevent the installation of cookies by deleting existing cookies and deactivating a storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the collection of the aforementioned information by Mixpanel by setting an opt-out cookie on this website. Please note that this setting will be deleted when you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. In addition, you can prevent the execution of Java-Script code altogether by installing a Java-Script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). Please note that in this case you may not be able to use the full functionality of our website.
Further information on Mixpanel and data protection at the provider can be found here https://mixpanel.com/privacy/.
15. FACEBOOK PIXEL
We have integrated the Facebook pixel into our website, a service of the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as "Facebook"). With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine you as a visitor to our online offer as a target group for the display of ads (so-called "Facebook ads" or "Instagram ads"). Accordingly, we use the Facebook pixel to display the Facebook ads or Instagram ads placed by us only to users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook and Instagram ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook or Instagram ad (so-called "conversion").
The legal basis for the use of the Facebook Pixel and the storage of "conversion cookies" is Art. 6 para. 1 lit. a DSGVO.
We have concluded a contract with Facebook for commissioned processing pursuant to Art. 28 DSGVO, in which Facebook undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection.
You can object to this data processing at any time with effect for the future. This is most easily done via the deactivation page of the network advertising initiative and additionally the US website aboutads.info or the European website youronlinechoices.com. In order to set which types of advertisements are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there regarding the settings for usage-based advertising. The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices.
17. DATA SECURITY
We secure our app as well as our website and other systems by numerous technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. For this purpose, we continuously update the firewalls we use, the encryption procedures and our security systems. Despite regular checks, complete protection against all dangers is nevertheless not possible and cannot be guaranteed by us.
18. DELETION OF DATA
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply or you revoke your consent. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. If the purpose of storage ceases to apply, if you revoke your consent or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.
19. LEGAL OR CONTRACTUAL REQUIREMENTS FOR THE PROVISION OF PERSONAL DATA; NECESSITY FOR THE CONCLUSION OF THE CONTRACT; OBLIGATION OF THE DATA SUBJECT TO PROVIDE THE PERSONAL DATA; POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE THE PERSONAL DATA
We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for the conclusion of a contract that you provide us with personal data, which must subsequently be processed by us. For example, you are obliged to provide us with your personal data if you conclude a contract with us. Failure to provide your personal data would mean that the contract with you could not be concluded.
Published: OCTOBER 2020