Privacy

Data protection notice:

We, Lismio GmbH, Pfuelstraße 5, 10997 Berlin, Germany (hereinafter “we”) are operators of the app “lismio“ (hereinafter “the app”), the websites https://lismio.com/de,https://lismio.app/, https://lismio.link/ and https://portal.lism.io/ (hereinafter jointly “the websites”) and the following social media channels: Facebook: https://www.facebook.com/lismiode ; Instagram: https://www.instagram.com/lismiohoerbuecher/ ; Twitter: https://twitter.com/lismio_de; Discord: https://discord.com/invite/kMEA7Q3kpM ; YouTube: https://www.youtube.com/c/lismio/about ; TikTok: https://www.tiktok.com/@lismio_en , https://www.tiktok.com/@lismio_hoerbuch (hereinafter jointly “the social media channels”). (“The app“, “the websites” and “the social media channels” are hereinafter jointly referred to as “the offering”.)

We take the protection of your personal data very seriously. Accordingly, in the collection, processing and use of personal data, we adhere strictly to the provisions of data protection law applicable in the Federal Republic of Germany, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the provisions of the Teleservices Act (Telemediengesetz, TMG) and Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetzes, TTDSG).

1. Controller of personal data

The controller within the meaning of Article 4(7) GDPR responsible for the collection, processing and use of your personal data is:

Lismio GmbH
Pfuelstraße 5
10997 Berlin
Germany
Telephone: +49 (0)30 488 2888 80
Email: support@lismio.com

Directors:
Tina Jürgens, Kaspar Kunisch

Companies register: Amtsgericht Charlottenburg HRB 247420 B
VAT ID: DE 234321649

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1) GDPR).

2. What data is collected during use of our offering?

a) Contact details

We offer users of our offering the opportunity of making contact with us by email. You alone decide whether you wish to convey information to us when so making contact, and if so which information. In that regard, we expressly warn that the electronic transfer of information can involve security loopholes. It is technically impossible to provide end-to-end protection of data against access by unauthorised third parties.

We collect the following personal data, if you choose to provide it:

We delete the data collected in this context as soon as its storage is no longer necessary or, where applicable, on expiry of legal storage periods (for business correspondence, 6 years); in the latter case, we restrict data processing once it is no longer required.

The legal basis for the processing and storage of personal data provided by you in the context of making contact with us is point (b) of the first sentence of Article 6(1) GDPR (“necessary for the performance of a contract”).

b) Websites

When accessing our websites, the browser used on your terminal device will automatically send information to our website’s server provided by our web host (see below, 2. g.). That information is stored temporarily in a log file. This involves the collection of the following data without your cooperation, and its storage until automatic deletion after 12 months:

The abovementioned information is evaluated only statistically and used to improve the functionality of our websites and the attractiveness of our offering. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our legitimate interest arises from reasons of guaranteeing a smooth connection, provision of optimum comfort and efficiency in use of our websites and system security. Under no circumstances do we use the data obtained for the purpose of making inferences about you as a person.

Furthermore, the following data is obtained and processed during use of our websites, for purely statistical evaluation:

Complete anonymisation is achieved by creating a “hash”, generated from the anonymised IP address; latitude and longitude of the place of access; device model and type; and platform version, type and name, such that it is impossible to trace the data back to your name. The hash and the other data listed above will be stored anonymised on an analytics server – separately from all personal data given by a data subject – until its automatic deletion after 12 months.

The legal basis for the processing of the listed data is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our legitimate interest arises from the purposes of statistical evaluation in order to improve the functionality and attractiveness of our websites.

c) Downloading the app

When the mobile app is downloaded, the necessary information, in particular username, email address and customer number attached to your account, time of download and individual device ID, is transferred to the app store. We have no influence on this data collection, and are not responsible for it. The controller in this case is the app store operator concerned. We only process the data insofar as that is necessary for the download of the mobile app on your mobile terminal device. By downloading the app, you agree that we may conduct automatic updates, provided that this involves the collection and processing of no data other than that listed in this data protection notice. Automatic updates are required for the proper fulfilment of the contract. The legal basis for data processing is point (b) of the first sentence of Article 6(1) GDPR. If updates involve the collection and processing of new data, we will specifically request your consent for this. The legal basis then is point (a) of the first sentence of Article 6(1) GDPR.

d) Collection of access data during use of app

When the app is used with a user account, the following access data is obtained and processed:

Complete anonymisation is achieved by creating a “hash”, generated from the anonymised IP address; latitude and longitude of the place of access; device model and type; and platform version, type and name, such that it is impossible to trace the data back to your name. The hash and the other data listed above will be stored anonymised on an analytics server – separately from all personal data given by a data subject – until its automatic deletion after 12 months.

The legal basis for the processing of your information during use of the app is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our legitimate interest arises from our purposes of guaranteeing a smooth connection, provision of optimum comfort in use of the app and its optimisation, statistical evaluation for the improvement of the app, and evaluation of system security and system stability.


e) Collection of personal data during use of app

Furthermore, the following personal data will be collected and processed during use of the app by means of your user account:

We also process user-generated content, contributions and other content that you create in the app, such as:

We use that information and data provided by you in providing the app, linking content from streaming providers and fulfilling the associated contract. Moreover, your audio book reviews and comments provide useful assistance to other app users, just as their reviews may help you as you select titles.

Book reviews or comments on audio books (hereinafter referred to collectively as “texts”) are published by us after they are submitted to us. In that respect, you transfer to us in regard to these texts the right of publication as well as a non-exclusive, non-chargeable, permanent and irrevocable right to make the text (in whole or in part) publicly available online or offline through the app, to reproduce it and, as the case may be, translate it into other languages.

The legal basis for processing of personal data provided at registration and your submitted user-generated content is point (b) of the first sentence of Article 6(1) GDPR (“necessary for the performance of a contract”). In particular, the processing of user-generated content is necessary in order to provide you with a personalised user experience in the app as stipulated in the contract.

The legal basis for the processing and use of your comments and book reviews is furthermore point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our interest in making information on audio books and audio plays available to app users is regarded as legitimate in the spirit of the abovementioned provision.

f) Use of the app as guest without user account

You have the option of using the app even without a user account. In that case, we will create a temporary guest account with your device ID in order to provide you with limited use of the app through the guest account (only searching for content within the app, then listening to content externally). The legal basis for the temporary storage of the device ID is firstly your consent (point (a) of the first sentence of Article 6(1) GDPR) and secondly our legitimate interest in data processing (point (f) of the first sentence of Article 6(1) GDPR). As soon as you log out of the app, your guest account and the device ID stored for it are automatically deleted.

g) Hosting

We make use of hosting services provided by the web hosting company all-inkl.com - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter “All-Inkl.”). These are: infrastructure and platform services, computing capacity, storage space and database services, email forwarding, security services and technical maintenance services, all of which we use for the purpose of operating our offering.

The data collected and processed by us in accordance with this data protection notice is stored on the servers of All-Inkl. in Germany, and deleted by us as soon as its storage is no longer necessary or, where applicable, on expiry of legal storage periods; in the latter case, we restrict data processing once it is no longer required.

Use of the hosting services takes place on the basis of our legitimate interest in the efficient and secure provision of our offering in accordance with point (f) of the first sentence of Article 6(1) GDPR and on the basis of a data processing agreement concluded between ourselves and All-Inkl. (first sentence of Article 28(3) GDPR).

h) Cookies

We use “cookies” on our websites. Cookies are small text files that are stored on your terminal device, and by means of which information comes to us or a service provider appointed by us.

Cookies are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or your web browser performs an automatic deletion.

Cookies have various functions. Many cookies are technically necessary, as certain website elements would not function without them. By placing functional cookies, we make it easier for you to navigate our websites. They mean that you do not need to enter the same information repeatedly on visiting our websites. We can place such cookies without your consent.

Other cookies serve to evaluate user behaviour or display advertisements (analytics cookies). We must ask for your consent before any placement of such cookies.

If third-party companies place cookies, you will be specifically informed of this in the context of this data protection notice, and if so you will be asked for your consent.

We place cookies for purposes of needs-based design, website security, commercial evaluation and website optimisation. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”).

Where we have asked for your consent to use and store cookies, use and storage of such cookies takes place solely on the basis of such consent (point (a) of the first sentence of Article 6(1) GDPR), and such consent may be withdrawn at any time.

To request your consent, the first time you visit our website, we will present you with a pop-up window with a cookie statement (“cookie banner”). By clicking “OK”, you give us your consent to use all the categories of cookies and plugins you select as described in this cookie guideline.

You can set your browser to inform you of the placement of cookies and only to allow cookies the one time only, in certain cases or to block them generally, and to activate automatic deletion of cookies on closing the browser. Please note that if you deactivate cookies completely, you may not be able to use all functions of our websites in full.

You can find more information on the types and uses of cookies here: Cookie Guidelines

i) Social media and platforms

We maintain an online presence on social networks and platforms in order to communicate with you and inform you there of our services. Our website https://lismio.com/en provides links to our social media channels, each shown as a link with the logo of the service provider concerned. Clicking on the logo takes you directly to the respective social media channel.

Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.

If you take advantage of the opportunity to mark posts by us in our social media channels (e.g. using the Like button) and/or commenting on them, those actions will be publicly visible, including your name and any profile image. You can remove your markings and posts at any time if the provider concerned permits this. If you send us messages through social media channels, the information you voluntarily share with us will be collected and processed by us along with your name and profile image.

Processing of your personal data takes place on the basis of our legitimate interest in comprehensive information and communication with you in accordance with point (f) of the first sentence of Article 6(1) GDPR. Where the platform operators concerned ask you for your consent for data processing, the legal basis for such processing is point (a) of the first sentence of Article 6(1) GDPR.

In order to search for, compile, review and comment on the audio books and audio plays you find via our websites and app, you will require premium access to the platforms Spotify, Napster, Deezer, Apple Music or BookBeat. You will find links to those platforms on our websites and the app, each shown as a link with the logo of the service provider concerned. Clicking on the logo takes you directly to the respective platform. We do not collect, process or pass on any personal data to any third party when you do this.

Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.

Our websites https://lismio.app/ and https://lismio.link/ and the app also offer you the option of sharing with others individual audio book recommendations via the third-party providers Twitter, Facebook, Reddit, LinkedIn, WhatsApp and Telegram and by email. Clicking on the logo of the service provider concerned takes you directly to the platform or service of the respective provider. In order to share our content via the third-party provider, you may need to set up a user profile with that provider.

Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.

We do not collect, process or pass on any personal data to any third party when you do make use of the share function.

The use of links to external platforms is offered firstly in fulfilment of contractual obligations (point (b) of the first sentence of Article 6(1) GDPR), secondly on the basis of our legitimate interest in improving our offering in accordance with point (f) of the first sentence of Article 6(1) GDPR. If the platform operators concerned ask you for your consent for data processing, the legal basis for such processing is point (a) of the first sentence of Article 6(1) GDPR.

The provider details and data protection provisions (including right of objection) of the providers of social media services and platforms that we use can be found here:

j) Analytics tools

i. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which for the European Economic Area and Switzerland is provided by Google Ireland Limited (hereinafter “Google”), Gordon House, 4 Barrow Street, Dublin 4, Ireland, in order to ensure needs-based design and ongoing website optimisation and to subject our websites and app to statistical analysis and evaluation with the aim of optimising them for you. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner when you use our websites. You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.

Google Analytics uses cookies that enable analysis of your use of our websites and app. The information about your use of our websites and app that is generated by the cookie is generally sent to a Google server and stored there. However, Google may also send personal data to the servers of Google LLC in the USA, and we have no influence on this. We have activated the IP anonymisation offered by Google on the websites and app, so that Google will in general abbreviate your IP address in advance within European Union Member States and other signatory States of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA, to then be abbreviated there. Google will use this information on our behalf to evaluate your use of the websites and app, to compile reports on usage activities and to provide us with other services connected with the use of our offering and the internet. The IP address sent by your browser in the context of Google Analytics will not be combined with other data by Google.

For the transfer of data out of the European Union into third countries (e.g. the USA), Google had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Google uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).

You can prevent the collection and transfer of data (including your IP address) relating to the use of our websites and app generated by the cookie to Google and Google’s processing of such data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en .

You can find more information about conditions of use and data protection at http://www.google.com/analytics/terms/en.html and http://www.google.com/intl/en/analytics/privacyoverview.html .

ii. Google Analytics for Firebase SDK

We also use Google Analytics for Firebase SDK (“Firebase SDK“), an analytics tool provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which for the European Economic Area and Switzerland is provided by Google Ireland Limited (hereinafter “Google”), Gordon House, 4 Barrow Street, Dublin 4, Ireland, in order to ensure needs-based design and ongoing app optimisation and to subject our app to statistical analysis and evaluation with the aim of optimising it for you.

Firebase SDK obtains the following data:

Some log data and user properties are also automatically collected. Detailed information is available here: https://support.google.com/firebase/answer/6318039?hl=en ; https://support.google.com/firebase/answer/9234069?visit_id=637953034774122734-3380257376&rd=1 ; https://support.google.com/firebase/answer/9268042?visit_id=637953034774122734-3380257376&rd=1 .

For the transfer of data out of the European Union into third countries (e.g. the USA), Google had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Google uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).

Firebase SDK is used to optimise our app and improve our overall offering. The legal bases for this are point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”). You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.

You can find more information on Firebase SDK at: https://firebase.google.com/

https://www.firebase.com/terms/privacy-policy.html

iii. Google Tag Manager

On our websites, we use Google Tag Manager, an offering provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which for the European Economic Area and Switzerland is provided by Google Ireland Limited (hereinafter “Google”), Gordon House, 4 Barrow Street, Dublin 4, Ireland. Google Tag Manager is a solution for managing website “tags” via an interface and thereby incorporating other services like Google Analytics (see above, 2. j) i)) or Facebook Pixel (see below, 2. j) v.)), in our websites. Tag Manager itself (which implements the tags) thus, for instance, creates no user profile and sets no cookies. Google merely learns your IP address, which is necessary for executing Google Tag Manager.

We use Google Tag Manager to ensure needs-based design and ongoing website optimisation and to subject our websites to statistical analysis and evaluation with the aim of optimising them for you. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner.

For the transfer of data out of the European Union into third countries (e.g. the USA), Google had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Google uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).

You can find more information about conditions of use and data protection at http://www.google.com/analytics/terms/en.html and http://www.google.com/intl/en/analytics/privacyoverview.html .

iv. Facebook SDK

Our app makes use of the Facebook Software Development Kit (“Facebook SDK“). The Facebook SDK is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

We use the Facebook SDK to carry out various evaluations of the installation of our app. The purpose of collecting and using such data is to analyse our target group and optimise product information.

Use of the Facebook SDK during app use leads to the collection of the following data, which Meta records:

Data is generally processed by Meta within the European Economic Area. However, the possibility that data may also be transferred to Meta servers outside the European Economic Area cannot be excluded. For the transfer of data out of the European Union into third countries (e.g. the USA), Meta had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Meta uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).

The use of the Facebook SDK is in the interests of the analysis of user behaviour with the aim of optimising our offering. This constitutes a legitimate interest within the meaning of point (f) of the first sentence of Article 6(1) GDPR. You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons. If you click “allow”, data processing will still take place on the basis of point (a) of the first sentence of Article 6(1) GDPR, and you can withdraw your consent at any time.

You can find more information about conditions of use and data protection at https://facebook.com/legal/terms and https://facebook.com/privacy/policy .

v. Facebook Pixel

On our websites, we use Facebook Pixel, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

To do this, we have inserted a code on our websites. Facebook Pixel is a snippet of JavaScript code that is activated when you visit our websites and stores a cookie on your device. The cookie allows Meta to collect access data, such as your IP address, geolocation data (country, region/city, country code, latitude/longitude, time zone) for the place from which the website was accessed, terminal device used (series, model, type), operating system, platform version, type and name, browser information (type of browser and version used) and the website from which our websites were accessed.

The data collected are anonymous to us and cannot be scrutinised. Currently they are usable only in ad placements, which we do not currently perform. If you are a Facebook user and logged in, your visit to our website will be automatically added to your Facebook user account. Meta also uses the data collected for its own purposes of analysis and advertising.

We use Facebook Pixel solely to carry out evaluations of the use of our websites and installations of our app, and to see how many users have come to our websites via Meta products (e.g. Facebook, Instagram). This supports needs-based design and ongoing optimisation of our websites. The legal basis for this is point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner.

If you are logged in to Facebook, you can change your own ad display settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . If you are not a Facebook user, you can manage your general user-based online advertising at https://www.youronlinechoices.com/uk/your-ad-choices . You can turn individual companies on or off here.

For the transfer of data out of the European Union into third countries (e.g. the USA), Meta had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Meta uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Art. 46(2) GDPR).

Meta terms and conditions and data processing guidelines apply. We have no influence on data processing by Meta. You can find more information about conditions of use and data protection at https://facebook.com/legal/terms and https://facebook.com/privacy/policy .

vi. OneSignal SDK

On our websites and in our app, we also use the OneSignal SDK (“OneSignal SDK“). The OneSignal SDK is provided by OneSignal Inc., 2850 S Delaware St #201, San Mateo, CA 94403, USA (“OneSignal”).

We use the OneSignal SDK to obtain “first-party data“, in order to send individualised messages to our users, e.g. by email, push notifications, web push notifications or in-app messages, and to manage, optimise and adapt these messages and to analyse user behaviour.

The following data is collected and processed through OneSignal SDK using cookies:

You can find detailed information on the data collected here: https://documentation.onesignal.com/docs/data-collected-by-the-onesignal-sdk .

OneSignal processes data in the USA and elsewhere. For the transfer of data out of the European Union into third countries (e.g. the USA), OneSignal had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, OneSignal uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Art. 46(2) GDPR).

Use of the OneSignal SDK takes place in the interests of analysing user behaviour in order to optimise our offering. This represents a legitimate interest within the meaning of point (f) of the first sentence of Article 6(1) GDPR. However, we also request your express consent, so that processing also takes place on the basis of point (a) of the first sentence of Article 6(1) GDPR; consent may be withdrawn at any time. For use of our websites, we request your consent using the cookie banner. Before you can use the app, you must accept our data protection notice. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.

You can find more information about OneSignal’s data use and data protection at https://onesignal.com/privacy_policy .

vii. Mixpanel

On our websites and in our app, we also use an analytical tool by Mixpanel Inc., One Front Street, 28th Floor, San Francisco, CA 94111, USA, which is provided for the European Economic Area by Mixpanel S.L., 75 Ave. des Champs-Élysées, 75008 Paris, France (“Mixpanel“).

The following data is collected and processed through Mixpanel:

We use Mixpanel to make statistical analyses of use and your interaction with the functions of our websites and app and to evaluate them with the aim of optimising them for you. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner when you use our websites. You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.

Generally, personal data collected is stored on Mixpanel servers in Germany, but it may be transferred to Mixpanel servers outside the European Union, including in the USA. For the transfer of data out of the European Union into third countries (e.g. the USA), Mixpanel had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Mixpanel uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Art. 46(2) GDPR).

You can opt out of the use of Mixpanel by following the instructions in this link: https://mixpanel.com/optout/. This will set an opt-out cookie. Thus, if you delete cookies on your terminal device, you will need to set this opt-out cookie again by following the instructions in this link.

You can find more information on how Mixpanel handles personal data in connection with the Mixpanel tool in Mixpanel’s data privacy declaration ( https://mixpanel.com/legal/privacy-overview/ ).

k) Recording your acknowledgment of our data protection notice

When you open our app or visit our websites, we verify whether you have acknowledged the latest version of the data protection notice on your terminal device. If you have not, we will display to you our current data protection notice with the request to acknowledge it. When you click “Read”, we record your acknowledgment and store the following data:

The legal basis for recording your personal data at the time of your acknowledgment of our data protection notice is point (c) of the first sentence of Article 6(1) GDPR. Under Article 24(1) GDPR, we are legally obliged to inform you about data collection, processing and storage. As evidence of this, we record your acknowledgment of our data protection notice. Evidence requires the recording of a non-anonymised IP address, otherwise the acknowledgment could not be linked to a specific user.

3. What happens to information you share with us?

The information you voluntarily share via our offering is only used to process your request. If no contractual relationship between you and us is established, the information you provide is deleted immediately your request is concluded. If a contractual relationship is established, your personal data will be stored for the duration of the contractual relationship and thereafter for the duration of statutory storage periods, warranty and guarantee rights and/or obligations to provide evidence, and then deleted.

If the purpose of storage ceases to be applicable or if a statutory storage period expires, the personal data will be automatically blocked or deleted in accordance with the legal regulations. You may also delete data about yourself that we have stored by activating the relevant button and deleting the app from your terminal device. This completely deletes all data that is not subject to a statutory storage period.

The legal basis for our processing of your data is point (a) of the first sentence of Article 6(1) GDPR (“your consent”), and, where your request relates to the establishment of a contractual relationship, point (b) of the first sentence of Article 6(1) GDPR (“necessary for the performance of a contract”) and point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”).

Except where otherwise stated in this data protection notice, on principle we do not pass your data to third parties, and in particular not for advertising or marketing purposes. We only pass your data to third parties if you have consented to this or if an enabling circumstance as defined by law is present. Such a circumstance would be present, for instance, if authorities or law enforcement agencies acting legitimately demand that we surrender data to them. The legal basis for this is point (c) of the first sentence of Article 6(1) GDPR.

4. You have the following rights:

Should the relevant legal conditions be present, you as a user of our offering have at all times the following rights:

  1. Right of access to information in accordance with Article 15 GDPR;
  2. Right to rectification of incorrect data or to completion thereof in accordance with Article 16 GDPR;
  3. Right to erasure in accordance with Article 17 GDPR;
  4. Right to restriction of processing in accordance with Article 18 GDPR;
  5. Right to data portability in accordance with Article 20 GDPR;
  6. Right to object in accordance with Article 21 GDPR;
  7. Right to withdraw in accordance with Article 7(3) GDPR.

If you wish to assert these rights, you may at any time apply to the controller responsible (see above, 1.). In order to process a request, we are obliged to verify the identity of the requesting party. This measure is intended to protect your data from unauthorised access by third parties.

You also have a right to lodge a complaint with a supervisory authority, in accordance with Article 77 GDPR. The competent authority in our case is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit: https://www.datenschutz-berlin.de/ ).

5. Data protection for minors

If a person under the age of 16 submits personal data via our offering, we will delete such data and not process it further immediately we are notified that the individual is a minor.

Status: September 2022