Privacy
Data protection notice:
We, Lismio GmbH, Pfuelstraße 5, 10997 Berlin, Germany (hereinafter “we”) are operators of the app “lismio“ (hereinafter “the app”), the websites https://lismio.com/de,https://lismio.app/, https://lismio.link/ and https://portal.lism.io/ (hereinafter jointly “the websites”) and the following social media channels: Facebook: https://www.facebook.com/lismiode ; Instagram: https://www.instagram.com/lismiohoerbuecher/ ; Twitter: https://twitter.com/lismio_de; Discord: https://discord.com/invite/kMEA7Q3kpM ; YouTube: https://www.youtube.com/c/lismio/about ; TikTok: https://www.tiktok.com/@lismio_en , https://www.tiktok.com/@lismio_hoerbuch (hereinafter jointly “the social media channels”). (“The app“, “the websites” and “the social media channels” are hereinafter jointly referred to as “the offering”.)
We take the protection of your personal data very seriously. Accordingly, in the collection, processing and use of personal data, we adhere strictly to the provisions of data protection law applicable in the Federal Republic of Germany, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the provisions of the Teleservices Act (Telemediengesetz, TMG) and Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetzes, TTDSG).
1. Controller of personal data
The controller within the meaning of Article 4(7) GDPR responsible for the collection, processing and use of your personal data is:
Lismio GmbH
Pfuelstraße 5
10997 Berlin
Germany
Telephone: +49 (0)30 488 2888 80
Email: support@lismio.com
Directors:
Tina Jürgens, Kaspar Kunisch
Companies register: Amtsgericht Charlottenburg HRB 247420 B
VAT ID: DE 234321649
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1) GDPR).
2. What data is collected during use of our offering?
a) Contact details
We offer users of our offering the opportunity of making contact with us by email. You alone decide whether you wish to convey information to us when so making contact, and if so which information. In that regard, we expressly warn that the electronic transfer of information can involve security loopholes. It is technically impossible to provide end-to-end protection of data against access by unauthorised third parties.
We collect the following personal data, if you choose to provide it:
- Forename and surname;
- Company;
- Email address;
- Postal address;
- Telephone number;
- The issue you are communicating.
We delete the data collected in this context as soon as its storage is no longer necessary or, where applicable, on expiry of legal storage periods (for business correspondence, 6 years); in the latter case, we restrict data processing once it is no longer required.
The legal basis for the processing and storage of personal data provided by you in the context of making contact with us is point (b) of the first sentence of Article 6(1) GDPR (“necessary for the performance of a contract”).
b) Websites
When accessing our websites, the browser used on your terminal device will automatically send information to our website’s server provided by our web host (see below, 2. g.). That information is stored temporarily in a log file. This involves the collection of the following data without your cooperation, and its storage until automatic deletion after 12 months:
- IP address of the requesting computer (stored anonymised after collection);
- Date and time of the server request;
- Website from which access was gained (referrer URL);
- Browser, operating system of your computer and name of your access provider.
The abovementioned information is evaluated only statistically and used to improve the functionality of our websites and the attractiveness of our offering. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our legitimate interest arises from reasons of guaranteeing a smooth connection, provision of optimum comfort and efficiency in use of our websites and system security. Under no circumstances do we use the data obtained for the purpose of making inferences about you as a person.
Furthermore, the following data is obtained and processed during use of our websites, for purely statistical evaluation:
- IP address of the requesting computer (stored anonymised after collection and hashed);
- Latitude and longitude of the place of access;
- Terminal device used (model, type) as well as platform version, type and name.
Complete anonymisation is achieved by creating a “hash”, generated from the anonymised IP address; latitude and longitude of the place of access; device model and type; and platform version, type and name, such that it is impossible to trace the data back to your name. The hash and the other data listed above will be stored anonymised on an analytics server – separately from all personal data given by a data subject – until its automatic deletion after 12 months.
The legal basis for the processing of the listed data is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our legitimate interest arises from the purposes of statistical evaluation in order to improve the functionality and attractiveness of our websites.
c) Downloading the app
When the mobile app is downloaded, the necessary information, in particular username, email address and customer number attached to your account, time of download and individual device ID, is transferred to the app store. We have no influence on this data collection, and are not responsible for it. The controller in this case is the app store operator concerned. We only process the data insofar as that is necessary for the download of the mobile app on your mobile terminal device. By downloading the app, you agree that we may conduct automatic updates, provided that this involves the collection and processing of no data other than that listed in this data protection notice. Automatic updates are required for the proper fulfilment of the contract. The legal basis for data processing is point (b) of the first sentence of Article 6(1) GDPR. If updates involve the collection and processing of new data, we will specifically request your consent for this. The legal basis then is point (a) of the first sentence of Article 6(1) GDPR.
d) Collection of access data during use of app
When the app is used with a user account, the following access data is obtained and processed:
- Session start and duration;
- Session number;
- User loyalty;
- IP address of requesting device (stored anonymised after collection and hashed);
- Geolocation data (country, region/city, country code, latitude and longitude, time zone) for the place from which the app was accessed;
- Terminal device used (series, model, type), resolution (screen size), app version, operating system (e.g. iOS or Android);
- Platform version, type and name;
- Browser information (browser type and version used);
- Website from which an accessing system reached our app;
- Language set on the terminal device;
- User movements/retrievals within the app.
Complete anonymisation is achieved by creating a “hash”, generated from the anonymised IP address; latitude and longitude of the place of access; device model and type; and platform version, type and name, such that it is impossible to trace the data back to your name. The hash and the other data listed above will be stored anonymised on an analytics server – separately from all personal data given by a data subject – until its automatic deletion after 12 months.
The legal basis for the processing of your information during use of the app is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our legitimate interest arises from our purposes of guaranteeing a smooth connection, provision of optimum comfort in use of the app and its optimisation, statistical evaluation for the improvement of the app, and evaluation of system security and system stability.
e) Collection of personal data during use of app
Furthermore, the following personal data will be collected and processed during use of the app by means of your user account:
- Email address and password (encrypted);
- User ID/username;
- Details of contracts with streaming providers supported by the app, namely:
- Company details of provider and
- Language choice for audio books;
- App settings vis-à-vis your service settings and your choices of region/country and language;
- Your choice regarding the display of explicit content.
We also process user-generated content, contributions and other content
that you create in the app, such as:
- Reviews and comments;
- Favourite titles you highlight in the app and playlists you create;
- Your choice of avatar;
- Authors and series that you follow in the app.
We use that information and data provided by you in providing the app,
linking content from streaming providers and fulfilling the associated
contract. Moreover, your audio book reviews and comments provide useful
assistance to other app users, just as their reviews may help you as you
select titles.
Book reviews or comments on audio books (hereinafter referred to collectively as “texts”) are published by us after they are submitted to us. In that respect, you transfer to us in regard to these texts the right of publication as well as a non-exclusive, non-chargeable, permanent and irrevocable right to make the text (in whole or in part) publicly available online or offline through the app, to reproduce it and, as the case may be, translate it into other languages.
The legal basis for processing of personal data provided at registration and your submitted user-generated content is point (b) of the first sentence of Article 6(1) GDPR (“necessary for the performance of a contract”). In particular, the processing of user-generated content is necessary in order to provide you with a personalised user experience in the app as stipulated in the contract.
The legal basis for the processing and use of your comments and book reviews is furthermore point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”). Our interest in making information on audio books and audio plays available to app users is regarded as legitimate in the spirit of the abovementioned provision.
f) Use of the app as guest without user account
You have the option of using the app even without a user account. In that case, we will create a temporary guest account with your device ID in order to provide you with limited use of the app through the guest account (only searching for content within the app, then listening to content externally). The legal basis for the temporary storage of the device ID is firstly your consent (point (a) of the first sentence of Article 6(1) GDPR) and secondly our legitimate interest in data processing (point (f) of the first sentence of Article 6(1) GDPR). As soon as you log out of the app, your guest account and the device ID stored for it are automatically deleted.
g) Hosting
We make use of hosting services provided by the web hosting company all-inkl.com - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany (hereinafter “All-Inkl.”). These are: infrastructure and platform services, computing capacity, storage space and database services, email forwarding, security services and technical maintenance services, all of which we use for the purpose of operating our offering.
The data collected and processed by us in accordance with this data protection notice is stored on the servers of All-Inkl. in Germany, and deleted by us as soon as its storage is no longer necessary or, where applicable, on expiry of legal storage periods; in the latter case, we restrict data processing once it is no longer required.
Use of the hosting services takes place on the basis of our legitimate interest in the efficient and secure provision of our offering in accordance with point (f) of the first sentence of Article 6(1) GDPR and on the basis of a data processing agreement concluded between ourselves and All-Inkl. (first sentence of Article 28(3) GDPR).
h) Cookies
We use “cookies” on our websites. Cookies are small text files that are stored on your terminal device, and by means of which information comes to us or a service provider appointed by us.
Cookies are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or your web browser performs an automatic deletion.
Cookies have various functions. Many cookies are technically necessary, as certain website elements would not function without them. By placing functional cookies, we make it easier for you to navigate our websites. They mean that you do not need to enter the same information repeatedly on visiting our websites. We can place such cookies without your consent.
Other cookies serve to evaluate user behaviour or display advertisements (analytics cookies). We must ask for your consent before any placement of such cookies.
If third-party companies place cookies, you will be specifically informed of this in the context of this data protection notice, and if so you will be asked for your consent.
We place cookies for purposes of needs-based design, website security, commercial evaluation and website optimisation. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”).
Where we have asked for your consent to use and store cookies, use and storage of such cookies takes place solely on the basis of such consent (point (a) of the first sentence of Article 6(1) GDPR), and such consent may be withdrawn at any time.
To request your consent, the first time you visit our website, we will present you with a pop-up window with a cookie statement (“cookie banner”). By clicking “OK”, you give us your consent to use all the categories of cookies and plugins you select as described in this cookie guideline.
You can set your browser to inform you of the placement of cookies and only to allow cookies the one time only, in certain cases or to block them generally, and to activate automatic deletion of cookies on closing the browser. Please note that if you deactivate cookies completely, you may not be able to use all functions of our websites in full.
You can find more information on the types and uses of cookies here: Cookie Guidelines
i) Social media and platforms
We maintain an online presence on social networks and platforms in order to communicate with you and inform you there of our services. Our website https://lismio.com/en provides links to our social media channels, each shown as a link with the logo of the service provider concerned. Clicking on the logo takes you directly to the respective social media channel.
Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.
If you take advantage of the opportunity to mark posts by us in our social media channels (e.g. using the Like button) and/or commenting on them, those actions will be publicly visible, including your name and any profile image. You can remove your markings and posts at any time if the provider concerned permits this. If you send us messages through social media channels, the information you voluntarily share with us will be collected and processed by us along with your name and profile image.
Processing of your personal data takes place on the basis of our legitimate interest in comprehensive information and communication with you in accordance with point (f) of the first sentence of Article 6(1) GDPR. Where the platform operators concerned ask you for your consent for data processing, the legal basis for such processing is point (a) of the first sentence of Article 6(1) GDPR.
In order to search for, compile, review and comment on the audio books and audio plays you find via our websites and app, you will require premium access to the platforms Spotify, Napster, Deezer, Apple Music or BookBeat. You will find links to those platforms on our websites and the app, each shown as a link with the logo of the service provider concerned. Clicking on the logo takes you directly to the respective platform. We do not collect, process or pass on any personal data to any third party when you do this.
Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.
Our websites https://lismio.app/ and https://lismio.link/ and the app also offer you the option of sharing with others individual audio book recommendations via the third-party providers Twitter, Facebook, Reddit, LinkedIn, WhatsApp and Telegram and by email. Clicking on the logo of the service provider concerned takes you directly to the platform or service of the respective provider. In order to share our content via the third-party provider, you may need to set up a user profile with that provider.
Terms and conditions and data processing guidelines of the provider concerned apply. We have no influence on data processing by those service providers.
We do not collect, process or pass on any personal data to any third party when you do make use of the share function.
The use of links to external platforms is offered firstly in fulfilment of contractual obligations (point (b) of the first sentence of Article 6(1) GDPR), secondly on the basis of our legitimate interest in improving our offering in accordance with point (f) of the first sentence of Article 6(1) GDPR. If the platform operators concerned ask you for your consent for data processing, the legal basis for such processing is point (a) of the first sentence of Article 6(1) GDPR.
The provider details and data protection provisions (including right of objection) of the providers of social media services and platforms that we use can be found here:
- Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): https://facebook.com/privacy/policy ;
- Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): https://instagram.com/about/legal/privacy/ ;
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland): https://twitter.com/de/privacy ;
- Discord (Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA; for the European Union and United Kingdom: Discord Netherlands BV, Schiphol Boulevard 195, (1118 BG) Schiphol, Netherlands): https://discord.com/privacy;
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): https://policies.google.com/privacy?hl=en ;
- TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin 2, Ireland): https://www.tiktok.com/legal/privacy-policy?lang=en ;
- Spotify (Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden): https://www.spotify.com/uk/legal/privacy-policy/ ;
- Napster (Napster Luxembourg S.a.r.l., 60, Route de Luxembourg, 5408 Bous, Luxembourg): https://www.napster.com/gb/privacy/ ;
- Deezer (Deezer SA, 24 rue de Calais, 75009 Paris, France): https://www.deezer.com/legal/personal-datas ;
- Apple (Apple Inc., Infinite Loop, Cupertino, CA 95014, USA): https://www.apple.com/legal/privacy/en-ww/ ;
- BookBeat (BookBeat GmbH, Friedrichstraße 9, 80801 Munich, Germany): https://assets.ctfassets.net/4s7izhcdroyy/1kCfzYjlIza62bjFJQ3ZDC/56f0c50ab05550ccd516d69a624f8b9d/privacyPolicyDE_20210611.pdf ;
- Reddit (Reddit Ireland Limited, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland): https://www.reddit.com/policies/privacy-policy ;
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland): https://www.linkedin.com/legal/privacy-policy ;
- WhatsApp (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): https://facebook.com/privacy/policy ;
- Telegram (Telegram Messenger LLP, 71-75 Shelton Street, Covent Garden, London, United Kingdom): https://telegram.org/privacy .
j) Analytics tools
i. Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which for the European Economic Area and Switzerland is provided by Google Ireland Limited (hereinafter “Google”), Gordon House, 4 Barrow Street, Dublin 4, Ireland, in order to ensure needs-based design and ongoing website optimisation and to subject our websites and app to statistical analysis and evaluation with the aim of optimising them for you. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner when you use our websites. You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.
Google Analytics uses cookies that enable analysis of your use of our websites and app. The information about your use of our websites and app that is generated by the cookie is generally sent to a Google server and stored there. However, Google may also send personal data to the servers of Google LLC in the USA, and we have no influence on this. We have activated the IP anonymisation offered by Google on the websites and app, so that Google will in general abbreviate your IP address in advance within European Union Member States and other signatory States of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA, to then be abbreviated there. Google will use this information on our behalf to evaluate your use of the websites and app, to compile reports on usage activities and to provide us with other services connected with the use of our offering and the internet. The IP address sent by your browser in the context of Google Analytics will not be combined with other data by Google.
For the transfer of data out of the European Union into third countries (e.g. the USA), Google had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Google uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).
You can prevent the collection and transfer of data (including your IP address) relating to the use of our websites and app generated by the cookie to Google and Google’s processing of such data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en .
You can find more information about conditions of use and data protection at http://www.google.com/analytics/terms/en.html and http://www.google.com/intl/en/analytics/privacyoverview.html .
ii. Google Analytics for Firebase SDK
We also use Google Analytics for Firebase SDK (“Firebase SDK“), an analytics tool provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which for the European Economic Area and Switzerland is provided by Google Ireland Limited (hereinafter “Google”), Gordon House, 4 Barrow Street, Dublin 4, Ireland, in order to ensure needs-based design and ongoing app optimisation and to subject our app to statistical analysis and evaluation with the aim of optimising it for you.
Firebase SDK obtains the following data:
- Number of users and sessions and session durations;
- Operating system and device model;
- Region;
- First-time starts;
- App executions, app updates and in-app purchases.
Some log data and user properties are also automatically collected. Detailed information is available here: https://support.google.com/firebase/answer/6318039?hl=en ; https://support.google.com/firebase/answer/9234069?visit_id=637953034774122734-3380257376&rd=1 ; https://support.google.com/firebase/answer/9268042?visit_id=637953034774122734-3380257376&rd=1 .
For the transfer of data out of the European Union into third countries (e.g. the USA), Google had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Google uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).
Firebase SDK is used to optimise our app and improve our overall offering. The legal bases for this are point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”). You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.
You can find more information on Firebase SDK at: https://firebase.google.com/
https://www.firebase.com/terms/privacy-policy.html
iii. Google Tag Manager
On our websites, we use Google Tag Manager, an offering provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, which for the European Economic Area and Switzerland is provided by Google Ireland Limited (hereinafter “Google”), Gordon House, 4 Barrow Street, Dublin 4, Ireland. Google Tag Manager is a solution for managing website “tags” via an interface and thereby incorporating other services like Google Analytics (see above, 2. j) i)) or Facebook Pixel (see below, 2. j) v.)), in our websites. Tag Manager itself (which implements the tags) thus, for instance, creates no user profile and sets no cookies. Google merely learns your IP address, which is necessary for executing Google Tag Manager.
We use Google Tag Manager to ensure needs-based design and ongoing website optimisation and to subject our websites to statistical analysis and evaluation with the aim of optimising them for you. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner.
For the transfer of data out of the European Union into third countries (e.g. the USA), Google had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Google uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).
You can find more information about conditions of use and data protection at http://www.google.com/analytics/terms/en.html and http://www.google.com/intl/en/analytics/privacyoverview.html .
iv. Facebook SDK
Our app makes use of the Facebook Software Development Kit (“Facebook SDK“). The Facebook SDK is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).
We use the Facebook SDK to carry out various evaluations of the installation of our app. The purpose of collecting and using such data is to analyse our target group and optimise product information.
Use of the Facebook SDK during app use leads to the collection of the following data, which Meta records:
- Automatically recorded events: basic interactions in the app (e.g. app installations, app starts) and system events (e.g. loading SDK, SDK performance), which are automatically registered.
- Facebook App ID: a unique ID of our websites and app issued by Facebook;
- Mobile identifier for advertisers: iOS IDFA or Android ADID;
- Metadata from the request: type and version of mobile operating system, SDK version, app name, app version, device’s opt-out setting, user agent string and client IP address. The SDK also collects the following device data: time zone, device operating system, device model, provider, screen size, processor cores, total storage space, free storage space.
Data is generally processed by Meta within the European Economic Area. However, the possibility that data may also be transferred to Meta servers outside the European Economic Area cannot be excluded. For the transfer of data out of the European Union into third countries (e.g. the USA), Meta had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Meta uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Article 46(2) GDPR).
The use of the Facebook SDK is in the interests of the analysis of user behaviour with the aim of optimising our offering. This constitutes a legitimate interest within the meaning of point (f) of the first sentence of Article 6(1) GDPR. You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons. If you click “allow”, data processing will still take place on the basis of point (a) of the first sentence of Article 6(1) GDPR, and you can withdraw your consent at any time.
You can find more information about conditions of use and data protection at https://facebook.com/legal/terms and https://facebook.com/privacy/policy .
v. Facebook Pixel
On our websites, we use Facebook Pixel, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).
To do this, we have inserted a code on our websites. Facebook Pixel is a snippet of JavaScript code that is activated when you visit our websites and stores a cookie on your device. The cookie allows Meta to collect access data, such as your IP address, geolocation data (country, region/city, country code, latitude/longitude, time zone) for the place from which the website was accessed, terminal device used (series, model, type), operating system, platform version, type and name, browser information (type of browser and version used) and the website from which our websites were accessed.
The data collected are anonymous to us and cannot be scrutinised. Currently they are usable only in ad placements, which we do not currently perform. If you are a Facebook user and logged in, your visit to our website will be automatically added to your Facebook user account. Meta also uses the data collected for its own purposes of analysis and advertising.
We use Facebook Pixel solely to carry out evaluations of the use of our websites and installations of our app, and to see how many users have come to our websites via Meta products (e.g. Facebook, Instagram). This supports needs-based design and ongoing optimisation of our websites. The legal basis for this is point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner.
If you are logged in to Facebook, you can change your own ad display settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . If you are not a Facebook user, you can manage your general user-based online advertising at https://www.youronlinechoices.com/uk/your-ad-choices . You can turn individual companies on or off here.
For the transfer of data out of the European Union into third countries (e.g. the USA), Meta had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Meta uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Art. 46(2) GDPR).
Meta terms and conditions and data processing guidelines apply. We have no influence on data processing by Meta. You can find more information about conditions of use and data protection at https://facebook.com/legal/terms and https://facebook.com/privacy/policy .
vi. OneSignal SDK
On our websites and in our app, we also use the OneSignal SDK (“OneSignal SDK“). The OneSignal SDK is provided by OneSignal Inc., 2850 S Delaware St #201, San Mateo, CA 94403, USA (“OneSignal”).
We use the OneSignal SDK to obtain “first-party data“, in order to send individualised messages to our users, e.g. by email, push notifications, web push notifications or in-app messages, and to manage, optimise and adapt these messages and to analyse user behaviour.
The following data is collected and processed through OneSignal SDK using cookies:
- Via web SDKs:
- Websites visited and information about those visits (e.g. session duration, timestamp, referring URLs);
- Type of push notifications;
- Information about your transactions and interactions with apps and websites;
- IP address from which geographical location can be established, and information on system configuration;
- Email address, if provided to us;
- Information about the browser used, e.g. browser language type and version of operating system (e.g. Android, iOS), network provider, language settings, time zone;
- An individual cookie ID that can identify the specific device used.
- Via mobile SDKs:
- Information on app use (e.g. session duration, timestamp), in-app purchases;
- Information on your transactions and interactions with apps and websites;
- IDs of mobile devices or user accounts. These mobile IDs may be associated with other information, including data segments;
- Exact location information, e.g. a user’s longitude and latitude (i.e. data on GPS level) or wifi information, which may be associated with mobile IDs and which can be obtained independently of these, whether an app is currently in use or not. (Location information is only collected if you have granted the app permission to collect it and if the app decides to send this data to OneSignal);
- Email address, if provided to us;
- IP address and information on system configuration;
- Information connected with devices or referring to them, e.g. device type (e.g. mobile, tablet); operating system type and version (e.g. Android, iOS); network provider; mobile browser (e.g. Safari, Chrome); language settings; time zone; network status type (e.g. wifi).
You can find detailed information on the data collected here: https://documentation.onesignal.com/docs/data-collected-by-the-onesignal-sdk .
OneSignal processes data in the USA and elsewhere. For the transfer of data out of the European Union into third countries (e.g. the USA), OneSignal had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, OneSignal uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Art. 46(2) GDPR).
Use of the OneSignal SDK takes place in the interests of analysing user behaviour in order to optimise our offering. This represents a legitimate interest within the meaning of point (f) of the first sentence of Article 6(1) GDPR. However, we also request your express consent, so that processing also takes place on the basis of point (a) of the first sentence of Article 6(1) GDPR; consent may be withdrawn at any time. For use of our websites, we request your consent using the cookie banner. Before you can use the app, you must accept our data protection notice. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.
You can find more information about OneSignal’s data use and data protection at https://onesignal.com/privacy_policy .
vii. Mixpanel
On our websites and in our app, we also use an analytical tool by Mixpanel Inc., One Front Street, 28th Floor, San Francisco, CA 94111, USA, which is provided for the European Economic Area by Mixpanel S.L., 75 Ave. des Champs-Élysées, 75008 Paris, France (“Mixpanel“).
The following data is collected and processed through Mixpanel:
- Event name, page name;
- Medium, Medium ID, value;
- Lismio UserID (if present);
- Country, ISO code, city, time zone;
- Browser information (type, browser name, version used and language) browser engine;
- Platform version, type and name;
- Terminal device used (series, model, type);
- IP address of requesting computer (stored anonymised after collection);
- Website from which an accessing system reached our app.
We use Mixpanel to make statistical analyses of use and your interaction with the functions of our websites and app and to evaluate them with the aim of optimising them for you. The legal basis for this is point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”) and point (a) of the first sentence of Article 6(1) GDPR (“your consent”), which we obtain via the cookie banner when you use our websites. You must accept our data protection notice before you can use the app. We request your consent for app tracking by offering you the choice between “allow” and “reject” buttons.
Generally, personal data collected is stored on Mixpanel servers in Germany, but it may be transferred to Mixpanel servers outside the European Union, including in the USA. For the transfer of data out of the European Union into third countries (e.g. the USA), Mixpanel had hitherto invoked the EU-US data protection agreement “Privacy Shield”. A judgment of the Court of Justice of the European Union of 16 July 2020, C-311/18, having now declared that legally void, Mixpanel uses the European Commission’s standard contract clauses to guarantee a level of protection consistent with European data protection provisions (Art. 46(2) GDPR).
You can opt out of the use of Mixpanel by following the instructions in this link: https://mixpanel.com/optout/. This will set an opt-out cookie. Thus, if you delete cookies on your terminal device, you will need to set this opt-out cookie again by following the instructions in this link.
You can find more information on how Mixpanel handles personal data in connection with the Mixpanel tool in Mixpanel’s data privacy declaration ( https://mixpanel.com/legal/privacy-overview/ ).
k) Recording your acknowledgment of our data protection notice
When you open our app or visit our websites, we verify whether you have acknowledged the latest version of the data protection notice on your terminal device. If you have not, we will display to you our current data protection notice with the request to acknowledge it. When you click “Read”, we record your acknowledgment and store the following data:
- IP address of request;
- Lismio User ID (if present);
- Language of request;
- Date and time of request;
- Version of data protection notice.
The legal basis for recording your personal data at the time of your acknowledgment of our data protection notice is point (c) of the first sentence of Article 6(1) GDPR. Under Article 24(1) GDPR, we are legally obliged to inform you about data collection, processing and storage. As evidence of this, we record your acknowledgment of our data protection notice. Evidence requires the recording of a non-anonymised IP address, otherwise the acknowledgment could not be linked to a specific user.
3. What happens to information you share with us?
The information you voluntarily share via our offering is only used to process your request. If no contractual relationship between you and us is established, the information you provide is deleted immediately your request is concluded. If a contractual relationship is established, your personal data will be stored for the duration of the contractual relationship and thereafter for the duration of statutory storage periods, warranty and guarantee rights and/or obligations to provide evidence, and then deleted.
If the purpose of storage ceases to be applicable or if a statutory storage period expires, the personal data will be automatically blocked or deleted in accordance with the legal regulations. You may also delete data about yourself that we have stored by activating the relevant button and deleting the app from your terminal device. This completely deletes all data that is not subject to a statutory storage period.
The legal basis for our processing of your data is point (a) of the first sentence of Article 6(1) GDPR (“your consent”), and, where your request relates to the establishment of a contractual relationship, point (b) of the first sentence of Article 6(1) GDPR (“necessary for the performance of a contract”) and point (f) of the first sentence of Article 6(1) GDPR (“legitimate interests”).
Except where otherwise stated in this data protection notice, on principle we do not pass your data to third parties, and in particular not for advertising or marketing purposes. We only pass your data to third parties if you have consented to this or if an enabling circumstance as defined by law is present. Such a circumstance would be present, for instance, if authorities or law enforcement agencies acting legitimately demand that we surrender data to them. The legal basis for this is point (c) of the first sentence of Article 6(1) GDPR.
4. You have the following rights:
Should the relevant legal conditions be present, you as a user of our offering have at all times the following rights:
- Right of access to information in accordance with Article 15 GDPR;
- Right to rectification of incorrect data or to completion thereof in accordance with Article 16 GDPR;
- Right to erasure in accordance with Article 17 GDPR;
- Right to restriction of processing in accordance with Article 18 GDPR;
- Right to data portability in accordance with Article 20 GDPR;
- Right to object in accordance with Article 21 GDPR;
- Right to withdraw in accordance with Article 7(3) GDPR.
If you wish to assert these rights, you may at any time apply to the controller responsible (see above, 1.). In order to process a request, we are obliged to verify the identity of the requesting party. This measure is intended to protect your data from unauthorised access by third parties.
You also have a right to lodge a complaint with a supervisory authority, in accordance with Article 77 GDPR. The competent authority in our case is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit: https://www.datenschutz-berlin.de/ ).
5. Data protection for minors
If a person under the age of 16 submits personal data via our offering, we will delete such data and not process it further immediately we are notified that the individual is a minor.
Status: September 2022