Effective date: May 22, 2018
We know that you take your privacy seriously, and so do we! Please read the following to understand how and why your personal information is used and shared. Below we provide you with an overview of what data we collect for what purpose, and how we ensure the protection of your data in short and in a more detailed form.
Galatea is a mobile application by Inkitt GmbH.
The controller is Rosenstraße 17, 10178 Berlin, Germany represented by its CEO Ali Albazaz (” we/us/our” or ” Inkitt”). We offer services to our users’ (the ” User/you/your”) on our website https://www.inkitt.com/ (each a ” Website”) as well as related services (jointly the ” Service”).For any questions about data protection you may contact us via [email protected].
IN SHORT:
Controller Inkitt GmbH Rosenstraße 1710178 Berlin, Germany represented by its CEO Ali Albazaz email: [email protected] and Legal Basis of Processing Data; Provision and Recipients of DataYour data will be used for the following purposes:to provide you with the functioning Website and applications, to implement this privacy policy and carry out the contractual relationship and our Service, to analyze your use of our Service and improve our Service with our legitimate interests of marketing and fraud prevention, oras otherwise explained in this privacy policy or by any communication by us.Furthermore, your data will be processed by us with your explicit consent for the purpose of sending newsletters.Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).We, as well as our external service partners, receive your data for processing for the purpose of providing our Service. You provide data if this is necessary for the aforementioned purposes. In the event that you refrain from providing such data you may face legal disadvantages, for example, limited or no access to our Service.
Transfer of Data outside of the EU
In the course of data processing by us, data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third party providers such as cloud services and external service partners which process data on our behalf.
Your Rights
You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based in your consent.You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data is incorrect.You have the right to object to the processing of your personal data, for example if your personal data is processed for direct marketing purposes.You are entitled to request the erasure of your data.You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.You also have the right to lodge a complaint with a supervisory authority at your discretion. An overview of the European National Data Protection Authorities can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Period for Storing Data; Deletion
Your data is deleted if such data is no longer necessary for the purpose of processing.
Automated Decision making (including “profiling”)In general, we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such profiling may happen by third party providers through the Website or Service. We will inform you of this whenever possible.
Data Security
We have implemented sufficient measures to ensure data and IT security. The Website and applications are operated through a safe SSL-connection. If an SSL-connection is activated, third parties are prevented from reading any data that is transferred by you to us.
MORE DETAILED INFORMATION:
What is Personal Data?How is my Data processed when visiting the Website or applications? Does automated decision making including “Profiling” take place?III. How is my Data processed when joining Galatea?What Third Party Services, Cookies, Analytics and Social Plugins does the Website use?Is my Data transferred to Third Parties?Is my Data transferred outside the EU?VII. Your Rights: Right to access, rectification, object and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaintVIII. Data Security; Access and Changes to this Privacy Policy; Contact DetailsWhat is Personal Data?Personal data is any information relating to an identified or identifiable natural person. Personal data includes e.g. name or email address. Personal data also includes information about hobbies, memberships or websites viewed. We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing.How is my Data processed when visiting the Website or applications? Does automated decision making including “Profiling” take place?
Contacting us
When contacting us via email, the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or fulfilling your request based on Art. 6 (1) b. GDPR.
Newsletters
We inform the user about the Website, our Service and us through occasional newsletters.When registering for the newsletter, you have to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below).After registration, you will receive an email to confirm the registration (“double opt-in”). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter according to Art. 6 (1) a. GDPR and we may process such data accordingly.If you purchase goods or services from us, we may in future send you information emails for similar goods or services. Data processing will be based on the business relationship with you (Art. 6 (1) b. GDPR or German Unfair Competition Act (UWG)).In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user’s first and last name and the date of registration.Withdrawal of consent / OPT-OUT: The user can withdraw their consent to the processing of data for the purpose of sending the newsletter at any time. The withdrawal / objection can take place over a link, which is contained in each newsletter, or by separate message to us. You will not incur any costs other than the transmission costs according to the basic tariffs.
Automated Decision Making (including “Profiling”)
In general we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such automated decision making including profiling may happen by third party providers through the Website or Service.We will inform you of this whenever possible.Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips. The data subject shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him or her in a similar manner. [This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is admissible under Union or Member State law to which the data controller is subject and where such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) is taken with the data subject’s express consent. In such exceptional cases, the person responsible shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data subject, to state his own position and to challenge the decision.]III. How is my Data processed when joining the Inkitt Community?
Participation in the Inkitt Community and use of the Service
For taking part in our community through our Website you are asked to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective ‘submit’ button on the Website.These data may include the following information for the following purposes:Your user name is required to log-in to your accountYour email address is required for account verificationYour gender is required for our recommendation engineYour age is required to enforce restrictions of content for under-aged usersYour favorite genre is required to provide you with recommendationsYour interests are required to provide you with recommendations
Join with Facebook
Instead of the aforementioned registration via our website you may use “Facebook Connect” to sign in with an existing account by Facebook of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You may click on the “login with Facebook” button and will be automatically redirected to www.facebook.com in order to log-in. In this case your Facebook account will be connected with our website. Via this connection we will gain access to your Facebook user data. These are in particular the following data:Your age rangeYour locationYour GenderYour IDYour birthdayA link to your face profileYour hometownYour email addressLiked BooksLiked MusicLiked Videos,Likes in generalThese data will be used to set up and provide your user account on our website. We will process your data primarily based on your consent based on the legal basis of Art. 6 (1) a. GDPR and subsequently based on Art. 6 (1) b. GDPR.We note that if you log-in with Facebook an automated decision making including profiling may happen.For further information please see Facebook’s privacy policy (see https://de-de.facebook.com/about/privacy) and terms of use (see: https://www.facebook.com/legal/terms/).You may amend at any point in time the data provided through contacting support by requesting an account change under [email protected] data are required to create and manage your account and to participate in the Inkitt community.We may contact you via email if you send us a request as well as for purposes related to taking part in our community and/or the use of the Service based on Art. 6 (1) b. GDPR or §§ 14, 15 TMG.We also use the information collected, including your personal data, in order to improve and analyze your use of our Service based on §§ 14, 15 TMG, Art. 6 (1) b. and f. GDPR) and to ensure the technical functionality of our services fulfilment of contractual or pre-contractual obligations (based on §§ 14, 15 TMG or Art. 6 (1) b. GDPR and as otherwise explained in this privacy policy. Regarding the data processing based on Art. 6 (1) f. GDPR we wish to achieve the legitimate interests of quality insurance and marketing.What Third Party Services, Cookies, Analytics and Social Plugins does the Website use?
Cookies
In order to offer you a convenient online service featuring numerous functions, our Website uses text files (” Cookies“) containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.
OPT-OUT:
You can deactivate the use of Cookies in the settings of your browser at any time. To find out how to change the settings, please consult the help function of your browser. Users may also manage a lot of online Cookies by different businesses on the US-website https://www.aboutads.info/choices/ or the EU-website http://www.youronlinechoices.com/uk/your-ad-choices/. However, we want to point out that without Cookies the use and comfort of use of our services may be restricted.
Google Analytics
We use Google Analytics a web analytics tool offered by Google LLC, Mountain View, CA, USA (” Google“). This analysis service uses so-called “cookies”. For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.Adjusting the settings of your browser software can prevent the use of cookies. In this case, it may be possible that the functions of the service offered here cannot be used in its entirety. Furthermore, it is possible to prevent the acquisition and processing of data generated by the “cookies” in relation to the use of this website, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=deWe also use Google Analytics to analyse data of Google Adwords for statistical purposes
OPT-OUT:
https://www.google.com/settings/ads/onweb/?hl=de
We point out that an automated decision making (“profiling”) (see also [“profiling” link] above) can take place when integrating Google and including an existing Google account.Are my Data transferred to Third Parties?We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.For more information please refer to [email protected].Are my Data transferred outside the EU?When visiting the Website and using our Service data may be transferred to countries outside the EU whereas the services by Google [add link] and Facebook [add link] are affected.The US companies providing the services of Google and Facebook are each certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. For more information on EU-US-Privacy-Shield and details about the certificates for Google and Mailchimp please refer to: https://www.privacyshield.govWe also use the following third party services in which course data may be transferred to countries outside the EU:
Functional Software Inc. (Sentry)Intended Purpose We use Functional Software Inc. (Sentry), 132 Hawthorne Street, San Francisco, California 94107, USA for the purpose of error tracking. Your device, operating system, visitor_id, country, release version, url and user ID will be processed via servers in the US and EuropeProcessing outside of EU and compliance with EU-StandardsThe services of Functional Software Inc. (Sentry) are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.govFurther Informationhttps://sentry.io/privacy/#eu-us-privacy-shield
Sendgrid
Intended Purpose We use SendGrid, Inc., 1801 California Street, Suite 500Denver, Colorado 80202, USA for the purpose of sending transaction and marketing emails and storing of unsubscription. Your email address will be processed.Processing outside of EU and compliance with EU-StandardsThe services of SendGrid, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://sendgrid.com/policies/privacy/services-privacy-policy/
Facebook
Intended Purpose We use Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, for the purpose of user analytics and advertising. The data collected is anonymous to us as operators of this website and we cannot use it to draw any conclusions about our users’ identities. However, the data are stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.Processing outside of EU and compliance with EU-StandardsThe services of Facebook, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://www.facebook.com/about/privacyshield
Amazon Web Services (AWS)
Intended Purpose We use Amazon Web Services by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA for the purpose of hosting our website. Your customer data, such as your email address, will be processed.Processing outside of EU and compliance with EU-StandardsThe services of Amazon Web Services, Inc are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.govFurtherInformationhttps://aws.amazon.com/compliance/eu-data-protection/ https://aws.amazon.com/compliance/germany-data-protection/GoogleIntended PurposeWe use Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics and marketing. Your data such as browser type/version, operating system used, referrer URL (the site previously visited), host name of the accessing computer (IP address) and time of server enquiry will be processed.Processing outside of EU and compliance with EU-StandardsThe services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection zendesk standards is ensured. See: https://www.privacyshield.gov/Further Information https://policies.google.com/privacy
Fabric
Intended Purpose We use Fabric by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics and crash reporting. Your impersonal data such as installation UUDI, IP address (temporarily), user events (button clicks, page views etc.) will be processed. A storage of personal data does not take place.Processing outside of EU and compliance with EU-StandardsThe services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://fabric.io/terms?locale=en-us&utm_campaign=fabric-marketing&utm_medium=natural
Firebase
Intended Purpose We use Firebase by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics, sending push notification to users and storing of storing chat messages. Your IP address, Instance IDs, Crash traces, User agents, Mobile ad IDs, IDFVs/Android IDs, Analytics App Instance IDs, All User events (button clicks, page views, etc) will be processed. Personal data is not stored.Processing outside of EU and compliance with EU-StandardsThe services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://policies.google.com/privacy
Branch.io
Intended Purpose We use Branch Metrics, Inc., 1400B Seaport Boulevard, Redwood City, California 94063, USA for the purpose of deeplinks for marketing purposes. Your iOS or Android identification (IFDA or Android ID), the IP address, the version of the app, information about the terminal used, its manufacturer and the operating system version used, screen size and resolution, start and end of use of our app, type of connection (e.g. WLAN, mobile access), period since installation and since the last update of the app. The listed information is only processed by Branch in anonymous form. An identification of the individual Inkitt user by Branch is thus excluded.Processing outside of EU and compliance with EU-StandardsThe services of Branch Metrics, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://branch.io/policies/#privacy
Zendesk
Intended Purpose We use Zendesk, Inc 1019 Market Street, 6th Floor, San Francisco, California 94103, USA for support system purposes. Your Information such as last name, first name, and email address is recorded on our platform will be processed in order to answer your questions.Processing outside of EU and compliance with EU-StandardsThe services of Zendesk, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://www.zendesk.com/company/customers-partners/privacy-policy/
Instabug
Intended Purpose We use Instabug, Inc., 855 El Camino Real St., Suite 13A-111, Palo Alto, CA. 94301, USA for bug tracking purposes. Your IP address, domain server, type of internet browser will be processed.Processing outside of EU and compliance with EU-Standards Instabug, Inc. has entered into Standard Contractual Clauses according to Commission Decision C(2010)593 regarding the transfer of personal data to processors established in third countries with us, accordingly the compliance with EU data protection standards is ensured. See: https://instabug.com/dpaFurther Informationhttps://instabug.com/privacy
Newrelic
Intended Purpose We use New Relic, Inc., 188 Spear Street, Suite 1200, San Francisco, California 94105, USA for server monitoring purposes. Your system relevant data such as usage times, used hardware and software will be processed.Processing outside of EU and compliance with EU-StandardsThe services of New Relic, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://newrelic.com/privacy-shieldVII. Your Rights: Right to access, object, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint
As a data subject you have the right: to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future; to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation; to obtain from us access to your personal data; to obtain from us without undue delay the rectification of inaccurate personal data concerning you; to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.If you wish to make use of your rights mentioned above please send an email to [email protected] you obtain access to your personal data you may, in particular, request access to the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed. We also will, if possible, give information about the envisaged period of time for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority and where the personal data are not collected from the data subject, any available information as to their source and the existence of automated decision-making, including profiling and meaningful information about this event.
You have the right to lodge a complaint vis-á-vis a supervisory authority of your choice.
For example for Berlin/Germany: https://www.datenschutz-berlin.de/kontakt.html.
An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Duration of the storage of personal data; deletion periods
As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum. Your IP-address and server-log-files (as set forth above) are stored for seven days for security and technical reasons.In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.VIII. Data Security; Access and Changes to this Privacy Policy; Contact Details
Data Security
We have installed technical and organizational measures in order to safeguard our Website and/or Service against loss, destruction, access, changes or the distribution of your data by unauthorized persons. However we cannot guarantee a complete protection for data transmitted to us against all dangers at all times, because information via the internet is not completely secure.The Website is operated through a safe SSL-connection. If an SSL-connection is activated third parties are prevented from reading any data that are transferred by you to us.We will store your data on servers, which are located within the European Union and, as applicable and set forth in this privacy policy, in the USA.
Access and Changes to this Privacy Policy
This privacy policy is accessible through https://galateastories.com/privacy and may be downloaded and printed anytime.We reserve the right to change the regulations of this privacy policy at any time, taking into account currently applicable data protection provisions. In case of any changes, you will be notified and you will have to agree to the modified provisions.
Contact Details
For any inquiries and additional questions about processing personal data please contact [email protected]. Further details may be found here: https://www.inkitt.com/imprint