Effective date: May 22, 2018
We know that you take your privacy seriously, and so do we! Please read the following to understand how and why your personal information is used and shared. Below we provide you with an overview of what data we collect for what purpose, and how we ensure the protection of your data in short and in a more detailed form.
Galatea is a mobile application by Inkitt GmbH.
The controller is Rosenstraße 17, 10178 Berlin, Germany represented by its CEO Ali Albazaz (” we/us/our” or ” Inkitt”). We offer services to our users’ (the ” User/you/your”) on our website https://www.inkitt.com/ (each a ” Website”) as well as related services (jointly the ” Service”).For any questions about data protection you may contact us via [email protected].
Transfer of Data outside of the EU
In the course of data processing by us, data may be transferred to third countries, i.e. countries outside the EU. This may happen via implementation of third party providers such as cloud services and external service partners which process data on our behalf.
You have the right to withdraw your consent relating to the use of data any time with effect for the future when such data processing is based in your consent.You are entitled to access the data stored by us and are also entitled to amend or rectify your data if such data is incorrect.You have the right to object to the processing of your personal data, for example if your personal data is processed for direct marketing purposes.You are entitled to request the erasure of your data.You are entitled to receive information about the stored data (in a structured, current and machine-readable format) at any time and to request the correction or deletion of the data in case of incorrect data storage.You also have the right to lodge a complaint with a supervisory authority at your discretion. An overview of the European National Data Protection Authorities can be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Period for Storing Data; Deletion
Your data is deleted if such data is no longer necessary for the purpose of processing.
Automated Decision making (including “profiling”)In general, we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such profiling may happen by third party providers through the Website or Service. We will inform you of this whenever possible.
We have implemented sufficient measures to ensure data and IT security. The Website and applications are operated through a safe SSL-connection. If an SSL-connection is activated, third parties are prevented from reading any data that is transferred by you to us.
MORE DETAILED INFORMATION:
When contacting us via email, the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or fulfilling your request based on Art. 6 (1) b. GDPR.
We inform the user about the Website, our Service and us through occasional newsletters.When registering for the newsletter, you have to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below).After registration, you will receive an email to confirm the registration (“double opt-in”). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter according to Art. 6 (1) a. GDPR and we may process such data accordingly.If you purchase goods or services from us, we may in future send you information emails for similar goods or services. Data processing will be based on the business relationship with you (Art. 6 (1) b. GDPR or German Unfair Competition Act (UWG)).In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user’s first and last name and the date of registration.Withdrawal of consent / OPT-OUT: The user can withdraw their consent to the processing of data for the purpose of sending the newsletter at any time. The withdrawal / objection can take place over a link, which is contained in each newsletter, or by separate message to us. You will not incur any costs other than the transmission costs according to the basic tariffs.
Automated Decision Making (including “Profiling”)
In general we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such automated decision making including profiling may happen by third party providers through the Website or Service.We will inform you of this whenever possible.Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips. The data subject shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him or her in a similar manner. [This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is admissible under Union or Member State law to which the data controller is subject and where such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) is taken with the data subject’s express consent. In such exceptional cases, the person responsible shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data subject, to state his own position and to challenge the decision.]III. How is my Data processed when joining the Inkitt Community?
Participation in the Inkitt Community and use of the Service
For taking part in our community through our Website you are asked to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective ‘submit’ button on the Website.These data may include the following information for the following purposes:Your user name is required to log-in to your accountYour email address is required for account verificationYour gender is required for our recommendation engineYour age is required to enforce restrictions of content for under-aged usersYour favorite genre is required to provide you with recommendationsYour interests are required to provide you with recommendations
Join with Facebook
In order to offer you a convenient online service featuring numerous functions, our Website uses text files (” Cookies“) containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.
We point out that an automated decision making (“profiling”) (see also [“profiling” link] above) can take place when integrating Google and including an existing Google account.Are my Data transferred to Third Parties?We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.For more information please refer to [email protected].Are my Data transferred outside the EU?When visiting the Website and using our Service data may be transferred to countries outside the EU whereas the services by Google [add link] and Facebook [add link] are affected.The US companies providing the services of Google and Facebook are each certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. For more information on EU-US-Privacy-Shield and details about the certificates for Google and Mailchimp please refer to: https://www.privacyshield.govWe also use the following third party services in which course data may be transferred to countries outside the EU:
Functional Software Inc. (Sentry)Intended Purpose We use Functional Software Inc. (Sentry), 132 Hawthorne Street, San Francisco, California 94107, USA for the purpose of error tracking. Your device, operating system, visitor_id, country, release version, url and user ID will be processed via servers in the US and EuropeProcessing outside of EU and compliance with EU-StandardsThe services of Functional Software Inc. (Sentry) are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.govFurther Informationhttps://sentry.io/privacy/#eu-us-privacy-shield
Intended Purpose We use SendGrid, Inc., 1801 California Street, Suite 500Denver, Colorado 80202, USA for the purpose of sending transaction and marketing emails and storing of unsubscription. Your email address will be processed.Processing outside of EU and compliance with EU-StandardsThe services of SendGrid, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://sendgrid.com/policies/privacy/services-privacy-policy/
Amazon Web Services (AWS)
Intended Purpose We use Amazon Web Services by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA for the purpose of hosting our website. Your customer data, such as your email address, will be processed.Processing outside of EU and compliance with EU-StandardsThe services of Amazon Web Services, Inc are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.govFurtherInformationhttps://aws.amazon.com/compliance/eu-data-protection/ https://aws.amazon.com/compliance/germany-data-protection/GoogleIntended PurposeWe use Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics and marketing. Your data such as browser type/version, operating system used, referrer URL (the site previously visited), host name of the accessing computer (IP address) and time of server enquiry will be processed.Processing outside of EU and compliance with EU-StandardsThe services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection zendesk standards is ensured. See: https://www.privacyshield.gov/Further Information https://policies.google.com/privacy
Intended Purpose We use Fabric by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics and crash reporting. Your impersonal data such as installation UUDI, IP address (temporarily), user events (button clicks, page views etc.) will be processed. A storage of personal data does not take place.Processing outside of EU and compliance with EU-StandardsThe services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://fabric.io/terms?locale=en-us&utm_campaign=fabric-marketing&utm_medium=natural
Intended Purpose We use Firebase by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics, sending push notification to users and storing of storing chat messages. Your IP address, Instance IDs, Crash traces, User agents, Mobile ad IDs, IDFVs/Android IDs, Analytics App Instance IDs, All User events (button clicks, page views, etc) will be processed. Personal data is not stored.Processing outside of EU and compliance with EU-StandardsThe services of Google LLC are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://policies.google.com/privacy
Intended Purpose We use Branch Metrics, Inc., 1400B Seaport Boulevard, Redwood City, California 94063, USA for the purpose of deeplinks for marketing purposes. Your iOS or Android identification (IFDA or Android ID), the IP address, the version of the app, information about the terminal used, its manufacturer and the operating system version used, screen size and resolution, start and end of use of our app, type of connection (e.g. WLAN, mobile access), period since installation and since the last update of the app. The listed information is only processed by Branch in anonymous form. An identification of the individual Inkitt user by Branch is thus excluded.Processing outside of EU and compliance with EU-StandardsThe services of Branch Metrics, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://branch.io/policies/#privacy
Intended Purpose We use Zendesk, Inc 1019 Market Street, 6th Floor, San Francisco, California 94103, USA for support system purposes. Your Information such as last name, first name, and email address is recorded on our platform will be processed in order to answer your questions.Processing outside of EU and compliance with EU-StandardsThe services of Zendesk, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://www.zendesk.com/company/customers-partners/privacy-policy/
Intended Purpose We use Instabug, Inc., 855 El Camino Real St., Suite 13A-111, Palo Alto, CA. 94301, USA for bug tracking purposes. Your IP address, domain server, type of internet browser will be processed.Processing outside of EU and compliance with EU-Standards Instabug, Inc. has entered into Standard Contractual Clauses according to Commission Decision C(2010)593 regarding the transfer of personal data to processors established in third countries with us, accordingly the compliance with EU data protection standards is ensured. See: https://instabug.com/dpaFurther Informationhttps://instabug.com/privacy
Intended Purpose We use New Relic, Inc., 188 Spear Street, Suite 1200, San Francisco, California 94105, USA for server monitoring purposes. Your system relevant data such as usage times, used hardware and software will be processed.Processing outside of EU and compliance with EU-StandardsThe services of New Relic, Inc. are certified according to EU-US-Privacy-Shield, accordingly the compliance with EU data protection standards is ensured. See: https://www.privacyshield.gov/Further Informationhttps://newrelic.com/privacy-shieldVII. Your Rights: Right to access, object, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint
As a data subject you have the right: to withdraw your consent to us at any time. As a result, we are no longer allowed to continue the processing of data based on this consent in the future; to object to the processing of your personal data, if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation; to obtain from us access to your personal data; to obtain from us without undue delay the rectification of inaccurate personal data concerning you; to obtain the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to free expression of opinion and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing; and to receive your personal data, which you have provided to us, in a structured, current and machine-readable format or to request the transmission to another controller.If you wish to make use of your rights mentioned above please send an email to [email protected] you obtain access to your personal data you may, in particular, request access to the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed. We also will, if possible, give information about the envisaged period of time for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority and where the personal data are not collected from the data subject, any available information as to their source and the existence of automated decision-making, including profiling and meaningful information about this event.
You have the right to lodge a complaint vis-á-vis a supervisory authority of your choice.
For example for Berlin/Germany: https://www.datenschutz-berlin.de/kontakt.html.
An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Duration of the storage of personal data; deletion periods