I. Who is the Controller and how can I contact the Data Protection Officer?
The Controller within the meaning of the GDPR is
validio GmbH & Co. KG
Pretzfelder Straße 13
Nuremberg Commercial Register HRA 12160
Managing Director:Dipl.-Kfm. Michael Oschmann
Please contact our Data Protection Officer Dr. Stefan Drewes, whom you can reach at the address in the imprint or at the following e-mail address: Datenschutzanfragen@privacy-advice.com, for any questions you may have about how we process your personal data or about data protection in general.
II. Your rights as a data subject
Each data subject has the following rights:
- Right of access (Article 15 of the GDPR);
- Right to rectification of incorrect data (Article 16 of the GDPR);
- Right to erasure/‘right to be forgotten’ (Article 17 of the GDPR);
- Right to restriction of processing of personal data (Article 18 of the GDPR); and
- Right to data portability (Article 20 of the GDPR).
You can object to the processing of personal data for purposes of marketing, including the analysis of customer data for marketing purposes, at any time without stating any reasons for this.
The data subject also has a general right to object (see Article 21 Paragraph 1 of the GDPR). In this case, reasons must be given for the objection to data processing. If data processing is based on consent, your consent may be withdrawn at any time with future effect.
To exercise data subject rights, the easiest option is to contact us at firstname.lastname@example.org. Otherwise, please use the address in our imprint. You also have the right to complain to data protection supervisory authorities responsible for you.
III. The processing of personal data by validio GmbH & Co. KG
We would like to give you an overview below of how we guarantee that your personal data is protected against access when you visit our website, and what types of personal data we process for what purposes and to what extent.
1. Processing personal data
Clever Dialer identifies incoming and outgoing calls and warns against any spam telephone calls. To provide this service, the Clever Dialer Android App first determines the phone number for the incoming or outgoing call. This phone number is then sent to the Clever Dialer web service. There, all available sources (e.g. ‘Das Örtliche’ local phone book or Yellow Pages) and the Clever Dialer spam database are used to check for information about this number. The information found is then shown to the user.
The user can submit ratings for a phone number in different places in the App. These ratings are saved by Clever Dialer and shown to other users.
A spam number rating is calculated based on various different calls. For this reason, Clever Dialer stores the following data for a period of 90 days for incoming calls:
- Phone number
- Anonymised ID
- Access date
- Spam call (yes/no)
This data is deleted after 90 days. The anonymised ID is a combination of letters, numbers and special characters and is set when the App is installed. It is therefore not possible to link it to a user. If the App is re-installed, a new ID is given.
The radius search in the Clever Dialer App sends the search text entered to various different directories, such as ‘Das Örtliche’ local phone book, Google and the Yellow Pages. The Clever Dialer App needs your location to be able to correctly run the search. We only use this if you have given consent through your mobile terminal device. Search results are shown to the user. This data is not saved.
2. Processing data when accessing our website – log files
When you access our website, general information is automatically collected. This information (server log files) includes the type of web browser, the operating system used, the domain name for your internet service provider and other similar information. The IP address is also sent and used for the service requested by you. This information is required for technical reasons in order to be able to provide you with the website content you have requested, and is mandatory when using the internet.
Based on our IT security concept, the resulting log file data is saved for a period of 28 days in order to recognise and analyse any attacks against our website. The legal basis for data processing is Article 6 (1) (1), point (f) of the GDPR.
3. Processing data when accessing our website – your requests
If you send us a request by e-mail or via the contact form, we collect the data you share in order to process it and respond to your concern. We save this information for a period of up to two years for evidence purposes. The legal basis for data processing is Article 6 (1) (1), point (f) of the GDPR.
4. Notes on guaranteeing data security
We take technical and operational security precautions on our website to protect the personal data saved by us against third-party access, loss or misuse, and to facilitate secure data transfer.
Please note that due to the structure of the internet, it is possible for there to be unauthorised access to data by third parties. You are therefore responsible for protecting your data from misuse using encryption or other means. If appropriate security measures aren’t taken, unencrypted transmitted data in particular can be read by third parties, even if such data is sent by e-mail.
Tracking by Google Analytics
This App uses Google Analytics, a web analysis service from Google Inc. (‘Google’). Google Analytics is able to analyse the use of the App using a ‘software development kit’ (SDK). Information collected about your use of this App is generally sent to a Google server in the USA and saved there. Due to the activation of IP anonymisation in this App, your IP address is truncated by Google within the European Union Member States or in other signatory states to the Agreement on the European Economic Area before it is sent. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. We instruct Google to use this information to evaluate your use of the App, to compile reports about App activities and to provide other services to us that relate to the App and internet use. The IP address sent from your App as part of Google Analytics is not merged with other Google data.
You can easily prevent Google tracking by deactivating tracking in the App’s settings. To do so, go to the menu symbol in the top left of the App ☰ and select ‘Settings’. You will find ‘Tracking’ on this page under data protection. Deactivate this.
We use Google Analytics to analyse the use of our App and to make regular improvements. We can improve our product and create designs that are more interesting for users by using these statistics. In exceptional cases in which personal data is sent to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for storing Cookies is consent (Article 6 (1) (1), point (a) of the GDPR). Further evaluation of the data collected by Google Analytics takes place over a period of 26 months, based on Article 6 (1) (1), point (f) of the GDPR.
You can also find more information about this at https://www.google.de/intl/de/policies/privacy/ (general information about Google Analytics and data protection).
Sharing data for error analysis
This App uses Crashlytics, an error analysis tool from Google Inc. (‘Google’). Crashlytics is able to send errors in the App, e.g. crashes, to Crashlytics using a ‘software development kit’ (SDK). Information collected about this App’s error behaviour is generally sent to a Google server in the USA and saved there. Status information for the App and the device, operating system information, hardware information and the device’s location are transmitted to the server. An ID that identifies the device is also transmitted. This ID is re-generated every time a new installation occurs. We instruct Google to use this information to evaluate error behaviour and to compile reports about App crashes.
You can easily prevent error analysis data being sent to Crashlytics by deactivating the transfer of error analysis data in the settings. To do so, go to the menu symbol in the top left of the App ☰ and select ‘Settings’. You will find ‘Transfer error analysis data’ on this page under data protection. Deactivate this.
We use Crashlytics to analyse the error behaviour of our App and to be able to resolve any errors that occur quicker. We can improve our App and create a more positive user experience for you as a user by using the information we gain from this. In exceptional cases in which personal data is sent to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for saving cookies is consent (Article 6 (1) (1), point (a) of the GDPR). Further evaluation of the data collected by Google Analytics takes place over a period of 26 months, based on Article 6 (1) (1), point (f) of the GDPR.
You can also find more information about this at https://www.google.de/intl/de/policies/privacy/ (General information about Google Analytics and data protection) and https://try.crashlytics.com/terms/privacy-policy.pdf (Specific information about Crashlytics).
Using cookies for advertising purposes
The following Cookies are specifically used:
Using AdMob by Google
This App uses the online advertising service Google AdMob, through which adverts can be shown to interested parties. We’re interested in showing you adverts that might be of interest to you, so that the website is more interesting for you. In doing so, statistical information is collected about you that is processed by our advertising partners on various different websites. These adverts can be recognised by the ‘Google advert’ note that appears in each advert.
When using our App, Google is notified that you are using our App. Google then uses a web beacon to save a Cookie on your machine. The data specified in Section 3 of this policy is transmitted. We have no influence on the data collected, and we do not know the full extent of data collection nor do we know what the storage period is. Your data is sent to the USA and evaluated there. If you are logged on to your Google account, your data can be directly associated with it. This data may be shared with Google contracting partners, third parties and authorities. The legal basis for data processing is Article 6 (1) (1), point (f) of the GDPR. This App does not display adverts from third-party providers via Google AdMob.
If you don’t want adverts to be personalised based on your interests, you can deactivate personalised advertising in your mobile device’s settings. As these settings are in different places for each manufacturer, we are unfortunately unable to give general instructions for this. You can find more information about this here: http://www.networkadvertising.org/mobile-choice
You can also find more information about the purpose and scope of data collection and the processing of data, as well as more information about your rights regarding this and the settings options to protect your privacy from: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Data protection provisions for advertising: http://www.google.de/intl/de/policies/technologies/ads. Google is subject to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.
As at 25.05.2018