We comply with all applicable data security and data protection laws, including the applicable EU data protection regulations. We will treat your personal information confidentially and in accordance with legal requirements. In the following we would like to inform you about how we handle your data when you use our app.
1 - Contact details
(a) Name and contact details of the responsible person
Responsible for the collection, processing and use of data (“data processing”) within the meaning of the Basic Data Protection Regulation (DSGVO) is:
Aumio UG (limited liability)
c/o Spinlab – The HHL Accelerator, Spinnereistraße 7
Phone: 030 / 86 32 32 49
b) Data processing in case of contact
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. We delete the data arising in this connection after storage is no longer necessary or restrict processing if there are legal storage obligations.
c) Contact form
If you use the contact form in our app to send us an enquiry, we need the following information: E-mail address, name, phone number and company if applicable. Before sending your enquiry, we need your consent to process the transmitted data in accordance with Art. 6 Para. 1 lit. a DS-GVO. Your enquiry, including all personal data resulting from it (e.g. IP address, name, enquiry), will be stored and processed by us for the purpose of processing your request. The data collected by us will only be used to answer your enquiry. We delete the data collected in this context after storage is no longer required or restrict processing if there are legal storage obligations.
If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the specified criteria for the storage period.
2 - General information on data processing
We are responsible for the data processing that takes place when using this app. Our employees have been committed to maintaining the confidentiality of personal data and have also been made aware of the special importance of data protection.
This data protection declaration can be permanently accessed, printed or downloaded at any time at https://aumio.de/en/app-privacy-policy/.
1. Scope of the processing of personal data
The use of the app requires the processing of various information. Furthermore, the extent of data processing depends on your use of the App’s functionalities, such as the contact form, and the extent to which you give us your consent.
2. Legal basis for the processing of personal data
This processing of your personal data takes place on various legal bases. These are presented in abstract form below.
Fulfilment of contract or implementation of pre-contractual measures (Art. 6 para. 1 b)/ § 26 BDSG-New):
Processing is only carried out to the extent necessary for the exercise and fulfilment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data processing by us is only carried out to this extent.
Justified interest (Art. 6 Para. 1 f)):
Processing shall be carried out if we have a legitimate interest and no conflicting overriding interests on your part are apparent. The specific interest is explained in this data protection declaration in the context of the processing presentation.
Consent (Art. 6 para. 1 a)):
Processing is carried out if you have given your express consent to this on the basis of transparent information about the type and scope of data processing. You can revoke your consent at any time. However, processing carried out up to this point will not be affected.
Legal obligation (Art. 6 para. 1 c)):
Processing is carried out to the extent that it is necessary to fulfil German or European legal obligations.
3. Data deletion and storage period
We delete your personal data as soon as the legal basis for their processing ceases to apply and there is no legal obligation to retain them. An obligation to retain data can be provided for if this is regulated by the European or national legislator in regulations, laws or other rules to which we are subject.
4. Possibility of objection and removal
Wherever data is processed on the basis of your consent or a legitimate interest on our part, you have the right to object to the processing at any time. To exercise your right of withdrawal, you can contact email@example.com. If you object to processing on the basis of our legitimate interest, we may nevertheless continue processing if we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms.
5. Amendment of this data protection declaration
We reserve the right to change these data protection regulations at any time in compliance with the legal requirements.
3 - Your rights
If we process your personal data, you are the data subject in the sense of Art. 4 Para. 1 DS-GVO. You therefore have the following rights with regard to the personal data concerning you:
- Right to information in accordance with Art. 15 DS-GVO,
- Right of correction or deletion according to Art. 16 and Art. 17 DS-GVO,
- Right to restrict processing under Art. 18 DS-GVO,
- Right to object to processing Art. 21 DS-GVO,
- Right to data transferability according to Art. 20 DS-GVO,
- Right to revoke the declaration of consent under data protection law in accordance with Art. 7 para. 3 DS-GVO.
As a user of our app, you are not subject to any automated decision-making process in the sense of Art. 22 DS-GVO.
If you do not agree with the way we process your data, please contact us at firstname.lastname@example.org. Furthermore, in accordance with Art. 77 DS-GVO you have the right to lodge a complaint with the supervisory authority responsible for you.
4 - Collection of personal data when using our app
(a) Collection of personal data
When downloading the mobile app, the required information is transferred to the App Store (Apple) or Play Store (from Google). We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.
If you wish to set up a password-protected user account with us, we require the following information from you:
- a valid e-mail address,
- name, and
In addition, you must enter a password of your own choice to create a user account. Together with your e-mail address or your user name, this password enables access to your user account. In your user account you can view and change your stored data at any time.
Furthermore, you have the possibility to provide the following voluntary information:
- date of birth
When using the mobile app, we collect the personal data described below to enable the use of the functions.
If you would like to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. b DS-GVO):
- User identification (e.g. an account ID)
- IP address
- Date and time of requests
- Content of the request (concrete page call or activity)
- Access status/HTTP status code
- Amount of data transmitted in each case
- Language (so-called locale)
- Device identification and information
- Operating system and version
- Connection data (e.g. WiFi or mobile data connection)
- Screen resolution
Furthermore, we may also collect the following data when forwarding it to the app in order to enable users to use it conveniently:
- Website from which the user was redirected to the App (referrer)
- Request parameters (e.g. authentication code or campaign IDs)
In addition, we collect usage data that is generated when the App is used (e.g. App sessions, session duration, App interactions, courses and exercises carried out) in order to be able to process this data for market research and advertising purposes and to improve and individualise our offers (legal basis is Art. 6 Para. 1 S. 1 lit. f DS-GVO).
The processing of your personal data is carried out at your request and, in accordance with Art. 6 para. 1 sentence 1 lit. b DSGVO, is necessary for the above-mentioned purposes for the use of our products and thus for the fulfilment of the contract and pre-contractual measures or on the basis of justified interests in accordance with Art. 6 para. 1 lit. f DSGVO, which are always weighed against your interests.
The personal data collected by this app will be stored until you request us to delete it, revoke your consent to storage or the purpose for which the data is stored ceases to apply, unless we are obliged to store the data for a longer period of time in accordance with Article 6 Paragraph 1 S. 1 lit. c DSGVO due to storage and documentation obligations under tax and commercial law (from the German Commercial Code (HGB), German Penal Code (StGB) or German Fiscal Code (AO)) or you have consented to storage beyond this in accordance with Article 6 Paragraph 1 S. 1 lit. a DSGVO. This is subject to deviating or more specific information within this data protection declaration.
(b) Objection to or revocation of the processing of your data
If you have given your consent to process your data, you can revoke it at any time. Such revocation will affect the permissibility of processing your personal data after you have given it to us.
Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in each case in the description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you may at any time object to the processing of your personal data for advertising purposes. You can inform us of your objection to advertising by contacting us at the following email address: email@example.com.
5 - Recipients of data and data transfers to third countries
(a) The recipient of data
The personal data that we collect from you within the framework of the App will only be transmitted to contract processors involved in data processing on the basis of a valid contract agreement.
(b) Data transfer to third countries
The personal data that we collect from you within the framework of the App is generally not transferred to third countries outside the European Economic Area.
Data may be transferred to third countries when using the following applications:
- Mailchimp (newsletters)
- Typeform (contact forms)
- App Center (usage and crash data collection)
- Segment (collection of usage data)
- Mixpanel (data evaluation)
You will find the specific details on data transfer in this data protection declaration at the respective points of the individual functions (contact form, newsletter, analysis tools).
The App uses encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as App operator or communication between App users. This encryption prevents the data you transmit from being read by unauthorised third parties.
6 - Access rights of our app
In order to provide our service via the App, we require the following access rights, which enable us to access certain functions of your device:
- Device identification (e.g. Advertising ID)
- Phone status (e.g. “On” or “Standby”)
- Internet connection
- Memory access (for writing and reading App images and audio files)
- Network status (e.g. whether the device is offline, including for streaming content)
- Audio playback
- Push notifications
Android devices have the default setting that push messages are automatically enabled. This default setting can be revoked during the registration process and at any time in the app in the profile under “Settings”. Apple devices have the default setting that Push messages are automatically disabled, if you wish to receive Push messages, please enable this feature in your profile under “Preferences”.
- Vibrate (for push notifications)
The processing of your personal data is carried out on the basis of Art. 6 para. 1 sentence 1 letter b DSGVO for the fulfilment of the contract for the use of our App. In addition, the processing is carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO. Our interests result as legitimate in the sense of the above-mentioned provision and follow from the purposes for data processing listed above.
7 - Use of our newsletters
With your consent, you can subscribe to newsletters with which we inform you about various topics. The advertised goods and services are named in the declaration of consent.
We use the so-called double-opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
Your e-mail address is mandatory for sending the newsletter. The indication of further, separately marked data is used to be able to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a DS-GVO.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, by sending an e-mail to firstname.lastname@example.org or by sending a message to the contact details given in the imprint.
Please note that we may evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For the evaluation we link the data mentioned in § 3 and the web beacons with your user profile. Links received in the newsletter may also contain this information. We use the data thus obtained to create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click in them and conclude from this your personal interests. We link this data to actions you take on our website.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact channel. The information is stored for as long as you have subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed completely and you may not be able to use all functions. If you have the images displayed manually, the above-mentioned tracking will take place.
We use the services of the providers Mailchimp and Sendinblue to create and send the newsletter. Suppliers are The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA and Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. When using “Mailchimp” to send our newsletter, your data will be transferred to the USA. However, The Rocket Science Group, LLC, as a US company, has submitted to the EU-US Privacy Shield, so that an adequate level of data protection is guaranteed (https://www.privacyshield.gov/EU-US-Framework).
For forms within our newsletter we use the services of the provider https://www.typeform.com. Typeform is a service of TYPEFORM S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain. Typeform collects and stores your data when you register for the newsletter. We ourselves are responsible for the Typeform forms that we publish and manage the data collected. We delete these from the Typeform servers after we have downloaded them.
Typeform always collects usage data when you use the registration form. Typeform collects data about the type of device and the program used to call up a form, such as the IP address, browser type and operating system. This may also include the geographical location of the user as determined by the IP address. Typeform stores information about the source that referred the user to the form (e.g. the link on a website or in an e-mail). Typeform uses tracking services from third party manufacturers to collect aggregated and anonymous data through cookies and page tags (also known as web beacons or web bugs). This data may include user and usage statistics. This data is processed on servers located in the USA.
8 - Use of analysis tools
When you access our app, your behaviour as described in no. 4 a) can be statistically evaluated with the help of certain analysis tools and analysed for advertising and market research purposes or to improve and individualise our offers. When using such tools, we ensure that the legal data protection regulations are observed. When using external service providers (contract processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
These analysis tools are used to optimise the app and to improve our offers. This represents a legitimate interest in the sense of Art. 6 Para. 1 letter f DSGVO.
The following external services are used for these purposes:
Sentry for bug monitoring
We use Sentry to capture and analyse software errors. The provider is Functional Software, Inc. 1501 Mariposa St #408, San Francisco, CA 94107, USA.
Sentry is used to improve the technical stability of our service by monitoring and identifying software errors. Sentry is solely for these purposes and does not evaluate data for promotional purposes. User data, such as information about the device or time of failure, is collected anonymously and is not used in a personalised manner, and then deleted. The data is processed on our servers and is not passed on to Sentry (on-premise).
Microsoft App Center
We use App Center to collect crash reports, user data and distribution of our App. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399, USA
App Center provides us with information about the usage, devices, app and operating system version numbers of the devices on which our apps are installed. In addition, we receive crash reports if errors occur in our apps.
The data collected is stored and processed in the USA. Microsoft Corp. is certified according to the EU-U.S. Privacy Shield.
We use segment to record usage patterns. The provider is Segment.io, Inc., 109 E 17th St #4503, Cheyenne, WY 82001, USA.
Segment is used to record user behaviour. In a further step, this serves to better understand this and to improve our app based on it.
The recorded usage data is only collected pseudonymously. The data is not used to merge usage profiles with your personal data. As a rule, the information is not transferred to third countries outside the European Economic Area. However, in some cases it may be necessary to transfer data to a server of Segment in the USA.
Segment.io Inc. is certified according to the EU-U.S. Privacy Shield.
We use Mixpanel for data evaluation and visualisation. The provider is Mixpanel, Inc., San Francisco 405 Howard Street, Floor 2, San Francisco, CA 94105.
User data is processed pseudonymously, i.e. no clear personal data (such as names) is processed and IP addresses of users are shortened. Instead, processing is only carried out on the basis of a pseudonymised technical ID. Any IDs or e-mail addresses communicated to MixPanel are encrypted as so-called hash values and stored as a series of characters that do not permit identification.
The data collected by Mixpanel will not be disclosed to third parties. The data collected is stored and processed in the USA. Mixpanel Inc. is certified according to the EU-U.S. Privacy Shield.