We, Aumio GmbH, respect the privacy of all individuals who use our mobile applications from the Apple App Store and/or the Google Play Store (hereinafter “App”). Therefore, we would like to inform you about how we use your personal data (which is any data that is personally identifiable to you, e.g. name, address, email address, user behavior).
We comply with all applicable data security and privacy laws, including applicable EU data protection laws. We treat your personal information confidentially and in accordance with legal requirements.
(a) Name and contact details of the responsible person
Responsible for the collection, processing and use of data (“data processing”) within the meaning of the Basic Data Protection Regulation (DSGVO) is:
Aumio UG (limited liability)
c/o Spinlab – The HHL Accelerator, Spinnereistraße 7
Phone: 030 / 86 32 32 49
b) Data processing when contacting us
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary, or restrict the processing if there are legal obligations to retain data.
c) Contact form
If you use the contact form in our app to send us an inquiry, we require the following information: Email address, name if applicable, phone number and company. Before sending your request, we need your consent to process the transmitted data in accordance with Art. 6 (1) lit. a DS-GVO. Your inquiry including all personal data resulting from it (e.g. IP address, name, inquiry) will be stored and processed by us for the purpose of processing your request. The data we collect will only be used to respond to the request. We delete the data accrued in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
We are responsible for the data processing that takes place in the context of the use of this app. Our employees have been obligated to maintain the confidentiality of personal data and have also been sensitized to the special importance of data protection.
You can access, print or download this data protection declaration permanently and at any time at the address https://aumio.de/privacy-policy-app.
1. Scope of the processing of personal data
The use of the app makes the processing of various information necessary. In addition, the scope of data processing depends on your use of the functionalities of the app, such as the contact form, as well as to what extent you give us consent.
2. Legal basis for the processing of personal data.
This processing of your personal data is based on various legal bases. These are presented in the abstract below.
Fulfillment of contract or implementation of pre-contractual measures (Art. 6 para. 1 b)/ § 26 BDSG-Neu):
Processing takes place only to the extent necessary for the exercise and fulfillment of the rights and obligations arising from the contract. Unless expressly stated otherwise, data processing by us will only take place to this extent.
Legitimate interest (Art. 6 para. 1 f)):
Consent (Art. 6 para. 1 a)):
Processing is carried out insofar as you have expressly consented to this on the basis of transparent information about the type and scope of data processing. You can revoke your consent at any time. However, the processing that has taken place up to this point will not be affected by this.
Legal obligation (Art. 6 para. 1 c)):
Processing takes place insofar as it is necessary for the fulfillment of German or European legal obligations.
3. Data deletion and storage period
We delete your personal data as soon as the legal basis for their processing ceases to apply and no legal retention obligations exist. A retention obligation may be provided for if this is regulated by the European or national legislator in ordinances, laws or other regulations to which we are subject.
4. Possibility of objection and elimination
Wherever data processing is based on your consent or a legitimate interest of ours, you have the right to object to the processing at any time. You can contact email@example.com to exercise your right of withdrawal. If you object to processing based on our legitimate interest, we may still continue processing if we can demonstrate compelling legitimate grounds for processing that override your interests, their rights and freedoms.
If we process your personal data, you are the data subject in the sense of Art. 4 Para. 1 DS-GVO. You therefore have the following rights with regard to the personal data concerning you:
As a user of our app, you are not subject to any automated decision-making process in the sense of Art. 22 DS-GVO.
If you do not agree with the way we process your data, please contact us at firstname.lastname@example.org. Furthermore, in accordance with Art. 77 DS-GVO you have the right to lodge a complaint with the supervisory authority responsible for you.
a) Collection of personal data
When downloading the mobile app, the required information is transferred to the App Store (Apple) or Play Store (by Google). We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.
If you wish to set up a password-protected user account with us, we require the following information from you:
In addition, to set up a user account, you must provide a password of your own choosing. Together with your email address or username, this password will allow you to access your user account. In your user account you can view and change your stored data at any time.
Furthermore, you have the option to provide the following voluntary information:
Date of birth
When using the mobile app, we collect the personal data described below to enable the use of the functions.
If you wish to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. b DS-GVO):
Furthermore, we may collect the following data when redirecting to the app to enable users to use it comfortably:
In addition, we collect usage data that is generated during the use of the app (e.g. app sessions, session duration, app interactions, courses and exercises completed) in order to be able to process this data to optimize the app and to communicate our offers (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO).
The processing of your personal data takes place upon your request and is necessary for the aforementioned purposes for the use of our products and thus for the fulfillment of the contract and pre-contractual measures according to Art. 6 para. 1 p. 1 lit. b DSGVO or due to legitimate interests according to Art. 6 para. 1 lit. f DSGVO, which are always weighed against your interests.
The personal data collected by this app will be stored until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies, unless we are obligated to store it for a longer period of time pursuant to Article 6 (1) sentence 1 lit. c DSGVO due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or you have consented to storage beyond this pursuant to Article 6 (1) sentence 1 lit. a DSGVO. This is subject to deviating or more specific information within this data protection declaration.
b) Objection or revocation against the processing of your data.
If you have given your consent to the processing of your data, you may revoke it at any time. Such revocation will affect the permissibility of the processing of your personal data after you have expressed it to us.
Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is presented by us in each case in the description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising purposes at any time. You can inform us of your advertising objection using the following contact details: email@example.com.
a) Recipients of data
The personal data that we collect from you in the context of the App will only be transferred with processors involved in data processing on the basis of a valid agreement on commissioning.
b) Data transfer to third countries
As a rule, the personal data we collect from you within the scope of the App will not be transferred to third countries outside the European Economic Area.
When using the following apps, data may be transmitted to third countries:
The app uses encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as app operator or the communication between app users. This encryption prevents the data you transmit from being read by unauthorized third parties.
In order to provide our service via the App, we require the following access rights, which enable us to access certain functions of your device:
The processing of your personal data is carried out on the basis of Art. 6 para. 1 sentence 1 letter b DSGVO for the fulfilment of the contract for the use of our App. In addition, the processing is carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO. Our interests result as legitimate in the sense of the above-mentioned provision and follow from the purposes for data processing listed above.
With your consent, you can subscribe to newsletters with which we inform you about various topics. The advertised goods and services are named in the declaration of consent.
For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
Mandatory information for sending the newsletter is your e-mail address. The specification of further, separately marked data is used to be able to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DS-GVO.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to firstname.lastname@example.org or by sending a message to the contact details provided in the imprint.
We would like to point out that we may evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your user profile. Links received in the newsletter may also contain this information. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this. We link this data to actions you have taken on our website.
You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, the newsletter will not be fully displayed to you and you may not be able to use all functions. If you display the images manually, the tracking mentioned above will take place.
For the creation and sending of the newsletter, we use the services of the providers Mailchimp and Sendinblue. The providers are The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA and Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. When using “Mailchimp” to send our newsletter, your data is transmitted to the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
For forms within our newsletter, we use services of the provider https://www.typeform.com. Typeform is a service provided by TYPEFORM S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain. Typeform collects and stores your information when you subscribe to the newsletter. We ourselves are responsible for Typeform’s own published forms and manage the data collected through them. We delete them from the Typeform servers after we have downloaded them.
Typeform collects usage data whenever you use the registration form. Typeform collects data about the type of device and program through which a form is accessed, such as IP address, browser type, and operating system. This may also include the geographic location of the user as determined by the IP address. Typeform stores information about the source that referred the user to the form (e.g., the link on a website or in an email). Typeform uses third-party tracking services the cookies and page tags (also known as web beacons or web bugs) to collect aggregated and anonymized data. This data may include user and usage statistics. This data is processed on servers located in the United States.
When you access our app, your behavior, as described in No. 4 a), may be statistically evaluated using certain analysis tools and analyzed for advertising and market research purposes or to improve and individualize our offers. When using such tools, we ensure compliance with the statutory data protection provisions. When using external service providers (order processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
These analysis tools are used to optimize the app and improve our offers. In accordance with the DSGVO / TTDSG, this is only done with the express consent of the user. The legal basis for the processing of the users’ personal data is basically the consent of the user according to Art. 6 para. 1 p.1 lit. a DSGVO. The following external services are used for these purposes:
Sentry for bug monitoring
We use Sentry to record and analyze software bugs. The provider is Functional Software, Inc, 1501 Mariposa St #408, San Francisco, CA 94107, USA.
Sentry is used to improve the technical stability of our service by monitoring and identifying software errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as device information or time of error, is collected anonymously and is not used in a personalized manner and is subsequently deleted. The data is processed on our servers and not forwarded to Sentry (on-premise).
You can also find more information about Sentry’s data protection here: https://sentry.io/privacy/.
Microsoft App Center
We use App Center to collect crash reports, user data and distribution of our app. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399, USA.
Using App Center, we obtain information about usage, devices, and app and operating system version numbers of the devices on which our apps are installed. In addition, we receive crash reports if errors occur in our apps.
The storage and processing of the collected data takes place in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
You can also find more information about App Center’s data protection here: https://docs.microsoft.com/de-de/appcenter/gdpr/
We use Segment to record usage behavior. The provider is Segment.io, Inc, 109 E 17th St #4503, Cheyenne, WY 82001, USA.
Segment is used to capture user behavior. This is used in a further step to better understand it and improve our app based on it.
The collected usage data is exclusively collected pseudonymously. The data is not used to merge usage profiles with your personal data. The information is generally not transferred to third countries outside the European Economic Area. However, in some cases it may be necessary to transfer data to a Segment server in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Further information on Segment.io’s data protection can also be found here: https://segment.com/legal/privacy/.
We use Mixpanel for data analysis and visualization. The provider is Mixpanel, Inc, San Francisco 405 Howard Street, Floor 2, San Francisco, CA 94105.
The processing of user data is pseudonymized, i.e. no personal clear data (such as names) is processed and IP addresses of users are shortened. Instead, processing is based only on a pseudonymized technical ID. Any IDs or email addresses provided to Mixpanel, are encrypted as so-called hash values and stored as a series of characters that do not allow identification.
The data collected by Mixpanel will not be disclosed to third parties. The storage and processing of the collected data takes place in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Further information on Mixpanel’s data protection can also be found here: https://mixpanel.com/privacy