Privacy Policy of idana.one

Date: 2018-07-30

This application collects personal data from its users.

Provider and person responsible

Tomes GmbH
Engesserstr. 4a
79108 Freiburg, Germany
Germany

Email address of the provider: datenschutz@idana.one

Types of data collected

The personal data that this application processes independently or through third parties include:
Usage data, cookie, e-mail, password, first name, last name and picture.

Full details of each type of processed personal data are provided in the designated sections of this Privacy Policy or selectively through explanatory texts that are displayed prior to data collection.
Personal data may be voluntarily provided by the user or, in the case of usage data, automatically collected when this application is used.
Unless otherwise indicated, all data requested by this application is mandatory. If the user refuses to provide the data, this may result in the application being unable to make its services available to the user. In cases where this application expressly designates the provision of personal data as voluntary, users may choose not to provide such data without any consequences for the availability or the functioning of the service.
Users who are unsure about which personal data is obligatory can contact the provider.
Any use of cookies – or other tracking tools – by this application or third party service providers used by this application is for the purpose of providing the service requested by the user and all other purposes described in this document and, if any, in the cookie policy.

Users are responsible for all third party personal data obtained, published or disclosed through this application and confirm that they have obtained consent to the transfer of any third party personal data to this application.

Type and place of data processing

Processing methods

The provider processes user data in a proper manner and takes appropriate security measures to prevent unauthorized access and the unauthorized forwarding, modification or destruction of data.
Data processing is carried out by means of computers or IT-based systems according to organisational procedures and procedures that are specifically geared to the specified purposes. In addition to the person responsible, other people internally (human resources, sales, marketing, legal, system administrators) or externally – and in this case, where necessary, designated by the person responsible as a processor (such as technical service providers, delivery companies, hosting providers, IT companies or communications agencies) – may also operate this application and thus have access to the data. An up-to-date list of these parties can be requested from the provider at any time.
Legal basis of processing

Legal basis of processing

The provider may only process personal data of users if one of the following points applies:

  • Users have given their consent for one or more specific purposes. Note: In some legislations, the provider may be permitted to process personal data until the user objects to such processing (“opt-out”) without having to rely on the consent or any other of the following legal bases. However, this does not apply if the processing of personal data is subject to European data protection law;
  • the data collection is necessary for the fulfilment of a contract with the user and/or for pre-contractual measures therefrom;
  • the processing is necessary for the fulfilment of a legal obligation to which the provider is subject;
  • the processing is related to a task carried out in the public interest or in the exercise of public authority conferred on the provider;

the processing is carried out in the public interest.

  • the processing is necessary to protect the legitimate interests of the provider or a third party.

In any case, the provider is happy to provide information about the specific legal basis on which the processing is based, in particular whether the disclosure of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.

Location

The data will be processed at the provider’s premises and at all other locations where the parties involved in data processing are located.

Depending on the location of the users, data transfers may include the transfer of the user’s data to a country other than their own. In order to know more about the place of processing of the transmitted data, users can consult the section containing detailed information on the processing of personal data.

Users also have the right to be informed about the legal basis of data transmission to a country outside the European Union or to an international organisation governed by international law or established by two or more countries, such as the UN, and about the security measures taken by the provider to protect their data.

If such a transmission takes place, the user can learn more about it by checking the relevant sections of this document or by contacting the provider using the information provided in the contact section.

Storage time

Personal data are processed and stored for as long as required for the purpose for which they were collected.

Therefore: Personal data collected for the purpose of fulfilling a contract concluded between the provider and the user will be stored until the complete fulfilment of this contract.

Personal data collected to protect the legitimate interests of the provider will be retained for as long as is necessary to fulfill these purposes. Users can obtain more detailed information about the provider’s legitimate interests in the relevant sections of this document or by contacting the provider.

Furthermore, the provider is permitted to store personal data for a longer period of time if the user has consented to such processing as long as the consent is not revoked. In addition, the provider may be obliged to keep personal data for a longer period of time if this is necessary to fulfil a legal obligation or at the request of an authority.

After expiry of the retention period, personal data will be deleted. Therefore, the right to information, the right to cancellation, the right to correction and the right to data transferability cannot be asserted after expiry of the retention period.

Purposes of processing

Personal data about the user is collected so that the provider can provide the services. In addition, data is collected for the following purposes:
Analytics, interaction with external social networks and platforms, user contact and login and authentication.
Users may refer to the relevant sections of this document for further detailed information on these processing purposes and the personal data used for that purpose.

Detailed information about the processing of personal data

Personal data is collected for the following purposes using the following services:

  • Analytics

    The services listed in this section allow the owner to monitor and analyze traffic and track user behavior.

    Facebook Analytics for Apps (Facebook, Inc.)

    Facebook Analytics for Apps is an analytics service provided by Facebook, Inc.

    Collected personal data: Usage data and various types of data as described in the service’s privacy policy.
    Place of processing: USA
    Privacy policy.

    Google Analytics with IP Anonymization (Google Inc.)

    Google Analytics is a web analytics service provided by Google Inc. “(“Google”). Google uses the information collected to track and investigate how this application is used, to report on its activity and to share it with other Google services.
    Google may use the information collected to contextualize and personalize the ads on its own advertising network.
    IP anonymisation has been activated on this website so that the IP addresses of users of Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area are previously reduced. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

    Collected personal data: Cookie and usage data.
    Place of processing: USA
    Privacy policyOpt Out.

    Facebook Ads Conversion Tracking (Facebook, Inc.)

    Facebook Ads Conversion Tracking is an analytics service provided by Facebook, Inc. that links the data from the Facebook advertising network to actions taken through this application.

    Collected personal data: Cookie and usage data.
    Place of processing: USA
    Privacy policy.

    HubSpot Analytics (HubSpot, Inc.)

    HubSpot Analytics is an analytics service of HubSpot, Inc.
    Collected personal data: Cookie und Nutzungsdaten.

    Place of processing: USA
    Privacy policyOpt Out .

  • Display content from external platforms

    This type of service allows users to view and interact with content hosted on external platforms directly through this application.
    If such a service is installed, it may be able to collect data from the data traffic for the pages on which it is installed even if users do not use it.

    Vimeo Video (Vimeo LLC)

    Vimeo is a video content visualization service provided by Vimeo, LLC that allows this application to integrate appropriate content into its pages.

    Collected personal data: Cookie and usage data.
    Place of processing: United States
    Privacy policy. Privacy Shield Member

    YouTube video widget without cookies (Google Inc.)

    YouTube is a video content visualization service provided by Google Inc. that allows this application to incorporate video content into its pages.
    The widget is set so that YouTube cannot store information and cookies about users through this application if the video is not played.

    Collected personal data: Usage data.
    Place of processing: United States
    Privacy policy. Privacy Shield Member

    Google Fonts (Google Inc.)

    Google Fonts is a font visualization service provided by Google Inc. that allows this application to include appropriate content on its pages.

    Collected personal data: Usage data and various types of data as described in the service’s privacy policy.
    Place of processing: United States
    Privacy policy. Privacy Shield Member

  • Login and authentication

    By logging in or authenticating, users authorize this application to identify them and give them access to specific services.
    Depending on what is specified below, third-party providers may provide login and authentication services. In this case, this application may access some of the data stored by these third parties for login or identification purposes.

    Auth0 (Auth0, Inc)

    Auth0 is a login and authentication service provided by Auth0, Inc. To simplify the login and authentication process, Auth0 may use third party identity services and store the information on its platform.

    Collected personal data: Image, cookie, email, last name, password, various types of data as described in the service’s privacy policy and first name.
    Place of processing: United States
    Privacy policy.

  • Interaction with external social networks and platforms

    These types of services enable interaction with social networks or other external platforms directly through this application.
    The interaction and information collected through this application is always subject to the privacy settings made by users for the respective social network.
    If a social networking service is installed, it may collect traffic data for the sites on which it is installed even if users do not use the service.

    “I like” button and social widgets for Facebook (Facebook, Inc.)

    The “Like” button and social widgets for Facebook are services for interacting with the Facebook, Inc. social network.

    Collected personal data: Cookie and usage data.
    Place of processing: USA
    Privacy policy.

  • Contacting the user

    Contact form (This application)

    By filling in the contact form with their data, users authorize this application to use their data to respond to requests for information, offers or other requests indicated in the header of the form.

    Collected personal data: Name, phone number, e-mail.

    Mailing list or newsletter (This application)

    Subscribing to the mailing list or newsletter adds the user’s email address to the contact list of people who may receive email messages containing commercial or promotional information related to this application. In addition, your email address can be added to this list if you have signed up for this application or after making a purchase.

    Collected personal data: Name, e-mail.

  • Managing contacts and sending messages

    These types of services allow you to manage a database of email contacts, phone numbers or any other contact information to communicate with the user.
    The Services may also collect information about the date and time at which messages were read by the User and when the User interacts with incoming messages, for example by clicking on links contained therein.

    HubSpot Email (HubSpot, Inc.)

    HubSpot Email is a service provided by HubSpot, Inc. for managing email addresses and sending messages.

    Collected personal data: E-mail and usage data.

    Place of processing: United States
    Privacy Statement.

  • Tag Management

    These types of services help the vendor to centrally manage the tags or scripts needed for this application.
    This results in the user’s data flowing through these services and possibly being stored.

    Google Tag Manager (Google LLC)

    Google Tag Manager is a tag management service provided by Google LLC.

    Collected personal data: Cookies, usage data.

    Place of processing: United States
    Privacy policy. Privacy Shield member.

  • User database management

    These types of services allow the provider to create user profiles by first using the email address, name or other information that the user has provided to this application, as well as tracking user activity through analysis functionality. This personal data can also be matched with publicly available information about the user (such as profiles in social media) and used to create a personal profile that the provider can view and use to improve this application.
    Some of these services may also provide for the sending of scheduled messages to the user, such as e-mails, which this application links to certain actions.

    HubSpot CRM (HubSpot, Inc.)

    HubSpot CRM is an administration service for user databases from HubSpot, Inc.

    Collected personal data: E-mail, telephone number and various types of data as described in the service’s privacy policy.

    Place of processing: United States
    Privacy policy. Privacy Shield member.

 

The rights of users

Users may exercise certain rights in relation to their data processed by the provider.

In particular, users have the right to do the following:

  • Revoke your consent at any time.If the user has previously consented to the processing of personal data, he can revoke his own consent at any time.
  • Iodge an objection to the processing of your data.The user has the right to object to the processing of his data if the processing takes place on a legal basis other than consent. Further information is given below.
  • information about your data. The user has the right to know whether the data are processed by the provider, to obtain information on individual aspects of the processing and to receive a copy of the data.
  • Check and correct.The user has the right to check the accuracy of his data and to request their update or correction.
  • Restricting the processing of your data.Users have the right to restrict the processing of their data in certain circumstances. In this case the provider will not process the data for any other purpose than storage.
  • Deletion or other removal of personal data.Users have the right to request the deletion of their data from the provider under certain circumstances.
  • Receive your data and have it transferred to another person responsible.The user has the right to receive his data in a structured, common and machine-readable format and, if technically possible, to have it transmitted unhindered to another person responsible. This provision applies if the data are processed automatically and the processing is based on the consent of the user, on a contract in which the user is involved or on pre-contractual obligations.
  • Submit a complaint.Users have the right to lodge a complaint with the competent supervisory authority.

Details on the right of objection regarding processing

If personal data are processed in the public interest, in the exercise of a sovereign power conferred on the provider or to safeguard the provider’s legitimate interests, the user may object to such processing by stating a justification relating to his particular situation.

Users are informed that they can object to the processing of personal data for direct marketing at any time without giving reasons. In order to know whether the provider processes personal data for direct marketing purposes, users can refer to the relevant sections of this document.

How the rights can be exercised

All requests to exercise user rights can be directed to the provider via the contact details provided in this document. Applications can be exercised free of charge and will be processed by the provider as early as possible, at the latest within one month.

This application uses cookies. For more information and more detailed knowledge about cookies, the user can read the specific document here: Cookie Policy.

Further information about data collection and processing

Legal measures

The personal data of the user may be processed by the provider for the purposes of law enforcement within or in preparation of legal proceedings resulting from the fact that this application or the associated services have not been used properly.
The user declares to be aware that the provider could be obliged by the authorities to surrender personal data.

Further information about the user’s personal data

In addition to the information contained in this Privacy Policy, this application may, upon request, provide the user with other contextual information relating to certain services or to the collection and processing of personal data.
system logs and maintenance

This application and third-party services may collect files for operating and maintenance purposes that record the interaction that occurs through this application (system logs), or use other personal information (e.g. IP address) for this purpose.
Information Not Contained in this Privacy Statement

Further information about the collection or processing of personal data can be requested at any time from the provider via the contact details listed.
How “Do Not Track” requests are handled

This application does not support “Do Not Track” requests through web browsers.
Users can find information on whether integrated third-party services support the non-tracking protocol in the privacy policy of the respective service.

Changes to this Privacy Statement

The provider reserves the right to make changes to this data protection declaration at any time by informing its users on this page and, if applicable, about this application and/or – as far as technically and legally possible – by sending a message to the users about one of the contact data available to the provider accordingly. Users are therefore advised to visit this page regularly and to check the date of the last change indicated at the bottom of the page.

As far as changes concern a data use based on the user’s consent, the provider will – as far as necessary – obtain a new consent.

Definitions of terms and legal information

Personal data (or data)

All information through which the identity of a natural person is or can be determined directly or in connection with further information.

Usage data

Information that this application (or third party services using this application) automatically collects, such as: the IP addresses or domain names of the computers of users using this application, the Uniform Resource Identifier (URI) addresses, the time of the request, the method used to send the request to the server, the size of the received response file, the number code indicating the status of the server response (successful result, error, etc.).), the country of origin, the functions of the browser and operating system used by the user, the various times per call (e.g. how much time was spent on each page of the application) and information about the path followed within an application, in particular the order of the pages visited, as well as other information about the operating system of the device and/or the user’s IT environment.

Users

The person using this application who, unless otherwise specified, agrees with the data subject.

Affected

The natural person to whom the personal data refer.

Order processor (or data processor)

Natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller, as described in this data protection declaration.
Responsible (or provider, partly also owner)

The natural or legal person, authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data and the means used for this purpose, including the security measures relating to the operation and use relating to this application. Unless otherwise stated, the person responsible is the natural or legal person through whom this application is offered.

This application

The hardware or software tool used to collect and process the user’s personal data.

Service

The service offered by this application, as described in the relevant terms of use (if any) and on this page/application.
European Union (or EU)

Unless otherwise stated, all references in this document to the European Union refer to all current Member States of the European Union and the European Economic Area (EEA).

Cookie

Small file stored by the application in the user’s device.