1 Point of contact
The point of contact and so-called responsible body for the lawfulness of the processing of your personal data under data protection laws is
<67 B Qutab Enclave New Delhi 110016 Should you have any questions relating to data protection, you can get in touch with our company’s data protection officer at any time. The data protection officer can be contacted at the postal address above, as well as by email at email@example.com. The data protection officer is also available should you have any queries concerning the transfer of data to third countries and can provide copies or guarantees in the form of standard data protection clauses. Should you have any general concerns or queries, you can also contact SaidList by email at firstname.lastname@example.org.
2 Area of Applicability
3 Processing of personal data
Personal data will be processed before and during the downloading and installation of the apps and during handling with and without a registration.
Personal data is information relating to factual or personal relationships of a defined or definable natural person. Above all, this includes information which allows your identity to be traced, for example name, address or email address.
Statistical data which we collect during a visit to our apps for example and which cannot be connected to you does not come under the definition of personal data. Rather this is so-called anonymous data.
3.1 Processing before downloading and installing the apps
Before the app is downloaded, the marketing attribution may by calculated by Adjust. This is the case if the apps are not searched for and downloaded directly in the app store, rather when the user is redirected to the app store via an advert of our apps. In such a case, a connection of the advertising ID with Localytics and Adjust takes place before the downloading (see point 10 analysis and point 11 advertising).
3.2 Processing when downloading and installing the apps
In order to be able to download and install our apps from an app store (for example Google Play Store or Apple App Store), you need to register first with the provider of the app store for a user account and finalise a corresponding use contract with the provider of the app store. We have no control over this, in particular we are not party to such a use contract. When downloading and installing the apps, the necessary information in this respect will be transferred to the respective app store, in particular your user name, email address and customer number of your account, the time of the download and the individual device number. We have no control over this data collecting and are not responsible for this. We only process this data which has been provided should this be necessary for downloading and installing the app on your mobile end device (for example, smartphone, tablet). Should this concern a chargeable SaidList app, we only process billing and payment data in order to carry out the purchase. In such as case, the legal basis is Article 6 Paragraph 1 b).
3.3 Processing when using the apps without registration
You can use key parts of our apps without registration. Should you use the basic functions of our apps which do not require a registration, personal data is still processed however.
The SaidList apps provide the following basic functions:
● Access to Content (text and video)
● Provision to comment and share on the same
In order to use the basic functions, the apps generate a number which is specific to the device when opened for the first time. This number cannot be assigned to a specific affected person (pseudonym). In addition, in order to technically display the named content, the operating system used (for example, Android or iOS), the hostname of the accessing device (IP address) and the time of the server request are processed.
Due to the way the Internet functions, the brief saving of the IP address is technically necessary. The IP addresses are deleted or anonymised after the processing. In case of anonymisation, the IP addresses are changed in such a way that the affected person cannot be identified or can no longer be identified. On the basis of the anonymised IP address, a location search will be carried out. For reasons connected to data protection, this only takes place on the geographical level of the country from where the access is taking place. By means of this, it is not possible to trace the concrete location or place of residence of a user.
The data in technical protocols (so-called log files) are evaluated by us in anonymised form in order to continually improve our apps and make them more user friendly, as well as in order to find and correct errors more quickly.
The data processing is necessary so that you can find out about the content of our apps. The legal basis is Article 6 Paragraph 1 f) GDPR, based on our interest in informing users of our content. The processing of the named data is necessary in order to provide the content. Otherwise, it is not possible for you to use the apps as requested.
3.4 Processing when using the apps with registration
You can use the apps both with and without registration. You can register with your account of a social network, in order to further personalise the apps. In addition, there is the option of uploading a profile picture and selecting a user name. This takes place solely on a voluntary basis.
The SaidList apps therefore provide extended personalisation functions in order to
● keep the settings concerning favourite Content up to data between different devices and
● to provide the apps with a profile picture and name
Via incorporated social media services, this personalisation can be carried out by the user in the apps. For this purpose, SaidList uses the systems “Facebook Sign In” (a service of Facebook Inc, 1601 Willow Road, Menlo Park, California, 94025, USA) and “Google+ Sign In” (a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). In cases where personal data is transferred to the USA, the named providers have undertaken to comply with the EU-US Privacy Shield. A connection between the apps and the Facebook or Google account takes place. From Facebook, we save and process the email address, the URL of the profile picture, the name, the public profile and the token. From Google, we save and process the standard entitlements set by Google. These are the profile, JWT (token) and Google ID. We transfer our app ID to both services. These extended personalisation functions are optional and you can remove the personalisation and connection with the social media services in the app at any time. The purpose and scope of the data collecting and the subsequent processing and use of the data by the social media providers, as well as your rights and settings options in this respect concerning the protection of your private sphere can be found in the data protection notices of Facebook or Google.
The legal basis is Article 6 Paragraph 1 f) GDPR, based on the legitimate interest of SaidList in providing extended functions for a more personal use experience. This is also the legal basis for the general processing when using the apps with registration, based on the legitimate interest in creating synchronisation options between end devices and providing functions with social interaction options. Should you not wish to use the registration, the described functions cannot be used, however basic use of the apps is possible.
4 Disclosure of personal data
In principle SaidList does not pass your personal data on to third parties. The data collected by us is only passed on to third parties, if this is necessary to provide the technical functionality of the apps or another legal basis for the disclosure of data exists. Personal data may only be used by our service providers in order to fulfil their tasks. These were carefully selected by us and engaged in writing. They are subject to our instructions and are regularly monitored by us. Other use of the information is not permitted and is not carried out by any of the service providers used by us.
5 Storage of personal data
Data which is collected for payment processes for chargeable apps is only saved by us for as long as it held to be necessary in order to fulfil contractual or legal obligations, i.e. until the expiry of the statutory limitation period for proof purposes for claims under civil law or due to statutory retention obligations. For proof purposes, we must retain data from payment processes for a further three years from the end of the year in which the business relationships end. Any claims are time-barred according to the regular statutory limitation period, at the earliest at this time. Also following this period, we need to save certain data for bookkeeping reasons. We are obliged to do this due to statutory documentation requirements under the German Commercial Code and German Tax Code. The retention periods for documents stated therein are up to ten years.
Data which can be assigned to a device-specific number will be deleted at the latest after 5 years of inactivity.
6 Push notification
The apps use push notifications, which you can select, alter or fully deactivate yourself in the apps at any time.
For certain functions, the apps need to be able to access certain services and data of your device. Depending on which mobile operating system you use, this may require you express agreement to the accessing. Below, we will explain to you – in separate terms according to the mobile operating systems for which we offer the app – what authorisations the apps requests and what these are necessary for.
Push notifications: Should you click OK in the request “Enable push notifications” , you are permitting the apps to inform you of certain events and topics by means of push notification (for example a goal scored by your favourite team), even if the apps are not currently open. The notifications can take place by means of sounds, reports and/or symbol letter (a picture of a number on the app icon). Further information concerning push notifications and your configuration options can be found under number 6a).
Background updating: This function enables the apps to download data in the background and to update this, even if the apps are not currently open or are not being actively used.
Mobile data: This function enables the apps to download and update data outside of a WLAN network via mobile data connections (for example GSM, UMTS or LTE).
Camera use: We only request this permission if you wish to take and share a photo within the app. It goes without saying that we do not save the photos.
Apart from the standard entitlements for the operation of Android apps (such as the receipt of internet access or the option of letting the device vibrate; also called “normal entitlements” by Google), we do not request any further entitlements.
Using data which is saved on an external storage device: This function allows the app to save content on the storage card of your device. This is necessary in order to be able to provide content, for example relating to your favourite team, even if no Internet connection is currently present. For this purpose, the apps only use their own saved content. Other data on the storage card is neither deleted, altered or read.
8 Social plug-ins
In the SaidList apps, social plug-ins (“plug-ins”) of various social networks are used. With the assistance of these plug-ins, you can recommend content to a friend or use other functions to share content as examples.
For the Android and Windows Mobile operating systems, there is the option of using additional device-specific plug-ins, i.e. all those which you have installed on your mobile device which offer a sharing function (for example Linkedin, Google+, Pinterest, YouTube, Instagram). Should you wish to use one or more of these services, you need to register with the respective provider.
The purpose and scope of the data collecting by the various social networks, as well as the further processing and use of your data there and your rights and setting options in order to protect your private sphere can be found in the data protection notices of the providers Facebook, Google+, Twitter as well as the providers of all other plug-in services.
In cases where personal data is transferred to the USA, the named providers have undertaken to comply with the EU-US Privacy Shield. The legal basis is Article 6 Paragraph 1 f) GDPR, based on the legitimate interest of SaidList in providing social interaction options. Should you not wish to use the plug-ins, the described functions cannot be used, however basic use of the apps is possible.
9 Inclusion of videos
We have included videos in our apps which are saved with YouTube and which can be played directly from our apps. YouTube is a group company of Google and a service of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
By means of the visit to our apps, YouTube is informed that you have accessed the corresponding sub-page. This takes place regardless of whether you are logged into YouTube or not. Should you be logged in to YouTube, your data is however assigned directly to your account. Should you not wish for this to take place, you need to log out before viewing the video.
YouTube saves your data as usage profiles and uses these for the purposes of advertising, market research and designing its website in line with customer requirements. Such an evaluation takes place even for users who are not logged in. You can prevent the recording of this data by Google by de-activating the “personalised advertising on the web” button in the Google advertising settings. In this case, Google will only continue to display general advertising which was not selected on the basis of the information relating to you which was recorded.
In cases where personal data is transferred to the USA, Google has undertaken to comply with the EU-US Privacy Shield. The legal basis is Article 6 Paragraph 1 f) GDPR, based on the legitimate interest of SaidList in providing video and picture contents.
In order to improve our apps, we use various technologies to analyse the usage behaviour and to evaluate the associated data. These procedures take place anonymously or on the basis of pseudonyms, however never in a directly personal way. Below, we wish to explain these technologies and the providers used for this purpose in more detail.
For this purpose, we use so-called number pixels with which we create statistics, which show for example how often the apps were started and which areas of our apps are the most popular. In addition, the analysis allows us to make the app more stable, for example, by means of the transfer of crash logs to us.
The legal basis is Article 6 Paragraph 1 Letter f) GDPR, based on our legitimate interest in analysing usage behaviour in order to improve and further develop the apps.
For the apps on iOS and Android we use the services of adjust.io (a service of adjust , Saarbrücker Str. 38a, 10405 Berlin, Germany), branch.io (a service of Branch Metrics, Inc., 2443 Ash Street, Palo Alto, California 94306, USA), Flurry Analytics (a service of Yahoo, 701 First Avenue, Sunnyvale, CA 94089, USA), Google Analytics for Firebase (a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), Hockey App (a service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), HockeApp ( a service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), Urban Airship (a service of Urban Airship Inc, 1417 NW Everett St, Suite 300, Portland OR 97209, USA) and Localytics (a service of Localytics, Inc., 8th Floor, 101 Arch St, Boston, MA 02110, USA). In cases where personal data is transferred to the USA, Branch Metrics Inc, Google LLC and the Microsoft Corporation have undertaken to comply with the EU-US Privacy Shield. In case that personal data is transferred to the USA or to other countries which do not have a reasonable level of data protection in accordance with the opinion of the European Commission, the so-called “standard contractual clauses” have been agreed with Yahoo and Localytics Inc, which you can view in the information sheet of the European Communities.
In order to showcase relevant adverts to our users, we use various advertising technologies. These procedures take place anonymously or on the basis of pseudonyms, however never in a directly personal way. Below, we wish to explain these technologies and the providers used for this purpose in more detail.
Within the framework of advertising technologies, we collect and process the Apple advertising ID (IDFA) on iOS devices and the Google advertising ID on Android devices in order to provide personalised advertising and to be able to evaluate its use. The advertising IDs are unique but not personalised and non-permanent identification numbers for a specified end device which are provided by the operating systems.
Below, we will explain to you – in separate terms according to the mobile operating systems for which we offer the app – how the activation or deactivation of the advertising technologies work.
Open the application “Google settings” and select the menu point “Adverts”. Activate the “Deactivate interest related advertising” option, in order to prevent the creation of profiles and the display of interest related advertising. In the same menu, you reset the Google advertising ID at any time (“Reset advertising ID”), then a new ID will be created which will not combined with the data which was previously collected.
For the apps, we use the services of Facebook (a service of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA), Flurry (a service of Yahoo, 701 First Avenue, Sunnyvale, CA 94089, USA), Google (a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), MoPub (a service of MoPub, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) and PubNative (a service of PubNative , Greifswalder Str. 212, 10405 Berlin, Germany). In cases where personal data is transferred to the USA, Facebook, MoPub and Google have undertaken to comply with the EU-US Privacy Shield. In case that personal data is transferred to the USA or to other countries which do not have a reasonable level of data protection in accordance with the opinion of the European Commission, the so-called “standard contractual clauses” have been agreed with Yahoo, which you can view in the information sheet of the European Communities.
The legal basis is Article 6 Paragraph 1 f) GDPR, based on our interest in displaying advertising content.
12 Your rights
Finally, you have the right to complain to the competent supervisory authority for data protection, if you believe that the processing of personal data relating to you breaches data protection laws. You can claim this right by contacting a supervisory authority in the member state of your place of residence, place of employment or the location of the alleged breach.
As of: May 2018