Data protection

We operate our websites according to the following principles:

We are committed to complying with the legal provisions on data protection and always endeavour to take into account the principles of data avoidance and data minimisation.

1. Name and address of the controller and the data protection officer

a) The responsible person

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

Communi AG

website https://communiapp.de/

b) The Data Protection Officer

You can contact the data protection officer of the controller as follows:

SiDIT GmbH, Langgasse 20, 97261 Güntersleben,

2. Definitions

We have designed our privacy policy according to the principles of clarity and transparency. Should there be any uncertainty regarding the use of various terms, the corresponding definitions can be found here can be viewed.

3. Legal basis for data processing

1. Processing of personal data according to the GDPR

We only process your personal data such as your first and last name, your email address and IP address, etc. if there is a legal basis for doing so. According to the General Data Protection Regulation, the following regulations in particular apply:

• 6 Paragraph 1 Clause 1 Letter a of GDPR: The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes.
• 6 (1) sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• 6 Paragraph 1 Clause 1 Letter c GDPR: The processing is necessary to fulfill a legal obligation to which the controller is subject
• 6 (1) sentence 1 lit. d GDPR: The processing is necessary to protect the vital interests of the data subject or of another natural person
• 6 Paragraph 1 Clause 1 Letter e of GDPR: the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• 6 Paragraph 1 Clause 1 Letter f of GDPR: the processing is necessary to safeguard the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail, in particular if the data subject is a child

However, we will always point out to you at the respective points in this data protection declaration the legal basis on which the processing of your personal data takes place.

2. Consent of the legal guardian according to Art. 8 Para.1 S.2 Alt.2 GDPR

A legal guardian must consent to all data processing within the scope of this website for which the consent of a minor who has not yet reached the age of 16 is required. Information on the individual data processing operations, their purposes and the data categories affected for which the consent of the data subject is required can be found in the data protection declaration. You can revoke your consent at any time by sending the revocation declaration in text form to the contact details of the person responsible. The processing up to the revocation remains lawful.

3. Processing of information according to Section 25 Para.1 TTDSG

We also process information in accordance with Section 25 Paragraph 1 TTDSG by storing information on your terminal equipment or accessing information that is already stored in your terminal equipment. This can include both personal information and non-personal data, e.g. cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment is any device that is directly or indirectly connected to the interface of a public telecommunications network for sending, processing or receiving messages, Section 2 Paragraph 2 No. 6 TTDSG.

We generally process this information based on your consent, Section 25 Para.1 TTDSG.

If an exception applies according to Section 25 Paragraph 2 No. 1 and No. 2 TTDSG, we do not require your consent. Such an exception applies if we only access or store the information in order to transmit a message via a public telecommunications network or if this is absolutely necessary so that we can provide a telemedia service that you have expressly requested. You can revoke your consent at any time.

We would like to inform you that the revocation of your consent will not affect the legality of the processing carried out on the basis of your consent until the revocation.

4. Disclosure of personal data

The passing on of personal data also constitutes processing within the meaning of the previous section 3. However, we would like to inform you separately at this point about the issue of passing on data to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.

Data will therefore only be passed on to third parties if there is a legal basis for the processing. For example, we pass on personal data to people or companies who work for us as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf - in particular in a relationship of instruction and control with us.

In accordance with the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.

5. Storage period and deletion

We will delete your personal data if it is no longer necessary for the purposes for which it was collected or otherwise processed, if the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

6. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as the requests you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

7. Cookies

We use cookies on our website. Cookies are small data packets that your browser automatically creates and that are stored on your device when you visit our website. These cookies are used to store information related to the device used.

When using cookies, a distinction is made between technically necessary cookies and "other" cookies. Technically necessary cookies exist when they are absolutely necessary in order to provide an information society service that you have expressly requested.

1. Technically necessary cookies

In order to make the use of our services more pleasant for you, we use technically necessary cookies. These can be so-called session cookies (e.g. language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security, etc. The legal basis for the cookies arises from Art. 6 Paragraph 1 Clause 1 Letter f) GDPR, our legitimate interest in the error-free operation of the website and the interest in providing you with an optimized version of our services.

2. Other cookies

Other cookies include cookies for statistical purposes, analysis, marketing and retargeting purposes.

We use these cookies for you based on your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a) of GDPR.

You can revoke your consent to the use of cookies at any time.

We would like to inform you that the revocation of your consent will not affect the legality of the processing carried out on the basis of your consent until the revocation.

To do so, you can either edit your cookie settings on our website, deactivate the use of cookies in your browser settings (although this may also limit the functionality of the online service) or, in individual cases, set an opt-out for the corresponding service.

For the respective services, we will inform you in the privacy policy on which legal basis this data is processed.

8. Cookie banner

To obtain consent for the cookies we use, we use the cookie banner of the service provider Klaro, KIProtect GmbH Bismarckstr. 10-12, 10625 Berlin. This service provider itself sets a so-called consent cookie in order to query and process the respective consent status. This consent cookie is technically necessary and is therefore used due to our legitimate interest in accordance with Art. 6 Para. 1 Clause 1 Letter f GDPR, Section 25 Para. 1 TTDSG. However, we host Klaro ourselves, so no data is transferred to Klaro, KIProtect GmbH.

9. Collection and storage of personal data and their type and purpose of use

a) When you visit the website

When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access is made (referrer URL)
• browser used and, if applicable, the operating system of your computer and the name of your access provider

We process the above data for the following purposes:

• Ensuring a smooth connection to the website
• Ensuring comfortable use of our website
• Error analysis
• for further administrative purposes

Data that can be used to identify you personally, such as your IP address, will be deleted after 7 days at the latest. If we store the data beyond this period, it will be pseudonymized so that it can no longer be assigned to you.

The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

b) Create a free test app

We also offer you the option of creating your own test app on our website. Users of the app can create their own app and test it free of charge for 30 days. In these cases, we act as the data processor and the data controller within the scope of this app is the respective app creator. We conclude the relevant user agreements and the order processing contract with them during the creation of the respective app.

We process the personal data of the app creator or administrator (i.e. first name, last name and email address) and other voluntary information as part of their profile for further identification and to provide our services in accordance with Art. 6 Paragraph 1 Clause 1 Letters b) and f) of GDPR. This data is stored in our backend.

If an app is booked, the address data will be sent to Debitoor, a tool of Debitoor GmbH, Grunerstr.13, 10179 Berlin, for the purpose of creating offers and invoices. https://debitoor.de/datenschutz, passed on. We have concluded a corresponding order processing agreement with this service provider in accordance with Art. 28 Para. 3 GDPR.

c) Transfer of data when using online payment service providers

d) Newsletter

Content of the newsletter and registration data

Our newsletter will only be sent to you and statistical surveys and analyses will be carried out, as well as the registration process will be logged, if you order it from us and have given your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR, Section 25 (1) TTDSG.

The contents of the newsletter are described in detail when you register for the newsletter. To register for the newsletter, it is sufficient to provide your email address and your name. If you provide further voluntary information, this will be used exclusively to personalize the newsletter addressed to you.

For security reasons, so that no one can register with someone else's email address, we use the so-called double opt-in procedure to register for our newsletter. After registering for our newsletter, you will therefore first receive an email asking you to confirm your registration. The registration only becomes effective once you have confirmed it.

Furthermore, your registration for the newsletter will be logged. The logging includes saving the registration and confirmation time, the data you provided and your IP address. If you make changes to your data, these changes will also be logged.

revocation

If you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. To do so, you can click on the unsubscribe link at the end of each newsletter or send us an email to the following email address:

The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Use of “Freshsales”

We use the CRM system Freshsales on our website, the

Freshworks Inc., 2950 S. Delaware Street, San Mateo CA 94403, USA.

We use this CRM system to manage our customer data and conduct online marketing. However, no app user data is stored here.

This CRM system is used, among other things, to register for our newsletter, with which we would like to inform registered customers about news relating to our app and our team, and to send it. The email addresses of our interested parties and their other data described in this notice are stored on Freshworks' servers in the European Union. Freshworks uses this information to send and evaluate the participation links on our behalf.

So data is only transferred to our CRM in two cases:

1. First name, last name and email address of the person creating the test app.
2. Subscribe to the newsletter.

We have concluded the standard contractual clauses with Freshworks Inc.[1]. Freshworks does not acquire any right to share your data.

You can find Freshworks’ privacy policy here.

e) Contact form / email contact

We provide you with a form on our website so that you have the opportunity to contact us at any time. To use the contact form, you must provide a name for personal address and a valid email address for contact so that we know who the request came from and can process it.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there and your IP address, will be processed in accordance with Art. 6 Paragraph 1 Clause 1 Letters b and f of GDPR to carry out pre-contractual measures that are carried out at your request or to protect our legitimate interest, namely to exercise our business activities.

f) Registration form for webinars

We provide you with a registration form for our webinars on our website.
In this form we ask for the data necessary for registration (name, first name, email address) so that you can register for our webinars as easily as possible and we can send you an invitation and ask any questions you may have.
 
If you use the form, your details from the registration form will be processed in accordance with Art. 6 Paragraph 1 Clause 1 Letters b and f of GDPR to carry out pre-contractual measures relating to the webinar or to protect our legitimate interest, namely the presentation of our products and services.
 
The appointment data and the data collected during the appointment will be deleted no later than 3 months after collection, unless they are required for a further contractual relationship
 
For the registration form we use a form tool from the service provider Freshworks GmbH, Neue Grünstraße 17, 10179 Berlin, Germany.
For more information about privacy at Freshworks, please visit:
https://www.freshworks.com/privacy/

g) Appointment booking

We provide you with an appointment booking plugin from the service provider Wappointment on our website, so that you have the opportunity to ask us questions about the app directly. We host this plugin ourselves, so that no third parties have access to the data processed here.

To use the appointment booking plugin, you must select a day and time slot as well as provide a name for personal address and a valid email address so that we know with whom the appointment was made.

If you book an appointment here, this information will be processed in accordance with Art. 6 Paragraph 1 as well as the data collected during the appointment in accordance with Art. 6 Paragraph 1 Clause 1 Letters b and f of GDPR to carry out pre-contractual measures or to protect our legitimate interest, namely to exercise our business activities.

The appointment data and the data collected during the appointment will be deleted no later than 3 months after collection, unless they are required for a further contractual relationship.

h) Chat

We use the Tidio chat service from Tidio LLC, 160 Spear Street, 1000 San Francisco, California 94105, USA, on our website to process your inquiries more quickly and efficiently. We process the chat histories accordingly. If no customer advisor is available, we will ask you for your name and email address so that we can contact you later.

The Tidio chat widget uses cookies and the IP address to provide the service and to collect information about you as a user of our website.

Before using the chat, your consent is required in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. You can revoke this consent at any time. The processing of your data remains lawful until we receive your revocation.

We process all data you provide during the chat, especially the chat history.

We have concluded a contract with Tidio. Tidio does not acquire any right to pass on your data.

You can find more information about Tidio here: https://www.tidio.com/privacy-policy/

10. Analysis and tracking tools

We use the analysis and tracking tools listed below on our website. These are used to ensure the ongoing optimization of our website and to design it to meet needs.

We use these tools based on the consent you have given in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. You can revoke your consent at any time by changing the cookie settings. Processing remains lawful until the revocation.

The respective data processing purposes and data categories can be found in the corresponding tools. We would like to point out that we have no influence on whether and to what extent the service providers carry out further data processing.

a. Freshdesk

We use the Freshdesk helpdesk system from Freshworks Inc., 2950 S. Delaware Street, San Mateo CA 94403, USA, on our website, through which we can manage our customer data and conduct online marketing. Freshworks supports us in providing the support portal for our website.

In this context, the following personal data may be processed:

• IP address,
• geographical location,
• Type of browser,
• Duration of visit,
• pages visited.

Customer data is stored on Freshworks servers exclusively in the EU. Freshworks uses this information to provide us with the services described above. We have concluded the new standard contractual clauses with Freshworks Inc. Freshworks does not acquire any right to pass on your data.

You can find Freshworks’ privacy policy here.

Freshworks is also certified under the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA that aims to ensure compliance with European data protection standards in the USA.

b. Matomo (formerly “Piwik”)

We use the analysis service Matomo (InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand), which uses cookies. However, we host this analysis service ourselves, so no data is transferred to Matomo. These cookies are stored on your computer and enable us to analyze the use of our website.

The cookies contain usage information and transfer it to our server, where it is stored for usage analysis purposes and helps us to optimize our website. The usage information also includes your IP address, but it is shortened so that it is anonymized and you as a user remain anonymous.

We do not pass on the information generated by the cookie to third parties.

11. Video integration

YouTube

The legal basis arises from the consent you have given in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. You can revoke your consent at any time by changing the cookie settings on our website.

12. Rights of the data subject

You have the following rights:

a) Information

According to Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right to information includes information about

• the processing purposes
• the categories of personal data
• the recipients or categories of recipients to whom your data have been or will be disclosed
• the planned storage period or at least the criteria for determining the storage period
• the existence of a right to rectification, erasure, restriction of processing or objection
• the existence of a right of complaint to a supervisory authority
• the origin of your personal data, unless it was collected by us
• the existence of automated decision-making, including profiling, and, where appropriate, meaningful information on its details

b) Correction

According to Art. 16 GDPR, you have the right to have any incorrect or incomplete personal data stored by us corrected without delay.

1. deletion

According to Art. 17 GDPR, you have the right to request that we immediately delete your personal data unless further processing is necessary for one of the following reasons:

• the personal data are still necessary for the purposes for which they were collected or otherwise processed
• to exercise the right to freedom of expression and information
• to fulfill a legal obligation which requires processing by European Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
• for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously compromises it
• to assert, exercise or defend legal claims

d) Restriction of processing

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:

• You dispute the accuracy of your personal data.
• The processing is unlawful and you refuse to delete the personal data.
• We no longer need the personal data for the purposes of processing, but you require it to assert, exercise or defend legal claims.
• You object to the processing pursuant to Art. 21 Para. 1 GDPR.

e) Information

If you have requested the rectification or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 or Art. 18 GDPR, we will inform all recipients to whom your personal data was disclosed, unless doing so should prove impossible or involve disproportionate expenditure. You can request that we inform you of these recipients.

f) Transmission

You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format.

You also have the right to request that this data be transmitted to a third party, provided that the processing was carried out using automated procedures and is based on consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a or Art. 9 Para. 2 lit. a or on a contract in accordance with Art. 6 Para. 1 Sentence 1 lit. b GDPR.

g) Revocation

According to Art. 7 Para. 3 GDPR, you have the right to revoke your consent at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until the revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.

h) Complaint

According to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the GDPR.

i) Objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying the particular situation. If you would like to exercise your right of withdrawal or objection, simply send an email to

j) Automated decision-making in individual cases, including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

i. is necessary for the conclusion or performance of a contract between you and us

ii. is permitted by European Union or Member State law to which we are subject and which contains appropriate measures to safeguard your rights and freedoms and your legitimate interests

iii. with your express consent

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) GDPR applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.

In the cases referred to in points (i) and (iii), we shall implement suitable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

13. Changes to the Privacy Policy

If we change the privacy policy, this will be indicated on the website.

Status: 16.09.2022