Privacy Policy combyne GmbH (German version)
As of July 2018

1. Contact Information

combyne GmbH
Balanstr. 73
Retailtech Hub, Haus 19 A
81541 Munich, Germany
privacy@combyne.com
+49 89 9545759-0

2. Introduction

combyne GmbH (hereinafter referred to as “combyne”) takes the protection of your privacy very seriously, therefore we are constantly striving to comply with existing national and international privacy regulations. Should we ask you to provide information by which you can be identified when using this app, then you can be assured that it will be used in accordance to this privacy statement.
The collection and use of your personal data is carried out exclusively in accordance with the legal provisions of the applicable data protection law. With this data protection declaration, combyne provides information on the type, scope and purpose of the collection and use of personal data. This privacy statement can be viewed at any time in the combyne app.

3. Responsibility as a Data Controller

combyne processes personal data as a Data Controller as defined by art. 4 in the General Data Protection Regulation (GDPR):

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;(GDPR, art. 4, §7)

The legal amendment under which combyne is regarded as provider is the German Federal Data Protection Act (hereinafter “BDSG”), devised under the authority of the German Ministry of Interior and in effect as of 25th of May 2018.

4. Scope of application

This data protection declaration applies to all online offers, contents, functions and services within and analogous to the combyne app in the available operating systems (hereinafter referred to as “the offer”). By using combyne products, in particular the combyne app, you agree to the application of this privacy policy. Please read it carefully.

5. Collection and use of data

combyne collects personal data only insofar as you provide it to us voluntarily and insofar as this is permitted by law or with your written consent. As a rule, this information is not used to draw any conclusions about you and is collected and stored with the purpose of improving the general service and to adapt to our users’ preferences and needs.
Personal data are all information about personal or factual characteristics of a certain or identifiable natural person in the sense of § 3 Abs. 1 BDSG. This includes information such as name, address, e-mail address, telephone number and, if applicable, user data.

5.1 Information you voluntarily provide to us

If you choose to access and use combyne products, you need to register to our services by providing the following information:

If you choose to sign in by choosing one of the social platforms available the following data will be automatically registered:

Facebook – Facebook ID; Full Name; E-mail Address; Profile Picture
Instagram – Instagram ID; User Name; Profile Picture
Twitter – Twitter ID; User Name; Profile Picture
Google – E-mail Address; Full Name
If you choose to sign in using your own personal e-mail address: E-mail Address and Full Name;
Password;
combyne User-Name;
Profile Photo (optional)

This information is necessary to ensure that you can use all the services offered in a safely manner. At the same time, we need this information in order to be able to efficiently react to your wishes, questions, issues and criticism. All the above information (account information) is provided by you exclusively on a voluntary basis, under your personal consent. We process this data to enable a secure, effective and user-relevant use of the combyne app, e. g. for

Internet-based retrieval of content;
Anonymous statistical analysis for studies;
The possibility of using the invitation function to further recommend the product to your friends and acquaintances (e-mail address);
Sharing content on other social networks;

For more information about the purpose and scope of data collection, the further processing and use of the data, as well as your rights and options for privacy protection, please refer to the data protection regulations of:
Facebook (https://www.facebook.com/full_data_use_policy);
Google (https://policies.google.com/privacy);
Twitter (https://twitter.com/en/privacy);

With the exception of Profile Photos, all data is stored on Amazon Web Services (AWS) cloud platform, operated by ObjectLabs Corporation (mLab) and located in Ireland. Images are stored on AWS’s S3 platform, also located in Ireland. We have implemented appropriate security measures in order to protect our database, including custom firewalls, data disk encryption and high level web portal security. Data is not transferred outside of the European Union. You can find more information about our data security methods later in this paper (section 8.). Our collection of the account information falls under the legal basis stated in the GDPR directive, article 6.1)f. Our legitimate interest in processing account data is to fulfill our contractual obligation towards our users, efficiently operate the product and maintain network and information security.

5.2 Location information

The offer is primarily designed to help you share information with others, optionally based on your location. You can opt-out of your location-based services by changing your device settings.
If you choose to enable location-based services, combyne may collect your location based on the information you provide or available from your mobile device, including, if available, GPS or mobile phone mast information. If you choose to disable location-based services, you may not be able to use certain features of the services.
Our collection of the above-mentioned personal information falls under the legal basis stated in the GDPR directive 6.1)f. Our legitimate interest in collecting location information is the optimization of our services.

5.3 Cookies

We use only cookies on our web-app, if you choose to connect through your browser. We do not implement cookies in the mobile version of the app. If you log in through your browser, we can send one or more cookies – small information units containing a string of alphanumeric characters – to your mobile device. combyne may use both session cookies and persistent cookies. A session cookie disappears after closing the app. A persistent cookie remains after closing the app and can be used by the app for subsequent visits to the site, thus allowing us to recognize you during a later visit to our app. We may also use the Unique Device Identifier or other device information that uniquely identifies individual smartphones or mobile devices (collectively, “Device ID”), if any, to authenticate the user session or send notifications. This device ID works similarly to a cookie to enable authentication of the user without a password. You can opt-out from receiving cookies by disabling them on your device. Our collection of the above-mentioned personal information falls under the legal basis stated in the GDPR directive 6.1)f. Our legitimate interest for the use of cookies is the optimization of our services and marketing strategies.

5.4 Automatically Collected Information

If you make use of the offer, we may automatically record certain information from your web browser and/or app by using various technologies, including standard log files, “clear gifs” or “web beacons”. This automatically collected information may include:

your Internet Protocol address;
your device model and/or type;
your web browser (only applicable for web-app);
the content you see on the listing;
the time you have spent in the listing;
The dates and times when you visit the listing;

Our collection of the above-mentioned personal information falls under the legal basis stated in the GDPR directive 6.1)f. Our legitimate interest for the use of cookies is the optimization of our services and marketing strategies.

5.6 App Metrics

We use analysis technologies “Google Analytics” and “Crashlytics”, both offers from Google LLC. (hereinafter “Google”) and “Branch. io”, an offer from Branch Metrics, Inc. (hereinafter “Branch”). As soon as you open the combyne app, Google and Branch collect usage and event data. We use this anonymous information to understand how our users interact with the app and to analyze mobile advertising campaigns. Google and Branch use anonymous IDFA or Android IDs and anonymized IP and MAC addresses for such analysis.
The IP addresses provided by Google Analytics and Crashlytics will not be merged with other Google data. Both Google LLC and Brand.io are companies certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.
Our usage of Google LLC. services and Branch.io falls under the legal basis stated in the GDPR directive, article 6.1)b and 6.1)f. Our legitimate interest in processing information is the optimization and promotion of our products and services.

6. Third Parties and International Data Transfers

In principle, combyne does not rent or share your personal data to third parties or transfers data outside the European Union.
To the extent permitted by law, combyne may commission other companies to perform various tasks, such as supporting promotions or technical services for the app. Personal data can be made available to these external service providers as far as this is necessary for the fulfilment of the respective tasks. A detailed account of these processes can be found below.
combyne reserves the right to use or disclose information to the extent necessary to comply with laws, regulations or regulatory requirements, in particular to protect the integrity of the app and to assist law enforcement and public safety investigations.

6.1 Marketing Purposes

Among other services, combyne provides a free newsletter service. The newsletter contains information about new products and general information about the combyne app. To receive the newsletter, you are required to enter your email address in the app or on the website. You can unsubscribe at any time via the link in any newsletter or on our website.
We use different processors in order to accomplish various marketing purposes. As mentioned before, we will process only your e-mail address in order to promote offers, campaigns and our products in general. Our contractual partnerships with specific processors fall under the legal basis stated in the GDPR directive, article 6.1)b and 6.1)f. Our legitimate interest in conducting such contractual partnerships is the optimization and promotion of our products and services through social media marketing or other marketing strategies. combyne engages with the following processors in conducting these activities:
Facebook Ads – Facebook Ads are served to Facebook users based on location, demographic and profile information. Our contractual relationship with Facebook Inc. and its affiliates consists of the provision of the following services: social media marketing; event marketing; prospecting and lead generation. For further information, please consult Facebook, Inc. Privacy Policy: https://www.facebook.com/full_data_use_policy
Mailchimp – Mailchimp is a marketing automation platform that assists businesses in sharing e-mails, ads and other messages with targeted audiences. Our contractual relationship with Mailchimp consists of the provision of the following service: e-mail marketing. For further information, please consult Mailchimp Privacy Policy: https://mailchimp.com/legal/privacy/

Both Facebook, Inc. and Mailchimp are companies certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Agreements.

6.2 Push Technologies

A push notification is the delivery of information from a server to a computing device, without a specific request from the receiver. The app uses push notifications only with your permission, and only to keep you informed of the latest news and updates on our products. You can disable push notifications at any time using Device or App settings. In order to send out notifications we use the services of OneSignal., a US-based company, in this case the data processor. We do not share or transfer any of your personal information with OneSignal. Push notifications are sent using device identification data For more information on how OneSignal processed personal data please read their Privacy Policy here: https://onesignal.com/privacy_policy.
Our implementation of push technologies falls under the legal basis stated in the GDPR directive, article 6.1)f. Our legitimate interest in processing information is the optimization of our product and services.

6.3 Statistical evaluation

When you access the combyne app, statistical data is collected that is not linked to your person. This data collection serves to improve the data quality and to provide you as a user with the most comprehensive functionality and experience possible.
Our implementation if statistical evaluations falls under the legal basis stated in the GDPR directive, article 6.1)f. Our legitimate interest in processing information is the optimization of our product and services.
By using the combyne app, you declare your consent to the data being processed by third parties for the above-mentioned purposes.

7. Your rights as a combyne user

7.1 The right to be informed

We will keep you constantly informed about possible modifications and the implications that they might have on you and your privacy. If you feel the need to contact us about the terms within this privacy policy, please contact us at privacy@combyne.com.

7.2 The right of access

While using combyne and combyne’s services you have the right to know and understand how combyne processes your personal information.

7.3 The right of rectification

In cases of inaccuracy or incompleteness, you have the right to modify any personal information related to you while using combyne.

7.4 The right to erasure, restriction and portability

While using combyne, you have the right to request partial or absolute deletion or removal of your personal data at any given point in time. You have the right to block or suppress at any given time the processing of your personal data that is executed or stored at combyne. You are also entitled to retain and reuse your personal data processed and stored at combyne for your own purposes.

7.5 Complaints

You have the right to complain about the improper processing of your personal data by combyne to the supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Postfach 606
91511 Ansbach
Germany
Tel.: +49 (0) 981 53 1300

8. Security

8.1 Safeguarding your Information

In order to protect you and your personal information, combyne has implemented appropriate security measures as to avoid any loss, misuse, unauthorized action, disclosure or destruction of personal information.
Since we ask you for a unique username and password in order to access our services, we advise you to keep this information secure and refrain from disclosing it to third parties.

8.2 Database Security

We consider all personal information to be highly sensitive and we are constantly striving to improve our security systems. Our internal database is supported by ObjectLabs Corporation’s (mLab) services and runs on Amazon Web Service’s (AWS) cloud platform. In order to protect our database, we have installed a fully personalized security infrastructure that includes custom firewalls, data disk encryption and high level web portal security. This means that information is passed through a secure connection and your account information cannot be read by third parties. Only authorized and trained members of the combyne team have direct access to user data. If you have any questions regarding security measures at combyne, you can write us an e-mail at privacy@combyne.com.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

8.3 Data Centers

Primary user account information is hosted on mLab’s AWS supported cloud platform. The information is stored in secure physical servers in Ireland, operated by AWS. Image Files are stored on the AWS S3 platform, also located in Ireland. For more information on AWS security you can access Amazon’s Security Whitepaper through this link: (https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf).

8.4 Notice of Breach of Security

In accordance with the GDPR directive, article 33.1), in the unlikely case of a personal data breach, combyne is required to notify the personal data breach to the competent supervisory authority no later than 72 hours, where feasible, after having become aware of it. Simultaneously, in accordance with the GDPR directive, article 34.1), if the data breach is likely to produce critical damage to your rights and freedoms, combyne is required to communicate the data breach to you, without delay.

9. Data retention

During our annual internal database review we are screening through our user accounts and erase all personal information belonging to those that are inactive. Therefore, if you delete your account, we will also delete all personal data from your account, no later than 6 months after deletion. Under these circumstances, we are obliged to inform all contractual processors that:

a) you have withdrawn from our services and
b) request complete deletion of any personal information related to you;

If data needs to be stored for legal reasons, it is protected. The data is then no longer available for further use. We might also keep activity data (information that cannot be attached to you individually) for statistical purposes. Data that you have publicly shared with others remains available because it belongs to a third-party account or is on a public platform, independent from combyne.
If you voluntarily choose to erase your personal data and delete your combyne account, you can do so by selecting the “Settings” option in your account and choose the “Delete account” option.

10. Questions to our Data Protection Officer

If you have any questions about data protection, you can also contact our Data Protection Officer directly:

Miguel Serrano
combyne GmbH
Balanstr. 73
Retailtech Hub, Haus 19 A
81541 Munich, Germany
privacy@combyne.com
+498995457590