As of July 2018
Retailtech Hub, Haus 19 A
81541 Munich, Germany
+49 89 9545759-0
combyne GmbH (hereinafter referred to as “combyne”) takes the protection of your privacy very seriously, therefore we are constantly striving to comply with existing national and international privacy regulations. Should we ask you to provide information by which you can be identified when using this app, then you can be assured that it will be used in accordance to this privacy statement.
The collection and use of your personal data is carried out exclusively in accordance with the legal provisions of the applicable data protection law. With this data protection declaration, combyne provides information on the type, scope and purpose of the collection and use of personal data. This privacy statement can be viewed at any time in the combyne app.
combyne processes personal data as a Data Controller as defined by art. 4 in the General Data Protection Regulation (GDPR):
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;(GDPR, art. 4, §7)
The legal amendment under which combyne is regarded as provider is the German Federal Data Protection Act (hereinafter “BDSG”), devised under the authority of the German Ministry of Interior and in effect as of 25th of May 2018.
combyne collects personal data only insofar as you provide it to us voluntarily and insofar as this is permitted by law or with your written consent. As a rule, this information is not used to draw any conclusions about you and is collected and stored with the purpose of improving the general service and to adapt to our users’ preferences and needs.
Personal data are all information about personal or factual characteristics of a certain or identifiable natural person in the sense of § 3 Abs. 1 BDSG. This includes information such as name, address, e-mail address, telephone number and, if applicable, user data.
If you choose to access and use combyne products, you need to register to our services by providing the following information:
If you choose to sign in by choosing one of the social platforms available the following data will be automatically registered:
Facebook – Facebook ID; Full Name; E-mail Address; Profile Picture
Instagram – Instagram ID; User Name; Profile Picture
Twitter – Twitter ID; User Name; Profile Picture
Google – E-mail Address; Full Name
If you choose to sign in using your own personal e-mail address: E-mail Address and Full Name;
Profile Photo (optional)
This information is necessary to ensure that you can use all the services offered in a safely manner. At the same time, we need this information in order to be able to efficiently react to your wishes, questions, issues and criticism. All the above information (account information) is provided by you exclusively on a voluntary basis, under your personal consent. We process this data to enable a secure, effective and user-relevant use of the combyne app, e. g. for
Internet-based retrieval of content;
Anonymous statistical analysis for studies;
The possibility of using the invitation function to further recommend the product to your friends and acquaintances (e-mail address);
Sharing content on other social networks;
For more information about the purpose and scope of data collection, the further processing and use of the data, as well as your rights and options for privacy protection, please refer to the data protection regulations of:
With the exception of Profile Photos, all data is stored on Amazon Web Services (AWS) cloud platform, operated by ObjectLabs Corporation (mLab) and located in Ireland. Images are stored on AWS’s S3 platform, also located in Ireland. We have implemented appropriate security measures in order to protect our database, including custom firewalls, data disk encryption and high level web portal security. Data is not transferred outside of the European Union. You can find more information about our data security methods later in this paper (section 8.). Our collection of the account information falls under the legal basis stated in the GDPR directive, article 6.1)f. Our legitimate interest in processing account data is to fulfill our contractual obligation towards our users, efficiently operate the product and maintain network and information security.
The offer is primarily designed to help you share information with others, optionally based on your location. You can opt-out of your location-based services by changing your device settings.
If you choose to enable location-based services, combyne may collect your location based on the information you provide or available from your mobile device, including, if available, GPS or mobile phone mast information. If you choose to disable location-based services, you may not be able to use certain features of the services.
Our collection of the above-mentioned personal information falls under the legal basis stated in the GDPR directive 6.1)f. Our legitimate interest in collecting location information is the optimization of our services.
If you make use of the offer, we may automatically record certain information from your web browser and/or app by using various technologies, including standard log files, “clear gifs” or “web beacons”. This automatically collected information may include:
your Internet Protocol address;
your device model and/or type;
your web browser (only applicable for web-app);
the content you see on the listing;
the time you have spent in the listing;
The dates and times when you visit the listing;
We use analysis technologies “Google Analytics” and “Crashlytics”, both offers from Google LLC. (hereinafter “Google”) and “Branch. io”, an offer from Branch Metrics, Inc. (hereinafter “Branch”). As soon as you open the combyne app, Google and Branch collect usage and event data. We use this anonymous information to understand how our users interact with the app and to analyze mobile advertising campaigns. Google and Branch use anonymous IDFA or Android IDs and anonymized IP and MAC addresses for such analysis.
The IP addresses provided by Google Analytics and Crashlytics will not be merged with other Google data. Both Google LLC and Brand.io are companies certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.
Our usage of Google LLC. services and Branch.io falls under the legal basis stated in the GDPR directive, article 6.1)b and 6.1)f. Our legitimate interest in processing information is the optimization and promotion of our products and services.
In principle, combyne does not rent or share your personal data to third parties or transfers data outside the European Union.
To the extent permitted by law, combyne may commission other companies to perform various tasks, such as supporting promotions or technical services for the app. Personal data can be made available to these external service providers as far as this is necessary for the fulfilment of the respective tasks. A detailed account of these processes can be found below.
combyne reserves the right to use or disclose information to the extent necessary to comply with laws, regulations or regulatory requirements, in particular to protect the integrity of the app and to assist law enforcement and public safety investigations.
Among other services, combyne provides a free newsletter service. The newsletter contains information about new products and general information about the combyne app. To receive the newsletter, you are required to enter your email address in the app or on the website. You can unsubscribe at any time via the link in any newsletter or on our website.
We use different processors in order to accomplish various marketing purposes. As mentioned before, we will process only your e-mail address in order to promote offers, campaigns and our products in general. Our contractual partnerships with specific processors fall under the legal basis stated in the GDPR directive, article 6.1)b and 6.1)f. Our legitimate interest in conducting such contractual partnerships is the optimization and promotion of our products and services through social media marketing or other marketing strategies. combyne engages with the following processors in conducting these activities:
Both Facebook, Inc. and Mailchimp are companies certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Agreements.
Our implementation of push technologies falls under the legal basis stated in the GDPR directive, article 6.1)f. Our legitimate interest in processing information is the optimization of our product and services.
When you access the combyne app, statistical data is collected that is not linked to your person. This data collection serves to improve the data quality and to provide you as a user with the most comprehensive functionality and experience possible.
Our implementation if statistical evaluations falls under the legal basis stated in the GDPR directive, article 6.1)f. Our legitimate interest in processing information is the optimization of our product and services.
By using the combyne app, you declare your consent to the data being processed by third parties for the above-mentioned purposes.
While using combyne and combyne’s services you have the right to know and understand how combyne processes your personal information.
In cases of inaccuracy or incompleteness, you have the right to modify any personal information related to you while using combyne.
While using combyne, you have the right to request partial or absolute deletion or removal of your personal data at any given point in time. You have the right to block or suppress at any given time the processing of your personal data that is executed or stored at combyne. You are also entitled to retain and reuse your personal data processed and stored at combyne for your own purposes.
You have the right to complain about the improper processing of your personal data by combyne to the supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Tel.: +49 (0) 981 53 1300
In order to protect you and your personal information, combyne has implemented appropriate security measures as to avoid any loss, misuse, unauthorized action, disclosure or destruction of personal information.
Since we ask you for a unique username and password in order to access our services, we advise you to keep this information secure and refrain from disclosing it to third parties.
We consider all personal information to be highly sensitive and we are constantly striving to improve our security systems. Our internal database is supported by ObjectLabs Corporation’s (mLab) services and runs on Amazon Web Service’s (AWS) cloud platform. In order to protect our database, we have installed a fully personalized security infrastructure that includes custom firewalls, data disk encryption and high level web portal security. This means that information is passed through a secure connection and your account information cannot be read by third parties. Only authorized and trained members of the combyne team have direct access to user data. If you have any questions regarding security measures at combyne, you can write us an e-mail at firstname.lastname@example.org.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Primary user account information is hosted on mLab’s AWS supported cloud platform. The information is stored in secure physical servers in Ireland, operated by AWS. Image Files are stored on the AWS S3 platform, also located in Ireland. For more information on AWS security you can access Amazon’s Security Whitepaper through this link: (https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf).
In accordance with the GDPR directive, article 33.1), in the unlikely case of a personal data breach, combyne is required to notify the personal data breach to the competent supervisory authority no later than 72 hours, where feasible, after having become aware of it. Simultaneously, in accordance with the GDPR directive, article 34.1), if the data breach is likely to produce critical damage to your rights and freedoms, combyne is required to communicate the data breach to you, without delay.
During our annual internal database review we are screening through our user accounts and erase all personal information belonging to those that are inactive. Therefore, if you delete your account, we will also delete all personal data from your account, no later than 6 months after deletion. Under these circumstances, we are obliged to inform all contractual processors that:
a) you have withdrawn from our services and
b) request complete deletion of any personal information related to you;
If data needs to be stored for legal reasons, it is protected. The data is then no longer available for further use. We might also keep activity data (information that cannot be attached to you individually) for statistical purposes. Data that you have publicly shared with others remains available because it belongs to a third-party account or is on a public platform, independent from combyne.
If you voluntarily choose to erase your personal data and delete your combyne account, you can do so by selecting the “Settings” option in your account and choose the “Delete account” option.
If you have any questions about data protection, you can also contact our Data Protection Officer directly:
Retailtech Hub, Haus 19 A
81541 Munich, Germany