This privacy statement applies to the mobile app Jodel (the “App”) and Jodel websites that can be visited through the App (the “Website”). Both together are referred to as “Services”.
With regard to the Services, Jodel is the data controller in terms of the General Data Protection Regulation (“GDPR”).
The Jodel Venture GmbH
10963 Berlin Germany
Telephone: 0157- 322 687 22
This privacy statement provides information about how we collect and process personal data in connection with our Services.
2. Data that we collect and process
a. If you register or login to Jodel we use your Google account. We use your Google access data (First and last name, mail address & user image URL) to create and let you manage your account on Jodel. If you don’t give us access to your Google account you are not able to create a Jodel account.
b. Your data from your Google account is getting processed through Google Firebase. We assign a random user number to your account and transfer it to Jodel to be able to identify you.This random user number enables us to assign the Jodel activities (posts, replies, karma, etc.) initiated by this device to an account. The user number does not allow for any conclusion to be drawn about your identity or other personal data. The processed data from your Google account will be only used in case of legal necessity (e.g. Criminal prosecution). More information about the use of Google Firebase can be found further down.
c. We assign the following data to the user number and store them:
Data about the language in which you use the App;
Your interaction with the App, such as:
Your comments on other users’ posts;
Your answers to surveys;
Technical data transmitted by your mobile device, such as:
Your IP address;
The time periods in which you use the App;
The date of registration of your account;
The operating system of your device;
The type of device used by you;
Other data, if you actively provide us with such data in the App, such as profession, gender, age and possibly university, unless you contact us to delete this data;
Data on the approximate location where the accuracy varies with the location service used by Apple and Google (Wlan, GPS, radio cell). Apple and Google will optimize themselves which approach will yield the best results in a given situation for the user with the least strain on the battery life. Jodel has no influence over this process.
Contact details (e-mail address and country of residence) when you contact us.
d. We also process data on the frequency of use and user behaviour in the App for the purpose of operating the App as well as statistical evaluation and improvement of the App.
3. How and for what purpose we process data, and the legal basis of such processing
a. Except in the cases mentioned below, we will only disclose personal data if and to the extent that we are required to do so by law or by court or administrative order. The legal basis for this is Art. 6 (1) lit. c GDPR (legal obligation).
b. For the registration to Jodel and for the generation of your random user number we use the data which we received from Google through your registration with your Google account to Jodel (First and last name, mail address & user image URL). In addition we use here Google Firebase to generate user numbers. This relies on the pre-contractual or. contractual measures between you and Jodel according to Art. 6 (1) lit. a GDPR.
d. We process the above-mentioned data for the following purposes and in the following ways:
Language of App use: To make the App and its contents available in your preferred language; legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures);
Jodel, comments, answers to surveys: On the operation of the App, in particular on the presentation of the contents generated by you in the App; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures);
Technical data: To distinguish actual App users from bots, to prevent misuse and to block illegal content reported by other users; in anonymous form also for the purpose of statistical analysis; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures) and Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in being able to distinguish users from bots, prevent misuse and block illegal content);
Other data: To personalise the user experience in relation to the App and to provide information tailored to your profession, gender, age or university; we may also use information about your age to check whether you are old enough to use the App; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures) and Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in using and analysing the relevant data to improve the App, for example to better understand your interests, to help you personalise your user experience or to offer you functions specific to your demographic target group);
Location data: To provide localised and location-based information in the App and thus ensure the full functionality of the App; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures) and Art. 6 (1) lit. a GDPR (your consent);
Contact details: To reply to your request and to verify the facts in light of the rules and circumstances applicable in your country; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures) and Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in us replying to your requests);
e. We may share data (such as information about posts and activity data) in anonymous form with universities, research institutions or companies to analyse usage patterns and to help us classify content created by our users or to evaluate a potential collaboration with these organisations. Insofar as personal data are affected in individual cases, the legal basis is Art. 6 (1) lit. f GDPR (legitimate interests; this analysis helps us to understand the user base and their preferences and, based on this, to improve and broaden what we offer).
4. Use of analysis, advertising and other third-party tools
a. We use the IDFA (for iOS devices) and AAID (for Android devices) advertising identifiers (collectively the “Advertising Identifiers”). These Advertising Identifiers are non-personal, non-permanent identifiers on the mobile device. We do not combine these Advertising Identifiers with any other information relating to the device or the user’s personal data. The Advertising Identifiers collect the user number and enable us to obtain information about which route you used to connect with Jodel.
We may share such data with so-called advertising networks in order to provide you with advertising in the App that is more relevant / specific to you. We are currently only making use of this option in Saudi Arabia.
You can disable access to the Advertising Identifiers in your device’s settings by turning off ad tracking on iOS (under “Settings/Privacy/Advertising”) or resetting the AAID to Android (under “Settings/Advertising”). You can also disable the above tracking features in the “My Profile” section of the App.
The legal basis for the use of Advertising Identifiers is Art. 6 (1) lit. f GDPR (legitimate interests; we have a legitimate interest in being able to offer specific advertising).
b. We also analyze data of usage to better understand user preferences through user actions. Next to our own analytics we also use the following tools:
aa. Google Analytics
We added IP-anonymization to Google Analytics on our website. This means that we are using available IP masking procedures (i.e., anonymization by shortening the IP address) to protect our users.
We use the tool branch.io of Branch Metrics, Inc. 1400 Seaport Blvd, Building B, 2nd Floor, Redwood City, CA 94063, USA (“Branch Metrics”) with regard to the App. branch.io is a real-time database, which we are using for real-time data exchange and data storage. branch.io also allows for analyzing anonymized behavioral data, in particular the analyzing of active users and activity events (e.g. posts, replies, votes). We also use branch.io to analyse more complex use cases of the app which we otherwise would not be able to understand (connection between sharing content and engagement, what is the source of users registering into the app) so that we can further optimise the app and identify real users and bots. Certain (anonymized) user data might be sent to Branch Metrics. For further information regarding branch.io please refer to https://branch.io/policies/#privacy. To our best knowledge Branch Metrics complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Branch Metrics has certified that it adheres to the relevant Privacy Shield Principles. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme.
cc. Google Ad Manager
We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place ads with us. The Google Marketing Platform is characterised by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to better target ads for and within our online offerings in order to show users only ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called “remarketing”. For this purpose, so-called user profiles are created, by means of which the user information relevant to the display of the aforementioned content is stored. This information may include, for example, the content viewed, websites visited, online networks used, but also communication partners and technical details such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this data may also be processed.
The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., anonymization by shortening the IP address) to protect the users.
If we ask the users for their consent to the use of third party providers, the legal basis for the processing of data is the consent.in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Otherwise, user data will be processed on the basis of our legitimate interest in an interest-based and behaviour-related data processing pursuant to Art. 6 para. 1 sentence 1 lit. f. GDPR are processed.
We use the Google Firebase developer platform and related features and services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Firebase is a platform for developers of applications (“Apps”) for mobile devices and websites. Google Firebase offers a variety of features, which are described on the following overview page: https://firebase.google.com/products/.
These features include, but are not limited to, the storage of Apps, including personal information about the users of the Apps, such as content created by them or information regarding their interaction with the Apps (so-called “cloud computing”). Google Firebase also offers interfaces that allow interaction between users of the App and other services, e.g. authentication via services such as Facebook, Twitter or via an email/password combination.
The evaluation of user interactions and the performance of the App is carried out with the help of the analysis services “Crashlytics” and “Google Analytics”. Google Firebase is designed to record how users interact with an App. This involves recording events such as opening the App for the first time, uninstalling, updating, crashing or the frequency of use of the App. The events can also be used to record other user interests, e.g. for certain functions of the applications or certain topics. In this way, user profiles can also be created, which can be used, for example, as a basis for the presentation of advertising messages tailored to users.
Google Firebase and the users’ personal data processed by Google Firebase may also be used together with other Google services, such as Google marketing services (in which case device-related information such as “Android Advertising ID” and “Advertising Identifier for iOS” are also processed to identify users’ mobile devices).
We use Google Firebase for:
Providing and managing your user account on Jodel. This is also our legitimate interest pursuant to Art. 6 para. 1 lit. b GDPR.
Analysis, optimization, security and economic operation of our application. This is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
In case you gave your consent pursuant to Art. 6 para. 1 lit. a GDPR data on this website is processed for the purpose of website analysis.
If users wish to opt-out of interest-based advertising through Google’s marketing services, they may do so by using the opt-out and opt-in facilities provided by Google: http://www.google.com/ads/preferences.
ee. If you decide to deactivate (some of) the tools described in this section 3.b (to the extent this is possible), please note that certain features and functionalities of the Services might not work or might not be accessible to you.
c. The legal basis for the processing of the data described in section 3a (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we can only offer the App to users for free if we are in a position to efficiently display relevant advertisements in the app). The legal basis for the processing of the data described in the section 3b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we use and analyze the respective data (i) to improve our Services, such as by gaining a better understanding of your interests and requirements regarding our Services, (ii) to help personalize your user experience, (iii) to recognize user patterns in order to protect the App against bots, abusive members and abusive content, and (iv) to provide you with certain features of the Services (without us using such data some of the functionalities of the Services might not work or might not be accessible (this applies, in particular, to the tools mentioned above in sections 3.b, aa, bb, cc, dd; with regard to item (iv) such processing of data is also based on Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures)).
5. Contact form via Zendesk
If you write to us via the contact form, your details from the enquiry form or your e-mail will be stored by us for the purpose of processing the enquiry and in case you have follow-up questions. An e-mail address is required for contact purposes. Under no circumstances will we share these data without your consent. The legal basis for processing the data is our legitimate interest in replying to your request. We use the Zendesk tool to reply to your request. Zendesk processes your data on our behalf only. Your data will be deleted after the final processing of your request, unless there are legal obligations to keep records. You can object to the processing of your personal data at any time in accordance with Art. 6 (1) lit. f GDPR.
6. Technical implementation of third-party software
In some cases we use service providers who process personal data on our behalf to provide the technical platform for the Services. These service providers process corresponding data exclusively according to our specifications (order processing). The legal basis for data processing described in this section 4 is Art. 6 (1) lit. b GDPR (lawfulness of processing) and Art. 28 GDPR (processor).
7. Storage period for personal data
Unless a shorter storage period is specified in this privacy statement, we will store personal data for as long as (i) it is necessary to provide the Services to you; and/or (ii) it is necessary in view of the contractual relationship with you. Thereafter, the data will only be stored if and to the extent that we are obliged to do so by law. If we no longer need the relevant personal data for the purposes described above, these personal data will only be stored for the duration of the respective statutory retention obligations and will not be processed for other purposes.
8. Your rights
You have the following rights regarding your personal data:
Right to receive information
You have the right to receive information from us about which of your personal data we process.
Right to have data corrected
You have the right to ask us to correct any incorrect information or to complete any incomplete information, if the data concerning you is incorrect or incomplete.
Right to have data erased
You have the right to have your personal data erased under Art. 17 GDPR. According to this provision, your right to have your data erased may be excluded due to a conflicting interest.
Right to limit the processing of data
You have the right to have the processing of personal data concerning you limited under Art. 18 GDPR.
Right to object to the processing of data
You have the right to object to the processing of data concerning you at any time for reasons arising from your particular situation. Please also see the “Right to object” section in this statement.
Right to revoke consent
You have the right to revoke your consent to the processing of your personal data at any time. Please also see the “Revocation of consent” section in this statement.
Right to data transmission
Under Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, standard and machine-readable format, and you have the right to transfer this data to another data controller without our objection.
Right to complain to a data protection regulatory authority
You have the right to complain to a regulatory authority, in particular in the Member State in which you are resident, in which your place of employment is located or in which the alleged violation occurred, if you are of the view that the processing of personal data concerning you does not comply with the GDPR.
Right to object
Where personal data are processed for the purpose of advertising or data analysis, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling, insofar as it is linked to such direct marketing. If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes.
You have the right to object at any time, on the grounds relating to your particular situation, to the processing of personal data concerning you, where such processing is carried out in the public interest or due to the balancing of interests, including profiling based on these provisions. We will no longer process the personal data, unless we can demonstrate compelling legitimate reasons for such processing which outweigh your interests, rights and liberties, or unless such processing serves to assert, exercise or defend legal claims.
You can exercise the right to object at any time by contacting us at the above-mentioned contact details or via the App.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for purposes of scientific or historical research or for statistical purposes, except where such processing is necessary for the performance of a task carried out in the public interest.
9. Contact; data protection officer
You can contact us at the e-mail address firstname.lastname@example.org stated in section 1 above and/or via the contact form in the App or on our website.
For all questions regarding data protection at Jodel you can contact Jodel’s data protection officer directly. The contact details of the data protection officer are as follows:
Datenschutzbeauftragter, The Jodel Venture GmbH, Wilhelmstraße 118, 10963 Berlin
10. Protection of personal data
We attach great importance to the protection of all personal data related to the App or its use. We have security measures in place for protection against the loss, misuse and alteration of the data we store. Our security measures and privacy statement are regularly reviewed and, where appropriate, updated and improved. Only authorised employees have access to personal data.
We have taken additional, extensive precautions regarding the App and its use. Regardless of these precautions, the user should be aware that, regardless of any security measures, the exchange of information via the Internet can never be completely secure. We cannot guarantee the security of data transmitted via the App while it is being transmitted over the Internet.
11. Transparency report
Here, you can find our transparency report (only in German), which we prepared in order to show you how our moderating system works and how our cooperation with authorities works, what the most important challenges of the last months have been and what we plan for the future.
Ever since Jodel was founded, we have always had the utmost respect for our users’ privacy while guaranteeing the right to free, uncensored expression. In addition, we have worked in the last few weeks to ensure that our internal procedures and processes comply with the GDPR. Hence, you can rest assured that this issue is particularly close to our hearts!