This privacy statement applies to the mobile app Jodel (the “App”) and Jodel websites that can be visited through the App (the “Website”). Both together are referred to as “Services”.
1) General
Regarding the Services, Jodel is the data controller in terms of the General Data Protection Regulation (“GDPR”).
The Jodel Venture GmbH
Wilhelmstraße 118
10963 Berlin Germany
Phone: (+49) 017646648921
This privacy statement provides information about how we collect and process personal data in connection with our Services.
2) Access to and storage of information in terminal equipment
By using our app, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.
In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our app), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.
3) Data that we collect and process
a. In general, you can use the Services without providing any personal information such as e.g. your name, email address, postal address, telephone number, financial information (all such information concerning the personal or material circumstances of an identified or identifiable individual data subject together “Personal Data”). Therefore, unless otherwise provided for in this privacy policy if you do not provide us directly with Personal Data in another way or actively consent to the Use by us of certain Personal Data, we do not Use your Personal Data.
b. In connection with the use of the App a random user number (hash value) is generated for you that allows us to allocate your Jodel activities (posts, replies, karma, etc.) to an account. The use of such number is required for the registration of your account (as without such value we cannot connect your activities within the App to your account and therefore a use of the App would not be possible). We cannot relate this number or the account to your name or other personal information of you. Furthermore, we also store data on the language in which you use the App in order to to provide to you the App and respective content in your preferred language.
c. We assign the following data to the user number and store them:
- Data about the language in which you use the App;
- Your interaction with the App, such as:
– Your Jodel;
– Your comments on other users’ posts;
– Your answers to surveys; - Technical data transmitted by your mobile device, such as:
– Your IP address;
– The time periods in which you use the App;
– The date of registration of your account;
– The operating system of your device;
– The type of device used by you; - Other data, if you actively provide us with such data in the App, such as profession, gender, age and possibly university, unless you contact us to delete this data;
- Data on the approximate location where the accuracy varies with the location service used by Apple and Google (Wlan, GPS, radio cell). Apple and Google will optimize themselves which approach will yield the best results in a given situation for the user with the least strain on the battery life. Jodel has no influence over this process.
- Your “Hometown” as well as your “University” as an additional location if you’ve selected those. This location is just a specification by the user and not the current location of the user. The current location is not used for the Hometown or University feature.
- Contact details (e-mail address and country of residence) when you contact us.
d. We also process data on the frequency of use and user behavior in the App for the purpose of operating the App as well as statistical evaluation and improvement of the App.
4. How and for what purpose we process data, and the legal basis of such processing
a. Except in the cases mentioned below, we will only disclose personal data if and to the extent that we are required to do so by law or by court or administrative order. The legal basis for this is Art. 6 (1) lit. c GDPR (legal obligation).
b. For the registration to Jodel and for the generation of your random user number we use the data which we received from Google through your registration to Jodel. This relies on the pre-contractual or contractual measures between you and Jodel according to Art. 6 (1) lit. b GDPR.
c. We use your user number to connect activities in the App with your account and, thus, to enable the operation of the App, as well as for identification purposes if you assert the data protection rights to which you are entitled. To make Jodel a safe place, we take violations of the Jodel terms of use very seriously. We store unique identifier of blocked users for a period of 18 months to ensure that these blocked users cannot open a new account on their respective mobile device. The legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interests; the legitimate interest in using these data results from the fact that access to the App is not possible without these data).
d. We process the above-mentioned data for the following purposes and in the following ways:
-
- Language of App use: To make the App and its contents available in your preferred language; legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interest; user should be shown the app in his native language in order to be able to understand the content);
- Jodel, comments, answers to surveys: On the operation of the App, in particular on the presentation of the contents generated by you in the App; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures);
- Technical data: To distinguish actual App users from bots, to prevent misuse and to block illegal content reported by other users; in anonymous form also for the purpose of statistical analysis; the legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in being able to distinguish users from bots, prevent misuse and block illegal content);
- Other data: To personalize the user experience in relation to the App and to provide information tailored to your profession, gender, age or university; we may also use information about your age to check whether you are old enough to use the App; the legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in using and analyzing the relevant data to improve the App, for example to better understand your interests, to help you your user experience or to offer you functions specific to your demographic target group);
- Location data (your current location as well as your “Hometown” and “University” specifications): To provide localized and location-based information in the App and thus ensure the full functionality of the App; the legal basis for such processing is Art. 6 (1) lit. b GDPR (performance of a contract and pre-contractual measures) and Art. 6 (1) lit. a GDPR (your consent or voluntary information);
- Contact details: To reply to your request and to verify the facts in light of the rules and circumstances applicable in your country; the legal basis for such processing is Art. 6 (1) lit. f GDPR (legitimate interests; legitimate interest in us replying to your requests);
5) Use of analysis, advertising, and other third-party tools
a. We use the IDFA (for iOS devices) and AAID (for Android devices) advertising identifiers (collectively the “Advertising Identifiers”). These Advertising Identifiers are non-personal, non-permanent identifiers on the mobile device. We do not combine these Advertising Identifiers with any other information relating to the device or the user’s personal data. The Advertising Identifiers collect the user number and enable us to obtain information about which route you used to connect with Jodel.
We may share such data with so-called advertising networks in order to provide you with advertising in the App that is more relevant / specific to you.
You can disable access to the Advertising Identifiers in your device’s settings by turning off ad tracking on iOS (under “Settings/Privacy/Advertising”) or resetting the AAID to Android (under “Settings/Advertising”). You can also disable the above tracking features in the “My Profile” section of the App.
The legal basis for the use of Advertising Identifiers is Art. 6 (1) lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we can only offer the App to users for free if we are able to efficiently display relevant advertisements in the app).
b. We also analyze data of usage to better understand user preferences through user actions. Next to our own analytics we also use the following tools:
aa. Google Analytics
Within our app, you may be redirected to our website. In this case we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States. Google will use this information on behalf of the operator of the Website for the purpose of evaluating your use of the Website, compiling reports on Website activity, and providing other services for the Website operator relating to Website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use all functions of the Website. You can also opt-out from the storage by Google of the data that is created by the cookie and is related to the use of the Website (including your IP address) and the processing of such data by Google by downloading and installing the Google Analytics opt-out Browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=en. For further information on Google Analytics please refer to: http://www.google.com/analytics/terms/gb.html, https://support.google.com/analytics/answer/6004245?hl=en,http://www.google.de/intl/en-GB/policies/privacy/.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.
bb. Branch.io
We use the tool branch.io of Branch Metrics, Inc. 1400 Seaport Blvd, Building B, 2nd Floor, Redwood City, CA 94063, USA (“Branch Metrics”) regarding the App. branch.io is a real-time database, which we are using for real-time data exchange and data storage. branch.io also allows for analyzing anonymized behavioral data, in particular the analyzing of active users and activity events (e.g. posts, replies, votes). We also use branch.io to analyze more complex use cases of the app which we otherwise would not be able to understand (connection between sharing content and engagement, what is the source of users registering into the app) so that we can further optimize the app and identify real users and bots. Certain (anonymized) user data might be sent to Branch Metrics. For further information regarding branch.io please refer to https://branch.io/policies/#privacy.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.
cc. Google Ad Manager
We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place ads with us. The Google Marketing Platform is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to better target ads for and within our online offerings to show users only ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called “remarketing”. For this purpose, so-called user profiles are created, by means of which the user information relevant to the display of the before mentioned content is stored. This information may include, for example, the content viewed, websites visited, online networks used, but also communication partners and technical details such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this data may also be processed.
The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., anonymization by shortening the IP address) to protect the users.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the U.S.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy.
ee. Google Firebase
We use the Google Firebase developer platform and related features and services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Firebase is a platform for developers of applications (“Apps”) for mobile devices and websites. Google Firebase offers a variety of features, which are described on the following overview page: https://firebase.google.com/products/.
These features include, but are not limited to, the storage of Apps, including personal information about the users of the Apps, such as content created by them or information regarding their interaction with the Apps (so-called “cloud computing”). Google Firebase also offers interfaces that allow interaction between users of the App and other services, e.g. authentication via services such as Facebook, Twitter or via an email/password combination.
The evaluation of user interactions and the performance of the App is carried out with the help of the analysis services “Crashlytics” and “Google Analytics”. Google Firebase is designed to record how users interact with an App. This involves recording events such as opening the App for the first time, uninstalling, updating, crashing or the frequency of use of the App. The events can also be used to record other user interests, e.g. for certain functions of the applications or certain topics. In this way, user profiles can also be created, which can be used, for example, as a basis for the presentation of advertising messages tailored to users.
Google Firebase and the users’ personal data processed by Google Firebase may also be used together with other Google services, such as Google marketing services (in which case device-related information such as “Android Advertising ID” and “Advertising Identifier for iOS” are also processed to identify users’ mobile devices).
We use Google Firebase for:
Providing and managing your user account on Jodel, analysis, optimization, security and economic operation of our application. This is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
In case you gave your consent pursuant to Art. 6 para. 1 lit. a GDPR data on this website is processed for the purpose of website analysis.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.
Further information on the use of data for marketing purposes by Google can be found on the overview page: https://www.google.com/policies/technologies/ads, Google’s data protection declaration is available at https://www.google.com/policies/privacy.
If users wish to opt-out of interest-based advertising through Google’s marketing services, they may do so by using the opt-out and opt-in facilities provided by Google: http://www.google.com/ads/preferences.
For more information about Google Firebase, please visit: https://firebase.google.com/ https://www.firebase.com/terms/privacy-policy.html. A detailed overview of the data collected by Google Firebase can be found at https://support.google.com/firebase/answer/6318039?hl=de.
ee. Smartlook
This website uses the web analytics tool Smartlook from the service provider of the Czech company Smartlook.com, s.r.o., Šumavská 524⁄31, 602 00 Brno, Czech Republic.
If you have given us your consent to do so in accordance with § 25 para. 1 TTDSG, Art. 6 para. 1 lit. a GDPR, Smartlook will store a cookie on your computer. The information obtained with the help of the cookie is used to enable a qualitative analysis of visitor behavior on this website and to subsequently improve the website’s web offering. The data collected when using Smartlook cannot be assigned to a specific user. It can only be traced how the mouse was moved, where clicked and how far scrolled. Furthermore, the screen size of the device, the type of device, information about the browser, the country from which access was made and the preferred language are recorded. If personal data of visitors or third parties are displayed on the website, these are automatically hidden by Smartlook. Since a transfer of personal data to the USA may occur, further protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed with the provider standard data protection clauses in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
For more information, please refer to Smartlook’s privacy policy: help.smartlook.com/en/articles/3244452-privacy-policy. If you do not want Smartlook to record your usage behavior, you can object to the data collection using this link: smartlook.com/opt-out.
ff. Deactivation of Tools
Wenn du dich zur Deaktivierung einzelner oder aller der in Paragraph 4 (im Rahmen des möglichen) genannter Tools entscheidest, kann die Funktionalität der Dienste oder der Zugang zu diesen nicht gewährleistet werden.
c) Legal basis
The legal basis for the processing of the data described in the section 5b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we use and analyze the respective data (i) to improve our Services, such as by gaining a better understanding of your interests and requirements regarding our Services, (ii) to help personalize your user experience, (iii) to recognize user patterns in order to protect the App against bots, abusive members and abusive content, and (iv) to provide you with certain features of the Services (without us using such data some of the functionalities of the Services might not work or might not be accessible (this applies, in particular, to the tools mentioned above in sections 5.b, aa, bb, cc, dd; ee; with regard to item (iv) such processing of data is also based on Art. 6 (1) sentence 1 lit. f (legitimate interests)).. If we ask the users for their consent to the use of third party providers, the legal basis for the processing of data is the consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
6) Contact form via Zendesk
If you write to us via the contact form, your details from the enquiry form or your e-mail will be stored by us for the purpose of processing the enquiry and in case you have follow-up questions. An e-mail address is required for contact purposes. Under no circumstances will we share these data without your consent. The legal basis for processing the data is our legitimate interest in replying to your request. We use the Zendesk tool to reply to your request. Zendesk processes your data on our behalf only. Your data will be deleted after the final processing of your request unless there are legal obligations to keep records. You can object to the processing of your personal data at any time in accordance with Art. 6 (1) lit. f GDPR.
7) Technical implementation of third-party software
In some cases we use service providers who process personal data on our behalf to provide the technical platform for the Services. These service providers process corresponding data exclusively according to our specifications (order processing). The legal basis for data processing described in this section 4 is Art. 6 (1) lit. b GDPR (lawfulness of processing) and Art. 28 GDPR (processor).
8) Storage period for personal data
Unless a shorter storage period is specified in this privacy statement, we will store personal data for as long as (i) it is necessary to provide the Services to you; and/or (ii) it is necessary in view of the contractual relationship with you. Thereafter, the data will only be stored if and to the extent that we are obliged to do so by law. If we no longer need the relevant personal data for the purposes described above, these personal data will only be stored for the duration of the respective statutory retention obligations and will not be processed for other purposes.
9) Your rights
You have the following rights regarding your personal data:
Right to information
You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR.
Right to rectification
The right to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR.
Right to have data erased
You have the right to have your personal data erased in according with Art. 17 GDPR. According to this provision, your right to have your data erased may be excluded due to a conflicting interest.
Right to restriction
You have the right to have the processing of personal data concerning you limited in accordance with Art. 18 GDPR.
Right to withdraw the given consent
You have the right to withdraw your given consent to the processing of your personal data at any time according to Art. 7 para. 3 GDPR.
Right to data portability
The right to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible in accordance with Art. 20 GDPR.n.
Right to complain to a data protection regulatory authority
The right to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of work or usual residence.
Right to object
Right of objection If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons resulting from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to indicate a special situation.
10) Contact; data protection officer
You can contact us via the contact form in the App or on our website.
For all questions regarding data protection at Jodel you can contact Jodel’s data protection officer directly. The contact details of the data protection officer are as follows:
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 München
[email protected]
11) Protection of personal data
We attach great importance to the protection of all personal data related to the App or its use. We have security measures in place for protection against the loss, misuse and alteration of the data we store. Our security measures and privacy statement are regularly reviewed and, where appropriate, updated and improved. Only authorised employees have access to personal data.
We have taken additional, extensive precautions regarding the App and its use. Regardless of these precautions, the user should be aware that, regardless of any security measures, the exchange of information via the Internet can never be completely secure. We cannot guarantee the security of data transmitted via the App while it is being transmitted over the Internet.
Last updated: September 2023