Privacy Policy

Last Updated: Aug 2018

This Privacy Policy shall apply to the Jodel mobile App (the “App”) and the websites https://jodel.com/, https://jodel-app.com/ and https://share.jodel.com (these websites together also the “Website”) (App and Website together the “Services”).

1. GENERAL

Regarding the Services The Jodel Venture GmbH, Wilhelmstraße 118, 10963 Berlin (“Jodel”, “we”, “us” or “our”) is the controller within the meaning of the General Data Protection Regulation (“GDPR”).

This privacy policy shall inform you on how we collect, process and use (“Use”) your Personal Data in connection with the Services.

2. DATA WE COLLECT, PROCESS AND USE

a. In general, you can use the Services without providing any personal information such as e.g. your name, email address, postal address, telephone number, financial information (all such information concerning the personal or material circumstances of an identified or identifiable individual data subject together “Personal Data”). Therefore, unless otherwise provided for in this privacy policy if you do not provide us directly with Personal Data in another way or actively consent to the Use by us of certain Personal Data, we do not Use your Personal Data.

b. Regarding the Website: if you visit the Website your browser automatically transfers certain data so that it can access the Website, in particular:

  • the IP address
  • the date and time of the request
  • the browser type
  • the operating system
  • the language and version of the browser software

Such data is processed, in particular, as without such data the Website cannot be accessed.

c. In connection with the use of the App a random user number (hash value) is generated for you based on your mobile device that allows us to allocate your Jodel activities (posts, replies, karma, etc.) to an account. The use of such number is required for the registration of your account (as without such value we cannot connect your activities within the App to your account and therefore a use of the App would not be possible). We cannot relate this number or the account to your name or other personal information of you. Furthermore, we also store data on the language in which you use the App in order to to provide to you the App and respective content in your preferred language.

d. In addition, regarding the App certain data transmitted by your mobile device is collected, namely your IP address, the periods of time in which you use the App, the date of the registration of your account, the operating system of your device (Android or iOS) and the type of device you use (e.g. iPhone, Samsung Galaxy). Such data is collected, in particular, in order to be able to distinguish actual App users from bots, prevent abusive behaviour and block abusive content that is reported by other users.

e. If you actively provide us in the App with additional basic demographic data such as profession, gender and age we might use such data to personalize the experience for you with regard to the App, as well as providing information tailored towards your profession, gender or age. If you prefer not to receive respective information tailored to you, you can opt out by going to the “Me” section in the app, and choosing the corresponding option. Regarding your age, we might process such data also in order to verify whether you are old enough to use the App.

f. In addition, the full functionalities of the App are only accessible to you if you grant access to your mobile device’s geo location. To this end, when you use the App for the first time you will be asked by your device whether location data may be used. If you do not allow this or if you allow this, but later deactivate this functionality in the settings of your mobile device, please note that the App or at least certain features and functionalities of the App might not work or might not be accessible to you.

g. If you provide to us information on the Website via a request form contained on the Website or on another way then we will process your data in order to answer your respective (information) requests.

h. We might disclose your Personal Data where such disclosure is required by law (for example, upon request of a court or of law enforcement authorities).

i. We might disclose certain (anonymous) user data (such as information about posts and information about activity) to universities in order for them to further analyse use patterns of our users and help us classify content created by our users. The respective data disclosed to such universities cannot be traced back by such universities to a specific user.

j. The legal basis for the processing of personal data described above in

  • section 2.b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data arises from the fact that without such data the Website cannot be accessed).
  • section 2.c (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures).
  • section 2.d (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need a way to distinguish users from bots, prevent abusive behaviour and block abusive content when users report it).
  • section 2.e is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we use and analyze the respective data to improve the App, such as by gaining a better understanding of your interests and to help personalize your user experience, as well as providing you features exclusive to your specific demographic; regarding age verification we have an interest to verify whether you are old enough to use the App).
  • section 2.f is Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures) and Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interest is that we can only provide the App services with all its functionalities, if respective geo location data is processed). For the avoidance of doubt: we will not process your geo location data if you choose to not allow your device to share such data with regard to the App (cf. also above under 2.f).
  • section 2.g is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests are that we need to process the respective data in order to being able to answer your (information) requests.
  • section 2.h is Art. 6 (1) sentence 1 lit. c GDPR (legal obligation).
  • section 2.i (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the universities have a legitimate interest to analyze respective data from a scientific point of view and this analysis is not trivial for us to reproduce as we use the results of such analysis to further our understanding of our user base and its preferences).

3. USE OF ANALYZING, ADVERTISING AND OTHER TOOLS

a. With regard to the App we use the advertising identifiers IDFA (for iOS devices) and AAID (for Android devices) (together the “Advertising Identifiers”). These Advertising Identifiers are non-personal, non-permanent numbers contained on your mobile device. We do not combine the Advertising Identifiers with any other mobile device related information or other personal information of you. The Advertising Identifiers identify your user data to enable us to provide you with personalized advertising and to evaluate your usage of the App. You can deactivate the use of the Advertising Identifiers in the settings of your operating system by switching off ad tracking on iOS (under “Settings/Privacy/Advertising”) or resetting your AAID on Android (under “Settings/Ads”).

b. We also use the following tools to better understand user preferences through user actions:

aa. We use a self-developed tool with regard to the App that evaluates and stores user activity (in particular what features are used, what features are not used) and derive conclusions from that data to give us a better picture of how the App is used by our users. We use that data to improve the usability of the App for the users and to develop new features.

bb. We also use the Facebook Software Development Kit (“Facebook SDK”) of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”) with regard to the App. The Facebook SDK allows for analyzing anonymized behavioral data, in particular the counting of active users and activity events (e.g. posts, replies, votes). For further information regarding the Facebook SDK please refer to https://developers.facebook.com/docs/ios?locale=en_GB and https://developers.facebook.com/docs/android?locale=en_GB. This does not give us any access to data from Facebook or a user’s Facebook account by any means. Certain (pseudonymized) data of you might be submitted to Facebook servers in the USA. To our best knowledge Facebook complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Facebook has certified that it adheres to the relevant Privacy Shield Principles. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.

cc. In addition, we also use the Goedle Software-Development Kit (“Goedle SDK”) of Goedle, goedle.io GmbH Am Hof 20-26 50667 Cologne Germany with regard to the App. The Goedle SDK allows analyzing user behavior patterns within the first few days of usage and calculates the likelihood of whether the user uses the App for longer. We use this information to improve our service and better understand the needs of our users. Certain (pseudonymized) data of you might be submitted to Goedle servers in the European Union. Based on this information we may send push notifications to inactive users (if the respective users have priorly agreed to receiving respective push notifications), after having understood what lead them to inactivity, and when we have been able to counter such reasons (abusive content, lack of specific features, etc). For further information regarding the Goedle SDK please refer to https://goedle.io.

dd. The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website. The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States. Google will use this information on behalf of the operator of the Website for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services for the Website operator relating to Website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use all functions of the Website. You can also opt-out from the storage by Google of the data that is created by the cookie and is related to the use of the Website (including your IP address) and the processing of such data by Google by downloading and installing the Google Analytics opt-out Browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=en. For further information on Google Analytics please refer to: http://www.google.com/analytics/terms/gb.html, https://support.google.com/analytics/answer/6004245?hl=en, http://www.google.de/intl/en-GB/policies/privacy/. To our best knowledge Google complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Google Inc. (and its wholly-owned US subsidiaries) has certified that it adheres to the relevant Privacy Shield Principles, including for Google Analytics. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.

ee. We use the Firebase SDK of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Firebase”; Firebase is a subsidiary of Google, LLC) with regard to the App. Firebase SDK is a real-time database, which we are using for real-time data exchange and data storage. Firebase SDK also allows for analyzing anonymized behavioral data, in particular the tracking of active users and activity events (e.g. posts, replies, votes), as well as information about crashes, application distribution, application usage and adoption rates for specific app versions. Certain (anonymized) user data is sent to Firebase servers outside the EU. For further information regarding the Firebase SDK please refer to the Firebase privacy policy available over the following link: https://www.firebase.com/terms/privacy-policy.html.

ff. We use the tool branch.io of Branch Metrics, Inc. 1400 Seaport Blvd, Building B, 2nd Floor, Redwood City, CA 94063, USA (“Branch Metrics”) with regard to the App. branch.io is a real-time database, which we are using for real-time data exchange and data storage. branch.io also allows for analyzing anonymized behavioral data, in particular the analyzing of active users and activity events (e.g. posts, replies, votes). We also use branch.io to analyse more complex use cases of the app which we otherwise would not be able to understand (connection between sharing content and engagement, what is the source of users registering into the app) so that we can further optimise the app and identify real users and bots. Certain (anonymized) user data might be sent to Branch Metrics. For further information regarding branch.io please refer to https://branch.io/policies/#privacy. To our best knowledge Branch Metrics complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Branch Metrics has certified that it adheres to the relevant Privacy Shield Principles. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.

gg. We use the tool Periscope from Periscope, Inc., Periscope Data 1125 Mission Street, San Francisco, CA 94103 (“Periscope”). Periscope is a data analysis and visualisation tool which we use to help develop services and features for Jodel. By using Periscope, we send certain (anonymised) data to Periscope servers, located in the USA. The respective data is, in general, only accessible by the Jodel team and, to the best of our knowledge, Periscope secures and encrypts all the data we send over to it. In addition, the respective data is only kept in Periscope for a maximum of three months. For further information regarding Periscope and privacy, please refer to https://www.periscopedata.com/privacy-policy. To our best knowledge Periscope Inc. complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries. Periscope Inc has certified that it adheres to the relevant Privacy Shield Principles. The European Commission qualifies the US to provide an adequate legal protection for personal data transferred from the EU to self-certified organisations in the US that are certified under the Privacy Shield programme. Further information can be found at: https://www.privacyshield.gov/EU-US-Framework.

hh. If you decide to deactivate (some of) the tools described in this section 3.b (to the extent this is possible), please note that certain features and functionalities of the Services might not work or might not be accessible to you.

c. The legal basis for the processing of the data described in the sections 3a and 3b (to the extent such data is to be considered Personal Data) is Art. 6 (1) sentence 1 lit. f GDPR (legitimate interests; the legitimate interests to Use such data is that we use and analyze the respective data (i) to improve our Services, such as by gaining a better understanding of your interests and requirements regarding our Services, (ii) to help personalize your user experience, (iii) to recognize user patterns in order to protect the App against bots, abusive members and abusive content, and (iv) to provide you with certain features of the Services (without us using such data some of the functionalities of the Services might not work or might not be accessible (this applies, in particular, to the tools mentioned above in sections 3.b bb, cc, ee, ff, gg; with regard to item (iv) such processing of data is also based on Art. 6 (1) sentence 1 lit. b GDPR (fulfilment of contract and pre-contractual measures)).

4. TECHNICAL IMPLEMENTATION OF THE SERVICES BY SUBCONTRACTORS

We partly use service providers who process Personal Data on behalf of us to operate the technical platform for the Services. These service providers process the data exclusively according to our instructions (order processing). The legal basis for the data processing described in this section 4 is Art. 6 (1) sentence 1 lit. b GDPR (performance of contract and pre-contractual measures) and Art. 28 GDPR (order processing).

5. DURATION OF STORAGE OF PERSONAL DATA

Unless no shorter storage period is indicated in this privacy policy, we, in general, store Personal Data as long (i) as required for the provision of the Services to you, and/or (ii) as it is necessary with regard to the contractual relationship with you, thereafter only if and to the extent that we are obliged to do so by mandatory statutory retention obligations. If we no longer require the respective Personal Data for the purposes described above, such Personal Data will only be stored during the respective legal retention period and not processed for other purposes.

6. YOUR RIGHTS

You have the right to request information from us at any time about your Personal Data stored by us. If the legal requirements are met, you also have rights vis-à-vis us to request from us access to and rectification or erasure or restriction of processing concerning your Personal Data or to object to the processing of your Personal Data as well as the right to receive from us your Personal Data provided to us in a structured, established and machine-readable format (you can transfer this data to other parties or have it transferred; data portability).

If you have given your consent to the use of personal data, you can revoke such consent at any time (for the future).

If you believe that the processing of your Personal Data by us is in breach of the applicable data protection laws, you can issue a complaint with the competent supervisory authority for data protection.

7. CONTACT; DATA PROTECTION OFFICER

You can contact us, for example, via the address indicated above in section 1., via dpo@jodel.com and/or by using the contact info contained in the App or on the Website.

For all questions regarding data protection at Jodel (including the assertion of your rights further describe above under section 6.), you can also contact Jodel’s Data Protection Officer directly. The contact details of the data protection officer are:

  • Data Protection Officer, The Jodel Venture GmbH, Wilhelmstraße 118, 10963 Berlin, Germany
  • dpo@jodel.com

8. KEEPING YOUR PERSONAL DATA SECURE

We place great importance on the security of all Personal Data associated with the use of our Services. We have security measures in place to attempt to protect against the loss, misuse and alteration of Personal Data under our control. Our security and privacy policies are periodically reviewed and enhanced as we consider it appropriate and only authorised personnel have access to Personal Data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

We have taken additional extensive security precautions relating to our Services and its use. However you should bear in mind that in spite of such security measures, submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our Services whilst it is in transit over the internet.


TRANSPARENCY REPORT

Here you will find our first Transparency Report (in German for now0), which we prepared to let you know how our moderation system and cooperation with legal authorities works, what were the biggest challenges in the last few months and what is coming in the future.

Since Jodel started we have always deeply respected our user’s right to privacy while at the same time granting right to free uncensored speech. Additionally, for the last weeks we have been working hard on making sure that our internal processes are in line with the new GDPR law. That is why you can be sure that this topic is especially important for us.