Datenschutzinformation

As the operator of the “Cimenio” app (also “app“), we are responsible for the personal data of the user (“you“) of this website within the meaning of the applicable data protection law, in particular the General Data Protection Regulation (“GDPR“).

As part of our duty to provide information (Art. 13 et seq. GDPR), we will inform you below about which data is processed when you use our app and the legal basis for this. You will also receive information about your rights vis-à-vis us and the competent supervisory authority.

1. information on the person responsible

Cimenio GmbH
Koebisstrasse 1
16548 Glienicke
E-Mail: info@cimenio.com
Tel: 0160 96680411

2. general information

When we refer to “smartphone” below, we mean any mobile device on which our app can be used.

3. download the app

You can download our app from an app store

of your choice (Apple App Store or Google Play Store) to your smartphone.

When you download the app to your smartphone, the necessary information, in particular your user name, e-mail address and customer number of your account, time of download, payment information and the individual device identification number, is transferred to the respective app store (Apple App Store or Google Play Store).

However, we have no influence on this data collection and are not responsible for it. We only process the data provided to the extent necessary to download the app to your smartphone. It will not be stored beyond this. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in our legitimate interest to process the data required for the download and installation.

4. provision of the functions of our app

An internet connection is established when you use the app. We collect personal data from you in the form of log files. The processing of this personal data is technically necessary for us to provide you with the functions of our app and to ensure the stability and security of our information technology systems.

The following data, which may be personal, is collected:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT
  • Called contents (=endpoints/URLs)
  • Access status/HTTP status code
  • Amount of data transferred
  • Referrer
  • Information about the browser
  • Operating system and its version and interface
  • Access method (GET, POST, etc.)

In addition to the log files, we process the following personal data when you use the app:

  • Device ID or, if not available, randomly generated device ID

The log files contain your IP address and possibly other personal data. It is therefore possible to identify you. However, we only store your data temporarily and, in particular, not together with other personal data.

The processing of the above-mentioned data is necessary for the provision of our app. We also store the data for the purpose of ensuring the security of our information technology systems. These purposes also justify our legitimate interest in processing the data on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The log files, which also contain your IP address, are deleted or anonymized immediately after they are no longer required to achieve the aforementioned purposes, but after 30 days at the latest.

5. user account/registration

In order to use the functions of our app, you must create a user account. If you decide to create a user account, you must provide us with the following information:

  • E-mail address
  • First and last name
  • Preferred language
  • Gender
  • User name

All other information is voluntary. We store the following voluntary information together with the aforementioned information if you provide it to us:

  • Your year of birth (optional)

If you are authenticated by Firebase, your Firebase user ID is also automatically saved.

Your data is used for the purpose of managing your customer account and providing the associated functions, such as processing your customer data, creating product reviews and displaying your reviews.

If you have provided us with this information, we will use your year of birth to evaluate how popular these products are in the various age groups in relation to individual products. We forward this statistical information to our partners in anonymous form. It is in our legitimate interest to offer our partners statistical information on the respective products as an additional service. As part of the necessary balancing of interests, we have taken into account that you are not obliged to provide your year of birth and that statistical information is only passed on to our partners in anonymous form.

The legal basis for the storage of your customer account data is Art. 6 para. 1 sentence 1 lit. b and f GDPR.

We store the data that you have provided to us as part of your login/registration as long as you do not delete your user account with us. If you make changes to your details, the old details will be deleted and only the updated data will be saved. In addition, we only store your data in order to comply with our legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR). In this case, we block your data to the extent that it is only processed for the necessary purposes.

We process your data via the app as long as you do not delete your user account with us. You can submit a request to us to delete your account at any time (e.g. by sending an email to the email address specified in section 1).

6. authorizations

Some functions of the app require certain access to functions of your smartphone through the app. The functions differ depending on whether you download the app from the Apple App Store or Google Play Store. Below you will find an overview of the respective authorizations:

The Android app requests the following authorizations (you can deactivate the authorization of our app at any time in the Android settings under “Settings” – “Apps & Notifications” – “App authorizations”):

Camera/photos: Authorization is requested if you want to take a photo of the product

Media/files/gallery: We access files on your smartphone with your consent (e.g. to upload a product photo or to enable file attachments).

Push messages (Amplitude): When you open our app for the first time, you will be asked whether you would like to receive push messages from us. This is used, for example, to send you automatic reminder messages

The iOS app requests the following permissions (you can deactivate our app’s permission at any time in the iOS settings under “Settings” – “Privacy” – e.g. “Photos”):

Photos: Authorization is requested if you want to upload a photo of the product

Camera: Authorization is requested if you want to take a photo with your camera

Media/files/gallery: We access files on your smartphone with your consent (e.g. to upload a product photo or to enable file attachments).

Push messages (Amplitude): When you open our app for the first time, you will be asked whether you would like to receive push messages from us. This is used, for example, to send you automatic reminder messages

The legal basis for data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR; because you can grant and revoke authorization at any time via your smartphone) and Art. 6 para. 1 sentence 1 lit. b and f GDPR (if applicable, contract fulfillment as part of our service and legitimate interests). You can control yourself on your smartphone whether you want to grant us authorization or withdraw it again. No (additional) personal data is permanently stored as a result of the authorizations.

7. product reviews; forwarding of product reviews to our partners

You have the opportunity to rate products in our app. To leave a review, you must provide us with the following information:

  • Name and model of the product you wish to rate
  • Photo of the product
  • Star rating
  • Technical details of the product
  • Date of acquisition
  • Advantages and disadvantages of the product
  • Evaluation text for the product

We use the aforementioned data to pass on your product review to our partners so that they can publish the product review on their website. For this purpose, we pass on the following information to our partners in pseudonymous form: name and model of the rated product, the photo of the product uploaded by the user, star rating, rating text for the product, information on how long the end user has owned the product, at least one advantage and disadvantage of the product. Our partners also receive your first name and your last name shortened to the first letter. Your e-mail address, your user name, your year of birth (if you have communicated this to us). Your full surname and gender will not be published and will not be passed on to our partners. It is therefore not possible for our partners to draw conclusions about the identity of the author of a review.

In addition, we process the aforementioned data to enable you to collect User Credits and, once you have reached the required number of User Credits, to exchange the credit balance for vouchers.

The legal basis for data processing in connection with the evaluation of products and the forwarding of your evaluation to our partners is Art. 6 para. 1 sentence 1 lit. b GDPR.

We reserve the right to check reviews before passing them on to our partners in order to counteract abusive and falsified product reviews and to check compliance with our terms of use. Furthermore, we reserve the right to process the aforementioned data for the subsequent review of reviews, in particular in the event of complaints by our partners or third parties (e.g. regarding the authenticity of individual reviews) or to ask you to comment on the reviews you have submitted in the event of specific indications of legal violations. In individual cases, we may be obliged to provide third parties with information about the identity of the respective user, in particular about their registration details, in order to defend ourselves against claims based on the content of the user concerned.

The legal basis for data processing in connection with the review of ratings is Art. 6 para. 1 sentence 1 lit. f GDPR. It is in our legitimate interest to ensure compliance with our terms of use and the authenticity of the product reviews created via our app and to defend ourselves against third-party claims based on unlawful conduct by the user.

We store the aforementioned personal data together with the content of your reviews as long as you do not delete your user account with us. Otherwise, we only store your personal data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR) and insofar as this is necessary to preserve evidence, taking into account the statute of limitations.

8. contact by e-mail

Within the app, you have the option of contacting us by e-mail. Your personal data transmitted in this way will be stored by us. The data will only be processed in order to process your contact. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and your contact request has been fully clarified.

If your contact is aimed at concluding a contract with us, the additional legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR. This data is stored for as long as it is required for the performance of the contract or pre-contractual measures. In addition, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR).

You can inform us at any time (see section 1 above) that we should delete the data provided during the conversation. In this case, to the extent permitted, all personal data from the conversation will be deleted and it will not be possible to continue the conversation.

9. use of service providers

We would like to point out that when processing your personal data, we may use service providers with whom we have concluded order processing contracts (e.g. for app hosting). If processors in a third country (not within the EU) carry out data processing, we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 et seq. GDPR). The legal basis for the use of service providers is Art. 6 para. 1 sentence 1 lit. f GDPR. The commissioning of service providers (specialists or other service providers in areas that we cannot serve ourselves) is in our legitimate interest. If you would like to receive a copy of the suitable or appropriate guarantees, please let us know (see section 1 above).

9.1 User authentication with Firebase

To authenticate the users of our app and grant them access to our app, we use the Firebase user authentication tool. Firebase is a development of Google, which is offered in Europe by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

We use the Google Firebase SDK (Software Development Kit) in this context. This means that user authentication takes place through integration with identity providers (in our case Google and Apple). Specifically, this means that our users can simply log in to our app with their Google or Apple account. For this purpose, the user’s email address stored with Google or Apple and their name are processed.

The legal basis for the associated processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. It is in our legitimate interest to offer our users the opportunity to quickly log in to our app with their existing accounts without having to create a new user profile. At the same time, Firebase enables us to quickly and securely identify and authenticate the user, store their data and later quickly assign this data when the user calls up the app again.

The data processed by Firebase is stored on servers in the EU. In the exceptional event that data is also processed outside the EU/EEA, we have concluded an order processing contract with Google, which also contains so-called standard contractual clauses. This can be accessed here: https://cloud.google.com/terms/sccs/eu-c2p

9.2 Firebase Cloud Messaging

We use the API Firebase Cloud Messaging, which is offered in Europe by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to send so-called “push messages” to our users. Push notifications are messages that we can send to app users via our app and that are displayed directly on your end device, for example to inform the respective user that their product review has been successfully accepted.

In doing so, we process personal data in the form of device-related information. However, your device information is only stored temporarily in order to make the function available to you. This only happens if you allow push notifications through your authorization settings on your smartphone.

The legal basis for the use of Firebase is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in our legitimate interest to use the services of a specialized service provider to send push messages and thereby promote the engagement and loyalty of our users. As part of our balancing of interests, we have also taken into account that you can prevent the push messages at any time by making the appropriate authorization settings.

We have concluded an order processing contract with Google, which also contains so-called standard contractual clauses. This is available here: https://firebase.google.com/terms/data-processing-terms

You can find more information about the processing of personal data with Firebase at the following link: https://firebase.google.com/support/privacy.

10. your rights

If we process your data, you are a “data subject” within the meaning of the GDPR. You have the following rights: right of access, right to rectification, right to restriction of processing, right to erasure, right to information and right to data portability. You also have the right to object, the right to withdraw consent and the right to lodge a complaint with the supervisory authority.

Below you will find some details on the individual rights:

10.1 Right to information

You have the right to request confirmation from us as to whether we are processing your personal data. If we process your personal data, you have the right to obtain information in particular about the processing purposes, categories of personal data, recipients or categories of recipients and, if applicable, the storage period.

10.2 Right of rectification

You have the right to correct and/or complete the data that we have stored about you if this data is incorrect or incomplete. We will make the correction or completion without delay.

10.3 Right to restriction of processing

Under certain circumstances, you have the right to request that we restrict the processing of your personal data. An example of this is if you dispute the accuracy of your personal data and we need to verify the accuracy for a certain period of time. Your data will only be processed to a limited extent for the duration of the check. Another example of restriction is if we no longer need your data, but you need it for a legal dispute.

10.4 Right of deletion

In certain situations, you have the right to request that we delete your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected it or if we have processed your data unlawfully. Another example would be if we process your data on the basis of your consent, you withdraw your consent and we do not process the data on any other legal basis. However, your right to erasure does not always apply. For example, we may process your personal data in order to comply with a legal obligation or because we need it for a legal dispute.

10.5 Right to information

If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom we have disclosed your personal data of the rectification, erasure or restriction of processing of your data, unless this proves impossible or involves a disproportionate effort.

10.6 Right to data portability

Under certain conditions, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to have this data transmitted to another controller. This is the case if we process the data either on the basis of your consent or on the basis of a contract with you and that we process the data using automated procedures.

You have the right to obtain that we transfer your personal data directly to another controller, insofar as this is technically feasible and the freedoms and rights of other persons are not affected by this.

This right to data portability does not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

10.7 RIGHT OF OBJECTION

YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA WHICH IS BASED ON ART. 6 ABS. 1 SENTENCE 1 LIT. E OR LIT. F GDPR. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.

FOLLOWING AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling insofar as it is associated with direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.

10.8 Right of withdrawal

In accordance with Art. 7 ABS. 3 GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not retroactively invalidate the lawfulness of the processing.

10.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you may exercise your right to lodge a complaint in the Member State of your place of residence, your place of work or the place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.

You can find an overview of the respective state data protection officers and their contact details under the following link:

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

11. status and up-to-dateness of this data protection information

Status: March 2023

Information on joint responsibility

of Cimenio GmbH and Idealo Internet GmbH

pursuant to Art. 26 para. 2 sentence 2 GDPR

Idealo Internet GmbH (Zimmerstraße 50, 10888 Berlin, Germany, hereinafter referred to as“Idealo“) has commissioned Cimenio GmbH (Koebisstraße 1, 16548 Glienicke, hereinafter referred to as“Cimenio“) to collect reviews of certain products from users of the Cimenio app. Idealo and Cimenio are joint controllers within the meaning of Art. 26 para. 1 sentence 1 of the General Data Protection Regulation (“GDPR“) within the framework of the prescribed cooperation, insofar as they jointly determine the purposes and essential means of data processing, and have concluded a corresponding agreement in accordance with Art. 26 GDPR. The main content of this agreement is set out below.

As part of the aforementioned cooperation, Cimenio actively approaches affected persons and asks them for their opinion on the relevant products. The resulting reviews are forwarded to Idealo in pseudonymized form. The collection of customer reviews, the transmission of customer reviews to Idealo and the validation of customer reviews transmitted to Idealo in individual cases are the joint responsibility of the parties. The aforementioned data processing is carried out for the purpose of querying opinions from end customers to improve the user experience on the Idealo offers, to ensure the objectivity of user reviews and to verify individual reviews in the event of complaints by third parties and to defend against lawsuits.

The parties have divided the main responsibilities for this data processing as follows:

The apps used to collect the ratings are provided by Cimenio as the independent controller. Insofar as the reviewers receive a consideration for their reviews and data processing takes place as part of the processing, this is also the sole responsibility of Cimenio.

Idealo alone decides on the publication of the ratings on its own offers (especially on idealo.de). In this respect, Idealo is independently responsible.

Idealo is the central point of contact for asserting your rights as a data subject. Nevertheless, you can always assert your rights under the GDPR against a controller of your choice.