Privacy

Klubraum App

This privacy policy informs you about the nature, scope and purpose of the processing of personal data in the context of the use of the Klubraum app.

All personal data processing operations (collection, processing and use) are carried out in strict compliance with the statutory data protection provisions. We collect, process and use personal data, among other things, to offer services and to execute and further improve the content and functionalities of our apps, products, internet offers and services. This privacy policy applies to the collection, processing and use of personal data in the context of the use of the iOS and Android app "Klubraum" as well as the browser-based app "Klubraum" at web.klubraum.com (collectively referred to in the following in simplified form as "Klubraum").

For further information and definition of the terms used, such as "processing" or "controller", we refer to the definitions in Art. 4 of the GDPR.

Responsible Party

The responsible party for the data processing and security of Klubraum in accordance with the Data Protection Regulation (GDPR) Art. 4 is aucentiq solutions GmbH, Alter Weinberg 5, 76228 Karlsruhe, Germany (hereinafter referred to as "aucentiq", see imprint for further contact details).

Collection, processing and use of personal data (purpose and type of data collection)

In the course of using Klubraum, we collect access and device data (e.g. in the event of server or other software errors). The collected data will only be used to improve our services and will not be passed on to third parties.

When using Klubraum, personal data is collected exclusively on the basis of the provisions of Art. 6 GDPR. This means that collection, processing and use are based on your unambiguous consent, justified technical requirements or legal regulations. At all times, we limit ourselves to the minimum necessary requirements. The legal basis for this can be found in the GDPR, the BDSG (new) and the Telemedia Act.

Data categories

The following types of personal data are processed based on the use of the Klubraum app.

  • Usage data (e.g. pages visited, access times)
  • Meta and communication data (e.g. IP address, browser data, device data such as operating system)
  • Contact data (e.g. name, e-mail address)
  • Content data (e.g. messages/chats, comments, uploaded images/photos, appointments, appointment confirmations)

User and content data

The purpose of Klubraum is to enable cross-group communication and to digitally support the group in its internal organization. The latter includes, among other things, the administration of group appointments, the management of carpooling and other organizational and communication activities.

Within the scope of the intended use of Klubraum, Klubraum collects personal data such as surname and first name, e-mail address, messages, appointments, event participation. The collection and processing is solely for the purpose of supporting the group in its organization. Personal data will not be sold to third parties at any time. Also, no personal data will be passed on without this being justified for the intended purpose of using Klubraum or by a legitimate interest of aucentiq.

Contact requests

Based on your inquiry, we collect personal data (such as name, company, address, contact details). We need the collected personal data to contact you.

In this context, the processing is carried out exclusively for the fulfillment of contractual or pre-contractual measures (see Art. 6 para. 1(b) GDPR).

Web analysis / usage data

As part of the use of the web-based version of Klubraum, a software for statistical analysis of visitor accesses called Matomo (formerly Piwik) is used. For this purpose, text files, so-called cookies, are temporarily stored on your computer, which enable an analysis of the website usage. This enables us to continuously improve our web-based version of Klubraum for you. All information generated is stored by the Matomo software on servers rented by aucentiq within Germany or the European Union, whereby IP addresses are anonymized before being stored. You have the option of preventing the storage and analysis of statistical data below or by setting your browser accordingly. However, please note that it may no longer be possible to use all functions without errors.

When using the iOS or Android app "Klubraum", analysis data with anonymized IP addresses is also sent to Matomo with the aim of improving the user experience and the software for you. You can prevent the transmission of this analysis data at any time in the app via the "Settings" | "Account" | "Privacy" menu by deactivating the "Send anonymous usage data" button.

The analysis data is not passed on to subcontractors (with the exception of servers rented from the web host on behalf of aucentiq) or third parties.

Push Notifications

For the use of the chat function of Klubraum and for other notification-relevant events, e.g. for new private conversations, messages, mentions or calendar events, we offer you the possibility to receive current information directly via so-called push notifications. An important feature of the push notifications is that they appear without opening the app.

In the web-based variant, the web push procedure standardized by the W3C is used for sending the push messages, whereby the encrypted transmission takes place via a server of the browser provider depending on the browser used. In the web-based variant, you can activate and deactivate push messages in the browser at any time. You can find more information about the web push procedure here:

https://www.w3.org/TR/push-api/
https://developers.google.com/web/fundamentals/push-notifications/
https://developer.mozilla.org/de/docs/Web/API/Push_API

The service "Firebase Messaging"  offered by Google is used to implement push messages in the iOS, Android and MacOS app. In this process, a so-called "instance ID" or a "device token" is assigned by the mobile device used and transmitted to the Klubraum servers. IP addresses or other data are not collected. On the part of Klubraum, the push message is sent to the servers provided by Google in the EU or in the USA, which then take over the transmission to the mobile end device. In the case of the iOS app, Google transmits the message to the Apple Push Notification service (APNs) provided by Apple, which then handles delivery to the Apple end device.

Push messages are enabled by default in the Android app. As an iOS user, you will be asked to consent to receive push messages when you first launch the app. Push messages can be disabled at any time via the "Settings" | "Notifications" menu. To do so, use the "Push notifications" slider.

More information about push messages using Firebase messaging:

firebase.google.com
policies.google.com/privacy/
APNs

Use of LocalStorage / IndexDB and related technologies

When using the browser-based version of Klubraum, LocalStorage / IndexDB technologies are used that allow data to be stored in the browser over a single session. The stored data is content and user data that is necessary for the use of the app and whose presence is required for offline use of the app (without an existing Internet connection). Unlike cookies, these are not automatically sent to the server when the page is accessed. However, they can be read by using Javascript in the browser. Data in session storage is deleted at the end of the browser session, data in local storage and in the IndexDB remains stored. As with cookies, data in local and session storage or IndexDB can be deleted at any time by you in the browser or their use can be generally blocked. Likewise, complete deletion occurs when you log out of the application. Please note that the use of Local-Storage and Index-DB is mandatory for the smooth use of the browser-based version of Klubraum for technical reasons.

Profile pictures

As a user of Klubraum, you can optionally create and upload a profile picture. The profile picture is visible to all other users of the same group (also referred to as a "Klubraum" in the app).

All uploaded profile pictures are stored encrypted by Klubraum and can only be downloaded by authorized members of the same Klubraum.

In previous versions of Klubraum, the profile picture was stored for the duration of use by the service "Google Cloud Storage" of the provider Google and made available for download by other Klubraum users. To protect against unauthorized access, each profile picture has been secured by a cryptic URL and Klubraum users are required to keep this URL confidential.

If you no longer agree with the storage and provision of your profile picture, you can replace it with another picture or delete it in the app at any time.

Further information on the data protection of the "Google Cloud Storage" service:

https://cloud.google.com/security/privacy/
https://cloud.google.com/security/gdpr/

Google Maps

When showing/using maps, we integrate the service "Google Maps" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed in the context of the settings of their mobile devices). The data may be processed in the United States.

You can prevent the transmission of this data at any time in the app via the "Settings" | "Account" | "Privacy" menu by deactivating the "Use Google Maps" button.

Privacy policy: https://www.google.com/policies/privacy/

Google Fonts (only Web App)

In the web version of Klubraum, emojis are displayed using a font provided by Google, which for technical reasons is automatically reloaded as needed from servers operated by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). If you do not agree with the loading of the emoji font, you can use the app for Android, iOS or macOS instead of the web version, where the font is not loaded from external servers.

Privacy policy: https://www.google.com/policies/privacy/

Support page / GitBook

For our app, we offer a support area (with frequently asked questions, tips & tricks for app usage, etc.) at https://support.klubraum.com. To offer this feature, we use the GitBook service of the provider of the same name at 10, Rue Dugas Montbel, Lyon, Auvergne-Rhône-Alpes 69002, France. If you do not agree with the use of GitBook, you can also contact us at any time by email or phone with your support concerns.

GitBook uses Google Analytics for empire-wide measurement and collects pseudonymized personal data in the process. The collection of your data by GitBook is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 p. 1 f GDPR (legitimate interest). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.

For more information on data use by GitBook, please see the privacy policy.

Privacy policy: https://policies.gitbook.com/privacy

Transaction E-Mails / Sendinblue

Within the scope of using Klubraum, e-mails are sent to users (e.g. login links, notifications, confirmations). Each user must provide a valid e-mail address in order to use Klubraum. The e-mails are sent by the third-party provider Sendinblue from Germany (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin).

To send the e-mail by Sendinblue, the user's e-mail address and the content of the e-mail must be transmitted to a Sendinblue server. The e-mail address and other information for the delivery of the e-mails is stored on Sendinblue servers. Sendinblue uses the collected data exclusively for the purpose of secure e-mail transmission.

Privacy policy: https://de.sendinblue.com/legal/privacypolicy/

Newsletter / Sendinblue

As part of a subscription to the Klubraum newsletter, e-mails are sent to subscribers (e.g. news and tips about Klubraum). Each subscriber must provide a valid e-mail address in order to use Klubraum. The e-mails are sent by the third-party provider Sendinblue from Germany (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin).

To send the e-mail by Sendinblue, the user's e-mail address and the content of the e-mail must be transmitted to a Sendinblue server. The e-mail address and other information for the delivery of the e-mails is stored on Sendinblue servers. Sendinblue uses the collected data exclusively for the purpose of secure e-mail transmission.

Privacy policy: https://de.sendinblue.com/legal/privacypolicy/

Error Tracking / Sentry

We use the service Sentry to improve the technical stability of our service or app by monitoring system stability and identifying code errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as device details or time of error, are collected anonymously and are not used in a personalized manner and are subsequently deleted. As we host Sentry on our own servers, no data is transferred to a third party.

You can prevent the transmission of this error data at any time in the app via the menu "Settings" | "Account" | "Privacy" by deactivating the switch "Send anonymous error reports".

The legal basis for the use of Sentry is a legitimate interest according to Art. 6 para. 1 p. 1 f GDPR. Our legitimate interest is the user-friendly design of our app.

Data security and storage location

We take appropriate technical measures in accordance with Article 32 of the GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as its access, input, disclosure, availability and separation. In addition, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and the response to data compromise. Furthermore, we anchor the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection through technological design and data protection-friendly default settings (Art. 25 GDPR).

To ensure operation and security, the following data is stored on our web servers for a limited period of time: IP address of the user or requesting system, time of access, URL and response code as well as any error messages of the website access. Without the addition of further information (which we do not collect), this data is not personally identifiable. The collection and processing is based on a legitimate interest (within the meaning of Art. 6 para 1(f) GDPR).

The storage of all data relevant to the use of Klubraum takes place through redundant storage on various servers hosted in Germany by providers headquartered in the European Union. Excluded from this are the above-mentioned sending of push messages and the storage and provision of the optional profile pictures.

We would like to point out that data transmission on the Internet can have security gaps. For your own security, we recommend that you log out when leaving our websites and services (especially when using public PCs) and close the browser window completely after you have finished using it. Please also always ensure that third parties do not gain knowledge of the data you enter on our websites.

Data deletion

As soon as data is no longer required for its purpose and there are no legal grounds for deletion or anonymization (e.g. due to legal retention obligations under the German Commercial Code), it will be deleted or anonymized by aucentiq.

In addition, you have the right to have your data deleted (see "Rights of information and objection" below). We would like to point out that a complete and residue-free deletion of your communication data (e.g. your sent messages) submitted to Klubraum is not possible for technical reasons.

Cooperation with third parties

Your data will not be used for purposes other than those listed on this page and will not be disclosed to uninvolved third parties. A contract for commissioned data processing (pursuant to Art. 28 GDPR) has been concluded with all service providers involved in the operation of this site and the provision of our services.

If, in the course of our processing, we pass on data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant access to the data, this will only be done with legal permission (e.g. if In the case of a transfer of data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 letter b GDPR is necessary for the performance of the contract), you have consented to the transfer, processing or access, a legal obligation provides for this or the transfer, processing or access results from our legitimate interests (eg when using web hosts, etc.).

Supervisory Authority

The supervisory authority responsible for data protection is the State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg (further information can be found here). According to Art. 77 GDPR, you are entitled to file a complaint there in the event of a violation.

Rights of information and objection

In accordance with the applicable legal provisions, you have a right to free information about your stored data and, if necessary, a right to correction, blocking or deletion of this data.

At your request, we will be happy to inform you in writing to what extent and which of your personal data we have stored (right to information according to Art. 15 GDPR). We always strive to ensure that the data we store about you is up to date and correct. If, for whatever reason, incorrect information is stored by us, we will gladly correct this upon request (in accordance with your right to rectification, Art. 16 GDPR). In accordance with Art. 17 GDPR, you also have a right to have your data deleted under certain conditions or a right to restrict processing in accordance with Art. 18 GDPR. Furthermore, according to Art. 20 GDPR, you have a right to data portability, i.e. you have the right to receive the data provided to us or to transfer it to another responsible party.

If you are generally not interested in receiving offers or promotional information from us, or if you wish to withdraw consent you have already given, you may contact us by mail or e-mail at any time (in accordance with Art. 7(3) and Art. 21 GDPR). If there is any doubt about your identity, we are entitled to request further clarifying information (such as a blackened copy of your identity card). For questions, complaints and other concerns in connection with the collection and processing of personal data and around the topic of data protection, please feel free to contact our contact person for data protection at any time. You will find the necessary contact information in the following section.

Data Processing Addendum

The data processing addendum can be downloaded here:

Contact for data protection

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data and revocation of consents granted, please contact:

aucentiq solutions GmbH
Data Protection Officer
Alter Weinberg 5
76228 Karlsruhe
+49 721 / 46 722 003
E-Mail: info@aucentiq.com

Changes to the privacy policy

In order to comply with the respective legal data protection regulations, we continuously update our data protection declaration. You can inform yourself about the current status at any time on our website.

Last update: 09.03.2023