Privacy Statement

This Privacy Statement gives you an overview of how your personal data is processed when you surf the website available at timz.io (the “Website”), use the timz app or use the services offered within either of these offerings (collectively the “Services”). This Privacy Statement also informs you about your rights according to the EU General Data Protection Regulation (“GDPR”) and your options to manage your personal data and protect your privacy. 

The data controller for the Website as well as for the Services is timz UG, Schwedterstraße 266, 10119 Berlin, (“we”, “us” or “timz”). If you have any questions regarding the processing of your data, you can contact us by e-mail at [email protected]

Please note:

You are neither legally nor contractually obliged to provide us with the personal data specified in this Privacy Statement. However, if you do not provide us with certain personal data, we may not be able to enter into a contract with you and you may not be able to use our Services, or only to a limited extent.

1. Data that we process on the Website:

When we make our Website available, we process personal data from various sources. On the one hand, this is data that we automatically process for each visitor when they access the Website. On the other hand, we only process certain data if you decide to contact us or use certain functions of the Website.

Data that we collect automatically when you visit our Website:

When you visit the Website, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case we collect the following usage and web access data (which we call “usage data”):

  • the date and time of the visit and the duration of the use of the Website;
  • the IP address of your device;
  • the referral URL (the Website from which you may have been redirected);
  • the subpages of the Website visited; and
  • further information about your device (device type, browser type and version, settings, installed plug-ins, operating system).

We process the usage data to enable you to use the Website and to ensure the functionality of the Website. In addition, we process usage data to analyse the performance of the Website, to continuously improve the Website and correct errors or to personalise the content of the Website for you. We also process the usage data to ensure IT security and the operation of our systems and to prevent or detect misuse, especially fraud. These server log files are deleted after a maximum of 7 days. Our legal basis for processing this data is Art. 6 (1) lit. f) GDPR.

Cookies and other tracking tools: We use cookies for the automatic processing of usage data. Cookies are small text files that you upload to your device when you visit our Websites and store the above information about you. For more information about the use of cookies on the Website, please click here. 

Data that you yourself transmit to us:

In addition to the data we process on all Website visitors, we also process other data when you use our contact form. You can see the details in the contact form. We process this data exclusively for the purpose of processing your request.

The legal basis in each case is Art. 6 (1) lit. a) GDPR (your consent).

2. Data that we process in the course of providing our Services:

In addition, we only process further personal data if you use our Services. This is the case here:

  • your credentials
  • the content data uploaded by you to our Services
  • usage data and in-app events such as the time and duration of your log-in.

We process this data to provide you with the Services and to enable you to communicate with other users of the Services. We also process this data in order to detect and correct errors, to improve the service (for example, by means of pseudonymous A/B tests to optimise the user interface) or, in individual cases, to prevent use in breach of the contract or the law.

Please note that we do not encrypt your content data when you use our Services.

The legal basis for the processing of usage data within the scope of our Services is Art. 6 (1) lit. b) GDPR with regard to the provision of Services, and Art. 6 (1) lit. f) GDPR with regard to other purposes.

3. The purposes for which we process your data:

We have already informed you above for which purposes we process your data in individual cases. Furthermore, we may also process your data for other purposes. These include, for example, the transfer of your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes. In these cases, the legal basis is either a legal obligation (Art. 6 para. 1 lit. c) GDPR) or our legitimate interests.

4. To whom we transfer your data:

Your personal data will only be disclosed to third parties if this is necessary for the provision of the Website or Services. Our Website is hosted on Hetzner.de (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany). Our Services run on DigitalOcean.com (101 Avenue of the Americas, New York, NY 10013, USA) cloud servers. All these data recipients have made strict contractual agreements with us to process data exclusively within the scope of our instructions (so-called order processing agreements).

The data recipients also include the third-party providers listed in our overview of cookies and analysis tools. Detailed information about the third-party providers we use in this context, e.g. to process customer inquiries or web analytics, can be found in the information about cookies, web analytics and other tracking technologies at the end of this Privacy Statement.

Please be informed: If you choose an avatar or username in the timz app this will currently be visible to the general public including such users with developer accounts. We intend to remove this feature by August 2020. From this point on, avatar and username in the timz app will remain private.

 

 

5. Data processing outside the EEA:

We do not transfer your personal data to countries outside the EEA without implementing appropriate safeguards.

We host your data on AWS (Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109, USA) powered by Cloudinary (Cloudinary Ltd., 38 Chancery Lane, The Cursitor Building, London WC2A 1EN, United Kingdom). Although AWS’s servers are located in Frankfurt, Germany, your data will still be transferred legally to the United States, a country outside the EEA (a so-called “Third Country”). However, we will ensure that an adequate level of data protection is maintained at all times. We will ensure that the data recipients are either certified according to the so-called “EU-US Privacy Shield” (as is currently the case with AWS) or that the so-called EU standard contractual clauses are included in our contracts with these providers in order to guarantee security of processing and an adequate level of data protection at all times.

6. Duration of the storage:

We process and store your personal data as far as this is necessary to fulfil our contractual or legal obligations. Therefore, we store the data for the duration of the contractual relationship with you and after termination only to the extent and for as long as required by law. If the data is no longer required to fulfil legal obligations (e.g. under tax or commercial law), it will be deleted unless further processing is necessary to preserve evidence or to defend against legal claims against us.

7. User profiles:

We do not use your data to create a user profile.

8. Your legal rights under the GDPR:

Within the scope of the GDPR you can assert the following rights against us:

  • Your right of access to information under Art. 15 GDPR, 
  • your right of rectification under Art. 16 GDPR, 
  • your right to erasure in accordance with Art. 17 GDPR, 
  • your right to restriction of processing in accordance with Art. 18 GDPR and 
  • your right to data portability according to Art. 20 GDPR. 

You further have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR). 

In addition, you can also revoke a given consent at any time. However, this revocation is only valid for the future. Any processing that may have taken place before the revocation remains unaffected. If you wish to exercise your rights as a data subject, you can do so by e-mail to [email protected]

Information about your right of objection under Art. 21 GDPR

In addition to the rights already mentioned, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that such processing is carried out on the basis of Art. 6 (1) lit. f) GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate that your interests, rights and freedoms outweigh the processing and therefore justify the processing. 

You also have the right to object, at any time, to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter), at no cost other than the transmission costs according to the basic tariffs; this also applies to the creation of a user profile (so-called “profiling”), insofar as this is connected with direct marketing. If you object to this, we will not process your personal data in the future.

Please note that if you do not provide us with certain data or if you object to the use of such data, you may not be able to use the Website or may only be able to use it to a limited extent.

The use of cookies, web analytics and other tracking tools on our Website and Services

When using our Website as well as our Services, usage data is generated within the scope of so-called “web tracking”. This means that the behaviour of certain users can be tracked pseudonymously in order to improve and personalise our Services and to optimise the display of advertising. We also use cookies for this purpose.

What are cookies? Cookies are small text files with information that are stored on your access device. They are usually used to associate a user with a particular action or preference on a Website, but without identifying the user as a person or revealing their identity.

Cookies are not automatically good or bad, but it is worth understanding what you can do about it and making your own decision about your data. 

We use the following types of cookies, whose scope and functionality are explained below: Session cookies and persistent cookies.

Session cookies are automatically deleted when you close your browser. This applies in particular to session cookies. They store a so-called session ID with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our Website. Session cookies are deleted when you log out or close your browser. 

 werden ebenfalls zunächst gespeichert, wenn Sie Ihren Browser schließen, und dann nach einer bestimmten Zeitspanne, die je nach Cookie unterschiedlich sein kann, automatisch gelöscht. Sie können die Cookies in den Sicherheitseinstellungen Ihres Browsers jederzeit löschen.

Sie können Ihren Browser vor oder nach Ihrem Besuch auf unserer Website
Reset persistent cookies so that werden ebenfalls zunächst gespeichert, wenn Sie Ihren Browser schließen, und dann nach einer bestimmten Zeitspanne, die je nach Cookie unterschiedlich sein kann, automatisch gelöscht. Sie können die Cookies in den Sicherheitseinstellungen Ihres Browsers jederzeit löschen.

Sie können Ihren Browser vor oder nach Ihrem Besuch auf unserer Website
all cookies are rejected or to indicate when a cookie is being sent. By default, the setting of cookies can be managed by the browser program of your browser, also in such a way that no cookies can be set at all or that cookies are deleted again. Your browser may also have a function for anonymous surfing. You can use these functions of your browser yourself at any time. However, if you have deactivated the setting of cookies in your browser by default, it is possible that our Website or our Services will not function properly. 

In addition to cookies, we also use other technologies for tracking users. These include so-called pixel tags (also known as “web beacons”, “GIFs” or “bugs”). These pixel tags are transparent one-pixel images that are located on the Website. They track, for example, whether a certain area of the Website has been clicked on. When triggered, the pixel tag logs a user interaction and can read or set cookies. Because pixels often rely on cookies to function, turning off cookies may affect them. But even if you turn off cookies, Pixel can still recognize a Website visit.

We also use so-called Software Developer Kits (SDKs) for our Services. SDKs are pieces of code provided by our vendors (e.g., third-party advertising providers, ad networks and analytics providers) in our mobile applications to collect and analyze certain device and user data.

We also use so-called device IDs. These are user-resettable identifiers consisting of numbers and letters. They are uniquely assigned to a specific terminal device. They are stored directly on the device. These include Google’s Apple Advertiser ID (IDFA) and Android Ad ID (AAID). They are used to identify you and/or your device(s) to, from and across different apps and devices for marketing and advertising purposes.

The legal basis for the processing of personal data using cookies and other technologies is Art. 6 (1) lit. a) GDPR, unless otherwise stated below.

Comprehensive information about every single cookie we use is available in our Consent Manager.

Google Analytics and Google Tag Manager

Our Website uses Google Analytics, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”). Google Analytics uses cookies and helps us analyze the number of users and general behavior of visitors to our Website. 

The information generated by the cookie about your use of our Website (identification, browser type/version, operating system used, referrer URL, abbreviated IP address, time of server inquiry) is usually transferred to a Google server in the USA and stored there. However, in the member states of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will first be shortened by Google on our Website. For this purpose, we have implemented the code “gat._anonymizeIp() ;” to ensure anonymous collection of IP addresses (so-called IP masking).

Only in exceptional cases will the complete IP address be transferred to a Google server in the USA and abbreviated there. If, in exceptional cases, personal data is transferred to the USA, Google’s certification under the so-called “Privacy Shield Agreement” between the EU and the USA (https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAItatus=Active) guarantees a level of data protection that corresponds to the level of data protection in the EU. 

Google will use the information about your use of the Website on our behalf in the context of Google Analytics to evaluate your use of the Website, to compile reports on Website activity and to provide other Services relating to Website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics and Google Tag Manager is not combined by us with other data from Google.

In addition to the general deactivation of cookies, you can prevent Google from collecting and processing data about your use of our Website (including your abbreviated IP address) by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout.

For more information on the terms of use and Privacy Statement, please visit http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/privacy/.

Mixpanel

Our Services use the analysis tool Mixpanel, a service of Mixpanel Inc. One Front Street, 28th Floor, San Francisco, CA 94111, USA. The Mixpanel service logs page views and page activity. To enable this, log data is transmitted to Mixpanel (and Mixpanel Inc.) using a cipher in an anonymous form. You can find more information about the use of your data on the privacy page of the Mixpanel service (http://mixpanel.com/privacy). If you do not wish to transmit log data from your activities on this website to Mixpanel (and Mixpanel Inc.), you can stop the recording of logs of your activity with the so-called “opt out cookie”, which you can activate at http://mixpanel.com/optout/. Please note, however, that this cookie, and thus the ban on recording, is deleted as soon as you delete your cookies in the settings of your browser.

Hotjar

Our Services use Hotjar, a service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta, to gain insights of our customers’ needs and to optimize our Services continuously. Hotjar is a technology service that helps us to better understand our users’ experiences, for example, the time they spend on which areas of the Services or the links they click. We use Hotjar’s services including heat maps, visitor recordings, funnels and form analysis. Hotjar uses a tracking code and a cookie to receive Usage Data (as defined above). Hotjar saves all information in a pseudonymous user profile. Hotjar does not associate this information with individual identified persons. Instead, Hotjar shows the general, aggregated behaviour of users. Hotjar or timz will not use this information to identify individual users or match it with other data concerning individual users. For details, please go to Hotjar’s privacy statement available at https://www.hotjar.com/legal/policies/privacy. You can object to Hotjar’s creating a user profile, saving data concerning your use of this Website and using tracking cookies on other websites by clicking https://www.hotjar.com/legal/compliance/opt-out.