Privacy

This data protection and privacy policy is a translation of our German version of the same document. In the event of an inconsistency between the two versions of the data protection policy, the German version shall prevail. You can find the German version of this policy here: www.sablono.com/datenschutz

Privacy Policy of Sablono GmbH (August 8, 2018)

A. General information on data protection

1. Subject of this data protection declaration

1.1. In the following document we inform you about the collection and processing of personal data when using our websites www.sablono.com, app.sablono.com,support.sablono.com (hereinafter also called “websites”) or when you use our mobile apps “Sablono Inspect” and “Sablono Today” (hereinafter called “mobile apps”), which you can download to your mobile device. Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person. If there are differences for the respective use, we will inform you separately with regard to the website under point B and with regard to the apps under C.

1.2. Controller according to Art. 4 para. 7 GDPR is Sablono GmbH (hereinafter also referred to as “Sablono” or “we”), Bismarckstr. 10-12, 10625 Berlin, Germany, e-mail: office@sablono.com (see our imprint).

1.3. This privacy policy applies to all services offered on our websites or via the mobile apps. These include: Conceptual and strategic consulting, campaign planning, software and design development / consulting or maintenance, implementation of campaigns and processes / handling, server administration, data analysis / consulting services and training services (hereinafter “Services”). This data protection declaration exclusively regulates how Sablono handles your personal data. If we use contracted service providers, we will inform you in detail about the respective processes below. In the event that you click on the links to third parties via the website, the respective data protection provisions of these third parties apply exclusively. Sablono does not review the privacy policies of third parties.

2. Information about the collection of personal data
We collect, store and process personal data in accordance with Art. 6 Para. 1 S. 1 lit. b) GDPR in order to be able to make our services available to you. All personal data is processed exclusively in accordance with the provisions of the EU General Data Protection Regulations (GDPR), the German Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

2.1. Contacting
(1) When you contact us (e.g. via contact form, e-mail, telephone or via in-App chat), your details for processing the contact request and its processing are stored. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR. Your data can be stored in a customer relationship management system (“CRM system”) or comparable systems.
(2) We delete the data arising in this context after storage is no longer necessary, or restrict processing if statutory retention obligations exist in accordance with the criteria specified in Section 6. We check the necessity every 2 years.
(3) We use sipgate, a service of sipgate GmbH, Gladbacher Str. 74, 40219 Düsseldorf (hereinafter “sipgate”) to handle our incoming and outgoing telephone calls with our customers and/or interested parties. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR. Phone numbers and call data (time and duration of the call) are stored by Sipgate until we delete the data. The criteria specified in Section 6 shall apply accordingly.
The data protection regulations of the shipping service provider can be viewed here: https://www.sipgate.de/datenschutz.
(4) In order to communicate via chat or to answer your support requests, we use Intercom, a service of Intercom, Inc. 98 Battery Street, Suite 402, San Francisco, CA 94111 USA (hereinafter “Intercom”). We transmit your name, your e-mail address and your IP address to the servers of Intercom. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR. These data are stored by Intercom until we delete them. The criteria specified in Section 6 shall apply accordingly.
According to Commission Implementing Decision (EU) 2016/1250 of 12.07.2016, the transfer of data from a controller or processor in the EU to organisations in the USA that have committed themselves to the framework principles of the EU-US Privacy Shield, including the additional principles, by self-certification with the US Department of Commerce, is permitted. Intercom is committed to these principles through self-certification by the US Department of Commerce.
Detailed information on data protection at Intercom can be found at https://www.intercom.com/de/terms-and-policies.

2.2. User account/registration
(1) In order to use our platform at app.sablono.com to monitor your construction progress projects via our website or our mobile apps, you as a user must register on the website with a password of your choice and the following personal data: First and last name, company name and e-mail address. We need this information to identify you and to communicate with you. It is obligatory to provide the above-mentioned data; you can provide your telephone number voluntarily. We will then set up a password-protected direct access to your data stored with us in your customer account. Here you can see and manage all information about your projects and all data in the protected customer area. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR or Art. 6 para. 1 sentence 1 lit. a) GDPR, if you voluntarily provide us with your data.
(2) In addition, certain users have the possibility to store data of third parties on the platform. This happens when personal data of a “team leader” (name, e-mail address, telephone number) is stored and the team leader himself is not a user of the platform. The data enables communication between the parties involved. The data will not be passed on to third parties. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR.

2.3. Agency services
(1) To enable you to make use of our services, we process the following personal data on the basis of Art. 6 Par. 1 S. 1 lit. b) GDPR:
Inventory data (e.g. customer master data, such as names or addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. subject matter of contract, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. as part of the evaluation and performance measurement of marketing measures). We do not process special categories of personal data unless these are part of commissioned processing.
Affected of the processing are: Customers, interested parties as well as their customers, users, website visitors or employees and third parties. The purpose of the processing is to provide contractual services, billing and our customer service.
(2) We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry.

2.4. Cookies and pixel tags
(1) We use cookies on our websites and within our mobile apps. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do no damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specifically used terminal device. However, this does not mean that we immediately become aware of your identity. The legal basis for the data processed by cookies is Art. 6 Par. 1 S. 1 lit. a), b) or f GDPR.
(2) We use so-called session cookies to recognize that you have already visited individual pages of our website. These will be deleted automatically after leaving our site. In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimize user-friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us. It also recognizes what entries and settings you have made so that you do not have to enter them again.
(3) On the other hand, we use cookies to statistically record the use of our website or mobile apps by services of our service providers and to evaluate them for you for the purpose of optimising our offer (for more information, please refer to the description of the respective third-party service provider). These cookies are deleted after a defined period of time.
(4) You can enable or disable cookies via the settings in your browser. However, the complete deactivation of cookies can lead to the fact that you cannot use all functions of our website. For more information on how to prevent certain cookies from being set, see for the different service providers.
(5) Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the web pages or usage behaviour within the mobile apps. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies).

2.5. Newsletter
(1) We also use your e-mail address to inform you about news concerning the platform or upcoming events. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR or, if you have given us your consent, Art. 6 para. 1 sentence 1 lit. a) GDPR.
(2) The newsletter is sent to all customers and users of our platform via the shipping service Intercom (for further information on Intercom, please refer to section A, paragraph 2.1., paragraph 4)). The legal basis is Art. 6 p. 1 para. 1 lit. f) GDPR. This newsletter does not contain any advertising, but only application-related content, e.g. maintenance of our services and applications.
For this purpose, we transmit your e-mail address to the servers of Intercom, where it is stored until we actively delete it.
Intercom can use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes. However, Intercom does not use your data of our newsletter recipients to contact you or to pass the data on to third parties.
(3) A newsletter is sent to all interested parties, regardless of whether they already use the platform, via the shipping service provider HubSpot, Inc based in the USA (hereinafter “HubSpot”). The legal basis is Art. 6 p. 1 para. 1 lit. f) GDPR. In this newsletter we inform you about promotional offers and campaigns.
For this purpose, we send your e-mail address to the servers of HubSpot, where it is stored until we actively delete it.
HubSpot can use the recipient’s data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, HubSpot does not use the data of our newsletter recipients to write them down itself or to pass the data on to third parties.
HubSpot has committed itself to the principles of the Privacy Shield by self-certification at the US Department of Commerce.
You can read HubSpot’s privacy policy here: https://legal.hubspot.com/de/privacy-policy
(4) In addition, the use of our newsletters by the providers HubSpot and Intercom is automatically evaluated (e.g. opening, number of accesses) on the basis of Art. 6 para. 1 sentence 1 letter f) GDPR.
Our e-mails contain cookies, similar technologies or a combination of these (for more information, please refer to Section B Section 1.2. Para. 5). For the evaluations, we link the data mentioned in section B item 1.1. and the respective technology used with your e-mail address and an individual ID. From the statistics provided by Intercom, we can draw conclusions about possible malfunctions of the application and correct them if necessary. This is necessary to ensure that the newsletter runs smoothly. Sablono guarantees that this information will not be used for any other purpose. If you wish to prevent this type of processing, please unsubscribe from the newsletter as described in Section A. Section 2.5 Para. 5.
With the data collected by HubSpot, we create a user profile to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on and deduce your personal interests. We link this data to actions taken by you on our website. If you wish to prevent the use of your data for marketing purposes, you can prevent this by clicking on http://www.youronlinechoices.com/de
(5) At the end of each newsletter you will find a link to unsubscribe at any time. You can also unsubscribe from the newsletter at any time by sending a message to the e-mail address or address given in section 1.2.

2.6. Data processing in the application procedure
(1) If you wish to apply to us, we will only process your application data for the purpose and within the framework of the application procedure in accordance with the legal requirements. The processing of the applicant data takes place for the fulfilment of our (pre)contractual obligations in the context of the application procedure on the basis of § 26 Abs. 1 S. 1 BDSG.
(2) The application procedure requires that applicants provide us with their data. The necessary applicant data can be found in the job descriptions. This includes personal data, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information. The legal basis for voluntarily provided data is § 26 Abs. 2 S. 1 BDSG. In the case of special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data, e.g. severely disabled status or ethnic origin), the processing is based on § 26 para. 3 BDSG.
(3) If an employment relationship is not established for any reason whatsoever, the applicants’ data will be deleted. The deletion takes place after a period of six months, so that we can answer any follow-up questions to the application and meet our obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

3. Use of third-party service providers for internal processing purposes

3.1. We process data within the scope of administrative tasks as well as the organisation of our company, financial accounting and compliance with legal obligations, e.g. archiving. We process the same data that we process as part of the performance of our contractual services according to Art. 6 para. 1 sentence 1 lit. b), c) or f) GDPR. Customers, interested parties, business partners and visitors to the websites are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, thus tasks which serve the maintenance of our business activities, perception of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in the respective processing activities.

3.2. We disclose or transmit data to the tax authorities, consultants (e.g. tax consultants or auditors) and other fee offices and payment service providers. Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later stage. We store this data, which is mainly company-related, permanently. We also store customer data “in the cloud” during internal processing, sometimes also at third-party providers.

3.3. We only cooperate with service providers who are based in the EU or, if the service provider is based outside the EU or EEA, with those who can demonstrate an adequate level of data protection (e.g. Privacy Shield).

4. Secure data transmission
Your personal data is transmitted securely and encrypted. This also applies to the customer login. We use the SSL coding system for this. No one can guarantee absolute protection. However, we secure our website and other systems through technical and organizational measures.

5. Rights of the parties concerned

5.1. In accordance with Article 15 of the DS GMO, you have the right to obtain, upon request and free of charge, information on the personal data that has been stored about you. In accordance with Articles 16, 17 and 18 GDPR, you also have the right to have incorrect data corrected and your personal data blocked, deleted or processed to a limited extent. Subject to the conditions laid down in Article 20 of GDPR, you are also entitled to receive the personal data concerning you that have been stored in a structured, current and machine-readable format and to transmit this data to another person in charge without Sablono’s interference. In addition, pursuant to Art. 21 para. 1 GDPR, you are entitled to the reject the permission of processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e) or f) GDPR, for reasons arising from your personal situation. Objections to direct advertising can always be expressed. Sablono will fulfil your aforementioned rights, as far as the legal requirements for the assertion of the rights are given.

5.2. Any requests regarding your personal data should be addressed to the e-mail address or address given in the imprint of our web pages or under point 1 of this data protection declaration.

5.3. You also have the right to file a complaint with a data protection supervisory authority about our processing of your personal data.

6. Duration of storage and routine deletion

6.1. We process and store personal data only for the period required to achieve the processing purpose or for as long and to the extent required by law, but at least for the duration of the statutory limitation periods.

6.2. If the storage purpose no longer applies or if a legally prescribed storage period expires, the personal data will be blocked or deleted routinely and in accordance with legal regulations.

B. Further information for the use of our web pages

1. Access data/server log files
During the purely informational use of our websites www.sablono.com,support.sablono.com, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server (server log files/access data) on the basis of Art. 6 Para. 1 S. 1 lit. b) and f) GDPR in order to display our website and to guarantee stability and security. These include:
Name and content of the accessed website, IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the amount of data transferred, access status/HTTP status code (referrer URL), browser type, your operating system and its interface, language and version of the browser software.
Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. If further storage is required for evidentiary purposes, this data is excluded from deletion until the respective incident has been finally clarified.

2. Integration of third-party services for the purpose of web hosting
We use server capacities of providers through which we can offer you our services online via our websites (web hosting). The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR. For this purpose, inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer are transmitted to the service providers. We carefully select our host providers. We only cooperate with providers based in the EU or, if the provider is based outside the EU or EEA, that the provider can demonstrate an adequate level of data protection (e.g. Privacy Shield).

3. Integration of further services and contents of third parties

3.1. Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service of Google Inc. based in the USA (hereinafter”Google”). Google Analytics uses cookies (see Section A, Section 2.4. for details), which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
(2) Google has committed to the principles of the privacy shield by self-certification with the US Department of Commerce.
(3) We use Google Analytics only with active IP anonymization. For this reason, Google will reduce your IP address in member states of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of Sablono, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide Sablono with other services relating to website and internet use. The legal basis for the use of Google Analytics is Art. 6 Par. 1 S. 1 lit. a) or f) GDPR.
(4) The IP address transmitted by your browser is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link:
http://tools.google.com/dlpage/gaoptout?hl=en
For more information about Google’s use of data, click here:
http://www.google.com/analytics/terms/de.html (Terms of use)
http://www.google.com/intl/de/analytics/learn/privacy.html (Overview of data protection)
http://www.google.de/intl/de/policies/privacy (Privacy Policy)

3.2. Use of Google Marketing Services
(1) We use the marketing and remarketing services (“Google Marketing Services”) of Google LLC based in the USA for analysing, optimising and operating our online offering economically. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.
(2) The Google marketing services allow us to target ads for and on our site in order to present users only with ads that potentially match their interests. For example, if a user sees ads for products he has been interested in on other websites, this is referred to as “remarketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re)marketing tags (“web beacons”) are integrated into the website. With their help, an individual cookie is set on the user’s device (instead of cookies, comparable technologies can also be used, see also section A, paragraph 2.4). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. The cookie records which websites the user visits, what content he is interested in and what offers he has clicked on, technical information about the browser and operating system, referring websites, visiting time and other information about the use of the online offer. The IP address is also transmitted, but only in anonymized form (for more information, see Section B, Section 3.1., Para. 3). The IP address is not combined with the user’s data within other Google offers. The above information may be linked by Google to such information from other sources. If the user then visits other websites, the ads tailored to his interests can be displayed.
(3) Users data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store and process, for example, the names or e-mail addresses of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
(4) One of the Google marketing services we use is the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different”conversion cookie”. Cookies cannot therefore be traced through the websites of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users.
(5) We also use the Google marketing service “AdSense” to integrate third-party advertisements. AdSense uses cookies that enable Google and its partner sites to serve ads based on users’ visits to this site or other sites on the Internet.
(6) We can also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services into our website.
(7) Google LLC is committed to the principles of Privacy Shield through self-certification by the U.S. Department of Commerce.
(8) If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
For more information about Google’s use of data for marketing purposes, please see the overview page:
https://www.google.com/policies/technologies/ads.
Google’s privacy policy is available at https://www.google.com/policies/privacy

3.3. Use of Intercom
Sablono also uses the Intercom service on its platform app.sablono.com for analytical purposes (for more information on Intercom, please refer to Section A. Section 2.1. Para. 4). By setting cookies and similar technologies on your device (for more information, please refer to Section A Section 2.4.), we can evaluate your user behaviour in order to offer our support or to improve the product. The system-immanent evaluation serves exclusively the purpose of correcting technical malfunctions in order to ensure uninterrupted operation of our platform. Among other things, the following data is recorded: Time and duration of your login, your location, which areas you have visited within the platform and the like. The data collected in this way is transmitted to Intercom and stored there until we actively delete it. With regard to data storage, the provisions of Section A. No. 2.1. para. 4 shall apply. The legal basis for the use of intercom is Art. 6 p. 1 para. 1 lit. b) and f) GDPR.

3.4. Use of HubSpot
(1) Sablono uses the HubSpot service on its websites for analytical purposes (for more information on HubSpot, please refer to Section A Section 2.4. Para. 3). HubSpot uses cookies and similar technologies (see also Section A Section 2.4.), which are stored on the user’s computer and which collect certain data. The collected data are IP address, location, browser, duration of the visit, accessed websites. HubSpot evaluates this data and uses it to generate statistics on the use of our websites. Sablono needs these statistics to ensure the smooth operation of the websites and all offers, to continuously optimise them and to offer the user targeted marketing. The legal basis for the processing of personal data via the HubSpot service is Art. 6 Par. 1 S. 1 lit. b), f) GDPR.
(2) You can prevent the collection of data by HubSpot by prohibiting the storage of cookies in your browser through appropriate settings. You can find instructions at http://www.meine-cookies.org/cookies_verwalten/index.html
If you wish to prevent the use of your data for marketing purposes, you can unsubscribe with one click at http://www.youronlinechoices.com/de

3.5. Sentry
(1) Sablono also uses the tracking service Sentry, Inc. based in the USA (hereinafter”Sentry”). This captures information about platform crashes and malfunctions on your end device to improve the platform. Your IP address is only collected in an anonymous form and together with technical data of the terminal device (such as operating system version, screen resolution, device ID) is transmitted to the Sentry servers. It is not possible to draw any conclusions about a specific person. The legal basis for the use of Sentry is Art. 6 para. 1 sentence 1 lit. f) GDPR.
(2) Sentry is self-certified by the U.S. Department of Commerce to comply with the principles of the Privacy Shield.
(3) For more information on data processing at Sentry, please visit https://sentry.io/privacy/.

3.6. Integration of YouTube videos
(1) We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission. YouTube is an offer from Google (more information about Google in section B, point 3.1.).
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in Section B, point 1.1. of this declaration will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
(3) For more information about the purpose and scope of data collection and processing by YouTube, and to learn more about your rights and privacy choices, please visit:
https://www.google.de/intl/de/policies/privacy.

C. For the mobile apps “Sablono Inspect and Sablono Today”

1. Processing of personal data when using our mobile apps

1.1. Data Access
(1) When you download the mobile apps, the necessary information is transferred to the App Store (Apple App Store and Google Play), in particular the name, e-mail address and customer number of your customer account, time of download, payment information and the individual device code number. We have no influence on this data collection and are not responsible for it. We only process the data if it is necessary for downloading the mobile apps to your mobile device.
(2) If you want to use our mobile apps, we collect the following data on the basis of Art. 6 Par. 1 S. 1 lit. f) GDPR, which are technically necessary for us to offer you the functions of our mobile apps and to guarantee stability and security:
Name and content of the accessed website, IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), the amount of data transferred, access status/HTTP status code (referrer URL), browser type, your operating system and its interface, language and version of the browser software.
Furthermore we need your device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile device, e-mail address.

1.2. Access to photos and storage
(1) When you start using our mobile apps, we ask you for permission to access your device’s memory and photos in a pop-up. This is necessary so that you can use photos for your respective construction projects within the mobile apps. If you allow access to this data, the mobile apps will only access your data and transfer it to our server to the extent necessary to provide the functionality. Your data will be treated confidentially and deleted by us if you revoke the rights of use or if they are no longer necessary for the provision of the services and if there are no legal storage obligations. The legal basis for processing is Article 6(1)(1)(f) GDPR.
(2) If you do not give permission, we will not use this information. In this case you may not be able to use all functions of our apps. You can grant or revoke permission later in the operating system settings of your mobile device.

1.3. Push notifications
(1) Our mobile apps also use push services from operating system manufacturers. These are short messages that can be displayed on your terminal device and inform you about project-relevant updates. We do not send you any advertising via push messages.
(2) When using the push services, a device token from Apple or a registration ID from Google will be assigned. These are only encrypted, anonymized device IDs. The sole purpose of the use is the provision of push services. Sablono cannot be traced back to the individual user.
(3) You can disable the receiving of push messages via the operating system of your smartphone.

2. Integration of third-party services

2.1. MailChimp
(1) To enable you to receive automatic updates within the mobile apps on the activities of other users with whom you work, we use the MailChimp service provided by the US-based company The Rocket Science Group, LLC (hereinafter”Mailchimp”) on the basis of Art. 6 para. 1 sentence 1 letter b) and f) GDPR. For this purpose your name and your e-mail address will be transmitted to the servers of MailChimp and stored there until we actively delete them.
(2) MailChimp has committed itself to the principles of the Privacy Shield by self-certification at the US Department of Commerce.
(3) Further information on data protection at MailChimp can be found under:
http://mailchimp.com/legal/privacy/

2.2. Use of Google Analytics
(1) These mobile apps as well as Google Analytics for apps, an analysis service of Google LLC (for more information about Google see B.3.2.). Google Analytics uses the so-called “Instance ID” of your mobile device to recognize individual settings of the mobile apps. Because each instance ID is unique to a mobile app and the mobile device you use, Google Analytics can evaluate and respond to specific processes within the mobile apps. This inherent evaluation is necessary to ensure uninterrupted operation of our mobile apps and therefore cannot be technically prevented. Sablono will not use this statistical data for other purposes. The legal basis for the use of Google Analytics for this purpose is Art. 6 Par. 1 S. 1 lit. b) GDPR
(2) IP anonymization is active in our mobile apps (for more information, see Section B. Section 3.1. Para. 3). On behalf of Sablono, Google will use this information to evaluate your use of the mobile apps, to compile reports on app activity and to provide Sablono with other services related to app usage.

2.3. Intercom
Sablono also uses the Intercom service for analysis purposes within the mobile apps (more information on Intercom can be found in section A.2.1. paragraph 3.). This captures information about app crashes and malfunctions on your device to improve the app. This evaluation is necessary to ensure that our mobile apps run as smoothly as possible. Sablono does not use this statistical data for other purposes. The collected information is transmitted to the Intercom servers together with technical data of the terminal device (such as operating system version, screen resolution, device ID) and stored there until we actively delete it. The criteria specified in Section 6 shall apply accordingly. The legal basis for the use of Intercom for this purpose is Art. 6 para. 1 sentence 1 letter f) GDPR.

2.4. Sentry
Sablono also uses the Sentry tracking service within the mobile apps (for more information about Sentry, see section B, paragraph 3.5.). This captures information about app crashes and malfunctions on your device to improve the mobile apps. Your IP address is only collected in an anonymous form and together with technical data of the terminal device (such as operating system version, screen resolution, device ID) is transmitted to the Sentry servers. It is not possible to draw any conclusions about a specific person. The legal basis for the use of Sentry is Art. 6 para. 1 sentence 1 lit. f) GDPR.