Privacy Policy
Mello-App

Privacy policy for the Mello app  


Status:  16.04.2021


  1. Responsibility


Great that you want to be part of our Mello community! In the following, we inform you about the processing of your personal data that takes place via this app (“Mello app”). 


The responsible party in terms of data protection law is

SitEinander UG (“Mello” or “we”).

Karl-Marx-Str. 13

12043 Berlin

E-mail: support@mello-app.com



  1. Purpose of this app

This app allows you to get in touch with other parents from your area, exchange ideas, arrange dates and support each other in childcare. 


  1. Processing of your data


By downloading and using the app, various data processing operations are triggered. These are described in detail below. 


3.1 Downloading the app

When you download the app, certain required information is transmitted to the app store you have selected (e.g., Google Play or Apple Store), and in particular, the username, email address, time of download, payment information, and individual device identification number may be processed. If you agree, data about your use of the Mello app may also be tracked by the providers. The processing of this data is carried out exclusively by Google Playstore or Apple Store and is beyond our control.


3.2 Registration for the app 

With your email address or by phone: 

You can register for the Mello app with your email address and a password of your choice. Registration is done via double opt-in, i.e. you will receive an email with a link to the email address you provided. Only when you click on the link is your registration successful. If the link is not clicked, the collected data will be deleted within 48 hours. If you register by phone, you will receive a code by SMS, which you must then enter to complete the registration. 

Mandatory data are:

  • First name

  • Last name

  • E-mail address (will not be displayed in the profile) 

  • Phone number (will not be displayed in the profile) 

  • Gender identity

  • Interests (e.g. play dates, friendships)

  • Home address (NO house number required) or location 

  • Gender identity of your children

  • Age of your children or date of birth; only the age of your children will be shown to other users. 

  • At least one photo for your profile and

  • Answering at least one of the three profile questions 


The data will be used to represent you in the Mello app. To protect against misuse, participation under a pseudonym is not intended.

Once your registration is complete, you can edit this information in your profile at any time. You have control over your profile and can change your profile information (except email address, phone number) at any time by logging in to Mello.

Accordingly, the data processing is carried out for contractual purposes according to Art. 6 para. 1 p. 1 b) DS-GVO and, in the case of minors under 16 years of age, is also based on the consent of the respective legal guardian according to Art. 6 para. 1 p. 1 a) DS-GVO.  


With Single-Sign-On (Facebook or Apple) 

You can also register with an existing single sign-on (SSO) account. To do this, you must already be registered with the corresponding provider. For the use of an SSO service, the terms of use and data protection conditions of the respective provider apply, over which we have no influence.

The personal data transmitted to us by the SSO service is usually your first name, last name, and e-mail address. You will find out which data we can use from your SSO profile when you activate the SSO service for the first time.

Facebook’s SSO service is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland. Facebook’s Privacy Policy and Terms of Use (https://de-de.facebook.com/policy.php and https://de-de.facebook.com/legal/terms?ref=pf ) apply to your registration and use of Facebook. 

When you select “Sign in with Apple” for the Mello app, that selection will be linked to the Apple ID you use for iCloud. For more information, click here: https://support.apple.com/de-de/HT210699  Apple is provided by Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. Apple’s Privacy Policy and Terms of Use apply to your registration and use (for privacy information, see https://www.apple.com/legal/privacy/de-ww ). 

If you register with an SSO service, the SSO provider will become aware that you want to register for the Mello app by clicking the button marked with the respective SSO provider logo. The SSO provider usually sets cookies as soon as you click the button marked with the respective SSO provider logo. The SSO provider can collect information about your usage behavior. This information is transmitted to the servers of the SSO provider. It is possible that these are located outside of Germany, for example in the USA. There, the information is stored and possibly merged with other data that the SSO provider has stored about you. We expressly point out that when using this service, personal data may be transmitted to the USA and that this is fraught with risk, as there is no sufficient level of data protection there. The EU standard contractual clauses and other security measures are used to protect the data. 

The data processing described above is based on your contractual declaration to register with us and to use the registration option selected by you for this purpose (Art. 6 para. 1 p. 1 b) DS-GVO). 

You can cancel the connection to an SSO service at any time in your user account. It could be that the SSO service still knows that you have used the Mello app even after you have disconnected.


We will continue to store your email address used with the SSO service after you disconnect from the SSO service to allow you to access the Mello app. If you want to continue using the Mello app without the SSO service, you can change this in your profile under “Social Verification”.

3.4 Using the app

Through the app, you can communicate with others, create groups, post messages, and more. All posts, photos and messages will be saved to your account until further notice. 

 

Visibility of your personal information in the app

 

The following personal information is visible to all users of the app:

 

  • First Name

  • Last name

  • Gender identity

  • Age and gender of your children

  • Interest batches (e.g. “Mutual childcare”, “Friendships”, …)

  • Distance of your location/residence up to 500m 

  • “About me”, “Favorite places in the neighborhood” and “Availability”.

  • Common friends, link to the profile of common friends

  • If applicable, description, like “just online”, “recently active” or “new


3.5 Connect Instagram or Facebook profile with Mello app

In your profile, you can link your Mello profile with your Facebook or Instagram profile under “Connect Instagram” or “Connect Facebook”. This only takes place if you explicitly request it and give your consent. With this service, you can decide what information should be shared and linked: 

  • Profile information (username and account type): this sharing is mandatory, otherwise no linking can take place: 

  • Media (image text, number of media, media type, URL of the photo/video, permalink, timestamp and thumbnail): You can give this permission by clicking the checkmark. 

 

 When you link, we will have ongoing access to the information you share, which will also be displayed in your Mello profile. You can revoke your consent at any time and cancel the link for the future (see also section 11. of this privacy policy). 

After linking, you can use a special function on Instagram and Facebook to check whether friends of these services are also registered with Mello. 

 Privacy policy of Instagram ind Facebook: https://de-de.facebook.com/privacy/explanation 

Terms of use of Instagram and Facebook: https://de-de.facebook.com/legal/terms?ref=pf 



3.6 Information that is collected automatically

When you use the app, we automatically collect certain data that is necessary to use the Mello app or improve its performance. This includes: 

  • IP address of the requesting end device

  • Date and time of access

  • Operating system used by your end device

  • currently installed version of the app

  • Your time zone and country

  • Last login

  • Number of direct messages and content (anonymized)

  • Connections in the app (friends, who & number)

  • Number of posts in Mello feed + content

  • Comments in feed + content

  • Duration of app use

  • Likes

  • User Behavior (clicks, popular threads, activities) and 

  • Crashes of the Mello app


 

This data is processed, in particular stored, in order to

  • Provide you with the Service and related features; 

  • (2) improve the functions and performance features of the Mello app; and 

  • (3) prevent and eliminate misuse and malfunctions. 


This data processing is thus carried out for contractual purposes according to Art. 6 para. 1 p. 1 b) DS-GVO. 



  1. Necessary permissions for the operation of the app 


The operation of the app also requires the following permissions:

  • Internet access: this is required in order to transfer the collected data to our servers via an encrypted connection. Here, a unique key is used as an identifier that can only be assigned to the respective user on the server side. An automatic service is used for this, which periodically checks whether data needs to be transferred and transfers it if necessary.

  • Camera and photo access: This is required to display photos or movies in the Mello app.

  • Location access: This must be enabled in order to find other users in the Mello app and display your approximate location.  

  1. Deleting your account / snooze function


Your data will be stored on our servers until you request a final deletion of your user account. To permanently delete your user account, including all personal data, from our systems, you can do so in the following ways: 

  1. App side menu, Delete Account or.

  2. Please write us an email with the subject “Delete Account” to support@mello-app.com. 

In case of a deletion request via email, we will irrevocably delete your user account including all personal data from our servers within five business days, unless a deletion is opposed by mandatory legal retention obligations. The time limits for this are 6-10 years.

 

If you want to take a break from using the Mello app, you can use the snooze function (under “Settings” “Snooze account”). In this case, your profile will be taken offline, so it will no longer be visible to others, but your posts will remain online. People who write to you will automatically be notified that your account is currently dormant. As soon as you want to become active again, you can deactivate the slider at “account dormant”. 



  1. Data sharing and transfer


We will only share your data with third parties if we are authorized or required to do so by applicable law.

 

Authorization exists if you give us consent or third parties process data on our behalf: If we do not carry out our business activities (e.g. operation of the app, data analysis or data cleansing) ourselves, but have them carried out by other entrepreneurs, and these activities are associated with the processing of your data, we have previously contractually obligated these companies to use the data only for the purposes permitted to us by law. We are authorized to control these companies in this respect. Please also refer to the following section of this privacy policy, where we inform you comprehensively about the services of third parties that we use. 

 

In individual cases, we may be legally obliged to pass on personal data to authorities or courts. The associated data processing is therefore based on a legal obligation.


  1. External service providers that we integrate


We integrate the following services to fulfill our contractual obligations to you or based on your consent (Art. 6 para. 1 p. 1 a), b) DS-GVO). 


7.1  Services from Google

  • FIREBASE

We use the service Firebase from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) (“Google”) to analyze your user behavior. We use the data collected to track and analyze your interaction with the Mello app. Firebase is part of the Google Cloud Platform and offers various services for app developers. Some Firebase services process personal data. In most cases, the personal data used is limited to so-called instance IDs that are time-stamped. The instance IDs created by Firebase are used only once and therefore allow the assignment to specific events or processes. The data collected in this process is not personal data and we do not take any measures to personalize it afterwards. We use the collected data to analyze user behavior and optimize the user experience, for example by evaluating crash reports.

Currently, we use the following services from Firebase:

Google Analytics for Firebase: Google Analytics uses the collected data to provide analytics and attribution information. Exactly what data is collected varies by device and environment. Google Analytics stores ID-related data for 60 days and collected reporting and campaign data indefinitely. Google says all data for these services is stored in Europe. 

For Analytics for Firebase, Google uses not only the instance ID mentioned above, but also the advertising ID of the end device. You can change the use of the advertising ID in the device settings of your mobile device. Android: Settings > Google > Ads > Reset Ad ID iOS: Settings > Privacy > Advertising > No ad tracking. 

We are joint controllers with Google and have entered into a joint control agreement specified by Google through our account with Google. 

 

 

Summary of the Joint Control Agreement with Google: 

  • Each party is responsible for ensuring that a legal basis exists for the respective data processing.

  • Data subjects’ rights are implemented by Google, insofar as this does not involve exclusive data processing by us. However, to assert your data subject rights, you can contact us and/or Google.

 The notification of data protection breaches in accordance with Art. 33 DS-GVO is handled by Google.  We are obligated to report immediately if we suspect a data protection violation. 

 

Firebase Remote Config: Remote Config uses instance IDs to select configuration values and transfer them to end-user devices. Firebase stores instance IDs until the Firebase customer initiates deletion of the ID using an API call. The data is deleted from both live servers and all backups within 180 days of the call.

Firebase Dynamic Links: Dynamic Links uses data from iOS devices to open newly installed apps on a specific page or context. Dynamic Links stores device data only temporarily to provide the service.

Firebase Cloud Messaging: Firebase Cloud Messaging is used to deliver push notifications or so-called in-app messages (notifications that are only displayed in the respective app). For this purpose, a pseudonymized push reference is assigned to the end device, which serves as the “destination” for the push notification or in-app message. You can disable and re-enable push notifications at any time through your end device’s settings.

Firebase Cloud Messaging uses instance IDs to determine which devices to send messages to. Google stores instance IDs until we initiate deletion of the ID using an API call. The data is deleted from both live servers and any backup systems within 180 days of the call.

Google uses this data on our behalf for the above purposes.


Google Forms: 

To conduct surveys or for online forms, we use the Google Forms service, which is also operated by Google Ireland Ltd. Google Forms makes it possible to design and evaluate surveys and online forms. In addition to the respective personal data that you enter in the respective form, information on your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected. your personal data is processed by Google on our behalf.  


Processing regularly takes place within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. However, data transfers to the USA cannot be excluded, https://policies.google.com/privacy?hl=de&gl=de. In this respect, the EU standard contractual clauses and further protective measures are used to establish an appropriate level of data protection. 


Google Maps: 

When you enter your address and to display your location and the location of other users, we use the service Google Maps. The provider is Google. During use, Google collects user data, including the IP address. If you are logged in to Google (e.g. Gmail) during use, Google may link this data to your account. We point out that we have no influence on the data collection and use by Google. The additional terms of use for Google Maps and Google Earth (https://www.google.com/intl/de_US/help/terms_maps.html) apply. The data collection is based on your consent (Art. 6 para. 1 p. 1 a) DS-GVO). 



7.2 SendGrid: 

We use the SendGrid service for sending automatically sent emails. The provider is Twilio Inc, 375 Beale Street, Suite 300, San Francisco, CA 94105, USA (“Twilio”).

SendGrid is a service that can be used, among other things, to organize and analyze the sending of e-mails and electronic messages. SendGrid can be used to determine whether a message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). They are used exclusively for the statistical analysis of messages. The results of these analyses can be used to identify delivery problems and to improve communication technology. Via SendGrid we remind you, for example, of an unopened mail sent by us or automatically send a message to confirm account deletion. 

Since the provider is located in the USA, the data is also processed in this country. Currently, the USA is considered to be a country that does not have a sufficient level of data protection. The reason for this is, in particular, that the data subject is not entitled to any legal remedies comparable to those in the EU to protect his or her data. Therefore, Twilio uses the EU standard contractual clauses and additional security measures to protect the data. You can find information about SendGrid’s data protection here: https://sendgrid.com/resource/general-data-protection-regulation-2/ We have also entered into an order processing agreement with Twilio, which you can access here: https://www.twilio.com/legal/data-protection-addendum. Data processing is carried out for contractual purposes (Art. 6 para. 1 p. 1 b) DS-GVO). 

 

7.3 Slack:

In order to respond as promptly as possible to requests via the Mello app, we use Slack as an internal team communication tool. The provider of Slack is Slack Technologies Limited, (“Slack Technologies”), 4th Floor, One Park Place, Hatch Street Upper Dublin 2, Ireland. 

When requests are made, the data entered is sent to us using Slack, ensuring that the request is processed quickly. The data is thereby transferred to servers in the USA and stored there. For protection, the EU standard contractual clauses and other protective measures are used. After processing the request, the data is deleted, but at the latest automatically after 30 days. Furthermore, we have concluded a “Data Processing Addendum” with Slack (see https://slack.com/intl/de-de/terms-of-service/data-processing and https://www.slack.axdraft.com/ ). 



 

7.4 Services from Facebook

  • Facebook Analytics

Efficiency of Facebook advertising

If you consent, we use the Facebook Analytics service. Facebook Analytics is a comprehensive analytics tool that allows us to track the customer journey of our users, among other things. Facebook Analytics provides us with information about how users interact with the Mello app and our Facebook page. In particular, the information includes: 

  • Number of app installs; 

  • Number of posts and chats; 

  • Number of active users; 

  • Retention rate; and

  • Number of app invitations. 

Facebook Analytics is provided by Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland (“Facebook”). We have entered into a Joint Control Agreement with Facebook for this purpose, which deems both us and Facebook responsible under data protection law. You can view that here. https://m.facebook.com/legal/terms/page_controller_addendum?locale=de_DE   


Summary of the Joint Control Agreement with Facebook: 

  • Each party is responsible for ensuring that a legal basis exists for the respective data processing.

  • Data subject rights are implemented by Facebook, unless it is an exclusive data processing by us. However, to assert your data subject rights, you can contact us and/or Facebook.

  • The notification of data protection breaches in accordance with Art. 33 DS-GVO is handled by Facebook.  We are obligated to report any suspected data breaches immediately. 

 

  1. Data transfers to third countries


 We also process data in countries outside the European Economic Area (“EEA”). Within the scope of the services outlined in section 7, processing by third-party providers also takes place in the USA. 


  1. Legal and contractual obligations to provide


The provision of your data as described in this Privacy Policy is neither contractually nor legally required. However, without the provision of mandatory data and the release of certain services or functions, the Mello app cannot be used or cannot be used to its full extent. Also, not providing consent regarding the use of third-party services may affect the scope of use of the Mello app. 


  1.   Storage period and deletion of data

Automatically collected data will be deleted after 7 days. Furthermore, you can delete your user account at any time and uninstall the Mello app on your end device. Please note, however, that all data relating to your user account will be stored until you terminate your account with us (see the information in section 5 on deleting the account) or until we terminate it in exceptional cases, e.g. due to inactivity. 

We will delete or anonymize your personal data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the preceding paragraphs. If we are required by law to retain data, such periods will be 6-10 years. Furthermore, data may be stored for a longer period as long as the data is related to a legal dispute or criminal proceedings. 



  1. Your rights (objection, revocation, information, correction, restriction of use, deletion, transfer, complaint)

11.1 Objection

You can object to the processing of personal data concerning you by us at any time for reasons arising from your particular situation. To do so, you can use the contact options mentioned in section 1. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms.

11.2 Revocation

Furthermore, you have the right to revoke given consents with effect for the future. However, the lawfulness of the data processing based on your consent remains unaffected by this until you exercise the revocation.


11.3 Other rights

You have the right at any time to receive information free of charge about your personal data stored by us, to correct incorrect data and to have data blocked or deleted. Furthermore, you have the right to receive your data in a structured, common and machine-readable format and to have your data transferred by us to someone else. Finally, you have the right to complain to a data protection authority.

With the exception of your right to complain to the data protection authority, you can address your respective concerns to us via the contact details mentioned in section 1.



  1.  Data security

The Mello app uses encryption techniques to protect data. Mello also takes appropriate technical and organizational measures within the meaning of Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the likelihood and severity of the risk to the rights and freedoms of natural persons. Furthermore, confidentiality, integrity, availability and resilience of the systems and services related to the processing are ensured, as well as ensuring a rapid restoration of the availability of personal data in the event of a physical or technical incident.


  1. Changes to this privacy policy


We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing or use of your data. The current version of the Privacy Policy is always available under “Privacy Policy” within the Mello app.