The legal basis of data protection can be found in the EU Data Protection Basic Regulation (hereinafter DSGVO) and the national implementation regulations applicable in the EU, in Germany in the Federal Data Protection Act (BDSG).
The SitEinander UG, represented by the management, is responsible for processing your personal data in this user relationship.
What personal data do we collect and store and how do we use it?
Information for registration
When you install the App and create a profile (“Profile”), we collect some or all of the following information (“Registration Information”) about you:
- First Name;
- last name;
- email address;
- mobile phone number;
- gender identity;
- Interests (e.g. play dates, friendships)
- residential address or location; and
- Sex identity of your children;
- age of your children or due date of birth;
When your registration is complete, you can edit this information in your profile at any time! You have control over your profile and can change your profile information (except email address, phone number) at any time by logging in to Mello.
The information we collect helps us to improve the app and verify our users (robots are not welcome!!). Login information like your name may be visible to everyone on your profile.
Registration with Facebook
Registration with Apple
We offer you the opportunity to register and log in via your Apple account using “Apple Login”. When you first register using Apple ID, the app will ask you for your name and email address so that an account can be set up for you.
We will store your email address and will contact you at this address with instructions if necessary. While using the “Register with Apple ID” feature, Apple does not track or profile you. Apple collects only the information necessary to ensure that you can log in and manage your account.
As long as you remain signed in on your device, you will automatically remain signed in to our app.
If you contact our customer service, we will receive your email address and may track your IP address. We also store the information you send us to process your request. We store any communication you have with us, as well as any complaints we receive from you about other users (and complaints about you from other users).
We encourage you (and all our members) to think carefully about what information you disclose about yourself. We also recommend that you do not include email addresses, URLs, instant messaging system information, phone numbers, full names or addresses, credit card information, identification or passport information, as well as driver’s license information, your children’s names and other sensitive information on your profile, as such information could be misused.
Please be aware that photos you upload to SitEinander may also reveal information about you. By uploading photos and providing sensitive information, you expressly agree that we may process and publicly display your information to others.
For security reasons and to optimize your user experience, you can verify your profile and link your mobile phone number, Facebook, Instagram and Apple account. We want to make sure that you are not a robot. We also want to avoid fake profiles being used for malicious acts and cybercrime that threaten the Siteach other network and affect others.
It is your responsibility to ensure that your account information is kept up-to-date. If your phone number changes, please make sure you update it in your account.
We also want to let you know about our offers and promotions from time to time. If you have agreed to this, we will use your email address and mobile phone number. You can revoke this agreement at any time.
Your data will be stored on our servers until you request a final deletion of your user account. To permanently delete your user account including all personal data from our systems you can do this in the following way:
- side menu of the app, delete account or
- Please send us an e-mail with the subject “Delete account” to email@example.com. If you request deletion via e-mail, we will irrevocably delete your user account and all personal data from our servers within five working days, unless deletion is contrary to mandatory legal storage obligations.
Visibility of your personal data in the app
The following personal information can be viewed by all users of the app:
- First name
- Last name
- Gender identity
- Age and sex of your children
- Interest batches (e.g. “Mutual childcare”, “Friendships”, …)
- distance of your location/residence up to 500m
- “About me”, “Favorite places in the neighborhood” and “Availability” – text
- Common friends, link to the profile of common friends
2. USE OF INFORMATION
When calling up Mello, personal device and browser data is automatically collected. These are as follows:
- IP address of the requesting device
- Date and time of access
- the operating system used by your device
- currently installed version of the app
- Your time zone and country
We process the aforementioned data to ensure a smooth connection setup, to guarantee a comfortable use of our services, to evaluate system security and stability and for other administrative purposes. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
Our main goal is to make your Mello experience as pleasant as possible. To ensure this experience, we use your information to:
- provide you with services and features;
- contact you with information about the app (e.g., updates and new offers);
- customize the App and content for you;
- conduct research and analytics regarding your use of the App;
- resolve disputes between you and other users; and
- Investigate fraud, protect our rights and enforce our terms and conditions
Links to other websites and offers
Cookies and tracking pixels
Most browsers accept cookies automatically. If you want to prevent cookies from being saved, you can select “do not accept cookies” in the browser settings. You can find out how this works in detail in the instructions of your browser manufacturer. You can delete cookies that are already stored on your computer at any time. However, we would like to point out that our website can only be used to a limited extent without cookies.
In addition, we use markings on our pages – so-called counting pixels – to record, for example, how often our pages are called up and clicked on each time they are loaded, also without interfering with or inferring with your computer.
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide further services to the website operator in connection with website and internet usage. From the processed data pseudonymous user profiles can be created.
We use Google Analytics only with activated IP anonymization. This means that Google will shorten the IP address of users in member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting the settings to their browser software accordingly.
The legal basis for the use of Google Analytics is § 15 Abs.3 TMG or Art. 6 Abs. 1 lit. f DSGVO. Users can also prevent the collection of data generated by the cookie and related to their use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. If you click here, the opt-out cookie will be set: disable Google Analytics. Google is part of the EU-US Privacy Shield – Agreement and thus guarantees the compliance with the European data protection laws.
Google Marketing Services
In our apps, we use the marketing and re-marketing services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), which allow us to display ads in a more targeted way to present interesting ads to users. Through (re-)marketing, we display ads and products to our users that relate to a user’s interest based on activity in other apps on the Google Network. For this purpose, a code from Google is used when our app is accessed and so-called (re-)marketing tags are integrated into the app. They are used to store an individual cookie, a small text file, on the user’s device (similar technologies may be used instead of cookies). Cookies can be set by different domains. This file records which apps the user has visited, which content the user is interested in and which offers were used. In addition, technical information about the browser and operating system, referring apps, the duration of the visit and additional data about the use of the online products and services are stored. The user’s IP address is also recorded, but we would like to point out that within the framework of Google Analytics, IP addresses within member states of the European Union or in other states party to the Agreement on the European Economic Area have been shortened beforehand.
All user data is only processed as pseudonymous data. Google does not store names or e-mail addresses. All ads displayed are therefore not specifically shown for a person, but for the owner of the cookie. This information is collected by Google and transferred to servers in the USA and stored there.
One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected with the cookie is used to generate conversion statistics for AdWords customers who have opted in to conversion tracking. AdWords customers see the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.
The legal basis for the use of this service is article 6 paragraph 1 sentence 1 letter f DSGVO. If you wish to opt-out of interest-based advertising from Google marketing services, you can do so using the settings and opt-out options provided by Google. Google is certified under the EU-US Privacy Shield Agreement, guaranteeing compliance with European data protection laws.
Facebook Marketing Services
We also use the Facebook Software Development Kit (SDK) within our apps to link various Facebook services to our apps. For example, users can use the Facebook SDK to share content from our apps within their Facebook timeline or send messages to other Facebook users. For more information about the Facebook SDK for iOS, please visit https://developers.facebook.com/docs/ios. For Android, please read: https://developers.facebook.com/docs/android. Facebook App Events: We use the Facebook App Events service via the Facebook SDK to track the reach of our advertising campaigns and the use of the Facebook SDK. Facebook only provides us with an aggregated analysis of user behavior with our app. In addition, we have no control over the information that App Events processes through Facebook. You can disable the use of App Events for these purposes in our App Settings.
Facebook is certified according to the EU-US Privacy Shield Agreement and thus guarantees compliance with European privacy legislation. The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter f DSGVO.
Facebook Custom Audience
As part of the usage-based online advertising, the product Custom Audiences from Facebook (Facebook Custom Audiences 1601 S. California Avenue, Palo Alto, CA, 94304) is also used on the website. In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which can be transmitted to Facebook for analysis and marketing purposes. For this purpose, either a tracking pixel is placed on our website by Facebook or your usage behavior is recorded in our app using the Facebook SDK (see section above for a detailed description of these two Facebook services). Alternatively, we may provide Facebook with a customer list that contains the email address you provided to us when you registered. Information about your activities on the website (e.g., surfing habits, subpages visited, etc.) is collected. This allows Facebook to create a profile about your usage behavior in our app and on our website. Your IP address is stored and used for the geographical distribution of advertising.
Please note in this context that Facebook may also use the data we provide about your usage patterns and your email address for its own purposes. On this page you have the possibility to object to the targeting on Facebook.
We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to analyse your user behaviour. We use the information we collect to understand your interaction with our website and apps. Firebase is part of the Google Cloud Platform and offers various services for app developers. Some Firebase services process personal data. In most cases, the personal data used is limited to so-called instance IDs, which are time-stamped. The instance IDs created by Firebase are only used once and therefore allow the assignment to certain events or processes. The data collected in this process is not personal data and we do not take any measures to personalize it afterwards. We use the collected data to analyze user behavior and optimize the user experience, for example by evaluating crash reports.
We currently use the following Firebase services:
Google Analytics for Firebase: Google Analytics uses the collected data to provide analysis and attribution information. Exactly what data is collected varies depending on the device and environment. Google Analytics stores ID-related data for 60 days and collected reporting and campaign data indefinitely, unless the Firebase client changes the Google Analytics data storage settings or deletes the project.
For Analytics for Firebase, Google uses not only the instance ID mentioned above, but also the advertising ID of the end device. You can change the usage of the Ad ID in the device settings of your mobile device. Android: Settings > Google > Ads > Reset Ad ID iOS: Settings > Privacy > Ads > No Ad Tracking
Firebase Remote Config: Remote Config uses instance IDs to select configuration values and transfer them to end user devices. Firebase stores instance IDs until the Firebase customer initiates the deletion of the ID using an API call. The data is deleted from both live servers and all backups within 180 days of the call.
Firebase Dynamic Links: Dynamic Links uses data from iOS devices to open newly installed apps on a specific page or in a specific context. Dynamic Links only temporarily stores device data to provide the service.
Firebase Cloud Messaging: Firebase Cloud Messaging is used to deliver push notifications or so-called in-app messages (notifications that are only displayed in the respective app). For this purpose, a pseudonymous push reference is assigned to the mobile device, which serves as the “destination” for the push notification or in-app message. You can turn push notifications off and on at any time through your mobile device settings.
Firebase cloud messaging uses instance IDs to determine which devices to deliver messages to. Firebase stores instance IDs until the Firebase customer makes an API call to delete the ID. The data is deleted from live servers as well as from all backup systems within 180 days after the call.
Firebase uses this data on our behalf for the above mentioned purposes.
The legal basis for the use of Google Analytics is § 15 Abs.3 TMG or Art. 6 Abs.1 lit. f DSGVO. Google is part of the EU-US Privacy Shield – Agreement and thus guarantees the compliance with the European data protection laws.
Social Media Fanpages
Mello maintains so-called fan pages at social media providers such as Instagram, Facebook (both: Facebook Inc. Menlo Park, California) and Snapchat (Snap Group Limited, 7-11 Lexington Street, London W1F9AF, United Kingdom) to communicate with customers, prospects and users active there and to inform them about our products, services and events. User data may be processed outside the EU. The aforementioned US providers are part of the EU-US Privacy Shield Agreement and thus guarantee compliance with European data protection laws.
According to the European Court of Justice (ECJ), we are jointly responsible with Facebook for processing your personal data. You can find the decision of the ECJ of 05.06.2018 here.
When using the Facebook fan page, the following data is collected from you for the purpose of user communication and target group advertising:
- User interactions (postings, likes etc.)
- Facebook cookies
- Demographic data (e.g. based on age, place of residence, language or gender)
- Statistical data on user interactions in aggregated form, i.e. without personal reference (e.g. page activities, page views, page previews, likes, recommendations, articles, videos, page subscriptions including origin, times of day)
The promotional use of personal data is particularly important for Facebook. We use the statistics function to learn more about the visitors of our fan page. Using this function enables us to adapt our content to the respective target group. In this way, we also use demographic information on the age and origin of the users, for example, although no personal reference is possible for us here.
In order to provide the social media service in the form of our Facebook fan page and to use the Insights function, Facebook generally stores cookies on the user’s end device. These include session cookies, which are deleted when the browser is closed, and permanent cookies, which remain on the end device until they expire or are deleted by the user.
The processing of users’ personal data is based on our legitimate interest in effective information of users and communication with users and for the purpose of statistical evaluation in accordance with Art. 6 I lit. f DSGVO.
THE PASSING ON OF INFORMATION
Your personal data will not be transferred to third parties for purposes other than those listed. We will only pass on your personal data to third parties if it is necessary in individual cases to pass on your personal data to companies that are familiar with the provision of individual services by us in order to execute the contract. These third parties are in turn obliged to comply with the statutory provisions when handling and processing this data.
A transmission to authorities and state institutions entitled to receive information is only carried out within the scope of the legal obligations to provide information and in the event of a court decision obligating us to do so. In these cases, we may provide the information, e.g. to assert, exercise and defend legal claims, enforce existing contracts, in connection with allegations of fraud, security measures or generally applicable legal regulations.
Personal data will not be disclosed outside the scope described here without express consent. Under no circumstances will we sell or rent personal data to third parties.
WHAT OTHERS MAY SAY ABOUT YOU
Our app is designed to help you get in touch and interact with other users. By registering or logging in to our app with Facebook, you grant us access to certain information in your Facebook account, including information you publish on Facebook, your friends, your location, and shared friends with other Mello users. You also agree that your Mello profile and other information you provide through the App may be seen and shared by users who may not be users of the App. This may also be done through third-party apps at the discretion of the user. This information may include information that you provide directly or indirectly through Facebook, such as your Facebook photos, name, age, location, shared friends with other Mello users, and other profile information. For example, users can link you to their Facebook friends by sharing your photo, regardless of whether they are also users of the app. You can share photos and messages you send or upload, and any metadata contained in those messages, as well as any other comments or information you provide in connection with your photos or other such information.
If you use Mello, please always assume that anything you publish or post on the App may be publicly available to both App users and non-app users. We want our users to be careful when posting information that will eventually become public.
If you log in to Mello through your Facebook profile, remember to log out of Facebook when you leave the device to prevent other users from accessing your account.
EDITING YOUR REGISTRATION INFORMATION
You can access and edit the registration information you have provided at any time. And of course, you can delete your profile (although we hope you won’t do that!).
If your profile is deactivated, we will take reasonable steps to ensure that your profile is no longer visible in the app. We are not responsible for any information, photos, comments or other content that is deleted from your profile as a result of your profile being deactivated.
6.6. CHANGES TO THESE CONDITIONS
Mello takes all economically reasonable security measures to prevent loss or misuse of your data and to prevent unauthorized access or unlawful publication of your data. We have appropriate security measures in places, such as secure servers and firewalls, to ensure the confidentiality of your personal information.
Unfortunately, no website or Internet transmission is completely secure. Therefore, we can never guarantee that unauthorized access, hacking, data loss or other incidents can be completely ruled out. Here are a few useful tips that can help protect your data:
- Make sure to log out of your account when you are done, to protect yourself from accidental intruders!
- Never give your social networking passwords to anyone else!
- Change your social networking passwords regularly.
If you ever suspect that someone else knows your password, please report this to the operator of the social network in question and change your password immediately. We cannot guarantee the security of your personal information while it is being transmitted to our site and any transmission is at your own risk.
WE EXPRESSLY DISCLAIM ALL REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, REGARDING BREACHES OF SECURITY, DAMAGE TO YOUR EQUIPMENT, OR LOSS OR UNAUTHORIZED USE OF YOUR REGISTRATION INFORMATION OR OTHER DATA.
9. PROFILES ABOUT THIRD PARTY PROVIDERS
If you created your Mello profile through a third-party social media platform such as Facebook, your Mello profile is visible to all Mello users.
If you register through a third-party website such as Facebook, or if you have verified your profile through a third-party website, we may link your Mello profile to this website
If you have registered via a third party website and do not want your Mello profile to be linked to your profile on the third party website, Mello unfortunately cannot change these settings. Please open the application settings of your profile on the other website and remove the access authorization for Mello.
We will only use APIs, OAuth tokens, widgets, or other tools provided by the profile on that social network to embed your profile into our app. As a result, we only receive information to the extent permitted by the social network account.
10. WHAT RIGHTS DO I HAVE?
YOU have the right to make claims against Mello at any time:
- Information about your personal data processed by us
- Correction of the data if they are incorrect or incomplete;
- The deletion or restriction of your personal data stored with us
- If the processing is subject to your consent or to an agreement, and if the processing is automated, you have the right to have the data previously provided transmitted in a structured, commonly used and computer-readable form.
Your requests will be handled with particular care so that we can ensure the effectiveness of your rights. You may be asked to prove your identity in order to ensure that personal data is only passed on to the person concerned. You should also be aware that in certain cases (e.g. due to legal requirements) your request may not be processed immediately. In any event, you will be informed of the measures taken in this respect within one month of the request.
You also have the right to lodge a complaint with the competent
Right of access
The data subject has the right to obtain from Mello confirmation of the processing of data concerning him/her and, where applicable, access to his/her personal data and to the information required by law. If, during processing, you request more than one copy of your personal data, Mello will subject this service to the payment of a fee for administrative costs.
Right of rectification
The data subject has the right to request that Mello immediately correct any incorrect or incomplete data concerning him/her.
Right to erasure of data
The person concerned has the right to demand the immediate deletion of his or her data from Mello, and the latter is obliged to delete the personal data immediately if, in particular, one of the following reasons applies
- a) personal data are no longer necessary for the purpose for which they were collected or processed
(b) the data subject has withdrawn his or her consent to data processing (in cases where the use is based on consent) and there is no other basis for such use;
(c) the data subject opposes the processing of his/her personal data and there are no legitimate interests justifying such processing.
Right to limit processing
The data subject shall have the right to request the restriction of the processing by Mello if, in particular, one of the following situations applies:
(a) verify the accuracy of personal data for a period of time which allows Mello to verify their accuracy
(b) the processing of the data is unlawful and the data subject opposes the deletion of personal data and, on the other hand, requests the restriction of their use;
(c) Mello no longer needs personal data for processing, but such data are needed by the data subject for the purpose of declaring, exercising or defending a right in legal proceedings;
(d) if he opposes processing until the legitimate reasons of the official prevail over those of the data subject.
Right to data transferability
Where processing is subject to the data subject’s consent and such consent is given automatically, the data subject shall have the right to obtain the personal data relating to him/her which he/she has made available to Mello in a structured, standard and machine-readable format.
Right of objection
In cases where the processing of the data is for the legitimate interests of Mello or the processing of the data is for the purposes of direct marketing or profiling, you may object to the use of your personal data at any time.
Can I withdraw my consent at a later date?
If consent is legally required for the processing of personal data, the data subject has the right to withdraw consent at any time, without prejudice to the lawfulness of the processing based on the consent previously given or the subsequent processing of the same data for other legal reasons, such as compliance with the contract or legal obligation to which Mello is subject.
If you wish to withdraw your consent, you can contact us at firstname.lastname@example.org.
This data protection declaration is currently valid and has the status: 08 June 2020.
Do you have any questions?
If you have any questions regarding the processing of your personal data or would like to exercise your rights, please feel free to contact us:
SitEinander UG (limited liability)