Privacy Policy
August 2023
1 General
1.1 Main function of the platform
The App/Web Platform allows users to communicate with each other through the exchange of posts with embedded media as well as private messages, both in public and private/closed groups
1.2 Legal Basis
This privacy policy clarifies the nature, scope and purposes of the collection and use of personal data by the parties involved. The legal basis for data protection is the General Data Protection Regulation (GDPR). Personal data relating to an identifiable or identified natural person is stored and processed on this platform.
1.3 Effectiveness
By accepting the data protection declaration, the user agrees to the processing of personal data described below.
1.4 Verticals
The platform is operated within the framework of a so-called „vertical“. Under a vertical, providers of communication solutions for their respective community (so-called „community hosts“), which are located in a common subject area, are grouped together and a communicative exchange between these communities is made possible. This level of exchange has a public character.
The vertical operator has concluded an order processing agreement in accordance with the GDPR with a technically and organisationally executing IT provider.
1.5 Community Hosts
Community hosts can set up their communication structure within the framework of paid business accounts on the main platform of the vertical or operate their own apps which are connected to the main platform of the vertical in terms of data technology and content.
In relation to the end user, the community host is the responsible body for the collection, processing and use of personal data and the first point of contact for exercising user rights.
By accepting the terms of use of the vertical operator, the community host has fully consented to the preservation and implementation of these data protection provisions, whereby these provisions apply equally and congruently to both the Vertical operator and the community hosts.
2 Parties involved
2.1 Platform Operator
Social Business Network GmbH
Gumpendorferstraße 5/7
A-1060 Wien
2.2 IT Provider
TMBP Technologies GmbH
Gartengasse 17
A-7210 Mattersburg
2.3 Community Host
The respective responsible community host results from the end user joining a communication group operated by a specific community host on the platform. Several community hosts may be responsible for the end user if the end user is a member of several groups operated by different community hosts. It is expressly stated that this privacy policy applies equally to all Community Hosts as well as to the vertical operator. The contact details of the community host are shown in the group profiles.
3 Data processing when using the app/web platform
3.1 Installation of the app
In order to download and install an app from an app store, users must first register for a user account with the provider of the respective app store (e.g. Apple App Store or Google Play) and conclude a corresponding usage agreement with the latter. The platform operator has no influence on this process and is not a party to such a user agreement.
During the download and installation of the app, the necessary information is transmitted to the respective app store, including user name, email address, account number, the download time, payment information and the user‘s individual device identification number.
The platform operator has no control over this data collection and is not responsible for it. Data is only processed to the extent necessary for downloading and installing the app on the mobile device (e.g. smartphone, tablet, herein after referred to as „device“). Beyond that, this data is not stored.
For data processing, which is the sole responsibility of the app store operators, please refer to the respective data protection policies:
3.2 Registration on the web platform
If users decide to register on the web platform using a browser, they will be asked to provide personal data. Without this data, registration and thus use of the platform is not possible.
When registering for the first time, a registration code provided by existing users or communities must be entered to protect against fake registrations.
3.3 Further registration steps
Regardless of the access chosen (app installation/web registration), the following personal data, which is necessary for the use of the functions offered, will be requested in any case:
-
E-mail address
-
Password
-
First name/nickname
-
Surname/nickname
-
Country
-
Post code
-
Preferred language
Upon successful verification, an email will be sent to the email address provided to confirm the email account. The processing of the email address is based on voluntary consent in accordance with Article 6/1/f GDPR.
4 Required Permissions
4.1 App permissions
For the app to function properly, it is necessary to allow access to certain device functions and personal data stored on the device. Users are prompted once at the beginning or only when using the respective function to grant the corresponding access authorisation.
Users can check which permissions and notifications are already assigned to the app and revoke them at any time in the app settings of their device. However, in order for the app to function properly, access to certain device functions and personal information stored on the device must be granted.
Users are therefore prompted to grant the following access permissions:
-
Network Access & Network Connections: Network access is required as the app can only be used in online mode.
-
Camera: To be able to include an image file in a post or as a profile photo in Locci, access to the system-side camera is required.
-
Microphone: To be able to record a voice message or video with sound in Locci, access to the system-side microphone is required.
-
Storage: Access to your photo, video, or document storage is required, either to save a file from a post on the device or to insert a file stored on the device into a post.
4.2 Viewing and revoking granted access (app)
In the app settings of the device used, it is possible to see which permissions and notifications have already been assigned to the app and revoke them. However, in order for the app to function properly, access to certain device functions and personal information stored on the device must be granted.
4.3 Web permissions
In order to receive push notifications of new content when using the web service, the appropriate authorisation must be granted via the browser used to access the platform. This authorisation can be revoked at any time via the settings of the browser used.
5 Description of the use of collected data
5.1 E-Mail address
-
Unique identification of the account: The email address is used as the user ID to log in to the platform.
-
Automated registration process: The email address is used to confirm setup information during registration and to request the link to reset a password.
-
Contacting the support team: The email address may be used to allow the vertical operator‘s support team to contact the user upon request.
-
Contacting administrators and moderators: The email address can be used by group administrators and moderators to contact the user exclusively from groups of which the user is a member.
5.2 Password
A personal password assigned by the End User himself/herself for the use of the Platform is required for the login to the Platform. If the password is reset or changed by the User, the new password shall also apply to the login.
5.3 First name/surname or Nickname
First name and last name are displayed to other users on the platform when posts are created or commented on, as well as when short messages are sent to other users. Depending on whether posts are made in public groups or in private/closed groups, the first name and surname will be displayed to other users at their discretion. Anonymous use of the platform is possible by using a nickname.
5.4 Country/Postcode
Local information of the user (country/postcode/city) is used to enable the user to retrieve local/regional information.
5.5 Preferred language
The language selected by the User defines the language for menus, dialogue boxes and notifications of the Platform. The language defined as the default language on the User‘s smartphone will be used for the registration process.
5.6 Profile description and profile photo
The profile description and the profile photo are used by other users when writing or commenting on posts and in the chat service.
5.7 Content of posts
The user has the sole right to decide on the publication of content in public/private groups or the sharing of content created by him/her in other groups and feeds.
5.8 Sharing of content
Published contributions can be shared by the creator and by other users via sharing functions of the device used via other apps (SMS, e-mail, etc.)..
5.9 Data collection when using push notifications
Users can be informed about news (new posts, comments, short messages, etc.) via push notifications. To do this, the user‘s device registers with the respective push service (Apple Push Notification or Firebase Cloud Messaging) after downloading the app. The service then sends a token to the user‘s device. The token is transmitted by the app to the IT provider‘s network and stored in a database. When a notification is to be delivered, the message is transmitted together with the token to the push service, which delivers it to the device. As soon as push notifications are switched off in the settings, the token is deleted from the IT provider‘s database.
6 Data access
6.1 Data access by the platform operator and/or IT provider
The platform operator or the IT provider receive and process data exclusively to ensure the functionality of the app. The transfer or sale of data to third parties is strictly prohibited.
6.2 Data access by the community host
As a matter of principle, the community host receives and processes data only to ensure the functionality of the app. However, the community host is free to enter into a separate agreement with its users that grant the community host special rights of data access or data use. The user must explicitly agree to this agreement. However, the community host may not use this agreement to violate the principle that data may not be passed on or sold to third parties. Any violation will result in the immediate exclusion of the community host from the platform.
6.3 Data access by external service providers
In order to ensure the proper operation of all functions of the platform, the integration of data sources, frameworks or plug-ins from external IT service providers is necessary, which in turn process data. The respective data protection policies of the external service provider apply and separate data protection statements will be issued.
Providers of external IT services may use cookies and other tracking technologies to collect and process personal data. In particular, the user‘s IP address, the time and date the user accessed content, the device type, unique device identifiers, browser type and version, the operating system used, the website or service from which the user came and the web pages visited may be collected.
The operator has no control over the data collected by external providers or their data processing activities. However, all possible measures have been taken on the part of the operator to ensure that the processing of personal data is carried out in accordance with the applicable data protection laws.
7 Privacy policies of external it service providers
7.1 Vimeo-Plugin (video platform)
When using the Vimeo-Plugin on our platform (web/app), personal data may be transmitted to Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA, übermittelt werden.
Further information about the provider‘s data processing activities can be found in the provider‘s privacy policy: https://vimeo.com/privacy
7.2 Youtube-Plugin (video platform)
When using the YouTube-Plugin on our platform (web/app), personal data may be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, übermittelt werden.
Further information about the provider‘s data processing activities can be found in the provider‘s privacy policy: https://policies.google.com/privacy
7.3 Nutzung von Firebase Cloud Messaging (Android push notifications)
When using the Firebase Cloud Messaging (FCM) on our platform (web/app), personal data may be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, erhoben, verarbeitet und gespeichert werden.
Further information about the provider‘s data processing activities can be found in the provider‘s privacy policy: https://policies.google.com/privacy
7.4 Nutzung von Apple Push Notifications (iOS push notifications)
When using the Apple Push Notification (APN) on our platform (web/app), personal data may be transmitted to Apple Inc. 1 Apple Park Way, Cupertino, Kalifornien, USA.
Further information about the provider‘s data processing activities can be found in the provider‘s privacy policy: https://www.apple.com/legal/privacy/
8 Consent to the use of cookies
8.1 General information
In order for our Platform to function properly, we use cookies. In order to obtain valid consent from the user for the use and storage of cookies in the browser used to access our Platform and to properly document this access, we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com
When accessing our platform, a connection is established with CookieFirst‘s server in order to obtain valid consent from the user to use certain cookies. CookieFirst then stores a cookie in the user‘s browser to enable only those cookies to which the user has consented and to properly document this. The processed data is stored until the specified storage period expires or the user requests the deletion of the data. Notwithstanding this, certain legal retention periods may apply.
CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) of the General Data Protection Regulation (GDPR).
8.2 Data processing contract
We have concluded a data processing contract with CookieFirst. This is a contract required under data protection law, which ensures that the data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
8.3 Server log files
Our platform and CookieFirst automatically collect and store information in so-called server log files, which the user‘s browser automatically transmits to us. The following data is collected:
-
Consent status or the revocation of the user‘s consent
-
Anonymised IP address
-
Information about the user‘s browser
-
Information about the user‘s device
-
Date and time of the visit to our platform
-
URL of the website where the consent settings are stored or updated
-
Approximate location of the user who saved consent preferences
-
Universally unique identifier (UUID) of the platform user who clicked on the banner cookie
9 Storage periods and deletion of data
9.1 Scope of data
During active use of our platform, the following data is stored until the associated app is uninstalled::
-
E-Mail address
-
Password
-
First name/Nickname
-
Surname/Nickname
-
Country
-
Postcode
-
Preferred language
9.2 Deletion of data
By uninstalling the app, all data will be deleted from the User‘s device. The data will continue to be stored in the IT provider‘s database to enable the user to log in via web access to the platform. If the user‘s account is inactive for more than one year, the data is automatically deleted from the IT provider‘s database. As a result, the user‘s account is permanently deleted and cannot be restored..
10 User rights
10.1 Right of access, rectification, erasure, restriction and portability
Users have the right to obtain information about their personal data processed by us at any time. They also have the right to have their personal data corrected, restricted or deleted, unless this conflicts with legal regulations. They have the right to have their data released upon request.
10.2 Right of revocation/objection
Users may revoke any changes to their consent(s) or any consent given for data processing by notifying us accordingly with effect for the future. They may also object to the processing of their personal data on the basis of Article 6/1/f GDPR (legitimate interest) for reasons arising from their particular situation. You may object to data processing for the purpose of direct advertising at any time.
10.3 Exercise of rights
Users shall contact the community host to exercise their rights. If the latter does not have the necessary rights (data access or data processing rights) on the platform to fulfill the user‘s request, it will forward this to the platform operator, who is ultimately responsible for fulfilment.
10.4 Extended rights
No profiling or scoring measures pursuant to article 22 GDPR are carried out on the platform (web/app). Furthermore, no tracking is carried out (data to determine or track the current location of the user).
10.5 Right to complain
If users discover a data protection breach, they may contact any data protection supervisory authority..
11 Changes to the privacy policy
11.1 Modifications
The present privacy policy can be altered in the course of further developments or the introduction of new technologies. In this case, the user will be prompted to give their consent anew upon their first login to the platform following the modifications.