We, the Jimdo GmbH (hereinafter referred to as “Jimdo” or “we”) via this privacy policy wish to hereby inform Jimdo Creator App users (hereinafter referred to as “Jimdo Creator App” and the “Jimdo Live Chat users” respectively) as to the purposes, types and extents of the processing of personal information undertaken by Jimdo via the Jimdo Creator App. The controller for this data processing is the Jimdo GmbH, Stresemannstrasse 375, 22761 Hamburg, Germany. The following Jimdo Creator App privacy policy applies in addition to the general Jimdo privacy policy and the Jimdo platform privacy policy.

The Jimdo Creator App is constantly being revised, tweaked and developed. This necessarily results in the regular updating and revision of this Jimdo Creator App privacy policy.

1. Contact information

1.1 Contact information for Jimdo GmbH as Data Controller

Should you have any questions regarding this Privacy Policy or wish to assert your legal rights, you are welcome to contact our data protection experts in our Customer Service department at the following email address or by post to the following address:

Jimdo GmbH
Stresemannstr. 375
22761 Hamburg
Germany

Managing Director: Matthias Henze
Court of Registry: Amtsgericht Hamburg
HRB 101417
privacy(at)jimdo.com

1.2 Contact details of the Jimdo data protection officer

Jimdo has appointed a Data Protection Officer who can be reached at the following address:

B3 Datenschutz GmbH
Papenbergallee 34
25548 Kellinghusen
privacy(at)jimdo.com

2. Processing of Personal Data

We collect, process and use personal data (in accordance with the definitions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)) in order to provide our Jimdo Creator App services.

2.1 Creation of a website

When creating a Jimdo website via the Jimdo Creator App the user must provide a valid email address. The email address is used to create and administer the Jimdo Creator App user’s account and to enable the user to use the Jimdo Creator App. The Jimdo users' website shall be published under a subdomain name of the Jimdo website address that shall either be chosen by the Jimdo user or generated automatically. The legal basis is that the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 (1) sentence 1 b GDPR.

The data submitted by the Jimdo user shall be saved until the termination of the user’s account, i.e. until the deletion of the Jimdo Creator App. Exception: Due to tax regulations we are obliged to save billing information for a period of 10 years.

2.2 Information regarding the use of the websites created by Jimdo users

When users are logged into their Jimdo website via the Jimdo Creator App, the Jimdo server automatically collects and composes an activity log which logs the way in which Jimdo is used. This log includes information regarding the activity (including used storage space, number of logins, etc.), statistical data (such as e.g. browser type, date and time of access) as well as the IP address of the Jimdo-user.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer to third parties or other use of the data does not take place. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal activities. This data will be anonymized and deleted where appropriate at the latest after a period of 7 days.

2.3 Third Party Services

Google Analytics SDK for iOS

The Jimdo Creator app uses Google Analytics SDK for iOS, a web analytics service provided by Google Inc. ("Google") Jimdo uses Google Analytics to improve the performance of our Jimdo Creator app and to prevent misuse of our services.

Google Analytics SDK for iOS uses the Google Analytics API, which allows an analysis of the use of this app by the Jimdo Creator App user. The information generated by the tracking code about the use of this app is transmitted to a server of Google in the USA and stored there.

However, due to the use of IP anonymization by Google, the IP address of the Jimdo Creator App user is shortened by Google within the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On behalf of Jimdo, Google will use this information to evaluate the use of the app by the Jimdo Creator app user, to compile reports on the app's activities and to provide other app-related services to the app operator.

The IP address provided by Google Analytics within this app will not be merged with other data provided by Google. Furthermore, Jimdo has entered into a Data Processing Agreement with Google, in which Google has committed itself to protect the data of our customers.

The legal basis for the use of the following processors is a consent according to Art. 6 para. 1 lit. a GDPR, § 25 para. 1 German Telecommunications-Telemedia-Data-Protection-Act (TTDSG). The user can revoke his consent at any time with effect for the future by opening the cookie settings and deactivating Google Analytics.

Further information and the applicable Google privacy policy can be found here: https://policies.google.com/privacy, https://www.google.com/analytics/terms/

Firebase

Firebase is a product of Google Inc (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, „Google“). In order to guarantee the functionality of the Jimdo Creator App Jimdo utilizes the following Firebase functions:

Firebase Cloud Messaging

We use the Firebase Cloud Messaging service to send push messages or so-called in-app messages to the Jimdo Creator App user on their device. If the Jimdo Creator App user uses our apps through a push-enabled device, they can agree on device level to receive push notifications.

In this case, the terminal is assigned a pseudonymized device token ID, a unique connection number generated from the device ID, by which Jimdo can address the push messages or in-app messages to the Jimdo Creator App users. Consent to the push message notification can be changed at any time in the settings of the Jimdo Creator App.

The legal basis for processing data for this service is your consent, Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. We concluded Standard Contractual Clause (SCC) with Google to ensure privacy requirements are met. The Subprocessors that Google uses can be found here: https://firebase.google.com/terms/subprocessors

More information about Firebase Cloud Messaging can be found here: https://firebase.google.com/docs/cloud-messaging/

Firebase Analytics for Android

The Jimdo Creator App uses Firebase Analytics for Android devices to improve the performance of our Jimdo Creator app and to analyze usage data, whereby technical usage data is processed (e.g., IP address of your device, installation data, such as the app version and the time of installation, information about the content and functions you use, information about clicks, the duration of use, and information about your device, such as device model and operating system). The information is collected pseudonymously using so-called identifiers, e.g. in the form of the Android Ad ID. This is used to evaluate the use of the Creator App and to create statistical reports on usage behavior.

The legal basis for the use of Firebase Analytics is your consent, Art. 6 para. 1 lit. a) GDPR, § 25 para. 1 TDDSG. Jimdo has entered into standard contractual clauses (SCC) with Google to ensure compliance with data protection regulations.

You can find more information about Firebase Analytics here: https://firebase.google.com/support/privacy/.

Firebase Remote Config

We also use Firebase Remote Config, which allows us to run A / B tests and customize the behavior and appearance of the app without having to download a new version. Personal data is not stored.

The legal basis for the use and analysis of the data and use of Firebase is our legitimate interest (i.e. interest in the analysis, optimization and economic operation of our apps) within the meaning of Art. 6 para. 1 lit. f GDPR, § 25 para. 2 no. 2 TTDSG. We concluded Standard Contractual Clause (SCC) with Google to ensure privacy requirements are met. The Subprocessors that Google uses can be found here: https://firebase.google.com/terms/subprocessors

More information can be found here: https://developers.google.com/terms/api-services-user-data-policy.

Firebase Crashlytics

We use Firebase Crashlytics, which allows you to send error reports after the Jimdo Creator App crashes. When the App crashes, information about it will be sent to Google, this includes the type of device, system on the device and technical data about the device (so-called error Report).

The legal basis for using Crashlytics is your consent, Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. Jimdo concluded Standard Contractual Clauses (SCC) with Google to ensure privacy requirements are met. The Subprocessors that Google uses can be found here: https://firebase.google.com/terms/subprocessors

More information on Crashlytics can be found here: https://firebase.google.com/docs/crashlytics.

Amazon S3

When the user uploads images or files to his Jimdo website, these files shall be uploaded to the cloud services of Amazon S3 (whose servers are located in Ireland). This is a service by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. The legal basis for processing the data is Art. 6 para. 1 lit. f GDPR. The legitimate interest is to store your data appropriately.

The privacy policy for Amazon can be found here: https://aws.amazon.com/de/privacy/.

Fastly

We use Fastly, Inc. to deliver the content of your Jimdo website including the web fonts (CDN Service). Fastly, Inc. ensures that your website can be quickly accessed from all over the world. This is a service by Fastly, Inc., a Delaware Corporation, PO Box 78266, San Francisco, CA 94107, USA. The legal basis for processing the data is Art. 6 para. 1 lit. f GDPR. The legitimate interest is to ensure quickly acess to your website.

The Fastly, Inc. privacy policy can be found here: https://www.fastly.com/privacy

3. Data transmission to third countries

Jimdo ensures that your data is processed in the EU or in the European Economic Area. Should this no longer be possible and data needs to be transferred to a third country, Jimdo will ensure, after prior review, that an adequate level of data protection that meets the requirements of the Court of Justice of the European Union and the EU Commission is adhered to in the country the data is transferred to. In these cases, the data is transferred on the basis of an Adequacy Decision of the European Commission or the Standard Contractual Clauses for the transmission of personal data to third countries in its current valid version. These can be accessed here. We regularly reassess the measures we have taken to assess the requirements arising from new regulatory guidance and case law, for example resulting from the decision of the CJEU in case C-311/18. Data transmission to a third country may also take place on the basis of your consent. You will be provided with details of this separately, if applicable.

4. Period of storage

Insofar as we receive and process your personal data for the purposes of implementing, initiating, and processing your contract with Jimdo, we store it until the purpose of storage has been achieved (in particular achieved in the event of the contract being terminated), or insofar as this is required within the statutory retention periods in accordance with section 257 of the German Commercial Code (HGB) and section 147 of the German Tax Code (AO).

We store HTTP data and server log files for a maximum of three (3) months unless there is a security incident (such as a DDoS attack). In the event of a security incident, server log files will be stored until the incident has been rectified and fully investigated.

5. Information about your rights

As the data subject you have the following rights with regard to the processing of your personal data by Jimdo, in the event of the respective legal requirements:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Please use the information in Section 1 to contact us if you wish to exercise your rights. Information about any particular arrangements which make it easier for you to exercise your rights, in particular exercising your right to data portability and your right to object, can be found in the information about processing personal data in Section 2 of this Privacy Policy.

We are obligated to carefully verify your identity when dealing with your requests to exercise your rights. Please note that we reserve the right to request further information or proof of your identity depending on the sensitivity of the data. This is in place to protect your data against access by unauthorized third parties.

6. Data Security

The personal information of the Jimdo Creator App user is protected by technical and organizational security measures to minimize risks associated with their loss, misuse, unauthorized access, unauthorized disclosure, and alteration. For example, we use firewalls and data encryption, as well as physical access restrictions for our data centers and data access authorization controls.

7. Changes to the Privacy Policy

Jimdo reserves the right to change this privacy policy should this be necessary due to a change in legislation or as a result of further or changed services used or offered by Jimdo. The current version can always be found here.

If Jimdo intends to process the data of the Jimdo Creator App user for other purposes, i.e. those for which they were collected, we will inform the Jimdo Creator App user in advance in accordance with the law.

Should Jimdo or the Jimdo Creator App be taken over by another company, information on the personal data of the Jimdo Creator Appuser may be transferred to the legal successor in accordance with the data protection regulations.

8. Version and changes to this Privacy Policy

Valid from: 21.10.2022

The previous version of this privacy policy can be found here.