1. Contact information
1.1 Contact information for Jimdo GmbH as Data Controller
Managing Director: Matthias Henze
Court of Registry: Amtsgericht Hamburg
1.2 Contact details of the Jimdo data protection officer
Jimdo has appointed a Data Protection Officer who can be reached at the following address:
B3 Datenschutz GmbH
2. Processing of Personal Data
We collect, process and use personal data (in accordance with the definitions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)) in order to provide our Jimdo Creator App services.
2.1 Creation of a website
When creating a Jimdo website via the Jimdo Creator App the user must provide a valid email address. The email address is used to create and administer the Jimdo Creator App user’s account and to enable the user to use the Jimdo Creator App. The Jimdo users' website shall be published under a subdomain name of the Jimdo website address that shall either be chosen by the Jimdo user or generated automatically. The legal basis is that the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 (1) sentence 1 b GDPR.
The data submitted by the Jimdo user shall be saved until the termination of the user’s account, i.e. until the deletion of the Jimdo Creator App. Exception: Due to tax regulations we are obliged to save billing information for a period of 10 years.
2.2 Information regarding the use of the websites created by Jimdo users
When users are logged into their Jimdo website via the Jimdo Creator App, the Jimdo server automatically collects and composes an activity log which logs the way in which Jimdo is used. This log includes information regarding the activity (including used storage space, number of logins, etc.), statistical data (such as e.g. browser type, date and time of access) as well as the IP address of the Jimdo-user.
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer to third parties or other use of the data does not take place. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal activities. This data will be anonymized and deleted where appropriate at the latest after a period of 7 days.
2.3 Third Party Services
Google Analytics SDK for iOS
The Jimdo Creator app uses Google Analytics SDK for iOS, a web analytics service provided by Google Inc. ("Google") Jimdo uses Google Analytics to improve the performance of our Jimdo Creator app and to prevent misuse of our services.
Google Analytics SDK for iOS uses the Google Analytics API, which allows an analysis of the use of this app by the Jimdo Creator App user. The information generated by the tracking code about the use of this app is transmitted to a server of Google in the USA and stored there.
However, due to the use of IP anonymization by Google, the IP address of the Jimdo Creator App user is shortened by Google within the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On behalf of Jimdo, Google will use this information to evaluate the use of the app by the Jimdo Creator app user, to compile reports on the app's activities and to provide other app-related services to the app operator.
The IP address provided by Google Analytics within this app will not be merged with other data provided by Google. Furthermore, Jimdo has entered into a Data Processing Agreement with Google, in which Google has committed itself to protect the data of our customers.
The legal basis for the use of the following processors is a consent according to Art. 6 para. 1 lit. a GDPR, § 25 para. 1 German Telecommunications-Telemedia-Data-Protection-Act (TTDSG). The user can revoke his consent at any time with effect for the future by opening the cookie settings and deactivating Google Analytics.
Firebase is a product of Google Inc (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, „Google“). In order to guarantee the functionality of the Jimdo Creator App Jimdo utilizes the following Firebase functions:
Firebase Cloud Messaging
We use the Firebase Cloud Messaging service to send push messages or so-called in-app messages to the Jimdo Creator App user on their device. If the Jimdo Creator App user uses our apps through a push-enabled device, they can agree on device level to receive push notifications.
In this case, the terminal is assigned a pseudonymized device token ID, a unique connection number generated from the device ID, by which Jimdo can address the push messages or in-app messages to the Jimdo Creator App users. Consent to the push message notification can be changed at any time in the settings of the Jimdo Creator App.
The legal basis for processing data for this service is your consent, Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. We concluded Standard Contractual Clause (SCC) with Google to ensure privacy requirements are met. The Subprocessors that Google uses can be found here: https://firebase.google.com/terms/subprocessors
More information about Firebase Cloud Messaging can be found here: https://firebase.google.com/docs/cloud-messaging/
Firebase Analytics for Android
The Jimdo Creator App uses Firebase Analytics for Android devices to improve the performance of our Jimdo Creator app and to analyze usage data, whereby technical usage data is processed (e.g., IP address of your device, installation data, such as the app version and the time of installation, information about the content and functions you use, information about clicks, the duration of use, and information about your device, such as device model and operating system). The information is collected pseudonymously using so-called identifiers, e.g. in the form of the Android Ad ID. This is used to evaluate the use of the Creator App and to create statistical reports on usage behavior.
The legal basis for the use of Firebase Analytics is your consent, Art. 6 para. 1 lit. a) GDPR, § 25 para. 1 TDDSG. Jimdo has entered into standard contractual clauses (SCC) with Google to ensure compliance with data protection regulations.
You can find more information about Firebase Analytics here: https://firebase.google.com/support/privacy/.
Firebase Remote Config
We also use Firebase Remote Config, which allows us to run A / B tests and customize the behavior and appearance of the app without having to download a new version. Personal data is not stored.
The legal basis for the use and analysis of the data and use of Firebase is our legitimate interest (i.e. interest in the analysis, optimization and economic operation of our apps) within the meaning of Art. 6 para. 1 lit. f GDPR, § 25 para. 2 no. 2 TTDSG. We concluded Standard Contractual Clause (SCC) with Google to ensure privacy requirements are met. The Subprocessors that Google uses can be found here: https://firebase.google.com/terms/subprocessors
More information can be found here: https://developers.google.com/terms/api-services-user-data-policy.
We use Firebase Crashlytics, which allows you to send error reports after the Jimdo Creator App crashes. When the App crashes, information about it will be sent to Google, this includes the type of device, system on the device and technical data about the device (so-called error Report).
The legal basis for using Crashlytics is your consent, Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. Jimdo concluded Standard Contractual Clauses (SCC) with Google to ensure privacy requirements are met. The Subprocessors that Google uses can be found here: https://firebase.google.com/terms/subprocessors
More information on Crashlytics can be found here: https://firebase.google.com/docs/crashlytics.
When the user uploads images or files to his Jimdo website, these files shall be uploaded to the cloud services of Amazon S3 (whose servers are located in Ireland). This is a service by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. The legal basis for processing the data is Art. 6 para. 1 lit. f GDPR. The legitimate interest is to store your data appropriately.
We use Fastly, Inc. to deliver the content of your Jimdo website including the web fonts (CDN Service). Fastly, Inc. ensures that your website can be quickly accessed from all over the world. This is a service by Fastly, Inc., a Delaware Corporation, PO Box 78266, San Francisco, CA 94107, USA. The legal basis for processing the data is Art. 6 para. 1 lit. f GDPR. The legitimate interest is to ensure quickly acess to your website.
3. Data transmission to third countries
Jimdo ensures that your data is processed in the EU or in the European Economic Area. Should this no longer be possible and data needs to be transferred to a third country, Jimdo will ensure, after prior review, that an adequate level of data protection that meets the requirements of the Court of Justice of the European Union and the EU Commission is adhered to in the country the data is transferred to. In these cases, the data is transferred on the basis of an Adequacy Decision of the European Commission or the Standard Contractual Clauses for the transmission of personal data to third countries in its current valid version. These can be accessed here. We regularly reassess the measures we have taken to assess the requirements arising from new regulatory guidance and case law, for example resulting from the decision of the CJEU in case C-311/18. Data transmission to a third country may also take place on the basis of your consent. You will be provided with details of this separately, if applicable.
4. Period of storage
Insofar as we receive and process your personal data for the purposes of implementing, initiating, and processing your contract with Jimdo, we store it until the purpose of storage has been achieved (in particular achieved in the event of the contract being terminated), or insofar as this is required within the statutory retention periods in accordance with section 257 of the German Commercial Code (HGB) and section 147 of the German Tax Code (AO).
We store HTTP data and server log files for a maximum of three (3) months unless there is a security incident (such as a DDoS attack). In the event of a security incident, server log files will be stored until the incident has been rectified and fully investigated.
5. Information about your rights
As the data subject you have the following rights with regard to the processing of your personal data by Jimdo, in the event of the respective legal requirements:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7 (3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
We are obligated to carefully verify your identity when dealing with your requests to exercise your rights. Please note that we reserve the right to request further information or proof of your identity depending on the sensitivity of the data. This is in place to protect your data against access by unauthorized third parties.
6. Data Security
The personal information of the Jimdo Creator App user is protected by technical and organizational security measures to minimize risks associated with their loss, misuse, unauthorized access, unauthorized disclosure, and alteration. For example, we use firewalls and data encryption, as well as physical access restrictions for our data centers and data access authorization controls.
If Jimdo intends to process the data of the Jimdo Creator App user for other purposes, i.e. those for which they were collected, we will inform the Jimdo Creator App user in advance in accordance with the law.
Should Jimdo or the Jimdo Creator App be taken over by another company, information on the personal data of the Jimdo Creator Appuser may be transferred to the legal successor in accordance with the data protection regulations.
Valid from: 21.10.2022