Privacy

In short, on the app

All communication happens directly between your app and the server of your library. We do not store any data about you, as we do not know any data about you. We do not see your search request, account details or anything else. Please contact your library for their privacy policy. In regular intervals, the app contacts our server to fetch updated data about the libraries. Also, the app may contact our server in case of an application error. We need this to ensure the ongoing quality of the app, but we will not transmit or store personal data. Should this happen accidentally, we will only use the data to debug the error and for no other purposes.

Officialy

This translation is provided as an informational service to our users. However, our official data privacy policy can only be found in German language by clicking this link.

1. Controller

Controller in terms of the General Data Protection Regulation (GDPR) as well as other data protection laws applicable in Member states of the European Union is:

rami.io GmbH
Berthold-Mogel-Straße 1
69126 Heidelberg
E-Mail: info@rami.io
Telefon: +49 (0) 6221 32177-60

Our Data Protection Officer is:

Susanne Kasper
E-Mail: datenschutz@rami.io
Telefon: +49 (0) 6221 32177-13

2. Basics

2.1 Scope of data processing

In principle, we only process personal data of our users if it is neccessary to provide a functional website as well as our other services. Processing personal data only happens after agreement of the user. The only exception to this is when a prior agreement is technically not possible and a processing is allowed by law.

2.2 Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for all processing for which we obtain specific consent. If the processing of personal data is necessary for the performance of a contract to which the data subject is party or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In the rare event that processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, the processing would be based on Art. 6(1) lit. d GDPR. Finally, if processing is necessary for the purposes of the legitimate interests of our company or a third party, operations could be based on Article 6(1) lit. f GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

2.3 Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

3. Serving our website as well as updates to the app, creation of log files

3.1 Scope of data processing

With every request to our website as well when using the app for recent refreshing of configuration data, our system automatically processes information from the computer system of your device:

  • The browser type, operating system and version used
  • The Internet service provider of the accessing system
  • An Internet Protocol address (IP address)
  • The date and time of access to the Internet site
  • The website from which an accessing system reaches our website (so-called referrers)
  • Sub-websites

Some of this data is persisted to log files on our system. We do not persist IP addresses or other data that allows to draw any conclusions on the data subject. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

3.2 Legal basis for the processing

Legal basis for this processing is Art. 6(1) lit. f GDPR.

3.3 Purposes of data processing

We need to process this data to allow serving you the website or app contents. We need to store the IP address for the time of the session in order to send the website contents to you. Therefore, we can process this data by Art. 6(1) lit. f GDPR.

3.4 Period for which the personal data will be stored

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage. In particular, we do not store this data longer than the time of your session on our website.

3.5 Right to object

Processing this data is neccessary for operating the website, therefore you can not opt out from this processing.

4 Analytics using Matomo (ehemals PIWIK)

4.1 Scope of data processing

On this website, the controller has integrated the Matomo component. Matomo is an open-source software tool for web analysis. Web analysis is the collection, gathering and evaluation of data on the behavior of visitors from Internet sites. A web analysis tool collects, inter alia, data on the website from which a data subject came to a website (so-called referrer), which pages of the website were accessed or how often and for which period of time a sub-page was viewed. A web analysis is mainly used for the optimization of a website. In particular, we store:

  • First bytes of the user's IP address (i.e. 123.234.0.0 instead of 123.234.215.78)
  • The website the user requested
  • The website the user is coming from (so-called referrer)
  • The requested sub-pages
  • The duration of the user's stay on the website
  • The number of requests to the website

The software is operated on the server of the controller, the data protection-sensitive log files are stored exclusively on this server. The software is configured to anonymize any IP addresses by stripping the last half of bytes from them. This way, we cannot trace the data back to an individual device or connection. The purpose of the Matomo component is the analysis of the visitor flows on our website. The controller uses the obtained data and information, inter alia, to evaluate the use of this website in order to compile online reports, which show the activities on our Internet pages.

Matomo sets a cookie on the information technology system of the data subject. With the setting of the cookie, an analysis of the use of our website is enabled. With each call-up to one of the individual pages of this website, the Internet browser on the information technology system of the data subject is automatically through the Matomo component prompted to submit data for the purpose of online analysis to our server. During the course of this technical procedure, we obtain knowledge about personal information, such as the IP address of the data subject, which serves to understand the origin of visitors and clicks.

4.2 Legal basis for the processing

Legal basis for this processing is Art. 6(1) lit. f GDPR.

4.3 Purposes of data processing

Processing this data allows us to analyze the usage of our website. This allows us to improve the usuability and usefulness of our website constantly. For this reason, we have an interest in processing this data and can do so under Art. 6(1) lit. f GDPR. By anonymizing IP addresses, we comply with the user's interest to protect their data reasonably.

4.4 Period for which the personal data will be stored

We will delete all individual datasets after 90 days. After this time, we will only archive daily averages and sums, but nothing that can be analyzed for individual visitors.

4.5 Right to object

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the used Internet browser would also prevent Matomo from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Matomo may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by Matomo as well as the processing of these data by Matomo and the chance to preclude any such. For this, the data subject must set an opt-out cookie by clicking on a link in the next paragraph. The opt-out cookie that is set for this purpose is placed on the information technology system used by the data subject. If the cookies are deleted on the system of the data subject, then the data subject must call-up the link again and set a new opt-out cookie.

4.6 Right to object

Processing this data is neccessary for us continuing to provide the app in high quality, therefore you can not opt out from this processing.

5. Crash analytics of the app

5.1 Scope of data processing

In our app, we use the open source software tool Sentry to analyze crashed of our app. If your app crashes while you use it, the app will send a report to us on the next usage. The report contains the following data:

  • Type of device you use
  • Android version
  • App version
  • Name of the selected library
  • Type of internet connection (WiFi, cellular)
  • Amount of free memory on the device
  • Language and time zone of the device

The data is stored only on our servers and never transferred to third parties.

5.2 Legal basis for the processing

Legal basis for this processing is Art. 6(1) lit. f GDPR.

5.3 Purposes of data processing

Processing this data allows us to improve our app and fix bugs in our app. For this reason, we have an interest in processing this data and can do so under Art. 6(1) lit. f GDPR. By not being able to match this data to specific persons, we comply with the user's interest to protect their data reasonably.

4.4 Period for which the personal data will be stored

The data will be deleted after 90 days.

5.5 Widerspruchs- und Beseitigungsmöglichkeit

Da wir im in diesem Zusammenhang keinerlei Daten speichern, die wir Ihnen als Person konkret zuordnen können, können wir auch keine Daten individuell auf Anfrage löschen, herausgeben oder berichtigen.

6. Rights of the data subject

If personal data of you is processed, you are a data subject in terms of GDPR.

Since we do not store any personal data that we can later connect to you as a person, we cannot delete, rectify, erase, restrict, or give out any specific personal data.

6.1 Right to complain

You can always file a complaint with the data protection authorities of the member state you reside in, work in or we reside in, if you think our use of personal data violates GDPR.

Source: Based on a text of Uni Münster and a text of External Data Protection Officers that was developed in cooperation with RC GmbH, which sells used notebooks and the Media Law Lawyers from WBS-LAW.