When using digital media, data is generated. Here you can find out how we handle this data.
Yes, we too are sometimes data-nerds and rush to Google Analytics as soon as we publish a blog post – only to find out with disillusion how small the number of our fans and groupies is.
Seriously: data protection is important to us and we live it too. Here are a few principles that are deepened below.
- Our business model is licensing our software solution. We have absolutely no commercial interest in our users' private data.
- We don't sniff after our users. We are not interested in the usage behavior of individuals, but rather pursue one goal with data: We want to continuously improve our digital offerings and the quality of our product.
- We only collect the data that we know will help us to improve the offerings and to draw aggregated learnings from the behavior of many users and not you in particular.
- Data security is very important to us in the company. We sensitize our employees with regard to data protection and security. We also use state-of-the-art security solutions and techniques. This is how we can effectively protect our users' data.
- We are frugal when using third-party services such as Google Analytics or Firebase Crashlytics. And if we share data with such third-party services, then only very sparingly.
- We never pass on personal data to third parties.
The relevant legal norm for our behavior in this regard is the General Data Protection Regulation (GDPR).
Data Protection Officer & Contact
In case you need it, we will be very transparent to you. If you want information from us as to whether and which data we have about you, you can contact our data protection officer, Hans Georg Holzer, at any time. Should you wish, we will of course delete all of your data from us.
Here's our contact information:
xamoom GmbH, Universitätsstraße 5/4, 9020 Klagenfurt, Austria, firstname.lastname@example.org.
When do we save which data?
There are a few situations in which we may store information about you. Here are some examples:
- You contact us (e.g. by email or SMS, form on the website) or we communicate with each other. It is in the nature of communication that it leaves its mark.
- We meet and our employees take notes – for example, to fulfill your request.
- You use our services (more on this under app data storage).
Here's a short personal opinion: we are enthusiastic Europeans, but the European Parliament's cookie initiative was not their best idea. It ensures that users on the one hand approve and accept everything and on the other hand that some things in digital marketing, which are quite legitimate, no longer work. But be it as it is.
“Cookies” are small files that are stored on the users' computers. Various information can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer.
Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie can, for example, store the content of a shopping cart in an online shop or a login status. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users can also be stored in such a cookie, which is used for range measurement or marketing purposes.
“Third-party cookies” are cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, they are referred to as “first-party cookies”).
We use both temporary and permanent cookies in our digital offers – from us (or our web servers) ourselves and from third parties.
If you as a user do not want cookies to be stored on your computer, we ask you to deactivate the corresponding option in the system settings of your browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Data storage in xamoom's apps
If you use one of our apps, the following data will be saved:
- The use of content and location markers (QR code, NFC tag, or iBeacon) at individual locations and their frequency.
- Use of individual app features (such as scanning location markers or calling up the settings page) in order to improve them again and again.
- Contents of transmitted forms (e.g. contact form, quiz, survey) without coordinating or comparing these (possibly personal data) with other data.
- Data on the quality (speed, error messages) of the delivery of content and the overall service.
There is no way for entering user data (username, password) in xamoom's apps. It is therefore not even possible that we have such data. We're not particularly interested in them either. Such data would not help us at all in fulfilling our task (e.g. providing the best possible content at the respective location).
Our app accesses your location information even if the app is closed or not in use. We do this to make use of small Bluetooth transmitters (called iBeacons or beacons) to draw your attention to places of interest near you. The app can also send you notifications based on your whereabouts. Your current whereabouts are shown on maps to give you a better overview. We save this data but with the only purpose so that we don’t always make the same suggestions.
The app asks you if you want to grant this permission. If you deny this authorization, you can still use many of the app’s functions. All in all, granting this authorization helps you to have a better user experience and more relevant tips for your use of the app. Thanks.
In some cases, xamoom's apps use third-party analysis tools. See the sections below on Google Analytics or Crashlytics.
We use Firebase Crashlytics, a service of Google LLC. Crashlytics transmits certain technical information to us concerning your device and your app installation if your app crashes. We use this data only in order to determine the reason for the crash and to remove errors in our app. This data is usually not personal data.
Crashlytics is used based on our legitimate interest in recognizing errors in our app, examining them, and remedying them, and to thus be able to offer our app in its contractually stipulated form, and the fact that your legitimate interests are not overriding.
Find out more about data privacy in Firebase Crashlytics' privacy statement.
Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage to website operators.
We only use Google Analytics with active IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the IP address transmitted to a Google server in the USA and shortened there.
You can prevent Google from collecting the data generated by the cookie and related to your use of the online service and Google from processing this data by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout.
Google Tag Manager
Google Tag Manager (GTM) is a solution with which we can manage so-called “website tags” via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offer).
We use a newsletter to keep interested parties and friends of xamoom up to date about us. Here are our principles:
- Our terms of service allow us to inform customers as well as demo users and their employees about product news without being asked.
- We always ask for permission before we put someone on the newsletter list.
- If the registration is done digitally, this is done according to the double-opt-in procedure. This prevents a funny guy from “spreading the joy” of our newsletter to others.
- You can unsubscribe at any time with one click.
We use Mailchimp as a service provider for the newsletter. In addition to personal characteristics such as name or email address, data storage at Mailchimp also includes data on usage (e.g. an email was opened or a link was clicked).
We use social networks, on the one hand, to make our own offers better known and on the other hand so that end users can share our content or that of our customers more easily. Furthermore, we sometimes embed postings from these networks (e.g. YouTube videos) in our communication.
Of course, data is also generated here. You can find out more about this in the (eternally long and sometimes difficult to read) data protection provisions of all these networks. The most important examples are linked here: Facebook, Twitter, YouTube, Vimeo, Instagram.
Facebook-Pixel, Custom Audiences, and Facebook Conversion
Due to our legitimate interest in the analysis, optimization, and economic operation of our online offer and for these purposes within the meaning of Art. 6 (1) f. of the GDPR we use the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law.
With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display our Facebook ads only to Facebook users who have shown an interest in our website or who have specific characteristics (e. g. interests in certain topics or products determined by the websites visited) that we submit to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and do not have a nuisance effect. Using the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion tracking”).
The Facebook pixel is directly integrated into our website by Facebook and can store a so-called cookie, i. e. a small file, on your device. If you then log in to Facebook or visit Facebook when you are logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, i. e. it does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Facebook so that it can be linked to the respective user profile and used by Facebook as well as for its own market research and advertising purposes. If we transfer data to Facebook for comparison purposes, it is encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done with the sole purpose of matching the data encrypted by Facebook.
Furthermore, when using the Facebook pixel, we use the additional function “advanced matching”, in which inventory data such as telephone numbers, e-mail addresses or users' Facebook IDs is transmitted to Facebook (encrypted), but solely to create target groups (“Custom Audiences”). Users agree our use of the “advanced matching” and the related processing of their data.
Based on our legitimate interests, we also use the “Custom Audiences from File” function of the social network Facebook, Inc. in which case inventory data (phone numbers, email addresses, Facebook IDs) will be uploaded to Facebook. The upload process is encrypted. The upload serves solely to identify recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who are interested in our information and services. Users agree our use of the “Custom Audiences from File” function and the related processing of their data.
Facebook's processing of the data is governed by Facebook's Data Usage Policy. Accordingly, general instructions on how to display Facebook ads, in the Facebook Data Usage Policy. For specific information and details about the Facebook pixel and how it works, please visit the Facebook Help Center.
You may object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what kind of ads you see on Facebook, you can go to the page set up by Facebook and follow the instructions on how to set up use-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i. e. they are applied to all devices, such as desktop computers or mobile devices.