store logo
GALATEA
(30.7K)

Privacy Policy (Web & App)

Website:

We, Inkitt GmbH, operate https://getgalatea.com and collect certain data from you, where necessary. In the following privacy policy, you will be informed what we do with your data, so-called personal data, and why we do this. We will also inform you how we protect your data when this data is deleted, and what rights you have within data protection.

Who can I contact?

Responsible for this website is:

Inkitt GmbH

Saarbrücker Str. 36

10405 Berlin

E-Mail: [email protected]

Via the contact data, you can reach our Data Protection Officer or another relevant contact person for data protection. Don't hesitate to contact us if you have specific questions about your personal data, deletion of your personal data, or similar requests.

What are my rights?

You can contact us at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights:

  • Right to withdraw your consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to cancel a previously given consent to a newsletter)
  • Right to access your data in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
  • Right to correct your data in accordance with Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and we should replace your old e-mail address)
  • Right to have your data deleted in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
  • Right to limit data collection in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only to send absolutely necessary e-mails)
  • Right to data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data in a zipped format if you want to upload it to another website)
  • Right to object to how your data is handled in accordance with Art. 21 GDPR (e.g. you can contact us if you do not agree with advertising or user analytics procedures as described within this privacy policy)
  • Right to send complaints to the supervisory authority in accordance with Art. 77 para. 1 f GDPR (e.g. you can contact the data protection supervisory authority directly: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

Deletion of data and storage periods

Unless otherwise stated, we will delete or anonymize your data as soon as it is no longer needed, e.g. your e-mail address after you have unsubscribed from a newsletter. Your data will also be deleted or blocked automatically if the mandatory storage period expires. Such data may be needed for longer periods of time for legal reasons. You can request information about all personal data we have stored about you. Data protection inquiries and other legal matters may also be stored for a longer period of time within the scope of the legally relevant retention and statute of limitations periods.

Contacting us

When contacting us via email, the User's details are stored for the purpose of processing the inquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or fulfilling your request based on Art. 6 (1) b. GDPR.

Customer Support

The processing of your personal data by our customer service is solely for the purpose of handling your inquiries and ensuring the best possible customer service. We use the ticket system of the provider Zendesk (Zendesk, Inc.1019 Market St, San Francisco, CA 94103 USA - https://www.zendesk.de/) for this purpose.

The data you provide us during your contact (e.g. name, email address) will be stored and processed on the servers of Zendesk. Zendesk is a US-based company and we signed the EU-SCC to ensure an adequate level of data protection.

Your data will not be disclosed to third parties unless it is necessary to process your inquiry or there is a legal obligation to do so.

You have the right to request information about the data we have stored about you at any time, as well as to request correction or deletion of your data. Please contact our customer service for this purpose.

Visiting our website

If you merely wish to browse our website, we do not collect any personal data, with the exception of the data that your browser sends to us, e.g.:

  • IP address
  • Date and time of visit (e.g. 11:55 on 25.05.2023)
  • Last visited website (e.g. google.com)
  • Browser and version (e.g. Chrome or Safari)
  • Operating system (e.g. Mac OS)
  • Marketing data (e.g. advertising identifiers)

As a protective measure in favor of your privacy, we delete or anonymize the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimize our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, prevent display problems for visitors, and correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR.

Automated Decision making (including "profiling")

In general, we do not process any data via "profiling" or in form of automated decision-making via the Website or Service. However, such profiling may happen by third-party providers through the Website or Service. We will inform you about such a fact if possible.

Data Security

We have implemented sufficient measures to ensure data and IT security. The Website is operated through a safe SSL connection. If an SSL connection is activated, third parties are prevented from reading any data that you transfer to us.

Sign up/ User Account

You also have the option of signing up on our website and then logging in at any time with a user account. To register with us, the following data is required:

  • E-mail address
  • User name
  • Password

As a protective measure, data is transmitted via a secure connection like the rest of the website. After successful confirmation, your data will be stored until you decide to delete individual data or the entire user account. The purpose of the data requested is the creation of a user account that provides extended functionality to the website. Sign-up is voluntary and can be withdrawn or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR. In cases where the sign-up is required for the mutual conclusion of the contract, the legal basis is the fulfillment of the contract in accordance with the European data protection requirements from Art. 6 para. 1 lit. b GDPR.

Newsletter

If you are interested in receiving updates about our company or our products, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm receipt of the newsletter. We will then save your e-mail address until you unsubscribe from the newsletter. For this purpose, you will find a corresponding link to unsubscribe in every e-mail of our newsletter. The delivery of the newsletter is carried out by the specialized service provider Sendgrid by Twilio. Further information can be found in the service provider's privacy policy: https://www.twilio.com/legal/privacy.

As a protective measure, we ask for a so-called "Double-Opt-In" to ensure that the registered e-mail address actually belongs to you. Furthermore, we have entered into a data processing agreement with the assigned service provider. You are also able to unsubscribe from the newsletter at any time and thus delete your e-mail address from the service provider's database. The data requested is to send the newsletter to your personal e-mail address to fulfill your request for updates about our company or our products. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR.

Cookies

Our website partially uses so-called cookies. Cookies are small text files that are usually stored in a folder of your browser. Cookies contain information about the current or last visit to the website:

  • Name of the website
  • Expiration date of the cookie
  • Any value

If cookies do not contain an exact expiration date, they are stored only temporarily and are automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date will still be stored even when you close your browser or restart your device. Such cookies will not be deleted until the specified date or if you delete them manually.

We use the following three types of cookies on our website:

  • required cookies (cookies that are required, e.g. to display the website correctly for you and to store certain settings temporarily)
  • functional and performance-related cookies (cookies that help us improve our website, e.g. to evaluate technical data of your visit and avoid error messages)
  • advertising and analytics cookies (cookies that provide analytics and personalized ads, e.g. advertising for shoes is displayed if you have previously searched for shoes)

You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly. Helpful information and instructions for the most common browsers can be found here: https://www.allaboutcookies.org/manage-cookies/stop-cookies-installed.html

Data Recipients

In accordance with the descriptions and purposes stated above, we share your information with the following recipients that are essential to providing our services and communicating with you:

  • Google Analytics, operated by Google Ireland Ltd. headquartered in Gordon House Barrow Street Dublin 4 Ireland. We use Google Analytics to analyze user behavior and to serve personalized advertising. The data will be processed within the European Union. For more information, please refer to the privacy policy for Google Analytics at: https://policies.google.com/privacy
  • Microsoft Clarity, operated by Microsoft Corporation headquartered in One Microsoft Way, Redmond, Washington, 98052-6399, USA. We use Microsoft Clarity to analyze user behavior and to serve personalized advertising. For more information, please refer to the privacy policy for Microsoft at: https://privacy.microsoft.com/en-us/privacystatement
  • Yandex, operated by Global DC Oy, Moreenikatu 6, 04600 Mantsala, Finland. We use Yandex to analyze user behavior and to serve personalized advertising. The data will be processed within the European Economic Area (EEA). For more information, please refer to the privacy policy for Microsoft at: https://yandex.com/legal/confidential/
  • Sentry, operated by Functional Software Inc., 45 Fremont St, San Francisco, California 94105, USA, for the purpose of error tracking. Your device, operating system, visitor_id, country, release version, url, and user ID will be processed via servers in the US and Europe. For more information, please refer to the privacy policy for Sentry at: https://sentry.io/privacy/#eu-us-privacy-shield
  • Sendgrid, operated by Twilio Inc., 101 Spear Street, 1st Floor, San Francisco, California, 94105, USA, for the purpose of sending transaction and marketing emails and storing of unsubscription. Your email address will be processed. For more information, please refer to the privacy policy for Sendgrid at: https://www.twilio.com/legal/privacy 
  • Facebook, operated by Meta Platforms Ireland Ltd. headquartered in 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.  The data will be processed within the European Union. For more information, please refer to the privacy policy for Facebook at: https://www.facebook.com/privacy/policy/
  • Amazon Web Services, operated by Amazon Web Services, Inc. headquartered at 410 Terry Avenue North Seattle WA 98109 USA.  Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Amazon Web Services at: https://aws.amazon.com/privacy/
  • Google Cloud, operated by Google LLC, headquartered at 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Google Cloud at: https://cloud.google.com/terms/cloud-privacy-notice
  • Datadog, operated by Datadog, Inc. headquartered at 620 8th Ave 45th Floor, New York, NY 10018, USA. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Datadog at: https://www.datadoghq.com/legal/privacy/
  • Stripe, operated by Stripe, Inc. headquartered at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Stripe at: https://stripe.com/privacy
  • Inkitt, operated by Inkitt GmbH, headquartered at Saarbrücker Str. 36, 10405 Berlin, Germany. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Inkitt at: https://www.inkitt.com/privacy

We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example in the context of our newsletter or cookie banner. If no contract exists yet, we share the data in certain cases in the context of legitimate interests. This is the case, for example, if you only want to visit our website or contact us. When you visit our website, it is in the interest of both parties to provide access to the services and to communicate with each other.

We have also entered into data processing agreements with all external recipients to comply with European legal requirements. Depending on your location, some of the above service providers - if specified - will also transfer your data to the United States. The European Court of Justice has ruled that the United States does not have an equivalent level of data protection to the EU and authorities may be able to access data without due process. Additional safeguards are therefore required to ensure a sufficient level of data protection. To meet this requirement, we have concluded additional data processing agreements called Standard Contractual Clauses. We also check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong encryption of data.

App: 

When you use our Galatea app, we collect and store certain data (technically necessary) about you to provide services and improve the overall app experience. 

In the following privacy policy, you will learn what we do with your data, so-called personal data, and why we do it. We will also tell you how we protect your data, when the data is deleted, and what rights you have thanks to data protection. 

At the outset, we would like to explain our concerns and explain the purposes of data processing as clearly and transparently as possible (further details in the respective explanations).

Who can I contact?

Inkitt GmbH

Saarbrücker Str. 36

10405 Berlin

E-Mail: [email protected]

If you have specific questions about your data, its deletion, or your rights, there is a direct contact option for data protection via the email address [email protected]. If you wish to submit a written request, simply add "data protection".

What are my rights?

You can contact us at any time if you have questions about your data protection rights or wish to exercise any of your rights below:

  • Right of withdrawal according to Art. 7 (3) GDPR (e.g. you can contact us if you wish to revoke a previously given consent to a newsletter)
  • Right to information according to Art. 15 GDPR (e.g. you can contact us if you want to know which data we have stored about you)
  • Correction according to Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and you want us to replace the old e-mail address)
  • Deletion according to Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
  • Restriction of processing according to Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only to use it for sending absolutely necessary e-mails).
  • Data portability according to Art. 20 GDPR (e.g. you can contact us to receive your data stored with us in a compressed format, e.g. because you want to make the data available to another website).
  • Objection according to Art. 21 GDPR (e.g. you can contact us if you do not agree with one of the advertising or analysis procedures specified here).
  • Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 (1) GDPR (e.g. you can also contact the data protection supervisory authority directly in the event of complaints)

Deletion of data and storage period

Unless otherwise specified, we will delete your data as soon as it is no longer required. Your data will also be blocked or deleted if a storage period prescribed by law expires unless there is a need to continue storing the data for the conclusion or performance of a contract. Certain data may have to be stored longer for legal reasons. You can, of course, request information about the stored data at any time. You can delete all previously stored data on your orders and reset your authentication within the app at any time.

How is your personal data protected?

We will take all reasonable and appropriate measures to protect the personal information we store from misuse, loss, or unauthorized access. To this end, we have taken a number of technical and organizational measures. This includes measures to deal with any suspected data breaches.

If you suspect that your personal information has been misused, lost or accessed without authorization, please let us know as soon as possible by contacting us using the contact details above!

Data collection in our app 

When you use our app, we collect and store certain data (technically necessary) about you to provide services, and improve it overall:

  • Language settings (e.g. system language German)
  • Approximate location based on device language and time zone
  • Date and time of use (e.g. 11:45 on 25.05.2018)
  • Operating system (iOS, Android)
  • Hardware

To protect your privacy, we delete or anonymize identifiers in our database and most technical data after your use. 

The purpose of temporarily storing this data is to connect to our servers and provide the app.

The legal basis is the contract with you according to Art. 6 para. 1 lit. b GDPR as well as the legitimate interest according to the European data protection requirements according to Art. 6 para. 1 lit. f GDPR. In addition, we apply the above-mentioned security measures to protect your data. 

Registration and use of the app:

In addition, certain data is required for registration and use of our app. This is the following data:

  • User name (mandatory)
  • E-mail (mandatory)
  • Password (mandatory)
  • Date of birth (mandatory)

In addition to manual registration, we offer you the option of registering with us directly with your existing user account of a social network from selected providers. We use the platforms "Apple” and "Google".  If you wish to use one of these functions, you will be redirected to the page of the respective provider and navigated through the registration process.

To protect your privacy, we delete or anonymize identifiers in our database and most technical data after your use. The evaluation of the usage data is carried out exclusively on a statistical basis and is not personalized. 

The purpose of processing this data is to enable the use of the app and its service offerings and functions.

The legal basis is the usage contract with you pursuant to Art. 6 (1) lit. b GDPR as well as the legitimate interest pursuant to Art. 6 (1) lit. f GDPR. You can object to the data processing based on the legitimate interests at any time and explain why your interest outweighs ours. However, it will then unfortunately no longer be possible to use our app. In addition, we apply the above-mentioned security measures to protect your data. 

Further data processing in the app

In addition to the previously mentioned data, we process the following user-related data in the app (not mandatory):

  • Private email (not visible to other users)

     

Mobile apps and app permissions

When you download our app via an app platform (Apple App Store or Google Play Store), you submit certain information to this platform, in particular your account data, e.g. name, device ID and email address. We have no influence on this data collection and are not responsible for it.

Some features of our app require access to certain features and services on your device. Depending on which mobile operating system you use, you may be required to accept certain app permissions. We will now explain what these permissions are:

Push notifications:

Access location data: When you select OK in the "Push Notifications" pop-up, you allow the app to send you push notifications. 

To protect your privacy, all app permissions are optional, except for the technical permissions that are required to run the app. You can decline at any time (by clicking "no" or "do not accept"). You can also revoke the permissions afterward by changing the corresponding settings on your device. 

The purpose of requesting these permissions is to enable you to use our service and app-specific features. 

The legal basis is your consent in accordance with the European data protection regulations pursuant to Art. 6 (1) lit. a GDPR.

App Analysis/ Tracking:

Google Analytics: We use Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").Your IP address will be processed but shortened before the usage statistics are analyzed so that no conclusions can be drawn about your person. For this purpose, Google Analytics has been extended by the code "anonymizeIp" to ensure an anonymized collection of IP addresses. Google will use the anonymized information obtained through the cookies to evaluate your use of the website, compile reports on activities, and provide other services related to internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

Google Firebase: We use Firebase by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA for the purpose of analytics, sending push notifications to users, and storing of storing chat messages. Your IP address, Instance IDs, Crash traces, User agents, Mobile ad IDs, IDFVs/Android IDs, Analytics App Instance IDs, and All User events (button clicks, page views, etc) will be processed. Personal data is not stored.

Branch.io: We use Branch Metrics, Inc., 1400B Seaport Boulevard, Redwood City, California 94063, USA for the purpose of deeplinks for marketing purposes. We process your iOS or Android identification (IFDA or Android ID), the IP address, the version of the app, information about the terminal used, its manufacturer and the operating system version used, screen size and resolution, start and end of the use of our app, type of connection (e.g. WLAN, mobile access), the period since installation and since the last update of the app. The listed information is only processed by Branch in an anonymous form. An identification of the individual Galatea user by Branch is thus excluded.

Singular: We use Singluar Labs, Inc., 181 South Park Street Unit 2, San Francisco, CA 94107, USA for the purpose of marketing tracking. We process your iOS or Android identification (IFDA or Android ID), the IP address, the version of the app, information about the terminal used, its manufacturer and the operating system version used, screen size and resolution, start and end of the use of our app, type of connection (e.g. WLAN, mobile access), the period since installation and since the last update of the app. The listed information is only processed by Singluar in an anonymous form. An identification of the individual Galatea user by Singular is thus excluded.

Adjust: We use Adjust GmbH, Saarbrücker Strasse 37A, 10405 Berlin, Germany for the purpose of marketing tracking. We process your iOS or Android identification (IFDA or Android ID), the IP address, the version of the app, information about the terminal used, its manufacturer and the operating system version used, screen size and resolution, start and end of the use of our app, type of connection (e.g. WLAN, mobile access), the period since installation and since the last update of the app. The listed information is only processed by Adjust in an anonymous form. An identification of the individual Galatea user by Adjust is thus excluded.

Facebook: We use Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal, Harbour Dublin 2, Ireland for the purpose of marketing tracking. We process your iOS or Android identification (IFDA or Android ID), the IP address, the version of the app, information about the terminal used, its manufacturer and the operating system version used, screen size and resolution, start and end of the use of our app, type of connection (e.g. WLAN, mobile access), the period since installation and since the last update of the app, and purchases. The listed information is only processed by Meta in an anonymous form. An identification of the individual Galatea user by Meta is thus excluded.

Assertion, exercise, and defense of legal claims

Sometimes it may be necessary for us to process personal data and, where applicable - in accordance with local laws and regulations - sensitive personal data in connection with the exercise or defense of legal claims. Article 9(2)(f) of the GDPR allows for this when the processing is "necessary for the establishment, exercise or defense of legal claims or when courts are acting in the exercise of their judicial functions".

This may occur, for example, when we need legal advice regarding a legal proceeding or are required by law to preserve or disclose certain information as part of the legal process.

Personal data of children

We are aware of the importance of children's safety and data protection on the Internet. As already mentioned above, our offer is also aimed at young people and children. The EU General Data Protection Regulation places special requirements on the consent of children and young people under the age of 16 (Art. 8 GDPR). We require consent in particular in the context of registration in the form of entering the required data and when releasing the collection of location data. We expressly do not use this data to create profiles and play out advertising or similar content. 

In principle, according to Art. 8 GDPR, consent of children and adolescents under 16 years the consent and approval of parents is required. We would like to ask children and young people under the age of 16 to obtain the consent of their parents and to provide proof of this consent if requested by us. We will point this out separately as part of the registration process and the submission of the consent. 

Change of the privacy policy

We reserve the right to change this privacy policy at any time, but we will always comply with the applicable laws on data protection. We recommend that you inform yourself about the current data protection declaration each time you visit the websites and the app.

Date of the privacy policy: 13.04.2023