Journi - Imprimez de grands souvenirs en quelques secondes

PRIVACY POLICY

Journi GmbH

I. General Information

1. Name and Address of the Controller

Journi GmbH
Goldschlagstraße 172/4/2/2+3
1140 Vienna, Austria
E-mail: info@journiapp.com

2. Age Limit

The users of our service must be at least 16 years old. If a person concerned is younger than 16 years of age, he/she must first obtain the consent of his/her parents/legal guardians before providing us with personal data or concluding a contract with us or using our services. Without this consent, the provision of personal data is prohibited. If a minor user nevertheless provides us with personal data, the use of this data will be discontinued as soon as we become aware of it.

3. Processors

We have entered into contract agreements with our processors within the meaning of Art 28 et seq GDPR, and with those outside the EEA, arrangements pursuant to Art 44 et seq GDPR have been concluded, which are constantly monitored and audited. Our partners are obliged to delete the data after the purpose has been fulfilled, unless this is contrary to a legal obligation to retain data.

The following processors regularly process data for us. Further processors are, if necessary, indicated with the respective purposes:

  • Tax consultant / accountant
  • Lawyer
  • IT service providers / IT providers and telecommunications providers
  • Printing and delivery service

3.1 Direct Marketing by Post

We may occasionally reach out to you via postal mail for marketing purposes, based on our legitimate interest. To facilitate these mailings, we work with data processors based on the country of your residence:

  • Austria (AT): Mail Boxes Etc. (MBE) | GFN Franchising GmbH
  • Germany (DE): MBE Deutschland GmbH

You have the right to opt out of receiving future marketing materials by post at any time and free of charge. If you wish to opt out, please send an e-mail to support@journiapp.com indicating the Subject field as 'Opt Out From Direct Marketing'.

4. Data Erasure and Storage Duration

Personal data of data subjects will be deleted or made anonymous as soon as the purpose of the processing no longer applies. Furthermore, data may be stored if required by statutory law. Anonymisation or deletion of data is carried out when a storage period prescribed by the aforementioned laws expires. Any specific provisions can be found in the respective processing purposes.

When a customer account is deleted, the tracking data is made anonymous, the transaction data is kept for 7 years according to BAO (Federal Tax Code) and the content data (comments, links, photos) is deleted. If you share a Journi with other users and delete your account, the shared content remains in the account of the remaining user.

5. Rights of the Data Subject

If your personal is being processed, you are the data subject within the meaning of the GDPR and are entitled to the following rights in relation to the controller:

5.1 Right of Access to Information

You can request confirmation from the controller as to whether your personal data are being processed by us.

In the event of such processing, you may request the following information from the controller:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom your personal data have been or will be disclosed;
  4. the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage
  5. the existence of a right of rectification or erasure of your personal data, a right to have the processing limited by the controller or a right to object to such processing
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the origin of the data, if the personal data are not collected from the data subject;
  8. the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject.
  9. You have the right to request information as to whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

5.2 Right of Rectification

You have the right to ask the data controller to correct and/or complete the data if your personal data which is being processed is incorrect or incomplete. The data controller shall make the correction without delay.

When processing data for scientific, historical or statistical research purposes: Your right of rectification may be limited to the extent that it is likely to make it impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

5.3 Right to Limit Processing

Under the following condtions, you may request the restriction of the processing of your personal data:

  1. if you dispute the accuracy of your personal data, the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of the processing, but you need it in order to exercise or defend your rights, or
  4. if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the EU or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

When processing data for scientific, historical or statistical research purposes:
Your right to restrict processing may be limited to the extent that it is likely to make the achievement of the research or statistical purposes impossible or seriously prejudicial and the restriction is necessary for the achievement of the research or statistical purposes.

5.4 Right of Cancellation

a) Obligation to delete

may request the controller to delete your personal data without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. Your personal data have been processed unlawfully.
  5. The deletion of your personal data is necessary to comply with a legal obligation under EU law or the law of the Member States to which the controller is subject.
  6. Your personal data have been collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made public your personal data and is obliged to delete them pursuant to Art. 17 (1) GDPR, he shall take reasonable measures, including technical measures - taking into account the available technology and the implementation costs - to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

c) Exceptions

The right of cancellation does not exist insofar as the processing is necessary

  1. for the exercise of the right to freedom of expression and information;
  2. in order to comply with a legal obligation to which the processing relates under EU or national law to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
  4. for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
  5. to assert, exercise or defend legal claims.

5.5 Right to Information

If you have asserted the right to rectify, erase or limit the processing towards the controller, the controller is obliged to notify all recipients to whom your personal data have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right towards the controller to be informed of these recipients.

5.6 Right to Data Transferability

You have the right to receive your personal data, which you have provided to the controller, in a structured, common and machine-readable format. You also have the right to have this data transferred to another controller (without interference from original controller to whom the personal data has given), provided that

  1. the processing is based on a consent pursuant to Art. 6 (1) lit a GDPR or Art. 9 (2) lit a GDPR or on a contract pursuant to Art. 6 (1) lit b GDPR and
  2. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right that your personal data are transferred directly from one controller to another, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

5.7 Right of Objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which is carried out pursuant to Article 6 (1) lit e or f GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process your personal data, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection of your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You may exercise your right of objection in connection with the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

When processing data for scientific, historical or statistical research purposes:
You also have the right to object, for reasons arising from your particular situation, to the processing of your personal data for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89 (1) GDPR.

Your right of objection may be limited to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously impairs them and the limitation is necessary for the fulfilment of the research or statistical purposes.

5.8 Right to Revoke the Consent Under Data Protection Law

You have the right to revoke your consent under data protection law at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

5.9 Automated Decision in Individual Cases including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

  1. is necessary for the conclusion or fulfilment of a contract between you and the controller,
  2. is authorised by EU or national legislation to which the controller is subject to and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of any person from the controller, to express his or her point of view and to challenge the decision.

5.10 Right of Appeal to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data is in breach of the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

6. Data Security

We do everything to protect your data. This includes measures to prevent manipulation, loss, destruction or access by unauthorized persons. To this end, we set forth a technical framework (such as access controls, locked filing cabinets, password guidelines, etc.), organizational framework (such as training courses and usage guidelines) and a legal framework (non-disclosure agreements, data protection agreements, data processing agreement) which are intended to prevent this. All data is stored on our computers and servers or on the servers of our service providers with whom contracts for data processing have been concluded. All our systems and data processing are recorded and described in detail in records of processing activities.

II. Processing Purposes

1. Free Customer Account & Services:

1.1 Customer Account

When you register for a free customer account (independent of the Journi apps print or blog or the Journi website journiapp.com), the following data about you will be processed:

  • First and last name
  • Email address
  • Password (we only store an encrypted version)
  • Profile picture (optional)
  • Place of residence (optional)
  • Birthday (optional)
  • Gender (optional)

We process this data to fulfil our obligations in the sense of the General Terms and Conditions and Terms of Use in accordance with Art 6 (2) lit b GDPR.

  • Your data will be processed for the duration of your use of the app. You can delete your customer account at any time. Afterwards, it will be kept for the duration of the tax and company law obligation to retain it in accordance with the BAO and the UGB. Your data will only be processed within the EEA.

If you log in to the customer account via Facebook, the following data and authorisations are requested by Facebook; please note that these are responsible (as controller) for data processing by Facebook in the sense of GDPR (see also point 8.1 below):

  • First and last name
  • Profile picture
  • Contact list
  • Photos
  • Email address

1.2 Free Services

You can use the following free services at Journi:

  • Use of the Journi mobile apps (without registration)
  • Use of Journi mobile apps (with registration, without subscription)
  • Use of the Journi web app (without registration)
  • Use of the Journi web app (with registration, without subscription)

When using the free services, the following personal data (in addition to the above-mentioned data when registering) are processed:

  • Photos
  • Place and time of recording (optional)
  • Comments and likes you leave, these are public

Your personal data will be processed by you in order to fulfil our terms of use (free contract), in accordance with Art 6 (1) lit b GDPR.

1.3 Referral Program

When using our referral program (Point 8 of our Terms), registered customers can earn credits by inviting third parties to Journi. If a customer uses this function, in addition to point 1.1, information about the recommendations (invitations and credits) will be processed. The data of the third parties will be logged in when clicking the corresponding activation link will be processed as for a customer account (point 1.1).

1.4 Third Party Photos

If you publish photos of third parties or send them to us, you must ensure that this is done in accordance with data protection regulations and that the personal rights or other rights of these third parties are not violated (see point 4 of our Terms).

2. Chargeable Services:

If you use paid services with us, your data will be processed for the purpose of fulfilling these contracts in accordance with Art 6 (1) lit b GDPR. In addition to the above-mentioned data, the contents of the contract (duration, price, scope) are processed by us. Your data will be processed for the fulfilment of the contractual obligations for the duration of the contract. Thereafter, your data will be stored for the duration of the tax and company law retention obligations.

2.1 Subscriptions

If you take out a subscription (Point 7.2 of our Terms), your personal data will be processed by the respective App Store.

The processing of the app services with costs is carried out via the respective App Store (Apple or Google). For this purpose, you enter into an agreement with the respective App Store, which will use your data to fulfil this agreement and forward it to us based on their privacy policy.

2.2 Print Products

If you order a print product (Point 6.1 of our Terms), the following personal data will be processed:

  • First and last name
  • Delivery address
  • Content and price of the order
  • Photos that are part of the order (optional)
  • Company (optional)
  • Phone number (optional)

Based on the applicable (privacy) laws for your order, your data will be passed on to the appropriate partner/s listed below for contract fulfillment:

  • Elanders Donauwörth GmbH
  • Elanders Waiblingen GmbH
  • Linemark, Inc (only for orders to or within the US)
  • Precision Printing Co. Limited (only for orders within the UK)
  • Alexanders Print Advantage (only for orders to or within the US)
  • Photo Create Pty Ltd (only for orders within Australia and New Zealand)
  • Our shipping partners

3. Apps:

  • System permissions (contacts, photos, camera...)
  • location data

When using the app, you can turn on the respective information. The app cannot access the respective data without your consent.

3.1 System Authorisations

For some functions our app must be able to access certain technical interfaces and data of the device. Depending on the type of operating system, this access may require your explicit consent, which will be obtained before the service is used (e.g. camera, tracking services). Use of the app is possible without these services, but only to a limited extent. You can adjust the permission settings in the system settings of your device at any time.

The following permissions may be required to use the app:

  • Location services / location data (See also point 3.2): Authorisation to access the location services of the device is required to access the location determined by the device.
  • Camera: Authorisation is required for the app to use the camera function of the device. No location data will be collected unless you specifically agree to it (above). Access to the camera function of the device is only granted when the function is activated in the app.
  • Mobile data (iOS) or access to all networks and network connections (Android): Internet access (via WLAN or mobile data connection) through the app is required to enable the app to transmit and receive data. This permission is required to transfer data or photos in the app or user account.
  • Contact list information: If you choose, you can use our "Import Contacts" feature to scan through your contacts list to find friends who already use Journi. If you choose to import contacts through your device's contacts list, then Journi will access your contacts list to determine whether or not someone associated with your contact is using Journi. You can choose to grant or deny this permission. If granted, your contact list information will be collected and used according to our privacy policy.

3.2 Location Services

In order to be able to offer all functions of the app (e.g. photo book with location) that are based on the current location, you can grant the app the authorization to use the location services of the (mobile) device to collect corresponding location data. If the user of the app is granted access to the location services, your current location will be regularly updated in the app. If the user does not grant access, your photos can be transmitted, but not your location. The location of an individual photo is also stored publicly along with the published photos.

4. Website - Server Log Files:

In order to optimise our websites with regard to system performance, user-friendliness and the provision of useful information about our services, the provider of the respective website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes your Internet Protocol address (IP address), browser and language settings, operating system, referrer URL, your Internet service provider and date/time.

consolidation of this data with personal data sources is not carried out. We reserve the right to check these data subsequently if we become aware of concrete indications of illegal use.

These log files are processed for 6 months.

The legal basis is, on the one hand, the fulfilment of the contract, specifically the provision of our website free of charge (Art. 6 (1) lit b GDPR), in our overriding interest in the security and functionality of our website (Art. 6 (1) lit f GDPR) and, finally, they are technically necessary for the operation of the website (Art. 165 (2) TKG [Austrian Telecommunication Code]).

5. Contact Form:

When you fill out the contact form on our website, the following data is processed:

  • Message
  • First and last name
  • E-mail address

This data is processed for the purpose of fulfilling (pre-)contractual obligations in accordance with Art. 6 (1) lit b GDPR. We store the data until your enquiry has been answered, unless the content of the enquiry in question gives rise to a legal obligation to retain the data.

For this purpose, the software Zendesk is used as a processor and data is processed outside the EEA in accordance with Art 44 et seq GDPR. The data is transferred on the basis of the EU-US Data Privacy Framework as an adequacy decision.

In order to improve our customer service operations and provide automated customer service responses and workflows, we may transfer the following data to Ultimate Enterprises Oy., a cloud-based customer service automation platform:

  • First and last name;
  • E-mail address;
  • Address (business or personal);
  • Order history;
  • Communications (conversations and timestamps); and/or
  • Customer service information.

All necessary data minimization measures (Pseudonymisation) are taken in accordance with Art.32(1b) GDPR. All personal data transferred for processing is masked and anonymized using advanced encryption measures.

6. Newsletter:

If you agree to receive our newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe. This use takes place exclusively on your request and with your consent (Art 6 (1) lit a GDPR in conjunction with § 174TKG [Austrian Telecommunication Code]) and is not a prerequisite for the use of our services. The sending of the newsletter includes advertising from us, such as updates to the apps and functions, delivery information about your orders, information about products, personal offers and deals and updates from Journi.

This consent can be revoked by you at any time and free of charge and you can unsubscribe from the newsletter. This is possible through the settings in your Journi profile or by sending an e-mail to support@journiapp.com. In addition, a contact option is included in every newsletter to revoke the consent.

Iterable is the processor of the newsletter and the associated data processing. For this purpose, data is also processed outside the EEA in accordance with Art 44 et seq GDPR. The data is transferred on the basis of the EU-US Data Privacy Framework as an adequacy decision.

Your data will be deleted after cancellation of the newsletter if processing is not necessary for other processing purposes. You will no longer receive the newsletter after cancellation.

7. Cookies

7.1 General Information

When using our website, so-called "cookies" are stored on your device. These are small text files that store certain settings and data for exchange with our system via your browser. A cookie contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier ("cookie ID"), and the following data: IP address, browser, operating system, language setting. Cookies help us, for example, to improve our website and to be able to offer you optimised services.

In the "session cookies" used by us, only the above-mentioned data on your use of the website is temporarily stored. These save a so-called "session ID", which can be used to assign various requests from your browser to a common session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you close the browser. In addition, so-called "persistent cookies" are used, which are automatically deleted after a specified period of time. These enable not only the recognition of your device with which you have already visited our website, but also the non-personal analysis of your behaviour on our website. In the list below you will find information on how long the respective cookies are stored.

If you do not wish to use browser cookies, you can set your browser to not accept cookies. If you prevent the storage of technically required cookies, we would like to point out that you may not be able to use our website to its full extent. This means that your session will not be saved. For this reason, the settings or progress you have selected will not be reopened at the same place where you left them the next time you use the websites.

Specifically, the following cookies are involved:

Cookie Name: journi-gdpr

Value Domain: journiapp.com
Duration: 365 days
Data Category: Functionality
Purpose: the user accept cookie terms

Cookie Name: _dd

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: datadog third party
Third Party (Receiver): datadog
Link: https://www.datadoghq.com/legal/cookies/

Cookie Name: _fbp

Value Domain: journiapp.com
Data Category: Targeting
Purpose: Is used by Facebook to show a range of advertising products, such as real-time bidding from third-party advertisers.
Third Party (Receiver): Facebook
Duration of Storage: 3 months
Link: https://www.facebook.com/policy/cookies/

Cookie Name: _amplitude

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: Amplitude set a cookie on web to identify the device
Duration of Storage: 365 days
Third Party (Receiver): Amplitude
Link: https://help.amplitude.com/hc/en-us/articles/206533238-Data-Security-Privacy

Cookie Name: lang

Value Domain: journiapp.com
Data Category: Functionality
Purpose: selected user language
Duration of Storage: session

Cookie Name: session

Value Domain: journiapp.com
Data Category: Functionality
Purpose: session of journi user
Duration of Storage: 5 days

Cookie Name: _ga

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: This cookie helps us to understand general user behavior on our website better. We use this cookie from Google Ads purely to improve the performance of our ad placements. As soon as you reach a target predefined by us, the result will be evaluated statistically. This enables us to focus on providing higher-quality ads. When you browse through our website you will see ads that are more relevant to your interests; so you will obtain results which match your search criteria even quicker. Your data will only be collected anonymously. So we are not able to link this information directly to you.
Duration of Storage: 2 years
Third Party (Receiver): google analytics
Link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-US

Cookie Name: _gid

Value Domain: journiapp.com
Data Category: Performance
Purpose: With the data from Google Analytics, the user and update rates can be distinguished anonymously
Duration of Storage: 1 day
Third Party (Receiver): google analytics
Link: www.google.com/intl/en/analytics/privacyoverview.html

Cookie Name: _hj

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: To function properly, Hotjar stores first-party cookies on your visitor's browser. Cookies are either set by the Hotjar script, or by visiting Hotjar's website. Displaying the correct content to your visitors without personally identifying anyone relies on Hotjar's cookies.
Duration of Storage: 365 days
Third Party (Receiver): Hotjar
Link: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies

7.2 Google Analytics

We use Google Analytics, a web analysis service of Google Inc. ("Google"). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data from Google.

The data will be transferred outside the EEA to the parent company of the Google group of companies, Google LLC, and to its wholly owned U.S. subsidiaries, in accordance with the Privacy Shield Principles, when the scope of Google LLC's Privacy Shield certification covers the customer's personal information.

Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

For more information about Google's advertising use, opt-out and opt-in options, please visit the Google websites: www.google.com/intl/de/policies/privacy/partners/ ("Google's use of data when you use our partners' websites or apps"), www.google.com/policies/technologies/ads ("Google's use of data for advertising purposes"), www.google.de/settings/ads ("Manage the information Google uses to serve ads to you") and www.google.com/ads/preferences/ ("Determine what ads Google shows you"). Order Data Agreement https://privacy.google.com/businesses/processorterms/; Privacy Policy for GDPR https://policies.google.com/privacy/update?hl=de.

8. Social Media

For individual processing activities on our company pages, we are joint controllers with the respective social medium. In case of interactions with our company page and questions about this, you are welcome to contact us directly. We would like to point out that we have no influence on the type and scope of the processing activities of social media platforms.

We process your data within the scope of the respective social media, insofar as you share it with us. This may be, for example, your (user) name, interactions with our profiles or pages, and comments, based on the use of the functionality of the social network (§ 165 (2) TKG Austrian Telecommunications Code) and our legitimate interest pursuant to Art 6 (1) (f) GDPR, as long as this content is published by you on the respective social medium. In the case of direct messages, we process the data contained therein for (pre-)contractual communication (Art 6 para 1 lit b GDPR).

8.1 Facebook

The social network facebook.com is operated by Meta Platforms Inc. (former Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA and is used for user interaction. Data controller for users in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (both: "Facebook"). If you visit our Facebook page or the website of Facebook, their privacy policy applies.

The purpose of the data collection and processing as well as the use of the data by Facebook, as well as the types of data (scope of the data) can be found by the user in the notes on data protection, which Facebook itself publishes; see: https://www.facebook.com/policy.php. In the interests of the best possible transparency, we summarize the key points for the user:

The data collected in this way is used to analyse usage behaviour and to provide, select, evaluate, and understand the advertisements that Facebook provides on and off Facebook (this includes advertisements provided by or on behalf of Facebook subsidiaries) and to compile statistics on users. Facebook will also use the data available to it to improve its advertising and measurement systems so that Facebook can show users on and off Facebook services and measure the effectiveness and reach of advertisements and services. If the user is registered with Facebook, Facebook is able, by using the data collected, to provide services to the user, personalise content for the user and provide the user with links and suggestions in which the user may be interested. Finally, the collected data is used to send marketing communications to the user, to communicate with the user about its services and to inform the user about Facebook's policies and terms.

If the user is the owner of a Facebook account and visits Facebook button, he/she has given his/her consent to the collection, transfer, storage, disclosure and use of his/her information in accordance with the Facebook Privacy Policy (https://www.facebook.com/about/privacy). The user can change the privacy settings of his Facebook account in the account settings.

Further information on Facebook and the GDPR can be found at: https://www.facebook.com/business/gdpr#Facebook-als-Datenverantwortlicher-vs.-Auftragsverarbeiter.

8.2 X (Twitter)

The social network “X” (formerly Twitter) is operated by X Corp. Suite 900, 1355 Market Street, San Francisco, California, 94103, USA ("X"). The X button links to our profile. On the X website their privacy policy applies.

The purpose of the data collection and processing as well as the use of the data by X, as well as the types of data (scope of the data) can be found by the user in the information on data protection, which X itself publishes; see http://twitter.com/privacy.

8.3 Instagram

Instagram is part of Meta Platforms Inc. (former Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA. Data controller for users in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The Instagram Social Media button links to our Instagram profile. If you visit our Instagram profile or the website of Instagram, their privacy policy applies.

The purpose of data collection and processing and use of the data by Instagram or Facebook, as well as the types of data (scope of data), can be found by the data subject in the information on data protection published by Instagram itself; see: https://help.instagram.com/519522125107875. The information given above on Facebook applies analogously to Instagram.

If the individual follows the link to Instagram, data will be processed, collected, transferred, stored, disclosed and used in accordance with Instagram's Privacy Policy. Furthermore, when visiting the Instagram website, cookies may be stored on the device of the data subject. The Facebook cookie policy applies here: https://www.facebook.com/policies/cookies. If the data subject is the owner of an Instagram account, the information transmitted can be linked to this account by Instagram or Facebook.

8.4 Pinterest

The data controller is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; the Data Protection Officer can be contacted here. Pinterest discloses information to its parent company in the USA, which is part of the Privacy Policy. Their privacy policy applies to pinterest.com, over which we have no control.

If you follow the link to Pinterest, Pinterest processes data in accordance with its privacy policy and cookie policy. Cookies are stored on your device when you visit the site. Pinterest's Privacy Policy also contains details of the types of data processed by Pinterest, and whether and how these are passed on.

If you are a Pinterest account holder, Pinterest can also link this data to your account.

9. Information for Californian Customers

This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running Journi and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).

The provisions contained in this section apply to all Users who are consumers residing in the state of California, United States of America, according to "The California Consumer Privacy Act of 2018" (Users are referred to below, simply as “you”, “your”, “yours”), and, for such consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.

This part of the document uses the term “personal information“ as it is defined in The California Consumer Privacy Act (CCPA).

Categories of personal information collected, disclosed or sold

In this section we summarize the categories of personal information that we've collected, disclosed or sold and the purposes thereof. You can read about these activities in detail in the section titled “Detailed information on the processing of Personal Data” within this document.

Information we collect: the categories of personal information we collect

We have collected the following categories of personal information about you: identifiers, California Consumer Records Statutez. information, commercial information, biometric information, internet information, geolocation data and sensorial information.

We will not collect additional categories of personal information without notifying you.

How we collect information: what are the sources of the personal information we collect?

We collect the aforementioned categories of personal information, either directly or indirectly, from you when you use Journi.

For example, you directly provide your personal information when you submit requests via any forms on Journi. You also provide personal information indirectly when you navigate Journi, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties that work with us in connection with the Service or with the functioning of Journi and features thereof.

How we use the information we collect: sharing and disclosing of your personal information with third parties for a business purpose

We may disclose the personal information we collect about you to a third party for business purposes. In this case, we enter a written agreement with such third party that requires the recipient to both keep the personal information confidential and not use it for any purpose(s) other than those necessary for the performance of the agreement.

We may also disclose your personal information to third parties when you explicitly ask or authorize us to do so, in order to provide you with our Service.

To find out more about the purposes of processing, please refer to the relevant section of this document.

Sale of your personal information

For our purposes, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer's personal information by the business to another business or a third party, for monetary or other valuable consideration”.

This means that, for example, a sale can happen whenever an application runs ads, or makes statistical analyses on the traffic or views, or simply because it uses tools such as social network plugins and the like. Your right to opt out of the sale of personal information

You have the right to opt out of the sale of your personal information. This means that whenever you request us to stop selling your data, we will abide by your request.

Such requests can be made freely, at any time, without submitting any verifiable request, simply by following the instructions below.

Instructions to opt out of the sale of personal information

If you’d like to know more, or exercise your right to opt out in regard to all the sales carried out by Journi, both online and offline, you can contact us for further information using the contact details provided in this document.

What are the purposes for which we use your personal information?

We may use your personal information to allow the operational functioning of Journi and features thereof (“business purposes”). In such cases, your personal information will be processed in a fashion necessary and proportionate to the business purpose for which it was collected, and strictly within the limits of compatible operational purposes.

We may also use your personal information for other reasons such as for commercial purposes (as indicated within the section “Detailed information on the processing of Personal Data” within this document), as well as for complying with the law and defending our rights before the competent authorities where our rights and interests are threatened or we suffer an actual damage.

We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.

Your California privacy rights and how to exercise them

The right to know and to portability

You have the right to request that we disclose to you:

  • the categories and sources of the personal information that we collect about you, the purposes for which we use your information and with whom such information is shared;
  • in case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
    • for sales, the personal information categories purchased by each category of recipient; and
    • for disclosures for a business purpose, the personal information categories obtained by each category of recipient.

The disclosure described above will be limited to the personal information collected or used over the past 12 months.

If we deliver our response electronically, the information enclosed will be "portable", i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance – provided that this is technically feasible.

The right to request the deletion of your personal information

You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used to identify and repair errors on Journi, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights etc.).

If no legal exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so.

How to exercise your rights

To exercise the rights described above, you need to submit your verifiable request to us by contacting us via the details provided in this document.

For us to respond to your request, it’s necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.

If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.

If you are an adult, you can make a verifiable request on behalf of a minor under your parental authority.

You can submit a maximum number of 2 requests over a period of 12 months.

How and when we are expected to handle your request

We will confirm receipt of your verifiable request within 10 days and provide information about how we will process your request.

We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fulfill your request.

Our disclosure(s) will cover the preceding 12 month period.

Should we deny your request, we will explain the reasons behind our denial to you.

We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.

10. Fonts

We use Adobe Fonts on our website. The IP address is transmitted to Adobe in order to display fonts (§ 165 (2) TKG – Austrian Telecommunications Code) and out of our and Adobe's legitimate interest in ensuring that they are used in accordance with the license (Art. 6 (1) (f) GDPR). The IP address is not stored after transmission.

To carry out this processing activity, we use Adobe Inc. as processor. The data is transferred on the basis of the EU-US Data Privacy Framework as an adequacy decision. You can find more information at: https://www.adobe.com/privacy/policies/adobe-fonts.html