PRIVACY POLICY

5.1 Right of Access to Information

You can request confirmation from the controller as to whether your personal data are being processed by us.

In the event of such processing, you may request the following information from the controller:

1. the purposes for which the personal data are processed;
2. the categories of personal data which are processed;
3. the recipients or categories of recipients to whom your personal data have been or will be disclosed;
4. the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage
5. the existence of a right of rectification or erasure of your personal data, a right to have the processing limited by the controller or a right to object to such processing
6. the existence of a right of appeal to a supervisory authority;
7. all available information on the origin of the data, if the personal data are not collected from the data subject;
8. the existence of automated decision making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject.
9. You have the right to request information as to whether your personal data are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

5.2 Right of Rectification

You have the right to ask the data controller to correct and/or complete the data if your personal data which is being processed is incorrect or incomplete. The data controller shall make the correction without delay.

When processing data for scientific, historical or statistical research purposes: Your right of rectification may be limited to the extent that it is likely to make it impossible or seriously hinder the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

5.3 Right to Limit Processing

Under the following condtions, you may request the restriction of the processing of your personal data:

1. if you dispute the accuracy of your personal data, the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you object to the deletion of the personal data and request instead the restriction of the use of the personal data;
3. the controller no longer needs the personal data for the purposes of the processing, but you need it in order to exercise or defend your rights, or
4. if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the EU or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

When processing data for scientific, historical or statistical research purposes:
Your right to restrict processing may be limited to the extent that it is likely to make the achievement of the research or statistical purposes impossible or seriously prejudicial and the restriction is necessary for the achievement of the research or statistical purposes.

5.4 Right of Cancellation

5.5 Right to Information

If you have asserted the right to rectify, erase or limit the processing towards the controller, the controller is obliged to notify all recipients to whom your personal data have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right towards the controller to be informed of these recipients.

5.6 Right to Data Transferability

You have the right to receive your personal data, which you have provided to the controller, in a structured, common and machine-readable format. You also have the right to have this data transferred to another controller (without interference from original controller to whom the personal data has given), provided that

1. the processing is based on a consent pursuant to Art. 6 (1) lit a GDPR or Art. 9 (2) lit a GDPR or on a contract pursuant to Art. 6 (1) lit b GDPR and
2. the processing is carried out by means of automated procedures.

In exercising this right, you also have the right that your personal data are transferred directly from one controller to another, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

5.7 Right of Objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which is carried out pursuant to Article 6 (1) lit e or f GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process your personal data, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection of your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You may exercise your right of objection in connection with the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

When processing data for scientific, historical or statistical research purposes:
You also have the right to object, for reasons arising from your particular situation, to the processing of your personal data for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89 (1) GDPR.

Your right of objection may be limited to the extent that it is likely to make the realisation of the research or statistical purposes impossible or seriously impairs them and the limitation is necessary for the fulfilment of the research or statistical purposes.

5.8 Right to Revoke the Consent Under Data Protection Law

You have the right to revoke your consent under data protection law at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

5.9 Automated Decision in Individual Cases including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

1. is necessary for the conclusion or fulfilment of a contract between you and the controller,
2. is authorised by EU or national legislation to which the controller is subject to and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of any person from the controller, to express his or her point of view and to challenge the decision.

5.10 Right of Appeal to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data is in breach of the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

1.1 Customer Account

When you register for a free customer account (independent of the Journi apps print or blog or the Journi website journiapp.com), the following data about you will be processed:

• First and last name
• Email address
• Password (we only store an encrypted version)
• Profile picture (optional)
• Place of residence (optional)
• Birthday (optional)
• Gender (optional)

We process this data to fulfil our obligations in the sense of the General Terms and Conditions and Terms of Use in accordance with Art 6 (2) lit b GDPR.

• Your data will be processed for the duration of your use of the app. You can delete your customer account at any time. Afterwards, it will be kept for the duration of the tax and company law obligation to retain it in accordance with the BAO and the UGB. Your data will only be processed within the EEA.

If you log in to the customer account via Facebook, the following data and authorisations are requested by Facebook; please note that these are responsible (as controller) for data processing by Facebook in the sense of GDPR (see also point 8.1 below):

• First and last name
• Profile picture
• Contact list
• Photos
• Email address

1.2 Free Services

You can use the following free services at Journi:

• Use of the Journi mobile apps (without registration)
• Use of Journi mobile apps (with registration, without subscription)
• Use of the Journi web app (without registration)
• Use of the Journi web app (with registration, without subscription)

When using the free services, the following personal data (in addition to the above-mentioned data when registering) are processed:

• Photos
• Place and time of recording (optional)
• Comments and likes you leave, these are public

Your personal data will be processed by you in order to fulfil our terms of use (free contract), in accordance with Art 6 (1) lit b GDPR.

1.3 Referral Program

When using our referral program (Point 8 of our Terms), registered customers can earn credits by inviting third parties to Journi. If a customer uses this function, in addition to point 1.1, information about the recommendations (invitations and credits) will be processed. The data of the third parties will be logged in when clicking the corresponding activation link will be processed as for a customer account (point 1.1).

1.4 Third Party Photos

If you publish photos of third parties or send them to us, you must ensure that this is done in accordance with data protection regulations and that the personal rights or other rights of these third parties are not violated (see point 4 of our Terms).

2.1 Subscriptions

If you take out a subscription (Point 7.2 of our Terms), your personal data will be processed by the respective App Store.

The processing of the app services with costs is carried out via the respective App Store (Apple or Google). For this purpose, you enter into an agreement with the respective App Store, which will use your data to fulfil this agreement and forward it to us based on their privacy policy.

2.2 Print Products

If you order a print product (Point 6.1 of our Terms), the following personal data will be processed:

• First and last name
• Delivery address
• Content and price of the order
• Photos that are part of the order (optional)
• Company (optional)
• Phone number (optional)

Based on the applicable (privacy) laws for your order, your data will be passed on to the appropriate partner/s listed below for contract fulfillment:

• Elanders Donauwörth GmbH
• Elanders Waiblingen GmbH
• Linemark, Inc (only for orders to or within the US)
• Precision Printing Co. Limited (only for orders within the UK)
• Alexanders Print Advantage (only for orders to or within the US)
• Photo Create Pty Ltd (only for orders within Australia and New Zealand)
• Our shipping partners

3.1 System Authorisations

For some functions our app must be able to access certain technical interfaces and data of the device. Depending on the type of operating system, this access may require your explicit consent, which will be obtained before the service is used (e.g. camera, tracking services). Use of the app is possible without these services, but only to a limited extent. You can adjust the permission settings in the system settings of your device at any time.

The following permissions may be required to use the app:

• Location services / location data (See also point 3.2): Authorisation to access the location services of the device is required to access the location determined by the device.
• Camera: Authorisation is required for the app to use the camera function of the device. No location data will be collected unless you specifically agree to it (above). Access to the camera function of the device is only granted when the function is activated in the app.
• Mobile data (iOS) or access to all networks and network connections (Android): Internet access (via WLAN or mobile data connection) through the app is required to enable the app to transmit and receive data. This permission is required to transfer data or photos in the app or user account.
• Contact list information: If you choose, you can use our "Import Contacts" feature to scan through your contacts list to find friends who already use Journi. If you choose to import contacts through your device's contacts list, then Journi will access your contacts list to determine whether or not someone associated with your contact is using Journi. You can choose to grant or deny this permission. If granted, your contact list information will be collected and used according to our privacy policy.

3.2 Location Services

In order to be able to offer all functions of the app (e.g. photo book with location) that are based on the current location, you can grant the app the authorization to use the location services of the (mobile) device to collect corresponding location data. If the user of the app is granted access to the location services, your current location will be regularly updated in the app. If the user does not grant access, your photos can be transmitted, but not your location. The location of an individual photo is also stored publicly along with the published photos.

7.1 General Information

When using our website, so-called "cookies" are stored on your device. These are small text files that store certain settings and data for exchange with our system via your browser. A cookie contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier ("cookie ID"), and the following data: IP address, browser, operating system, language setting. Cookies help us, for example, to improve our website and to be able to offer you optimised services.

In the "session cookies" used by us, only the above-mentioned data on your use of the website is temporarily stored. These save a so-called "session ID", which can be used to assign various requests from your browser to a common session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you close the browser. In addition, so-called "persistent cookies" are used, which are automatically deleted after a specified period of time. These enable not only the recognition of your device with which you have already visited our website, but also the non-personal analysis of your behaviour on our website. In the list below you will find information on how long the respective cookies are stored.

If you do not wish to use browser cookies, you can set your browser to not accept cookies. If you prevent the storage of technically required cookies, we would like to point out that you may not be able to use our website to its full extent. This means that your session will not be saved. For this reason, the settings or progress you have selected will not be reopened at the same place where you left them the next time you use the websites.

Specifically, the following cookies are involved:

Cookie Name: journi-gdpr

Value Domain: journiapp.com
Duration: 365 days
Data Category: Functionality
Purpose: the user accept cookie terms

Cookie Name: _dd

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: datadog third party
Third Party (Receiver): datadog
Link: https://www.datadoghq.com/legal/cookies/

Cookie Name: _fbp

Value Domain: journiapp.com
Data Category: Targeting
Purpose: Is used by Facebook to show a range of advertising products, such as real-time bidding from third-party advertisers.
Third Party (Receiver): Facebook
Duration of Storage: 3 months
Link: https://www.facebook.com/policy/cookies/

Cookie Name: _amplitude

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: Amplitude set a cookie on web to identify the device
Duration of Storage: 365 days
Third Party (Receiver): Amplitude
Link: https://help.amplitude.com/hc/en-us/articles/206533238-Data-Security-Privacy

Cookie Name: lang

Value Domain: journiapp.com
Data Category: Functionality
Purpose: selected user language
Duration of Storage: session

Cookie Name: session

Value Domain: journiapp.com
Data Category: Functionality
Purpose: session of journi user
Duration of Storage: 5 days

Cookie Name: _ga

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: This cookie helps us to understand general user behavior on our website better. We use this cookie from Google Ads purely to improve the performance of our ad placements. As soon as you reach a target predefined by us, the result will be evaluated statistically. This enables us to focus on providing higher-quality ads. When you browse through our website you will see ads that are more relevant to your interests; so you will obtain results which match your search criteria even quicker. Your data will only be collected anonymously. So we are not able to link this information directly to you.
Duration of Storage: 2 years
Third Party (Receiver): google analytics
Link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-US

Cookie Name: _gid

Value Domain: journiapp.com
Data Category: Performance
Purpose: With the data from Google Analytics, the user and update rates can be distinguished anonymously
Duration of Storage: 1 day
Third Party (Receiver): google analytics
Link: www.google.com/intl/en/analytics/privacyoverview.html

Cookie Name: _hj

Value Domain: journiapp.com
Data Category: Third-party cookie
Purpose: To function properly, Hotjar stores first-party cookies on your visitor's browser. Cookies are either set by the Hotjar script, or by visiting Hotjar's website. Displaying the correct content to your visitors without personally identifying anyone relies on Hotjar's cookies.
Duration of Storage: 365 days
Third Party (Receiver): Hotjar
Link: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies

7.2 Google Analytics

We use Google Analytics, a web analysis service of Google Inc. ("Google"). Google uses cookies. The information generated by the cookie about the use of the website by the user is usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data from Google.

The data will be transferred outside the EEA to the parent company of the Google group of companies, Google LLC, and to its wholly owned U.S. subsidiaries, in accordance with the Privacy Shield Principles, when the scope of Google LLC's Privacy Shield certification covers the customer's personal information.

Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout.

For more information about Google's advertising use, opt-out and opt-in options, please visit the Google websites: www.google.com/intl/de/policies/privacy/partners/("Google's use of data when you use our partners' websites or apps"), www.google.com/policies/technologies/ads("Google's use of data for advertising purposes"), www.google.de/settings/ads("Manage the information Google uses to serve ads to you") and www.google.com/ads/preferences/ ("Determine what ads Google shows you"). Order Data Agreement https://privacy.google.com/businesses/processorterms/; Privacy Policy for GDPR https://policies.google.com/privacy/update?hl=de.

8.1 Facebook

The social network facebook.com is operated by Meta Platforms Inc. (former Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA and is used for user interaction. Data controller for users in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (both: "Facebook"). If you visit our Facebook page or the website of Facebook, their privacy policy applies.

The purpose of the data collection and processing as well as the use of the data by Facebook, as well as the types of data (scope of the data) can be found by the user in the notes on data protection, which Facebook itself publishes; see: http://www.facebook.com/policy.php. In the interests of the best possible transparency, we summarize the key points for the user:

The data collected in this way is used to analyse usage behaviour and to provide, select, evaluate, and understand the advertisements that Facebook provides on and off Facebook (this includes advertisements provided by or on behalf of Facebook subsidiaries) and to compile statistics on users. Facebook will also use the data available to it to improve its advertising and measurement systems so that Facebook can show users on and off Facebook services and measure the effectiveness and reach of advertisements and services. If the user is registered with Facebook, Facebook is able, by using the data collected, to provide services to the user, personalise content for the user and provide the user with links and suggestions in which the user may be interested. Finally, the collected data is used to send marketing communications to the user, to communicate with the user about its services and to inform the user about Facebook's policies and terms.

If the user is the owner of a Facebook account and visits Facebook button, he/she has given his/her consent to the collection, transfer, storage, disclosure and use of his/her information in accordance with the Facebook Privacy Policy (https://www.facebook.com/about/privacy). The user can change the privacy settings of his Facebook account in the account settings.

Further information on Facebook and the GDPR can be found at: https://www.facebook.com/business/gdpr#Facebook-als-Datenverantwortlicher-vs.-Auftragsverarbeiter.

8.2 X (Twitter)

The social network “X” (formerly Twitter) is operated by X Corp. Suite 900, 1355 Market Street, San Francisco, California, 94103, USA ("X"). The X button links to our profile. On the X website their privacy policy applies.

The purpose of the data collection and processing as well as the use of the data by X, as well as the types of data (scope of the data) can be found by the user in the information on data protection, which X itself publishes; see http://twitter.com/privacy.

8.3 Instagram

Instagram is part of Meta Platforms Inc. (former Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA. Data controller for users in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The Instagram Social Media button links to our Instagram profile. If you visit our Instagram profile or the website of Instagram, their privacy policy applies.

The purpose of data collection and processing and use of the data by Instagram or Facebook, as well as the types of data (scope of data), can be found by the data subject in the information on data protection published by Instagram itself; see: https://help.instagram.com/519522125107875. The information given above on Facebook applies analogously to Instagram.

If the individual follows the link to Instagram, data will be processed, collected, transferred, stored, disclosed and used in accordance with Instagram's Privacy Policy. Furthermore, when visiting the Instagram website, cookies may be stored on the device of the data subject. The Facebook cookie policy applies here: https://www.facebook.com/policies/cookies. If the data subject is the owner of an Instagram account, the information transmitted can be linked to this account by Instagram or Facebook.

8.4 Pinterest

The data controller is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; the Data Protection Officer can be contacted here. Pinterest discloses information to its parent company in the USA, which is part of the Privacy Policy. Their privacy policy applies to pinterest.com, over which we have no control.

If you follow the link to Pinterest, Pinterest processes data in accordance with its privacy policy and cookie policy. Cookies are stored on your device when you visit the site. Pinterest's Privacy Policy also contains details of the types of data processed by Pinterest, and whether and how these are passed on.

If you are a Pinterest account holder, Pinterest can also link this data to your account.