Privacy Policy

Website

We, Inkitt GmbH, operate https://www.inkitt.com and collect certain data from you, where necessary. In the following privacy policy, you will be informed what we do with your data, so-called personal data, and why we do this. We will also inform you how we protect your data when this data is deleted, and what rights you have within data protection.

Who can I contact?

Responsible for this website is:

Inkitt GmbH

Saarbrücker Str. 36

10405 Berlin

E-Mail: [email protected]

Via the contact data, you can reach our Data Protection Officer or another relevant contact person for data protection. Don't hesitate to contact us if you have specific questions about your personal data, deletion of your personal data, or similar requests.

What are my rights?

You can contact us at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights:

Right to withdraw your consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to cancel a previously given consent to a newsletter)
Right to access your data in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
Right to correct your data in accordance with Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and we should replace your old e-mail address)
Right to have your data deleted in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
Right to limit data collection in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only to send absolutely necessary e-mails)
Right to data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data in a zipped format, if you want to upload it to another website)
Right to object how your data is handled in accordance with Art. 21 GDPR (e.g. you can contact us if you do not agree with advertising or user analytics procedures as described within this privacy policy)
Right to send complaints to the supervisory authority in accordance with Art. 77 para. 1 f GDPR (e.g. you can contact the data protection supervisory authority directly: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

Deletion of data and storage periods

Unless otherwise stated, we will delete or anonymize your data as soon as it is no longer needed, e.g. your e-mail address after you have unsubscribed from a newsletter. Your data will also be deleted or blocked automatically if the mandatory storage period expires. Such data may be needed for longer periods of time for legal reasons. You can request information about all personal data we have stored about you. Data protection inquiries and other legal matters may also be stored for a longer period of time within the scope of the legally relevant retention and statute of limitations periods.

Contacting us

When contacting us via email, the User's details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or fulfilling your request based on Art. 6 (1) b. GDPR.

Visiting our website

If you merely wish to browse our website, we do not collect any personal data, with the exception of the data that your browser sends to us, e.g.:

Approximate location based on IP range (e.g. "Berlin city")
Date and time of visit (e.g. 11:55 on 25.05.2023)
Last visited website (e.g. google.com)
Browser and version (e.g. Chrome or Safari)
Operating system (e.g. Mac OS)

As a protective measure in favor of your privacy, we delete or anonymise the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimize our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, prevent display problems for visitors, and correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR.

Automated Decision making (including "profiling")

In general we do not process any data via "profiling" or in form of automated decision-making via the Website or Service. However, such profiling may happen by third-party providers through the Website or Service. We will inform you about such fact if possible.

Data Security

We have implemented sufficient measures to ensure data and IT security. The Website is operated through a safe SSL connection. If an SSL connection is activated, third parties are prevented from reading any data that you transfer to us.

Sign up

You also have the option of signing up on our website and then logging in at any time with a user account. To register with us, the following data is required:

E-mail address
User name
Password
Gender
Date of birth

As a protective measure, data is transmitted via a secure connection like the rest of the website. After successful confirmation, your data will be stored until you decide to delete individual data or the entire user account. The purpose of the data requested is the creation of a user account that provides extended functionality to the website. Sign-up is voluntary and can be withdrawn or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR. In cases where the sign-up is required for the mutual conclusion of the contract, the legal basis is the fulfillment of the contract in accordance with the European data protection requirements from Art. 6 para. 1 lit. b GDPR.

Participation in the Inkitt Community and use of the Service

For taking part in our community through our Website you are asked to provide us with certain data. Such data will only be sent and provided to us after you clicked the respective 'submit' button on the Website.

This data may include the following information for the following purposes:

Your user name is required to log-in to your account
Your email address is required for account verification
Your gender is required for our recommendation engine
Your date of birth is required to enforce restrictions of content for under-aged users
Your favorite genre is required to provide you with recommendations
Your interests are required to provide you with recommendations

Social Sign-In & Social Login

In addition to manual registration, we provide the option of logging in directly to us with your existing user account of a social network from selected providers. We use Google Login for this purpose. If you wish to use one of these functions, you will be redirected to the page of the respective provider and navigated through the registration process.

As a protective measure, the data you enter is transmitted via an encrypted connection of the respective platform. We do not use the registration to access personal data such as friend lists or contacts or to store them for our own purposes. A permanent link between your user account and the user account at Google does not take place. We do not know what data social networks collect in the course of registration or how data is linked. Further details can be found in the privacy statements of Google. The purpose of the requested data is the registration via an existing user account for the use of extended functions on the website. Registration via social networks is voluntary and can be revoked or the user account can be logged out at any time. The legal basis is your consent in accordance with the European data protection requirements from Art. 6 para. 1 lit. a) GDPR.

If you are interested in receiving updates about our company or our products, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm receipt of the newsletter. We will then save your e-mail address until you unsubscribe from the newsletter. For this purpose, you will find a corresponding link to unsubscribe in every e-mail of our newsletter. The delivery of the newsletter is carried out by the specialized service provider Sendgrid by Twilio. Further information can be found in the service provider's privacy policy: https://www.twilio.com/legal/privacy.

As a protective measure, we ask for a so-called "Double-Opt-In" to ensure that the registered e-mail address actually belongs to you. Furthermore, we have entered into a data processing agreement with the assigned service provider. You are also able to unsubscribe from the newsletter at any time and thus delete your e-mail address from the service provider's database. The purpose of the data requested is to send the newsletter to your personal e-mail address in order to fulfill your request for updates about our company or our products. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR.

Job applications

Insofar as you apply to us online or otherwise respond to one of our job ads, we collect and process the personal applicant data for the purpose of handling the application process. The processing is primarily carried out electronically. This is particularly the case if corresponding application documents are submitted electronically to us, for example by e-mail or via a web form located on the website. If we conclude an employment contract, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract, the application documents will be deleted six months after notification of the rejection decision - this retention period is justified by a potential obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). If consent was given, applications may also be retained for longer than six months.

As part of the job application process, we also use a recruiting and applicant management software, which is provided by the service provider BambooHR. This software helps us to place job advertisements and manage applications centrally. For this purpose, we have concluded a data processing agreement to ensure that the personal data of our applicants is only processed in accordance with our instructions. Further information can be found in the service provider's privacy policy: https://www.bamboohr.com/privacy-policy/

The legal basis is the establishment and performance of the employment relationship on the basis of an employment contract in accordance with Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR with § 26 BDSG (Federal Data Protection Act of Germany, where applicable).

Cookies

Our website partially uses so-called cookies. Cookies are small text files that are usually stored in a folder of your browser. Cookies contain information about the current or last visit to the website:

Name of the website
Expiration date of the cookie
Any value

If cookies do not contain an exact expiration date, they are stored only temporarily and are automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date will still be stored even when you close your browser or restart your device. Such cookies will not be deleted until the specified date or if you delete them manually.

We use the following three types of cookies on our website:

required cookies (cookies that are required, e.g. to display the website correctly for you and to store certain settings temporarily)
functional and performance-related cookies (cookies that help us improve our website, e.g. to evaluate technical data of your visit and avoid error messages)
advertising and analytics cookies (cookies that provide analytics and personalized ads, e.g. advertising for shoes is displayed if you have previously searched for shoes)

You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly. Helpful information and instructions for the most common browsers can be found here: https://www.allaboutcookies.org/manage-cookies/stop-cookies-installed.html

Data Recipients

In accordance with the descriptions and purposes stated above, we share your information with the following recipients that are essential to providing our services and communicating with you:

Google Analytics, operated by Google Ireland Ltd. headquartered in Gordon House Barrow Street Dublin 4 Ireland. We use Google Analytics to analyze user behavior and to serve personalized advertising. The data will be processed within the European Union. For more information, please refer to the privacy policy for Google Analytics at: https://policies.google.com/privacy
Sentry, operated by Functional Software Inc., 45 Fremont St, San Francisco, California 94105, USA, for the purpose of error tracking. Your device, operating system, visitor_id, country, release version, url, and user ID will be processed via servers in the US and Europe. For more information, please refer to the privacy policy for Sentry at: https://sentry.io/privacy/#eu-us-privacy-shield
Sendgrid, operated by Twilio Inc., 101 Spear Street, 1st Floor, San Francisco, California, 94105, USA, for the purpose of sending transaction and marketing emails and storing of unsubscription. Your email address will be processed. For more information, please refer to the privacy policy for Sendgrid at: https://www.twilio.com/legal/privacy
Facebook, operated by Meta Platforms Ireland Ltd. headquartered in 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data will be processed within the European Union. For more information, please refer to the privacy policy for Facebook at: https://www.facebook.com/privacy/policy/
Amazon Web Services, operated by Amazon Web Services, Inc. headquartered at 410 Terry Avenue North Seattle WA 98109 USA. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Amazon Web Services at: https://aws.amazon.com/privacy/
Google Cloud, operated by Google LLC, headquartered at 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Google Cloud at: https://cloud.google.com/terms/cloud-privacy-notice
Datadog, operated by Datadog, Inc. headquartered at 620 8th Ave 45th Floor, New York, NY 10018, USA. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Datadog at: https://www.datadoghq.com/legal/privacy/
Stripe, operated by Stripe, Inc. headquartered at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Stripe at: https://stripe.com/privacy
Galatea, operated by Inkitt GmbH, headquartered at Saarbrücker Str. 36, 10405 Berlin, Germany. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to the privacy policy for Galatea at: Privacy Policy - Galatea Stories

We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example in the context of our newsletter or cookie banner. If no contract exists yet, we share the data in certain cases in the context of legitimate interests. This is the case, for example, if you only want to visit our website or contact us. When you visit our website, it is in the interest of both parties to provide access to the services and to communicate with each other.

We have also entered into data processing agreements with all external recipients to comply with European legal requirements. Depending on your location, some of the above service providers - if specified - will also transfer your data to the United States. The European Court of Justice has ruled that the United States does not have an equivalent level of data protection to the EU and authorities may be able to access data without due process. Additional safeguards are therefore required to ensure a sufficient level of data protection. To meet this requirement, we have concluded additional data processing agreements called Standard Contractual Clauses. We also check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong encryption of data

App

When you use our app, we collect and store certain data (technically necessary) about you to provide services and improve the overall app experience.

In the following privacy policy, you will learn what we do with your data, so-called personal data, and why we do it. We will also tell you how we protect your data, when the data is deleted, and what rights you have thanks to data protection.

At the outset, we would like to explain our concerns and explain the purposes of data processing as clearly and transparently as possible (further details in the respective explanations).

Who can I contact?

Responsible for this website is:

Inkitt GmbH

Saarbrücker Str. 36

10405 Berlin

E-Mail: [email protected]

If you have specific questions about your data, its deletion, or your rights, there is a direct contact option for data protection via the email address [email protected]. If you wish to submit a written request, simply add "data protection".

What are my rights?

You can contact us at any time if you have questions about your data protection rights or wish to exercise any of your rights below:

Right of withdrawal according to Art. 7 (3) GDPR (e.g. you can contact us if you wish to revoke a previously given consent to a newsletter)
Right to information according to Art. 15 GDPR (e.g. you can contact us if you want to know which data we have stored about you)
Correction according to Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and you want us to replace the old e-mail address)
Deletion according to Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
Restriction of processing according to Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only to use it for sending absolutely necessary e-mails).
Data portability according to Art. 20 GDPR (e.g. you can contact us to receive your data stored with us in a compressed format, e.g. because you want to make the data available to another website).
Objection according to Art. 21 GDPR (e.g. you can contact us if you do not agree with one of the advertising or analysis procedures specified here).
Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 (1) GDPR (e.g. you can also contact the data protection supervisory authority directly in the event of complaints)

Deletion of data and storage period

Unless otherwise specified, we will delete your data as soon as it is no longer required. Your data will also be blocked or deleted if a storage period prescribed by law expires unless there is a need to continue storing the data for the conclusion or performance of a contract. Certain data may have to be stored longer for legal reasons. You can, of course, request information about the stored data at any time. You can delete all previously stored data on your orders and reset your authentication within the app at any time.

How is your personal data protected?

We will take all reasonable and appropriate measures to protect the personal information we store from misuse, loss, or unauthorized access. To this end, we have taken a number of technical and organizational measures. This includes measures to deal with any suspected data breaches.

If you suspect that your personal information has been misused, lost or accessed without authorization, please let us know as soon as possible by contacting us using the contact details above!

Data collection in our app

When you use our app, we collect and store certain data (technically necessary) about you to provide services, and improve it overall:

Language settings (e.g. system language German)
Approximate location based on device language and time zone
Date and time of use (e.g. 11:45 on 25.05.2018)
Operating system (iOS, Android)
Hardware

To protect your privacy, we delete or anonymize identifiers in our database and most technical data after your use.

The purpose of temporarily storing this data is to connect to our servers and provide the app.

The legal basis is the contract with you according to Art. 6 para. 1 lit. b GDPR as well as the legitimate interest according to the European data protection requirements according to Art. 6 para. 1 lit. f GDPR. In addition, we apply the above-mentioned security measures to protect your data.

Registration and use of the app:

In addition, certain data is required for registration and use of our app. This is the following data:

Name (mandatory)
E-mail (mandatory)
Password (mandatory)
Gender (mandatory)
Date of birth (mandatory)

In addition to manual registration, we offer you the option of registering with us directly with your existing user account of a social network from selected providers. We use the platforms "Apple” and "Google". If you wish to use one of these functions, you will be redirected to the page of the respective provider and navigated through the registration process.

To protect your privacy, we delete or anonymize identifiers in our database and most technical data after your use. The evaluation of the usage data is carried out exclusively on a statistical basis and is not personalized.

The purpose of processing this data is to enable the use of the app and its service offerings and functions.

The legal basis is the usage contract with you pursuant to Art. 6 (1) lit. b GDPR as well as the legitimate interest pursuant to Art. 6 (1) lit. f GDPR. You can object to the data processing based on the legitimate interests at any time and explain why your interest outweighs ours. However, it will then unfortunately no longer be possible to use our app. In addition, we apply the above-mentioned security measures to protect your data.

Further data processing in the app

In addition to the previously mentioned data, we process the following user-related data in the app (not mandatory):

Short Bio text
City
Facebook Profile URL
Twitter Profile URL
Instagram Profile URL
Private email (not visible to other users)
Public email (visible email to other users on the profile page)
Contact information for commercialization

Mobile apps and app permissions

When you download our app via an app platform (Apple App Store or Google Play Store), you submit certain information to this platform, in particular your account data, e.g. name, device ID and email address. We have no influence on this data collection and are not responsible for it.

Some features of our app require access to certain features and services on your device. Depending on which mobile operating system you use, you may be required to accept certain app permissions. We will now explain what these permissions are:

Location data:

Access location data: When you select OK in the "Access Location" pop-up, you allow the app to capture your location.

To protect your privacy, all app permissions are optional, except for the technical permissions required to run the app. You can decline at any time (by clicking "no" or "do not accept"). You can also revoke the permissions afterward by changing the corresponding settings on your device.

The purpose of requesting these permissions is to enable you to use our service and app-specific features.