Privacy Policy

With this data protection notice we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (GDPR). Gaiali GmbH (hereinafter referred to as „we“ or „us“) is responsible for data processing.

I. General information

1. Contact

If you have any questions or comments about this information, or if you wish to contact us about asserting your rights, please send your request to

Gaiali GmbH

Kleine Präsidentenstasse 1
10115 Berlin, Germany
E-mail:hi@get-yuno.com

2. Legal basis

The term „personal data“ under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent, Art. 6 Para. 1 lit. a GDPR, for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures, Art. 6 Para. 1 lit. b GDPR, for the performance of a legal obligation, Art. 6 Para. 1 lit. c GDPR, or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data override, Art. 6 Para. 1 lit. f GDPR.

3. Storage period

Unless otherwise stated in the following notes, we only store the data for as long as is necessary to achieve the processing purpose or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof, as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

4. Categories of recipients of the data

We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing activities or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the data controller and are contractually obliged to guarantee appropriate technical and organisational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company‘s bank, tax advisors/auditors or the tax authorities. Further recipients may result from the following information.

5. Data transfer to third countries

Visiting our website may involve the transfer of certain personal data to third countries,

i.e. countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards are in place in accordance with Article 46 of the GDPR or if one of the conditions of Article 49 of the GDPR is met.

Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards.

6. Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR

If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purpose of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. These processing operations are based on the legal basis of Art. 6 Para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 Para. 2 BDSG.

7. Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR you have the right to request information as to whether and, if so, to what extent we are processing personal data relating to you or not.

  • You have the right to demand that we correct your data in accordance with Art. 16 GDPR.

  • You have the right to demand that we delete your personal data in accordance with Art. 17 GDPR.

  • You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.

  • You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.

  • If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 Para. 3 GDPR. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.

  • If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR.

8. Right of objection

In accordance with Art. 21 Para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 Para. 1 lit. e or lit. f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Article 21 Para. 2 and 3 of the GDPR.

II. Data processing on our website

When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. In data protection law, the IP address is also generally considered to be personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

1. Processing of server log files

During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type / version, operating system used, requested page, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 Para. 1 lit. f GDPR. This processing serves the technical administration and security of the website. The stored data is deleted after seven days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject on the basis of the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 Para. 2 of the GDPR, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.

2. Cookies

We use cookies and similar technologies („cookies“) on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases. Further information on this is available from the Federal Office for Information Security: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special functions and content as well as for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 15 Para. 3 TMG or Article 6 Para. 1 lit. a GDPR. Information on the purposes, providers, technologies used, stored data and the storage period of individual cookies can be found in the settings of our Consent Management Tool.

3. Consent Management Tool

The Consent Management Tool/Cookie Banner enables the users of our website to give consent to certain data processing processes, to revoke a given consent or to object to data processing. In addition, the Consent Management Tool helps us to provide proof of your declarations. For this purpose, log data on your declarations are processed. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis is Art. 6 Para. 1 lit. c GDPR in conjunction with. Art. 7 Para. 1 GDPR. Further information can be found in the settings of the Consent Management Tool.

4. Contact options and inquiries

a. Contact form

Our website contains a contact form that you can use to send us messages. The transfer of your data is encrypted (recognizable by the „https‘‘ in the address bar of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact email. We process the data for the purpose of answering your inquiry. If your request is directed towards the conclusion or performance of a contract with us, Art. 6 Para. 1 lit. b GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is then Art. 6 Para. 1 lit. f GDPR.

b. Zendesk Chat

We use the Zendesk Chat service on our website, provided by Zendesk Inc. (Zendesk). Zendesk Chat is a live chat service that allows you to contact us directly on our website. Alternatively, you can use the contact form or send us a message via the contact email.

If your request is directed towards the conclusion or performance of a contract with us, Art. 6 Para. 1 lit. b GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest to get in contact with inquiring persons. The legal basis for the data processing is then Art. 6 Para. 1 lit. f GDPR.

The data collected through the Zendesk Chat service is processed for us by Zendesk as a processor. Zendesk is a US company. A transfer of personal data to the USA may occur as part of the order processing. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46 Para. 2 lit. c GDPR.

5. Newsletter

a. Subscription and unsubscription

We offer on our website the possibility to register for our newsletter. After registration we will inform you regularly about the latest news on our offers. A valid e-mail address is required to register for the newsletter. To verify the email address, you will first receive a registration email, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and name on the basis of the consent you have given us.

We also analyse the opening rates of our newsletter and the reading behaviour of the addressees of our newsletter. For this purpose, we collect and process pseudonymised usage data, which we do not merge with your e-mail address or your IP address.

The processing is based on the legal basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future, for example via the „unsubscribe“ link in the newsletter or by contacting us via the channels mentioned above. The legality of the data processing operations already carried out remains unaffected by the revocation. When you register for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 Para. 1 lit. c in conjunction with Art. 7 Para. 1 GDPR).

If you register with Yuno, we will also send you promotional emails (existing customer advertising). You can object to the promotional use of your data at any time by sending an e-mail to hi@get-yuno.com or in the account settings of your Yuno customer account (access via a web browser) (declaration of advertising objection). A corresponding unsubscribe link can also be found in every advertising email. The legal basis for this data processing is Article 6 Para. 1 lit. f GDPR, based on our legitimate interest in promoting our products and services.

b. Service provider

For the management of subscribers, the dispatch of the newsletter and the analysis, we use the service MailChimp of The Rocket Science Group LLC d/b/a MailChimp (USA). Your email address is therefore transmitted by us to MailChimp. The processing takes place on our behalf.

Insofar as this involves the transfer of personal data to the USA, the EU standard contractual clauses for the transfer of personal data to processors in third countries are used as appropriate safeguards.

6. Google Analytics

We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland) on our website.

Google Analytics is a web analytics service that allows us to collect and analyse data about the behaviour of visitors to our website. Google Analytics uses cookies for this purpose, which enables an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.

Some of this data is information that is stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information that is already stored in your terminal device only takes place with your consent.

Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by the users, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the use of the Internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 Para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future.

The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google‘s Ireland sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46 Para. 2 lit. c GDPR.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user‘s browser is not merged with other data.

We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyse long-term relationships.

The data on user actions are stored for a period of 14 months and then automatically deleted. The deletion of data whose storage period has expired takes place automatically once a month.

You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

7. Facebook Pixel

We use the Facebook business tool Facebook Pixel of the provider Facebook Ireland Limited (Facebook Ireland) on our website. Information on the contact details of Facebook Ireland and the contact details of the data protection officer of Facebook Ireland can be found in the data policy of Facebook Ireland at https://www.facebook.com/about/privacy.

The Facebook pixel is a snippet of JavaScript code that allows us to track visitors‘ activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) in connection with the activities of visitors on our website:

  • Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product, and buttons clicked by visitors to the website;

  • Specific pixel information such as the pixel ID and the Facebook cookie;

  • Information about buttons clicked by visitors to the site;

  • Information present in HTTP headers such as IP addresses, web browser information, page location, referrer, and the person using the site;

  • Information about the status of disabling/restricting ad tracking.

Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the Facebook pixel, via which information is stored on your end device. Such storage of information by the Facebook pixel or access to information that is already stored in your end device only takes place with your consent.

Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We may use the tracked conversions there to measure the effectiveness of our ads, to set Custom Audiences for ad targeting, for Dynamic Ads campaigns, and to analyze the effectiveness of our website‘s conversion funnels. The features we use through the Facebook Pixel are described in more detail below.

Processing of event data for advertising purposes

Event data collected through the Facebook Pixel is used to target our ads and improve ad delivery, personalize features and content, and improve and secure Facebook products.

For this purpose, event data is collected on our website by means of the Facebook Pixel and transmitted to Facebook Ireland. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Art. 6 (1) lit. a GDPR.

This collection and transfer of event data is carried out by us and Facebook Ireland as joint controllers. We have entered into a joint controller agreement with Facebook Ireland which sets out the allocation of data protection obligations between us and Facebook Ireland. In this agreement, we and Facebook Ireland have agreed, among other things,

  • that we are responsible for providing you with all the information pursuant to Art. 13, 14 GDPR on the joint processing of personal data;

  • that Facebook Ireland is responsible for enabling the rights of data subjects under Articles 15 to 20 of the GDPR in respect of personal data held by Facebook Ireland following joint processing.

You can access the agreement entered into between us and Facebook Ireland at https://www.facebook.com/legal/controller_addendum.

Facebook Ireland is the sole controller of the subsequent processing of the submitted Event Data. For more information about how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your data subject rights against Facebook Ireland, please see Facebook Ireland‘s Data Policy at https://www.facebook.com/about/privacy.

Processing of event data for analysis purposes

We have also engaged Facebook Ireland to report on the impact of our advertising campaigns and other online content based on event data collected through the Facebook Pixel (Campaign Reports) and to provide analysis and insights about users and their use of our website, products and services (Analytics).

Personal data is only processed for the creation of analyses and campaign reports if you have previously given your consent to this. The legal basis for this processing of personal data is therefore Art. 6 Para. 1 lit. a GDPR.

We transfer personal data contained in the event data to Facebook Ireland for this purpose. The personal data submitted will be processed by Facebook Ireland as our processor to provide us with campaign reporting and analytics.

We have instructed Facebook Ireland to transfer the personal data processed on our behalf to Facebook Inc. in the USA for storage and further processing. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to Art. 46 Para. 2 lit. c GDPR.

8. Third party services and content

We use services and content provided by third parties on our website (hereinafter collectively referred to as „content“). For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers. This data processing is carried out in each case to protect our legitimate interests in the optimization and economic operation of our website and is based on the

Legal basis of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall uMatrix for the browsers Firefox and Google Chrome. Please note that this may result in functional restrictions on the website.

We have integrated content from the following services provided by third parties into our website:

„YouTube“ of Google Ireland Limited (Ireland/EU) for the display of videos.

„Vimeo“ of Vimeo Inc. (USA) to display videos.

III. Data processing when using our app

When you use the app, we collect information that you provide yourself. We also collect certain information automatically when you use the app.

In data protection law, online identifiers such as the IP address or a device ID are also considered personal data. However, we are regularly not in a position to identify you directly as a data subject on the basis of such online identifiers. Therefore, pursuant to Article 11 Para. 2 of the GDPR, Articles 15 to 22 of the GDPR do not apply to the processing of such data by us, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.

1. Data processing when using the app

When you use the app, we collect information that you provide yourself. We also collect certain information automatically when you use the app.

In data protection law, online identifiers such as the IP address or a device ID are also considered personal data. However, we are regularly not in a position to identify you directly as a data subject on the basis of such online identifiers. Therefore, pursuant to Article 11 Para. 2 of the GDPR, Articles 15 to 22 of the GDPR do not apply to the processing of such data by us, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.

2. Data processing when using the app

When you use our app, we process the following data, among others:

  • IP address;

  • Time of use

  • Date of use

  • Push Notification ID, which is provided by Apple if the user has enabled push notifications (APNs).

The processing of this data is technically necessary so that we can offer the functions of our app and ensure the stability and security of the app. The legal basis for the processing is Art. 6 Para. 1 lit. f GDPR.

The stored data will be deleted in accordance with data protection regulations, unless there is a justified suspicion of unlawful use on the basis of concrete indications and further examination and processing of the information is necessary for this reason.

3. Registration

Registration is required in order to use the app. The required information can be seen in the registration input mask. The provision of the information marked as mandatory is mandatory so that the registration can be completed. The data provided will be processed for the purpose of providing the service.

You can register and sign in to the Yuno App using „Sign in with Apple“. „Sign in with Apple“ is a service provided by Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. This links your Apple ID and the OneFootball Apps. You have the option to share your email address or hide your email address in your iPhone‘s settings. If you select

„Share Email Address“, we will receive the email address and your name associated with your Apple ID. Hide Email Address, an email relay service from Apple, lets you create a unique, random email address that forwards email to your private email address. This allows you to receive messages from the app without sharing your private email address with us. We do not share any data with Apple, by connecting to Apple your IP address is transferred to Apple. The controller of personal data for individuals, within the European Economic Area, is Apple Distribution International ltd, Hollyhill Industrial Estate, Hollyhill Cork, Republic of Ireland. In the event that personal data is processed outside the European Union area, the provider has undertaken to comply with EU data protection standards. For more information on any data processing by Apple, please refer to Apple‘s privacy policy.

The processing is based on the legal basis of Article 6 Para. 1 lit. b GDPR.

4. Google Firebase

We use the Google Firebase development platform of the provider Google Ireland Limited (Google Ireland) for our apps.

Google Firebase is a platform for developing apps for mobile devices and websites. Google Firebase provides features such as analytics, databases, messaging, and crash reporting, as well as the technical infrastructure to run the app, through a software development kit (SDK).

Depending on the respective function, online identifiers such as the IP address used and the Firebase installation IDs are processed for this purpose. In addition, some functions use further information about the end device used. Furthermore, individual functions process additional personal data such as. Further information on the functions of Google Firebase, the data processed in each case and the respective storage period can be found at https://firebase.google.com/support/privacy. The data is transmitted to Google Ireland and processed on our behalf.

Furthermore, the data processing is carried out to protect our legitimate interest in managing and controlling our app on the basis of a developer platform. The legal basis for the processing of personal data in this case is Art. 6 Para. 1 lit. f GDPR

The personal data processed to provide the features of Google Firebase may also be transferred to third countries where the GDPR is not applicable law, if Google Ireland or Google‘s Irelands sub-processors maintain facilities in that third country. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. We have also concluded these as so-called model contractual clauses with Google LLC. You can access the model contractual clauses here https://firebase.google.com/terms/firebase-mcc

5. Analysis of our app

We analyse the use of our app in order to better adapt it to the wishes of our users and to ensure the stability and reliability of our app.

In particular, we analyze how often the app is opened, which audio stories are listened to by a user and how often they are listened to. We also analyze which quizzes a user plays and which results are achieved.

a. Google Analytics for Firebase

We use the Google Analytics for Firebase service of the provider Google Ireland Limited (Google Ireland) in our app.

The Google Analytics for Firebase service is a feature of the Google Firebase development platform. Google Analytics is an analytics service that allows us to collect and analyze data about the behavior of users of our app in order to compile reports about the activities within our app. This involves processing personal data in the form of online identifiers, IP addresses, device identifiers and information about interaction with our App. For more information on Google Analytics data collection, please visit https://support.google.com/firebase/answer/6318039. The data is transferred to Google Ireland and processed on our behalf.

The legal basis for data processing in connection with the Google Analytics service is therefore Article 6 Para. 1 lit. f GDPR. The processing is carried out to protect our legitimate interest in obtaining information about the use of our app and, on this basis, to be able to adapt our app to the use.

Google Analytics retains certain data associated with an advertising identifier for 60 days and retains aggregate reporting without automatic expiration. Storage of user-level data, including conversions, is set to up to 14 months. For all other event data, storage is set at 14 months.

The personal data processed to provide the Google Analytics features may also be transferred to third countries where the GDPR is not applicable law, if Google Ireland or Google‘s Ireland sub-processors maintain facilities in that third country. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. We have also concluded these as so-called model contractual clauses with Google LLC. You can access the model contractual clauses herehttps://firebase.google.com/terms/firebase-mcc.

b. Firebase Crashlytics

We use the service Firebase Crashlytics of the provider Google Ireland Limited (Google Ireland) in our app.

The Firebase Crashlytics service is a feature of the Google Firebase development platform. Firebase Crashlytics is a crash reporting service that helps us improve the stability and reliability of our app. For this purpose, various data are summarized in crash reports and sent to us. This data is stored for a maximum of 90 days. The data is transmitted to Google Ireland and processed on our behalf.

The legal basis for the processing of personal data in this case is Art. 6 Para. 1 lit. f GDPR. The process serves our legitimate interest in obtaining information about the stability and reliability of our app and to be able to make appropriate changes to the app on this basis.

Crash reports are only sent with your explicit consent. When using iOS apps, you can give consent in the app settings or after a crash. For Android apps, you have the option to generally consent to the sending of crash notifications to Google and app developers when setting up the mobile device. You can revoke your consent at any time by deactivating the „Crash reports“ function in the settings of the iOS apps (in the magazine apps, the entry is located in the „Communication“ menu item).

For Android apps, deactivation is basically carried out in the Android settings. To do this, open the Settings app, select the item „Google“ and there, in the three-point menu at the top right, the menu item „Usage & Diagnostics“. Here you can deactivate the sending of the corresponding data.

c. Adjust Analytics

We use the Adjust Analytics service of the German provider Adjust GmbH (Adjust) in our app. Information on the contact details of Adjust and the contact details of Adjust‘s data protection officer can be found in Adjust‘s data policy at https://www.adjust.com/terms/privacy-policy/

Adjust Analytics is a service that allows us to analyze the usage activities of the end users of our app. The purpose of this analysis is to improve the user experience by adjusting the design of our offer. The collected data is also used to analyze the performance of marketing campaigns and to create performance reports. We process the following data for this purpose:

  • Information about the actions and activities of visitors to our website

  • the IP address;

  • the MAC address;

  • the device IDs including the advertising IDs,

  • HTTP header

  • Information about the terminal device and web activities of the user,

This data is transferred to our processor Adjust and processed on our behalf for the purposes stated above.

The legal basis for the collection and transmission of personal data by us to Adjust and the further processing of this data is therefore Art. 6 Para. 1 lit. f GDPR. The processing is carried out to protect our legitimate interest in obtaining information about the use of our app and on this basis to be able to adapt our app to the use.

d. Taboola

We use the service of Taboola on the Yuno website. Taboola enables us to provide user-specific recommendations for content and advertisements based on surfing behaviour and customer interests in order to improve the user-friendliness of our offer. The usage profiles are created using pseudonyms, they are not merged with the data about the bearer of the pseudonym and do not allow any conclusions to be drawn about personal data. For more information on Taboola, visit https://www.taboola.com/privacy-policy. You have the option to deactivate tracking in the „User Choices“ section.

e. Outbrain

On our website we use a plugin from Outbrain UK Limited. This allows us to track and analyze the call of certain pages and offers. This service is operated by Outbrain UK Limited (5th Floor, The Place 175 High Holborn London WC1V 7AA United Kingdom, „Outbrain“).

When you visit the Yuno website, Outbrain sets a cookie to generate a unique user identifier. Outbrain receives information when you visit certain offers in order to suggest comparable content to you.

The purpose and scope of the data collection and the further processing and use of the data by Outbrain, as well as the relevant rights and settings options for protecting the privacy of users, can be found in the privacy policy of Outbrain: https://www.outbrain.com/legal/privacy.

IV. Data processing on our social media pages

We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

  • Facebook

  • Instagram

  • Twitter

  • LinkedIn

  • Xing

  • YouTube

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.

1. Visit a social media site

a. Facebook and Instagram page

When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/ EU - „Facebook“). For further information about the processing of personal data by Facebook, please visit https://www.facebook.com/privacy/explanation. Facebook offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads

Facebook provides us with anonymous statistics and insights for our Facebook and Instagram pages that help us gain insights about the types of actions people take on our page (called „Page Insights“). These Page Insights are created based on certain information about individuals who have visited our Page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis forthis processing is Article 6 Para. 1 lit. f GDPR. We cannot attribute the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Facebook which sets out the allocation of data protection obligations between us and Facebook. For details about the processing of personal data to create Page Insights and the agreement entered into between us and Facebook, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data . In relation to these data processing operations, you have the possibility to exercise your data subject rights (see „Your rights“) also against Facebook. Further information on this can be found in Facebook‘s privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to the Facebook Privacy Policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.

b. LinkedIn Company Page

LinkedIn Ireland Unlimited Company (Ireland/EU - „LinkedIn“) is the sole responsible party for the processing of personal data when you visit our LinkedIn page. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personally identifiable information about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and improving our company page based on these insights. The legal basis for this processing is Article 6 Para. 1 lit. f GDPR. We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:

  • LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or contact LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our provided contact details about exercising your rights in relation to the processing of personal data in the context of the Page Insights. In such a case, we will forward your request to LinkedIn.

  • LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie ) or any other supervisory authority.

Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.

c. Twitter

For the processing of personal data when visiting our Twitter profile, Twitter Inc. (USA) is the sole responsible party. Further information about the processing of personal data by Twitter Inc. can be found at https://twitter.com/privacy .

d. Xing

New Work SE (Germany/EU) is the sole responsible party for the processing of personal data when you visit our Xing profile. Further information about the processing of personal data by New Work SE can be found at https://privacy.xing.com/en .

e. YouTube

Google Ireland Limited (Ireland/EU) is the sole responsible party for the processing of personal data when visiting our YouTube channel. Further information about the processing of personal data by YouTube and Google Ireland Limited can be found at https://policies.google.com/privacy.

2. Comments and direct messages

We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole data controller. We process this data based on our legitimate interest to get in touch with requesting persons. The legal basis for the data processing is Article 6 Para. 1 lit. f GDPR. Further data processing may take place if you have consented (Art. 6 Para. 1 lit. a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6 Para. 1 lit. c GDPR).

V. Further data processing

1. Contact by email

If you send us a message via the contact email provided, we will process the data submitted for the purpose of responding to your request. We process this data based on our legitimate interest to get in touch with inquiring persons. The legal basis for the data processing is Art. 6 Para. 1 lit. f GDPR.

2. Customer and prospective customer data

If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of personal master, contract and payment data provided to us as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for this processing is Art. 6 Para. 1 lit. b GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 Para. 1 lit. f GDPR and serves our interest to further develop our offer and to inform you specifically about our offers. Further data processing may take place if you have consented, Art. 6 Para. 1 lit. a GDPR or if this is necessary for the fulfilment of a legal obligation, Art. 6 Para. 1 lit. c GDPR).

Status: October 2021