Data Protection Declaration

Overview

In this document we, TorAlarm GmbH, Adersstraße 12, 40215 Düsseldorf, Germany (for details refer to our Imprint), inform you as controller according to art. 4 para 7 GDPR about the collection and use of personal data when using

  1. Our website (“Website”) available on toralarm.com;
  2. Our mobile “TorAlarm” apps available in the App Store for iOS, Play Store for Android, Windows Store for Windows, and the Amazon App Store (“Mobile App”); and
  3. Our ”TorAlarm“ skills for language assistants available on “Amazon Alexa” and “Google Assistant”.

“Personal Data” is all data relating to you, e.g. name, address, e-mail address, and further information such as user behavior.

When you contact us via e-mail or through a contact form, we save the data provided by you (e-mail address, and potentially name and telephone number) to answer your questions. The data incurring in this is stored to handle recurring support inquiries quicker, and to implement future features based on wishes in support inquiries into our services.

If in order to provide certain functionalities of our services we engage a processor, or want to use your data for advertising purposes, we’re informing you in this document about the respective processes, and name the set criteria for storing periods.

Website visits

  1. Website Visits in General
    1. When using the Website merely for information purposes, meaning when you don’t register or transmit to us information another way, we collect only the personal data that your browser transmits to our server. When you want to peruse our Website, we collect the following data that is technically necessary to display the Website and to ensure stability and security (legal basis is our legitimate interest in the flawless functionality of the Website according to art. 6 para 1 S. 1 lit. f GDPR):
      • IP address;
      • Date and time of the request;
      • Time zone difference to Greenwich Mean Time (GMT);
      • Content of the request (concrete web page);
      • Access status/HTTP status code;
      • Respectively transmitted data volume;
      • Website from which the request originates;
      • Used browser incl. language and version;
      • Operating system (OS) of the used device and its surface.
    2. In addition to the previously mentioned data, the following transient and persistent cookies are stored on your computer when using the Website:
      1. Transient cookies: These cookies are automatically deleted when you close the browser. This applies i.e. to session cookies that store a so-called Session ID with which several requests from your browser can be assigned to the same session. In doing so, your computer can be recognized when you return to the Website. Session cookies are deleted when you close the browser.
      2. Persistent cookies: These cookies are automatically deleted after a predefined time that can vary from cookie to cookie. You can delete cookies in your browser’s settings at any time.
      3. You can configure your browser settings according to your liking and, e.g., deny the acceptance of third-party cookies or of cookies altogether. In such a case you might not be able to use all functions of the Website though.
  2. Google Analytics
    1. The Website uses Google Analytics, a web analysis service provided by Google Inc. („Google“). Google Analytics uses cookies to do so. To relate your Website visit to you, we anonymize your IP address immediately upon collection, and therefore cannot relate to you personally, and we also don’t merge your IP address with other Google data.
    2. The information collected on your Website use by the mentioned cookies are usually transmitted to and stored on a Google server in the USA. On our behalf, Google uses this information to analyze your Website use, to generate reports on Website activities, and to render further services connected to the Website and internet use to us.
    3. You can avoid storing of the cookies through a pertaining setting in your browser software. In such case you might, however, not be able to use all functions of the Website. You can furthermore prevent the collection of the data related to your Website use (incl. your IP address) and generated by the cookie by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
    4. The legal basis for using this service is our legitimate interest in optimizing Website according to art. 6 para 1 lit. f GDPR.
    5. Further information on data use for advertising purposes on Google’s side, on settings and objection options are available on the following Google web page: https://support.google.com/analytics/answer/6004245?hl=en
  3. Google AdSense
    1. The Website uses the online advertising service Google AdSense through which interest-customized ads can be displayed. We use this service to display ads to you as relevant as possible, and to make the Website more attractive to you. In doing so, statistical information about you is collected that is processed by our advertising partners. Said ads are indicated by the remark “Google Ads”.
    2. When visiting our website, Google notices that you visited the Website by using a Web Beacon, which works by storing a cookie on your computer. The data mentioned in § 1 para 1 of this document is transmitted to Google in that case. We can neither influence the data collection nor do we have information on the full extent of data collection and storing periods. Your data is transmitted to the USA and analyzed there. If you are logged into a Google account, your data can be linked directly to that account. If you want to prevent said link, you have to log out of your Google account. It is possible that said data is transferred to Google’s contractual partners, to third parties and authorities. Legal basis of processing your data through Google AdSense is our legitimate interest in displaying ads to fund our services according to art. 6 para 1 S. 1 lit. f GDPR. The Website also shows third-party Google AdSense Ads. The previously mentioned data can be transferred to said third parties (specified under https://support.google.com/dfp_sb/answer/94149).
    3. You can avoid the installation of the Google AdSense cookies in several ways––
      1. Through a respective setting in your browser software; i.e. suppressing third-party cookies results in you not receiving ads from them;
      2. By deactivating interest-based ads with Google under the following link: http://www.google.de/ads/preferences; however, this setting is deleted when you delete your cookies;
      3. By deactivating interest-based ads of the providers that participate in the self-regulation campaign “About Ads” by clicking on the following link: http://www.aboutads.info/choices; however, this setting is deleted when you delete your cookies;
      4. By permanently deactivating it in the browsers Firefox, Internet Explorer and Google Chrome by clicking on the following link: http://www.google.com/settings/ads/plugin.
      In such cases you might not be able to use all Website functionalities.
    4. Further information on the purpose and extent of data collection and processing as well as further information on your pertaining rights and settings options to protect your privacy are available here––

      Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Data Protection Terms for Advertising: https://policies.google.com/technologies/ads?hl=en. Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Use of the mobile app

The following information applies for your use of the Mobile App, in principle regardless of the platform the respective app runs on, meaning whether it runs on iOS, Android, Alexa or Google Home.

  1. Collection of Personal Data When Using the Mobile App
    1. By downloading the Mobile App the necessary information is transmitted to the respective app store provider, i.e. user name, e-mail address and customer number of your account, time of download, payment information and the individual device identifier. We have no influence on and are not responsible for said data transfer. We only process this data as far as it’s necessary for the download of the Mobile App onto your mobile device.
    2. When using the Mobile App we collect the following types of personal data technically necessary to provide the Mobile App’s functions and ensure their stability and security (legal basis is our legitimate interest in providing a stabile app according to art. 6 para 1 S. 1 lit. f GDPR):
      • IP address;
      • Date and time of the request;
      • Time zone difference to Greenwich Mean Time (GMT);
      • Content of the request (concrete web page);
      • Access status/HTTP status code;
      • Respectively transmitted data volume;
      • Operation [m5] System (OS) of the used device and its surface[FS6];
      • Type designation of the used device;
      • Language and regional settings of the device.
    3. In addition to the previously mentioned data we store cookies on your device when you use our Mobile App that relate to the Mobile App. Cookies cannot execute programs or transmit virus onto your mobile device. They are used to make mobile apps in general more user-friendly and more efficient. This app uses the following types of cookies whose extent and functionality are explained in the following––
      1. Transient cookies: These cookies are automatically deleted when you close the Mobile App. This applies i.e. to session cookies that store a so-called Session ID with which several requests from your browser can be assigned to the same session. In doing so, your computer can be recognized when you return to the Website. Session cookies are deleted when you close the browser.
      2. Persistent cookies: These cookies are automatically deleted after a predefined time that can vary from cookie to cookie. You can delete cookies in your browser’s settings at any time.
      You can configure your mobile OS and the Mobile App according to your liking, e.g. deny the acceptance of third-party cookies or of cookies altogether. In such a case you might not be able to use all functions of the Website though.
    4. For advertising purposes we use the so-called “Advertising Identifier” on iOS devices and the “Google Advertising ID” on Android devices (commonly referred to as “Identifier”). This Identifier is a unique but not personal and not permanent identifier for a specific device provided by iOS or Android respectively. The data collected through the Identifier is not connected to any other device-based information. We use the Identifier to provide personalized ads to you and analyze your use. If you activate the option [FS7] “no ad tracking” under iOS under “Data Protection” – “Ads”, or […] under Android, we can only perform the following measures:
      • Measure your interaction with banners ads by counting the number of displays of a banner without a click on it (“frequency capping”),
      • Click rate, and
      • Unique users; and
      • Perform security measures, fraud protection and error correction.
      In your device settings, you can at any time delete the Identifier (“Remove Ad ID“ under [FS8] iOS, and „[…]“ under Android). In this case a new Identifier is created that is not merged with previously collected data. We inform you that when you limit the use of the Identifier, you might not be able to use all functions of the Mobile App.
    5. In order to deploy push notifications (for goals, breaking news and other important events), an anonymous device ID (push notification token) is stored on our servers along with your app settings associated with said ID. Upon your request, said associated settings can be deleted, upon which the notification service will not work anymore.
  2. Coverage Measurement with “SZMnG” of INFOnline GmbH
    1. The Mobile App uses the measuring system (“SZMnG“) of INFOnline GmbH (https://www.INFOnline.de/) to determine statistical performance indicators on the use of our services. Goal of said measurement is to determine the number of users and uses of the Mobile App and the users’ surfing behavior statistically on the basis of a unified standard procedure, and to gather comparable market values. For all digital content providers that are either members of the “Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e. V.” (IVW – http://www.ivw.eu/, “Information Society for Determining of the Spreading of Ads”) or participate in studies of the Arbeitsgemeinschaft Online-Forschung e. V. (AGOF - http://www.agof.de/, “Study Group Online Research”), usage statistics are regularly processed by AGOF and Arbeitsgemeinschaft Media-Analyse e. V. (agma - http://www.agma-mmc.de/, “Study Group Media Analysis”) to produce reach indicators, published with a performance indicator “Unique Users“ , and published by IWV with the performance indicators „Page Impressions“ and „Visits“. These reach indicators and statistics can be perused on the respective websites.
    2. Legal Basis for said measurement is our legitimate interest according to art. 6 para 1 lit. f GDPR. Purpose of said processing of personal data is the creation of statistics and user categories. The statistics allow us to understand and prove the use of our services. The user categories are the basis for interest-based setup of advertising media and measures. In order to market the Mobile App it is necessary to maintain comparability to other market competitors. Our legitimate interest lies in the economic usability of the insights resulting from the statistics and user categories, and the market value of our Mobile App, also in direct comparison to third-party offers, that is determinable through the statistics.

      Furthermore, we have a legitimate interest in providing pseudonymous data to INFOnline, AGOF and IVW for the purposes of market research (AGOF, agma) and for statistics (INFOnline, IVW). Also we have a legitimate interest in providing data to INFOnline for the purpose of further development and provision of interest-based advertising media.
    3. Categories of Processed Data

      INFOnline GmbH collects the following categories of personal data––
      • IP address (shortened by the last byte immediately upon collection, and processed anonymously);
      • Device Identifier: To recognize devices, the reach measurement uses unique device identifiers or a signature created through several automatically transmitted pieces of information of your device. A measurement of the data and subsequent allocation to the respective identifier is also possible when you load other web pages that also use the “SZMnG” measuring system of INFOnline GmbH. The following unique device identifiers can be transmitted to INFOnline GmbH in hash form––
        • Advertising Identifier;
        • Installations-ID;
        • Android ID (for Android devices);
        • Vendor ID (for iOS devices).
    4. Use of data

      INFOnline GmbH’s measuring system used in the Mobile App collects user data in order to determine the performance values “Page Impressions”, “Visits” and “Clients”, and to create further performance indicators from the collected data (e.g. qualified clients). On top, the measured data is used as follows––
      • A geolocation, meaning the allocation of a web page request to the location of the request, is performed solely of the basis of the anonymized IP address and only down to the geographical layer of states/regions. The said collected geographical information does in no way allow a location of the concrete place of a user’s residence.
      • The usage data of a technical client (e.g. a browser on a device) is merged across applications, and stored in a database. This information is used to determine the details of age and gender, and transferred to AGOF for further reach measurement. In the course of the AGOF study, socio-information is estimated on the basis of a random sample that can be assigned to the following categories: age, gender, nationality, job, marital status, general information on the household, household income, place of residence, internet use, online interests, location of use, user type.
    5. Storing period

      The full IP address is not stored by INFOnline GmbH. The shortened IP address is at maximum stored for 60 days. The usage data in connection with the unique Identifier is stored for 6 months at maximum.
    6. Transmission of Data

      Your IP address is not transmitted. Data with client identifiers are transmitted to the following service providers for the elaboration of the AGOF study––
      1. Kantar Deutschland GmbH (https://www.tns-infratest.com/)
      2. Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
      3. Interrogare GmbH (https://www.interrogare.de/)
  3. Adjust
    1. The Mobile App uses the service “Adjust” (https://www.adjust.com/) in order to measure and optimize the reach and effectivity of marketing measure, banner ads etc. (tracking). For this, we collect the following data categories that are processed by adjust GmbH, Saarbrücker Straße 37A, 10405 Berlin, Germany––
      • Anonymized (hashed) IP address;
      • Mobile identifiers such as the ID for Advertising for iOS (IDFA), and Google Advertising ID;
      • Installation and first opening of the Mobile App on the device;
      • Your interaction with the Mobile App (e.g. in-app purchases and registration);
      • Information on which banner ads you have seen, and which ones you tapped on.
      The mentioned data is in principle and, notwithstanding your request for deletion, stored indefinitely.
    2. The data mentioned in para 1 might be transferred to the USA and processed there by adjust to allow statistics on the performance on our marketing measures. The collected data is not merged with other data that allows identifying your personally. In principle, adjust does not pass on any of your data to third parties, however might be obliged by law or forced to by authorities in the USA to do so, and will in that case comply.
    3. Adjust has committed to the EU-US Privacy Shield. More information on what data adjust collects and processes is available here: https://www.adjust.com/privacy-policy/
    4. The legal basis for the use of this service is our legitimate interest in measuring the performance of our ads according to art. 6 para 1 lit. f GDPR.
    5. If you do not want to be tracked by Adjust, you can opt out by clicking on the following link: https://www.adjust.com/opt-out/
  4. Google Firebase
    1. In the Mobile App we use Firebase (https://www.firebase.com/), a framework maintained by the Google subsidiary Firebase residing in San Francisco, CA, USA, through which we track and administer the following real-time functions––
      1. Tracking of user behavior through Google Analytics (cp. para 2) for Firebase;
      2. Tracking of app crashes and their reasons through Firebase Crashlytics (cp. para 3);
      3. Push notifications through Firebase Cloud Messaging (cp. in para 4);
      4. Configuration of app settings through Firebase Remote Config (cp. para 5); and
      5. Internet searches through Google Search with Firebase App Indexing (cp. para 6).
      For all mentioned Firebase services, only anonymized or pseudonymized user data is transmitted to Firebase (Google). Firebase’s privacy policy is available under https://www.firebase.com/terms/privacy-policy.html.
    2. The Mobile App uses the web analysis service Google Analytics that tracks your use of the Mobile App through cookies or a comparable technology. The information generated through your cookie or the comparable technology is usually transmitted to a Google server in the USA and stored there. As we anonymize IP addresses in the Mobile App, your IP address is shortened by Google within the European Union or in a member state of the Treaty on the European Economic Area, by way of exception (e.g. in case of technical failure of servers within the EU) is in full transmitted to Google servers in the USA and shortened there. We use the information prepared by Google to interpret your use of the Mobile App for its optimization and further development.
    3. We use Firebase Crashlytics to track app crashes as they occur, and to prevent future ones. In case of an app crash, a report is created that contains the type and OS of the device, your last activities in the app, and your geolocation in pseudonymous form, and that is sent to Google. Information on the functionality of Crashlytics is available under https://firebase.google.com/products/crashlytics/
    4. The Mobile App uses Firebase Cloud Messaging to send messages to its users. To do so, it sends a previously generated anonymous device ID (token) to Google so that we can identify app users and send messages to them. Information on the functionality of Cloud Messaging is available under https://firebase.google.com/products/cloud-messaging/
    5. The Mobile App uses Firebase Remote Config to allow us to alter the app on the devices it is installed on without you having to completely reinstall the app in the respective app store. To do so, your device information, your language and country and regional settings are transmitted to Google in the USA and processed there. Information on the functionality of Remote Config is available under https://firebase.google.com/products/remote-config/
    6. Through Firebase App Indexing we provide the option to perform the common Google web search from within the Mobile App. The terms and conditions for the usual Google web search apply (https://policies.google.com/privacy?hl=de&gl=de).
    7. The legal basis for the use of Firebase is our legitimate interest in maintaining the Mobile App stable and evaluate its performance according to art. 6 para 1 lit. f GDPR.
    8. If you do not want the data categories mentioned in this section, you may not use the Mobile App.
  5. Ad Network AddApptr
    1. In the Mobile App we display ads from several advertizing networks that are selected and provided by AddApptr (https://www.addapptr.com/), Alsterufer 4, 20354 Hamburg, Germany. To do so, we collect the following data categories processes by AddApptr––
      • Mobile identifiers such as the ID for Advertising for iOS (IDFA) or the Google Advertising ID;
      • IP address;
      • Geolocation.
      The mentioned data is in principle, notwithstanding your request for deletion, stored indefinitely.
    2. The data mentioned in para 1 is pseudonymized and transmitted to one or several ad network providers in order to display ads that are relevant to you. The mentioned data is, depending on the display network, either only processed within the EU or, if and insofar as networks are used that store and process data outside of the EU, protected by the respective network provider’s commitment to the EU-US Privacy Shield or to an equivalent treaty, e.g. EU Standard Contractual Clauses, that ensure a GDPR-equivalent data protection level.
    3. The legal basis for the use of said service is our legitimate interest in financial remuneration for providing the Mobile App to you for free according to art. 6 para 1 lit. f GDPR.
    4. If you do not want the data mentioned in para 1 to be tracked, you may not use the Mobile App.
  6. Twitter

    Twitter is integrated in our products. When a user sees any Twitter-content or Twitter-proucts, that is integrated through "Twitter for websites" into other websites, it is possible that Twitter tracks this visit, including the exact web page, IP address, type of browser, operating system, as well as information on cookies. This information helps Twitter improve their products and services, for example, it can help Twitter find the best suggestion or matching advertisements. To protect the privacy of a user, Twitter never connects the browser history, which is tracked through "Twitter for websites", with a name, a mail-address, a phone number or with a Twitter account. Twitter deletes, hides or aggregates the data after a maximum of 30 days, as it is stated in their policy. Inside Twitter's Privacy Policy one can also find details on which information is tracked and used. Also, one can find the possibility to object, restrict or withdraw consent. (https://twitter.com/en/privacy)

Use of the language assistants’ skills

The following information applies to your use of our app as a skill for a language assistant, in principle regardless of what platform the skill runs, be it on Amazon Alexa or Google Assistant

  1. Collection of Personal Data when Using the Skills
    1. When activating the skill or skills, the information necessary to use the skill is transferred to the respective store, i.e. user name, e-mail address and customer number of your account, time of activation, payment information and the individual device identifier. We have no influence on said data collection and are not responsible for it. We process data only as far as the activation of the skill on the device requires it.
    2. When you use a skill, we collect the following personal data technically necessary to provide the functionality, stability and security of our skills–
      • Date and time of the request;
      • Time zone difference to Greenwich Mean Time (GMT);
      • Content of the request;
      • Access status/HTTP status code;
      • Respectively transmitted data volume;
      • Type designation of the used device;
      • Language and regional settings of the device;
      • Your Amazon and/or Google ID.
    3. In order to send you push notifications (for goals, breaking news and other important events), an anonymous device ID (token) is stored on our servers along with your associated settings. Upon your request we delete these types of data upon which the notification service will, however, not work anymore.
    4. Legal basis of the collection and processing of said data categories is art. 6 para 1 lit. b GDPR.

Your rights

You have the following rights regarding your personal data collected by and/or stored with us. You may request––

  • Access to your personal data;
  • Rectification or erasure of your wrong personal data; and
  • Restriction of processing.
  • You may object to processing, and
  • Have the right to data portability.

You may furthermore lodge a complaint about our processing your personal data with a supervisory authority.

Our data protection officer

Data protection is important to us! That is why we have appointed a renowned Hamburg lawyer and expert in this field as external data protection officer. You can reach him at the email address set up especially for this purpose: