Privacy policy

The protection of your personal data is of particular concern to us. In the following, we would like to inform you in detail about which of your personal data we collect in connection with the enote App (hereinafter referred to as "App"), for which purposes it is used, with whom they are shared and which rights of control and information you may be entitled to.

Data controller and contact

Responsible for this website and the App is Enote GmbH, Gontardstrasse 11, 10178 Berlin, (hereinafter "enote", "we", "us").

If you have any questions about this privacy policy or about the collection, processing or use of your personal data, please contact us by e-mail under the reference "data protection".

1. Processing your data when downloading the App

When you download the App, certain required information is transmitted to the respective App Store, in particular your Apple ID, the time of the download, payment information and your individual device ID can be processed. The processing of this data is carried out exclusively by the respective App Store and is beyond our control.

2. Information that is automatically collected when you use the App

In the course of using the App, we automatically collect certain data required for the use of the App. This includes, for example, your device model, system version and the IP address of your mobile device.

This data is automatically processed by us (1) to provide you with the App and related features; (2) to improve the App's features and functionality; and (3) to prevent and correct misuse and malfunctions. This processing is justified by the fact that (1) the processing is necessary for the fulfillment of the contract between you and us pursuant to Art. 6 para. 1 sent. 1 lit. b General Data Protection Regulation (GDPR) for the use of the App, or (2) we have a legitimate interest within the meaning of Art. 6 para. 1 sent. 1 lit. f GDPR to ensure the functionality and error-free operation of the App and to be able to offer a service in line with your interests.

3. Creation of a user account (registration) and login

3.1 Registration by e-mail

To use the App, you need to create a user account. Within the scope of this registration we process the following mandatory data provided by you:

  • Name, email address and login and password details

For the registration we use the so-called “double-opt-in” procedure. After your registration on our website, you will receive an e-mail with a link, which you can use to confirm that you are the owner of the e-mail address and that you want to create a user account on our website. If your confirmation is not received within 12 hours, your registration and the personal data provided by you will be automatically deleted.

Furthermore, we store the voluntary data you provide for the time of your use of the customer area, unless you delete them first.

The legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b GDPR, because it serves the effective provision of the customer area and the management of your user account.

3.2 Single Sign On

We use the possibility of registering via various third party providers by linking the respective existing account with an enote account. For this we use the services of Facebook, Google and Apple. Instead of entering the required information, you can log in via the respective provider. You will then be redirected to the provider's page where you can enter your access information.

Registration in this way links your user account with the account of the respective provider. We receive personal data about you from the respective provider, namely your e-mail address and your name. We use this personal data only to identify you during registration and login. This data processing is justified according to Art. 6 para. 1 sent. 1 lit. b GDPR.

The respective provider also receives data about you from us. We would like to point out that we as the provider of the App have no knowledge of the content of the transmitted data or its use by the respective provider. You can find further information on this in the data protection declaration of the respective provider. If you do not want data to be collected via Single Sign On services, please do not use the respective function.

4. Analysis tools

We sometimes commission third parties to provide services and to analyse and evaluate data. Processing is only carried out on our behalf and on the basis of a data processing agreement. In detail we use the following tools:

4.1 Singular

We use the marketing service, Singular from Singular Labs, Inc.,181 South Park Street, Unit 2, San Francisco, CA 94107, United States of America, to track user interactions with the App in real time and analyze the performance of marketing campaigns. The data collected with this technology is sent in an anonymized form via Apple’s SKA Network system to ensure user privacy. Singular’s privacy policy can be found here:

4.2 Google Firebase

We use the Google Firebase service from Google LLC, 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA to play push messages.

For this purpose, a so-called device token from Apple is assigned. The sole purpose of its use by us is to provide the Push Services. These are encrypted, anonymised device IDs. The privacy policy of Firebase can be found here:

4.3 Crashlytics

We work with Crashlytics Inc. ("Crashlytics"), a service of Google LLC that collects user information when users use the App. Crashlytics collects data about App usage specifically related to system crashes and errors. This information includes information about the device, the version of the App that is installed, and other information that may help to troubleshoot errors, particularly with respect to the user's software and hardware. The privacy policy of Crashlytics can be found here:

4.4 Sentry

We use the service from Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA to perform real-time error tracking for our App in order to gain insight into the causes of crashes and prevent them in the future. Sentry’s privacy policy can be found here:

4.5 Braze

We use Braze the multi-channel marketing platform, located at 330 West 34th Street, 18th Floor New York, NY 10001, USA to store account and usage data to send messages to users related to our app via email or push notifications on an opt-in basis. Braze’s privacy policy can be found here:

4.6 Amplitude

We use Amplitude, the cloud based analytics platform, located at 201 Third Street, Suite 200, San Francisco, CA 94103 to analyse the app usage behaviour to optimize our app’s performance. Amplitude’s privacy policy can be found here at:

5. Transfer of personal data to third parties

Except in the cases mentioned in this privacy policy, your personal data will not be disclosed to third parties.

In the event of a restructuring or sale of our business to a third party, your personal data may be transferred to the restructured company or third party in accordance with applicable law.

We may disclose your personal information if we are entitled or required to do so by law (for example, under applicable law or a court order).

6. Transfer of personal data to third countries

To the extent described above, we may transfer your personal data to other countries (including countries outside the EEA, so-called “third countries”), where different data protection standards may apply than those in your country of residence.

Please note that data processed in other countries may be subject to foreign laws and may be accessible to the governments, courts, law enforcement and regulatory authorities of those countries. However, if your personal data is transferred to third countries, we will take appropriate measures to adequately secure your data.

When transferring data to third countries, the transfer is usually protected by the application of the so-called “EU standard contractual clauses”.

Corresponding evidence or further details can be obtained by sending an e-mail to the above address.

7. Storage periods

It is our aim to process your personal data only to the smallest possible extent. We will therefore only store your personal data for as long as it is necessary to fulfil the purpose for which it was originally collected or - if applicable - as long as longer storage is required or justified by law.

8. Your rights

You have the following data protection rights, depending on the circumstances of the specific case:

  • Information: You have the right to request information about and access to your personal data and/or copies of such data. This includes information on the purpose of use, the category of data used, the recipients and persons authorised to access such data and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.
  • Correction, blocking, deletion: You have the right to demand the correction, deletion or restriction of the processing of your personal data, as far as their use is not permitted under data protection law. This is particularly the case if (i) the data is incomplete or incorrect, (ii) it is no longer necessary for the purposes for which it was collected, (iii) the consent on which the processing was based has been revoked, or (iv) you have successfully exercised your right to object to the processing of the data; in cases where the data is processed by third parties, we will forward your requests for correction, deletion or restriction of processing to these third parties, unless this proves impossible or involves disproportionate effort.
  • Refusal/revocation of your consent: Many data processing operations are only possible with your express consent. You have the right to refuse to give your consent or to revoke at any time any consent already given, without affecting the lawfulness of the data processing operations carried out before the revocation.
  • Automated decision making including profiling: You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way.
  • Data transferability: You have the right to have data you have provided us with transferred to yourself or to a third party in a common structured, machine-readable format. However, you have the right to request direct transfer to another responsible party only insofar as this is technically feasible.
  • Right of appeal to the competent supervisory authority: If you are of the opinion that your rights have been violated as a result of processing your personal data not in compliance with data protection regulations, you have a right of appeal to the competent supervisory authority.
  • Right of objection: You have the right to object to the processing of your personal data at any time if we process your personal data for direct marketing purposes or if we process your personal data for the pursuit of our legitimate interests and there are reasons arising from your particular situation.

You can (i) exercise the above rights or (ii) ask questions or (iii) lodge a complaint against the processing of your personal data by us by contacting us as indicated above.

9. Changes to this privacy policy

We reserve the right to change this privacy policy as our website is updated. Please visit this website regularly and check the current privacy policy. This privacy policy was last updated on 2024-27-03.