In the course of using our website (www.cabuu.app) and our app (cabuu - learning vocabulary), personal data about you will be processed by us as the data controller and stored for the period necessary to fulfil the specified purposes and legal obligations.
In the following, we inform you about what data is involved, how it is processed and what rights you have in this regard.
According to Article 4 No. 1 of the General Data Protection Regulation (DSGVO), personal data is any information relating to an identified or identifiable natural person.
Responsible body
The responsible party within the meaning of Article 4 No. 7 DSGVO for the collection, processing and use of your personal data is:
cabuu GmbH, Maienfeldstr. 34a, 63303 Dreieich, Germany
info@cabuu.de
If you have any questions or suggestions regarding data protection, please feel free to contact us at any time. Please use our contact form for this purpose.
Your data is used solely to enable us to offer you the most user-friendly, practical and secure Internet service possible. Personal data includes all information about personal or factual circumstances of an identified or identifiable natural person, e.g. name, address, contact details, IP addresses, transmitted data volumes, etc.
The web pages are operated by a provider in Germany, who in turn stores the accesses to the system in so-called server logs for the operation of the web offer. As a rule, the following data is collected: IP addresses, time stamp of the accesses, names of the web pages, transferred data volumes, logouts or terminations, browser types, information from the operating system, referrer URLs. This data is not stored or analysed by us. In the event of a justified suspicion of misuse on the basis of concrete information, these log files can be subsequently checked.
You can also use our website without entering any personal data. If we collect personal data, we will inform you in each case about the purpose, scope, legality and possible disclosure and use the data only for these purposes. The entry of this data by you is voluntary.
cabuu GmbH (hereinafter also "we" or "our") uses the personal data collected and processed exclusively for the purpose of providing our services. In doing so, cabuu GmbH naturally complies with all applicable data protection laws, in particular the German Federal Data Protection Act/EU-DSGVO and the German Telemedia Act (TMG).
cabuu GmbH does not pass on your personal data to third parties for marketing or similar purposes. Data will only be passed on if and insofar as this is necessary for the implementation of the user agreement, cabuu GmbH is legally obliged to do so or it is necessary to enforce the general terms and conditions of use or other agreements concluded with you as well as our rights and claims.
In the context of customer loyalty, we send current information to our customers (existing customers) to inform you about news and changes within our offer. This information is not to be confused with general newsletters.
cabuu GmbH uses technical and organisational security measures to ensure that your personal data is protected against loss, incorrect modification or unauthorised access by third parties. In any case, only authorised persons have access to the personal data, and only to the extent necessary for the above-mentioned purposes. The security measures are constantly adapted to the improved technical possibilities.
External fonts, e.g. Google Fonts, are used on our website. Google Fonts is a service of Google Inc., (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, hereinafter referred to as "Google"). These fonts are integrated by means of a server call, usually a Google server in the USA. At this moment, the server is informed which of our pages you have visited. The IP address of the end device of the visitor to these Internet pages is also stored by Google.
Further information can be found in Google's privacy policy.
Our website uses cookies. We use cookies and tracking technologies on our website to provide you with the best possible experience and to make our communication with you relevant. We take your preferences into account and only process data for analysis and marketing purposes if you give us your voluntary consent by clicking on "Accept" or under "Cookie settings". You can revoke your consent at any time. You can find information and customisation options on technologies used by us and third-party providers as well as on revocation under "Settings" and in our data protection declaration (www.cabuu.app/datenschutz).
Cookies are small text files used by websites to make the user experience more efficient. By law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other cookie types we need your permission. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent at any time from the cookie statement on our site. Find out more about who we are, how you can contact us and how we process personal data in our privacy policy
Our website uses social plugins from the social networks Facebook, Twitter, Instagram and TikTok. The plugins are placed on our website in the form of buttons and are deactivated in their initial status. If you click on the respective button, you will be prompted to register with the social media provider in a new window. In this case, a cookie is placed on your computer. If you do not click on the button or are not logged in to the social media provider, no cookie will be placed on your computer.
If you are a user of the respective social media provider and are logged in and click on the button, this information will be transmitted to your profile with the respective social media provider. If you interact with the plugins, for example by clicking the Facebook "Like" button or posting a comment, the corresponding information is transmitted from your browser directly to the social network and stored there. The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options for protecting your privacy can be found in the data protection notices of the following providers:
Facebook: http://www.facebook.com/policy.php
Instagram: http://instagram.com/about/legal/privacy/
Twitter: http://twitter.com/privacy
TikTok: https://www.tiktok.com/legal/privacy-policy
YouTube
We have inserted a video component of the company YouTube LLC (901 Cherry Ave., 94066 San Bruno, CA, USA; hereinafter "YouTube"), a Google Inc. company, on our website. We use the "extended data protection mode" option provided by YouTube.
When you call up a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.
According to YouTube's information, in "extended data protection mode", data - in particular which of our web pages you have visited as well as device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you confirm this transmission. If you do not wish this, stop playing the video.
If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
For more information, please see Google's privacy policy.
Vimeo
We use the provider Vimeo, among others, for the integration of videos. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011.
When you access a video via a Vimeo plugin, a connection to the Vimeo servers is established. This transmits to the Vimeo server which of our Internet pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
The purpose and scope of the data collection and the further processing and use of the data by Vimeo, as well as your rights in this regard and setting options for protecting your privacy, can be found in Vimeo's privacy policy.
Collection and use of personal data
Your data is used solely to provide you with the most user-friendly, practical and secure user experience possible. No personal data is stored during the use of this app and no data is passed on to third parties. App usage data is stored anonymously and only to improve the user experience.
cabuu GmbH uses technical and organisational security measures to ensure that your personal data is protected against loss, incorrect modification or unauthorised access by third parties. In any case, only authorised persons have access to the personal data, and only to the extent necessary for the above-mentioned purposes. The security measures are constantly adapted to the improved technical possibilities.
Within the scope of app use, data is stored locally on the device. This data is exclusively necessary for the operation of the app and is only used by the app. When the app is uninstalled, all data stored locally by the app is also deleted.
cabuu GmbH will not knowingly collect or process data from children. If pupils make requests, we will only store the data if we have the express consent of the parent or guardian. If children's data may then be stored, we will only pass this on within the framework of the legal requirements. The term "children" includes the definitions from national law and the legal provisions applicable to us.
We do not carry out automatic decision-making and/or profiling with your data.
On Android devices, the following permissions are required for use:
1. INTERNET (retrieve data from the internet/access all networks): Required to load vocabulary data, graphics and animations.
2. ACCESS_NETWORK_STATE (retrieve network connections): Needed to check for a stable internet connection.
3. ACCESS_WIFI_STATE (Get Network Connections): Needed to check for a stable internet connection.
4. CAMERA (Camera Access): Required to perform a text-based OCR recognition of a created photo. For iOS, consent is explicitly requested for certain rights, so you can decide here directly.
Anonymised usage data is analysed for the secure operation and further development of the app. This data is also used to optimise the learning plan calculated by the app based on user behaviour. This data cannot be linked to your identity. We have no way of assigning this data to you personally and do not combine this data with other data sources. The data collected is not passed on to third parties.
As part of the scanning component of the app, image data is forwarded to third parties for processing (OCR recognition). The processing of this image data exclusively concerns the recognition of text parts in the image; no other evaluations or analyses are carried out. In particular, neither the image data nor the recognised text portions are stored in any form outside the end user device.
Our app - and therefore your user account - is hosted by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "AWS") on servers in Ireland. AWS also takes strict technical measures to protect your personal data. AWS does not disclose your personal data to third parties unless the disclosure is necessary to process the agreed services or AWS must do so to comply with the law or a valid and binding order of a governmental or regulatory authority. The data transferred for this purpose will be limited to the minimum necessary.
AWS may also store the information in countries outside the European Economic Area. However, AWS will take the necessary steps to ensure that an adequate level of data protection is maintained. For example, if AWS transfers your data to the United States, AWS will take additional measures, such as entering into EU-compliant data transfer agreements with the data importer, if necessary.
We delete your data if it is no longer necessary to achieve the purpose for which it was collected and there are no legal retention obligations.
Amazon observes the data protection provisions of the "US Privacy Shield" and is registered with the "US Privacy Shield" programme of the US Department of Commerce and thus offers suitable guarantees for an appropriate level of data protection.
For more information, please see Amazon's privacy policy.
For analysis and as a basis for the continuous improvement of our app, we use "Unity Analytics" by the company Unity Technologies Inc. (30 3rd Street, San Francisco, CA 94103, United States). The analysis tool collects and stores data using pseudonyms. This data is used to analyse the usage behaviour of the app and is evaluated exclusively for the purpose of improving and designing the content in line with requirements. This data only relates to usage within the app and cannot be assigned to the individual end device. In addition, information of a more general nature is collected (e.g. device type, software version, etc.). This data is also evaluated anonymously.
For more information, please see Unity's privacy policy.
We use Firebase Analytics from Google to continuously improve our app. Data is transmitted anonymously for analysis purposes to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
The collected data helps us to better understand the use of the app and to improve the offer. All IP addresses are only stored in anonymised form. Therefore, the data obtained cannot be used to personally identify the app user.
Firebase Analytics uses an advertising ID. Users can opt out of certain Firebase features via the appropriate device settings on mobile devices:
For Android: Settings > Google > Ads > Reset and disable advertising ID.
For iOS: Settings > Privacy > Advertising > No Ad Tracking.
We could also send up-to-date and relevant information via Google Firebase using so-called push messages. Push messages are messages that appear on your device without opening the respective app.
You can activate or deactivate the receipt of push messages at any time as follows:
For Android: Settings > Apps & Notifications > Configure Notifications.
For iOS: Settings > Notifications > Select the app > Deactivate the "Allow notifications" option.
Google complies with the data protection provisions of the "US Privacy Shield" and is registered with the "US Privacy Shield" programme of the US Department of Commerce and thus offers appropriate guarantees for an adequate level of data protection.
For more information, please see Google's Terms of Use and Privacy Policy.
For our website and app we use Branch Metrics whose operator is Branch Metrics Inc, 2443 Ash Street, Palo Alto, CA 94306, USA. Branch enables us to generate targeted smartlinks to content within our websites and within our app using appropriate software development kits (SDKs) for web, iOS and Android operating systems. This allows us to analyse the effectiveness of our advertising efforts and improve our online offering to you, for example, by determining whether a user was redirected to our website or app after clicking on an ad and how our website and app are used.
Branch Metrics collects data in the course of providing the service and its functions. The purpose and scope of the data collection and processing of data by Branch can be found in the data protection information of Branch Metrics.
We use the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 (USA) ("MailChimp").
MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. If you have entered data for the purpose of receiving newsletters (e.g. email address), this data will be stored on MailChimp's servers in the USA.
With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to the MailChimp servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information can be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter.
We have concluded a so-called "Data Processing Agreement" with MailChimp, in which we oblige MailChimp to protect our customers' data, not to pass it on to third parties and, in the event of a transfer of personal data to the USA, to comply with the regulations of the standard contractual clauses pursuant to Art. 46 DSGVO.
For more information on data processing by Mailchimp, please refer to Mailchimp's privacy policy.
We use the ticket system Zendesk, a customer service platform of Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102 (USA), to process customer enquiries on the website and in the app. If you send us a message via the contact form, your details from the enquiry form, including the contact data provided there, will be stored via the Zendesk ticket system for the purpose of processing the enquiry and in the event of follow-up questions.
We have concluded a so-called "Data Processing Agreement" with Zendesk, in which we oblige Zendesk to protect our customers' data, not to pass it on to third parties and, in the event of a transfer of personal data to the USA, to comply with the regulations of the standard contractual clauses pursuant to Art. 46 of the Data Protection Act.
The data processing is carried out in response to your enquiry and, in the context of answering a contact enquiry, is based on our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO in order to be able to process enquiries in a meaningful way.
For more information on data processing by Zendesk, please see Zendesk's privacy policy.
You can contact us at any time if you wish to request information, deletion, restriction or objection. To do so, use the contact details provided. Requests must be made in writing so that we can clearly identify the person making the request.
According to the German Federal Data Protection Act, you have the right to free information about your stored data and, if applicable, the right to correct, block or delete this data. In this case, please contact us using the contact details above.
If you have justified doubts about our handling of your data, please inform us or contact the relevant supervisory authority.
We reserve the right to amend this privacy policy from time to time. We therefore recommend that you regularly review this statement.
You have the right
Pursuant to Art. 7 (3) DSGVO, to revoke your consent once given to us at any time. This means that we may no longer process the data based on this consent in the future;
to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us;
in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us.
in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
in accordance with Article 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and
complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.