Data protection
For website and apps
As part of using our website (www.cabuu.app) and our apps “cabuu - learn vocabulary” and “Cornelsen English trainer 3/4 (powered by cabuu)”, personal data about you are processed by us as the person responsible for data processing and stored for the period necessary to fulfill the specified purposes and legal obligations.
In the following, we will inform you which data is involved, how it is processed and what rights you have in this regard.
According to Article 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
Responsible body
The person responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is:
cabuu GmbH
Maienfeldstraße 34a
63303 Dreieich
If you have any questions or suggestions regarding data protection, please feel free to contact us at any time. Please use our contact form.
webpage
Fundamentals
Your data is used solely to provide you with the most user-friendly, practical and secure Internet offering possible. Personal data includes all information about the personal or factual circumstances of a specific or identifiable natural person, e.g. name, address, contact details, IP addresses, amounts of data transferred, etc.
Automatic processing through website operation
The websites are operated by a provider in Germany, who in turn stores accesses to the system in so-called server logs to operate the website. As a rule, the following data is collected: IP addresses, time stamps of accesses, names of the websites, amounts of data transferred, cancellations or cancellations, browser types, information from the operating system, referrer URLs. We do not store or analyse this data. In the event of a justified suspicion of misuse based on specific information, these log files can be checked retrospectively.
Data input by website user
You can also use our websites without any restrictions without entering personal data. If we collect personal data, we will inform you of the purpose, scope, lawfulness, and possible transfers and use the data only for these purposes. Entering this data by you is voluntary.
Using the data
workmanship
cabuu GmbH (hereinafter also “we” or “our”) uses the personal data collected and processed exclusively for the purpose of providing our services. In doing so, cabuu GmbH naturally complies with all applicable data protection laws, in particular the Federal Data Protection Act/EU GDPR and the Telemedia Act (TMG).
No transfer of data
cabuu GmbH does not share your personal data with third parties for marketing or similar purposes. Data will only be passed on if and insofar as this is necessary to implement the user agreement, cabuu GmbH is legally obliged to do so, or should it be necessary to enforce the general terms of use or other agreements concluded with you as well as our rights and demands.
Customer information via email
As part of customer loyalty, we send up-to-date information to our customers (existing customers) to inform you about news and changes within our offering. This information should not be confused with general newsletters.
surety
cabuu GmbH uses technical and organizational security measures to ensure that your personal data is protected against loss, incorrect changes or unauthorized access by third parties. In any case, only authorized persons have access to personal data, and only to the extent necessary for the purposes set out above. The security measures are constantly being adapted to improved technical options.
web fonts
Fonts from Google Fonts are used on our website. Google Fonts is a service provided by Google Inc., (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, hereinafter referred to as “Google”). The fonts from Google Fonts are installed locally. There is no connection to Google, Inc. servers.
For more information, see Privacy notices from Google.
cookies
Site plugins
Social plugins
Our website uses social plugins from the social networks Facebook, Twitter, Instagram and TikTok. The plugins are placed on our website in the form of buttons and are deactivated in their initial state. If you click on the respective button, you will be asked to log in to the social media provider in a new window. In this case, a cookie is placed on your computer. If you do not click on the button or are not logged in to the social media provider, no cookie will be placed on your computer. If you are a user of the respective social media provider and are logged in and click on the button, this information is transmitted to your profile with the respective social media provider. If you interact with the plugins, for example by pressing the Facebook “Like” button or making a comment, the corresponding information is transmitted directly from your browser to the social network and stored there. Zw
The scope and scope of data collection and further processing and use of the data by the providers, as well as your related rights and settings options to protect your privacy, can be found in the privacy policies of the following providers:
Facebook: http://www.facebook.com/policy.php
Instagram: http://instagram.com/about/legal/privacy/
Twitter: http://twitter.com/privacy
TikTok: https://www.tiktok.com/legal/privacy-policy
Video plugins
youtube
We have added a video component from YouTube LLC (901 Cherry Ave., 94066 San Bruno, CA, USA; hereinafter “YouTube”), a company of Google Inc., to our website. Here, we use the “extended data protection mode” option provided by YouTube.
When you visit a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.
According to YouTube, in “extended data protection mode”, data - in particular which of our websites you have visited and device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you confirm this submission. If you don't want that, stop playing the video.
If you are logged in to YouTube at the same time, this information is assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
For more information, see the Google's privacy policy.
Vimeo
We use the provider Vimeo, among others, to integrate videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York 10011.
When you access a video via a Vimeo plugin, a connection to the Vimeo servers is established. This transmits to the Vimeo server which of our websites you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this association by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
The purpose and scope of data collection and further processing and use of the data by Vimeo as well as your related rights and settings options to protect your privacy can be found in Vimeo's privacy policy.
App (cabuu - learn vocabulary)
Collection and use of personal information
Your data is used solely to provide you with the most user-friendly, practical and secure user experience possible. While using this app, no personal data is stored and no data is passed on to third parties. App usage data is stored anonymously and only to improve the user experience.
surety
cabuu GmbH uses technical and organizational security measures to ensure that your personal data is protected against loss, incorrect changes or unauthorized access by third parties. In any case, only authorized persons have access to personal data, and only to the extent necessary for the purposes set out above. The security measures are constantly being adapted to improved technical options.
Local data storage
As part of app usage, data is stored locally on the device. This data is only necessary for the operation of the app and is only used by it. When the app is uninstalled, all data stored locally by the app is also deleted.
Data from children
cabuu GmbH will not knowingly collect and process data from children. If students make inquiries, we will only store the data if we have the express consent of their legal guardian. If data from children may then be stored, we will only share it within the framework of legal requirements. The term “children” includes definitions from national law and the legal provisions applicable to us.
profiling
We do not carry out automatic decision-making and/or profiling with your data.
App permissions
On Android devices, the following permissions are required for use:
1. INTERNET (retrieving data from the Internet/access to all networks): Required to load vocabulary data, graphics, and animations.
2. ACCESS_NETWORK_STATE (retrieve network connections): Required to verify a stable Internet connection.
3. ACCESS_WIFI_STATE (retrieve network connections): Required to verify a stable Internet connection.
4. CAMERA (camera access): Required to perform text-based OCR recognition of a created photo. For iOS, consent is explicitly asked for certain rights, so that you can decide directly here.
Hosting and analysis of usage data
In general
Anonymized usage data is evaluated for secure operation and development of the app. This data is also used to optimize the learning plan calculated by the app for usage behavior. This data cannot be linked to your identity. We have no means of attributing this data to you personally and do not combine this data with other data sources. The collected data will not be passed on to third parties.
Evaluation and storage of image data
As part of the app's scan component, image data is forwarded to third parties for processing (OCR recognition). The processing of this image data relates exclusively to the recognition of text in the image; no other evaluations or analyses are carried out. In particular, neither the image data nor the recognized text portions are stored in any form outside the end user device.
Amazon Web Services
Our app and therefore also your user account — is hosted by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (hereinafter “AWS”) on servers in Ireland. AWS also takes strict technical measures to protect your personal information. AWS does not share your personal information with third parties unless the transfer is necessary to perform the agreed services or AWS must do so to comply with the law or a valid and binding instruction from a government or regulatory authority. The data transmitted for this purpose is limited to the necessary minimum.
AWS may also store the information in countries outside the European Economic Area. However, AWS will take the necessary steps to ensure that an appropriate level of data protection is maintained. For example, when AWS transfers your data to the United States, AWS takes additional measures, such as concluding EU-compliant data transfer agreements with the data importer, if necessary.
We delete your data as long as they are no longer required to achieve the purpose and there are no legal storage requirements.
Amazon complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce and therefore offers appropriate guarantees for an appropriate level of data protection.
For more information, see privacy policies from Amazon.
Unity Analytics
For analysis and as a basis for continuous improvement of our app, we use “Unity Analytics” from Unity Technologies Inc. (30 3rd Street, San Francisco, CA 94103, United States). The analysis tool collects and stores data using pseudonyms. This data is used to analyze the usage behavior of the app and is evaluated exclusively to improve and tailor the content to meet needs. This data only relates to use within the app and cannot be assigned to the individual device. In addition, information of a more general nature is collected (e.g. device type, software version, etc.). This data is also analysed anonymously.
For more information, see privacy policy by Unity.
Firebase Analytics from Google
We use our Firebase Analytics app from Google for continuous improvement. Data is transmitted anonymously to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for analysis purposes.
The collected data helps us to better understand how to use the app and improve the offer. All IP addresses are only stored in anonymized form. Therefore, the data obtained cannot be used to personally identify the app user.
Firebase Analytics uses an advertising ID. Users can sign out of certain Firebase features using the appropriate mobile device settings:
- For Android: Settings > Google > Ads > Reset and disable advertising ID
- For iOS: Settings > Privacy > Advertising > No ad tracking
In addition, we could send current and relevant information via Google Firebase using so-called push messages. Push messages are messages that appear on your device without opening the respective app.
You can activate or deactivate the receipt of push notifications at any time as follows:
- For Android: Settings > Apps & Notifications > Configure Notifications
- For iOS: Settings > Notifications > Select the app > Turn off the “Allow notifications” option
Google complies with the “US Privacy Shield” data protection regulations and is registered with the “US Privacy Shield” program of the US Department of Commerce and therefore offers appropriate guarantees for an appropriate level of data protection.
For more information, see Terms of use and privacy from Google.
Branch.io
For our website and app, we use Branch Metrics, which is operated by Branch Metrics Inc., 2443 Ash Street, Palo Alto, CA 94306, USA. Branch enables us to generate targeted smart links to content within our websites and within our app using appropriate software development kits (SDKs) for web, iOS and Android operating systems. This allows us to analyse the effectiveness of our advertising measures and improve our online offering for you, for example by determining whether a user was redirected to our website or app after clicking on an ad and how our website and app is being used.
Branch Metrics collects data as part of providing the service and its features. The purpose and scope of data collection and processing of data by Branch can be found in Privacy notices From Branch Metrics.
App (Cornelsen English Trainer 3/4)
Collection and use of personal information
Your data is used solely to provide you with the most user-friendly, practical and secure user experience possible. While using this app, no personal data is stored and no data is passed on to third parties. App usage data is stored anonymously and only to improve the user experience.
According to Article 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
surety
cabuu GmbH uses technical and organizational security measures to ensure that your personal data is protected against loss, incorrect changes or unauthorized access by third parties. In any case, only authorized persons have access to personal data, and only to the extent necessary for the purposes set out above. The security measures are constantly being adapted to improved technical options.
Local data storage
As part of app usage, data is stored locally on the device. This data is only necessary for the operation of the app and is only used by it. When the app is uninstalled, all data stored locally by the app is also deleted.
Data from children
cabuu GmbH will not knowingly collect and process data from children. If students make inquiries, we will only store the data if we have the express consent of their legal guardian. If data from children may then be stored, we will only share it within the framework of legal requirements. The term “children” includes definitions from national law and the legal provisions applicable to us.
profiling
We do not carry out automatic decision-making and/or profiling with your data.
Hosting and analysis of usage data
In general
Anonymized usage data is evaluated for secure operation and development of the app. This data is also used to optimize the learning plan calculated by the app for usage behavior. This data cannot be linked to your identity. We have no means of attributing this data to you personally and do not combine this data with other data sources. The collected data will not be passed on to third parties.
Amazon Web Services
Our app and therefore also your user account — is hosted by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg (hereinafter “AWS”) on servers in Ireland. AWS also takes strict technical measures to protect your personal information. AWS does not share your personal information with third parties unless the transfer is necessary to perform the agreed services or AWS must do so to comply with the law or a valid and binding instruction from a government or regulatory authority. The data transmitted for this purpose is limited to the necessary minimum.
AWS may also store the information in countries outside the European Economic Area. However, AWS will take the necessary steps to ensure that an appropriate level of data protection is maintained. For example, when AWS transfers your data to the United States, AWS takes additional measures, such as concluding EU-compliant data transfer agreements with the data importer, if necessary.
We delete your data as long as they are no longer required to achieve the purpose and there are no legal storage requirements.
Amazon complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce and therefore offers appropriate guarantees for an appropriate level of data protection.
For more information, see privacy policies from Amazon.
newsletters
Mailchimp
We use MailChimp's services to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 (USA) (“MailChimp”).
MailChimp is a service that, among other things, can be used to organize and analyze the sending of newsletters. If you have entered data for the purpose of subscribing to the newsletter (e.g. email address), it will be stored on MailChimp's servers in the USA.
With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (so-called web beacon) connects to Mailchimp's servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked on, if any. Technical information is also collected (e.g. time of retrieval, IP address, browser type and operating system). This information can be assigned to the respective newsletter recipient. They are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of recipients.
If you do not want analysis from MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
The data you provide to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and Mailchimp servers after you unsubscribe from the newsletter.
We have concluded a so-called “data processing agreement” with MailChimp, in which we oblige Mailchimp to protect our customers' data, not to pass it on to third parties and to comply with the provisions of the standard contractual clauses in accordance with Art. 46 GDPR when personal data is transferred to the USA.
For more information about data processing by Mailchimp, please see the privacy policies by Mailchimp.
Support and contact requests
Zendesk
We use the Zendesk ticket system, a customer service platform from Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 (USA), to process customer inquiries on the website and in the app. If you send us a message via the contact form, your details from the enquiry form, including the contact details provided there, will be stored via Zendesk's ticket system for the purpose of processing the request and in case of follow-up questions.
We have concluded a so-called “data processing agreement” with Zendesk, in which we oblige Zendesk to protect our customers' data, not to pass it on to third parties and to comply with the provisions of the standard contractual clauses in accordance with Art. 46 GDPR when personal data is transferred to the USA.
Data processing is carried out at your request and, as part of answering a contact request, is based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR in order to be able to process inquiries in a meaningful way at all.
For more information about data processing by Zendesk, see privacy policies from Zendesk.
Your rights
You can contact us at any time if you want to request information, deletion, restriction or objection. Please use the available contact details for this purpose. Requests must be made in writing so that we can clearly identify the requester.
information
According to the Federal Data Protection Act, you have the right to receive information about your stored data free of charge and, if applicable, a right to correct, block or delete this data. In this case, please contact us using the contact details above.
Right to lodge a complaint
If you have legitimate doubts about our handling of your data, please inform us or contact the appropriate supervisory authority.
changes
We reserve the right to amend this privacy policy from time to time. We therefore recommend that you review this statement regularly.
Rights of data subjects
You have the right to:
- to withdraw your consent to us at any time in accordance with Article 7 (3) GDPR. As a result, we are no longer allowed to continue data processing based on this consent in the future;
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, unless it has been collected from us;
- in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible and
- to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.