DE


Data Privacy Notice

SIMSme for Private Customers

1.Introduction

Deutsche Post AG (hereinafter Deutsche Post) appreciates your interest in SIMSme. We take your privacy seriously and have developed internal systems to ensure the privacy of your personal data during all stages of processing related to our business operations, including visits to our internet pages and the use of our services.

This document details which data we at Deutsche Post collect during your visit to the SIMSme website and when you use the SIMSme app, and how such data is used.

2. Personal data

"Personal data" means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; This includes information such as proper names, address, telephone numbers and date of birth. Information that cannot be directly associated with a real identity — such as the total number of users of a site — is not considered personal data.

3. Name and contact details of the controller and the data protection officer

This data privacy notice applies to data processing at

Deutsche Post AG
Charles-de-Gaulle-Straße 20
53113 Bonn

Please contact our data protection officer with any questions related to the processing of your personal data. The data protection team is available to assist you with requests for information, comments or complaints.

Deutsche Post AG
Gabriela Krader, LL.M
53250 Bonn
datenschutz@dpdhl.com

4. Competent supervisory authority

Data processing related to postal and telecommunications services:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn

Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen
Tulpenfeld 4
53113 Bonn

Other data processing by the responsible parties:
Die Landesbeauftragte für den Datenschutz Nordrhein Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf

5. Purpose and legal basis for data processing

5.1 Visit of the website

DDeutsche Post is obligated to protect the privacy of the users of our website. When you visit our websites, a certain amount of data must necessarily be collected and stored for connection, configuration and security purposes. Accordingly, our web servers always temporarily store: the connection data of the computer connecting to our website; a list of which of our web pages you visit; the date and duration of your visit; the IP address of your device; identification data related to the browser and operating system you are using to visit us; and the website from which you were referred to our website. Beyond this, no personal data such as your name, address, telephone number or email address is collected unless offered on a voluntary basis, such as to register for the website, to participate in a survey or prize sweepstakes or as required to perform a contract or informational query.

The legal basis for the processing of the aforementioned data categories is Art. 6 Paragraph 1(f) rev GDPR. For these reasons, and in particular to ensure safe and seamless connection, we have a legitimate interest in the processing of such data.

Any such data is stored for no more than 7 days, after which time it is automatically deleted. We also use cookies, tracking tools and targeting measures.

5.2 Use of web tracking

We deploy tracking software to determine the number and frequency of users of our website. This software does not collect any personal data or individual IP addresses. The data is solely collected in an anonymized, aggregated form for statistical purposes and to aid in the development of the website. This in turn helps us to improve not only the services we offer, but also the user-friendliness and customer orientation of content and services on our website.

5.3 Google reCAPTCHA

We use the Google reCAPTCHA service to protect our website from spam and misuse. reCAPTCHA prevents automated software (so-called "Bots") from undertaking abusive activities on the website. The mechanism works by challenging whether any provided information actually originates from a human user. To do so, the following data is collected and processed:

Referrer (address of the page on which the Captcha was used)

IP address of the user

Google account (if the user is registered with Google, then this is detected and classified)

The input behavior of the user (such as answering of the reCAPTCHA question, speed of entry into the form fields, sequence of selection of the input fields by the user) to improve the detection performance by Google. Browser, browser size and resolution, browser plug-ins, date and language settings

CSS templates and scripts (Javascript) of the internet page

Mouse and touch events within the page

Google furthermore reads out cookies from other Google services such as Gmail, Search and Analytics. All data is sent to Google in encrypted form. Google's subsequent assessment determines which form of Captcha is shown on the site — either a checkbox or text input field. There is no read-out or storage of personal data from the input fields on the forms. For more information about Google's data protection policy, please visit www.google.com/policies/privacy/.

5.4 Use of Cookies

"Cookies" are small files that allow us to store specific personal information about you on your PC while you are visiting our website. Cookies allow us to determine the frequency of usage and number of users to our internet pages and to design our offerings to be as convenient and efficient for you as possible.

In accordance with Art. 6 Section 1(f) rev. GDPR, we use "session cookies" to optimize our website and ensure convenient, uninterrupted usage. These cookies are stored solely for the duration of your visit to our internet pages. They are automatically deleted once you close your browser. Beyond this, we use other "persistent cookies" to record information about users who visit our internet pages repeatedly. These cookies are used to provide you with the best possible user interface, as well as to "recognize" you and present a more diverse selection of content on our web pages upon repeated visitation.

No individual profile is formed based on use behavior. The content of persistent cookies is restricted to an identification number. No name, email address, IP address etc. is stored. Certain exceptions apply to this, as explained in the Cookie chart below.

5.4.1 Cookie chart and cookie categories

Cookies can be categorized into the following four groups. Please note that cookies can belong to more than one category

Absolutely necessary: The following cookies are absolutely necessary to allow for navigation of the website and the use of its features. The services you wish to use would be unavailable without them.

Performance: These cookies collect information about how users use a website, such as which pages visitors call up most frequently. No information that can be used to personally identify the user is collected in this process. All information collected by these cookies is aggregated and is thus anonymous. The data is used solely to improve the functional flows of the website.

Functionality: These cookies allow websites to record your decisions and provide expanded, personalized functionality. For example, these cookies can be used to note changes to font sizes, font styles and language preferences. They also facilitate the provision of services you wish to use, such as playback of videos or commenting on a blog. The information collected by these cookies can be anonymized; the cookies are not capable of tracking which other websites you've visited.

Targeted advertising: These cookies allow for ads to be shown to you that are of greater relevance to you and your interests. These also serve to limit the number of cases in which you will see advertising, and improve the ability to measure the effectiveness of the advertising campaign. The ads are typically placed by an advertising consortium, with the permission of the website operator. They establish that you have visited a website; that information is forwarded to other organizations, such as advertising agencies. The Deutsche Post website does not currently use any such targeted advertising cookies

The following chart lists all specific cookies used on the website.

Cookie: Adobe SiteCatalyst Analytics Cookies
Name: s_cc, s_sq
Category: Performance
Purpose: The s_cc cookie is set when a visitor calls up the home page and is read using Javascript code to determine whether cookies are activated. The s_sq cookie is set when a visitor calls up the home page. It records in anonymous form which links the site visitor clicks on. This is used to determine which links are used and which are not, an important step in improving our website. This information is solely used internally and confidentially by Deutsche Post to improve the website for visitors. It is a session cookie that is deleted once the browser is closed.

Cookie: Adobe SiteCatalyst Analytics Cookies
Name: s_vi
Category: Performance
Purpose:This cookie is set when a visitor calls up the home page. It provides an ID for each unique, discrete visitor and collects information on how our website is used. We use this information to determine ongoing steps in the development of our website and to improve our ability to provide user-specific content. The cookie contains information in anonymous form (Unique Visitor ID, time and date). This information is solely used internally and confidentially by Deutsche Post to improve the website for visitors. It is deleted after 90 days

Cookie: Google Adwords Conversion-Tracking Cookies
Name: _gac-Cookie
Category: Performance
Purpose: This cookie is set when a visitor clicks on an ad placed by Google. It becomes invalid after 30 days and contains no personal data, and hence is not used for personal identification. When a visitor visits specific internet pages on our website and the cookie is still valid, Google and Deutsche Post can identify that the visitor has clicked on the ad and was forwarded to this page. This information, retrieved via the aid of the conversion cookie, serves to create conversion statistics for AdWords customers. It does not, however, contain any information that could be used to identify the user personally.

Cookie: Google Remarketing Cookies
Name: _IDE
Category: Performance
Purpose: This cookie is set when a visitor clicks on an ad placed by Google. In doing so, Google stores a small file containing a numerical sequence in the browser of the site visitor. That number is used to record visits to the website as well as anonymized data on the usage of the website. If the visitor subsequently visits another website in the Google display network, then ads are likely to be placed that reflect previously visited product and informational areas. No personal data from the visitor of the website is stored.

5.4.2 Use of Cookies

It is possible to use our services without enabling cookies. You can set your browser to prevent it from storing cookies, limit cookies on specific websites or configure your browser to inform you when a cookie is set. You can delete cookies from your computer's hard drive at any time (Folder: "Cookies"). Please note that doing so may degrade the functionality and appearance of the website. Most browsers include the ability to control the behavior of the majority of cookies. For more information about cookies, including questions of which cookies are set and how to manage and delete them, please visit All About Cookies at http://www.allaboutcookies.org/. For EU-specific information about cookies and the various options for deactivating them, please also visit the website Your Online Choices at http://www.youronlinechoices.eu/.

To opt out of Adobe SiteCatalyst Analytics' cross-website tracking (or to change your settings if you've previously opted out), please visit Adobe SiteCatalyst Analytics Opt-out at http://www.112.2o7.net/optout.html?second=1&second_has_cookie=0&locale=de_DE. Please remember that you must reapply your opt-out settings if you delete your cookies or visit the site using a different browser or computer.

VYou can also opt out of some or all ad cookies on your computer by visiting the website of the Network Advertising Initiative (NAI) at http://optout.networkadvertising.org/?c=1#!/. Not every visitor to our website is using a web browser. Some users visit the Deutsche Post website or use its applications on a mobile device. In this case it may not be possible to deactivate cookies or change your web browser settings.

5.5 Use of SIMSme

To provide SIMSme for your use, certain pieces of your personal data are required. This data is required to perform the contract regarding the use of SIMSme. The legal basis for the processing of the aforementioned data categories is Art. 6 Paragraph 1(b) rev GDPR, as it is related to the performance of a contract into which you have entered. The following sections provide additional information on this.

5.5.1 Collection and processing of data during registration

To register for a SIMSme user account, the Messenger records the mobile phone number and, where desired, nickname and profile image of the user. The mobile phone number is then stored in hashed form in the SIMSme server.

You can also use SIMSme without allowing access to your contacts. If you register with SIMSme and explicitly approve access to the phone book contacts on your smartphone, these are then sent to the server for a hashed comparison and then deleted. Contacts who have saved your number in their telephone book and who are also using SIMSme are then informed about your registration when they search for other users.

5.5.2 Collection and processing of data during use of Messenger

SIMSme stores your login data (nickname, mobile phone number and password) locally in your Messenger app so that you can remain permanently connected. Your communications data is also stored locally in encrypted form within the messenger. Our servers, which are all based in Germany, solely receive your mobile phone number, your profile photo and your nickname.

Messages are end-to-end encrypted and are only stored temporarily on our servers. All messages are deleted from the server after 90 days. User accounts and all related data can be completely deleted from our servers by the user from within the profile settings.

5.5.3 Importance and use of the password

When creating an SIMSme user account, an RSA key pair is generated on your device. The private key is encrypted based on the device password you select and can only be decrypted using that same device password.

If you forget your password, our only option is to reset your password and you must re-register. We are unable to reset your password or set a new one. As such, your SIMSme password is highly important. Even if you allow the app to remain logged in permanently, you must always know your password in case you need to delete your profile or to make changes to the password..

5.5.4 Collection and processing of data for quality assurance purposes

When using the SIMSme Messenger, anonymized and cumulative data on user behavior is recorded and statistically assessed for quality assurance and improvement reasons, such as the number of all messages sent via SIMSme, number of all logins per day etc. It is not possible to associate the anonymous data with any natural person.

We have commissioned Adjust GmbH of Berlin to process this data. Adjust GmbH has received the EU ePrivacy seal, certifying that it complies with data privacy standards. For more on this, please see https://www.eprivacy.eu/kunden/vergebene-siegel/firma/adjust-gmbh/.

If you do not wish to allow the collection and processing of this anonymized data by the SIMSme app, you can deactivate this function in the settings section of the SIMSme app under Data Protection. If you are already in the SIMSme app, a link to deactivate the function will appear at the end of this text.

6. Storage duration

Your personal data is deleted or locked as soon as the purpose of storage is no longer applicable. Storage may also be extended to meet legal storage requirements. Locking or deletion of the data then occurs once the legally specified storage period has expired, unless further storage of the data is required to conclude or perform a contract.

7. Recipients or categories of recipients

Deutsche Post does not and will not forward your personal data to third parties, except where required by law, or to fulfill a contractual requirement, or where you have expressly given your consent for it to do so.

External service providers processing the data on our behalf have offered sufficient guarantees that they are working with suitable technical and organizational measures to process the data in compliance with the requirements of the EU General Data Protection Regulation. As per Art. 28 GDPR, they are obligated to strict confidentiality. In this case, Deutsche Post remains responsible for the protection of your personal data. The external service providers process personal data only upon documented instruction to do so by Deutsche Post.

8. Transfer to foreign countries

Transfer to foreign countries means that data is forward to a state outside the European Economic Area (EEA), or access from within such a state is allowed. Your SIMSme-related data will never be processed in such a foreign country.

9. Corporate Data Privacy Policy

The DPDHL Data Privacy Policy governs Group-wide standards for data processing, with a specific focus on so-called third-country transfers, meaning the sharing of personal data to countries outside the EU which do not offer a suitable standard of data protection. For more information about the corporate data privacy policy, please visit https://www.deutschepost.de/content/dam/dpag/images/F_f/Footer/Zusammenfassung_DataPrivacyPolicy_2014.pdf to download the corporate data privacy guidelines (summary, PDF, 362 KB)".

10. Rights of the Data Subject

You as data subject have the following rights:

Should you wish to enforce your rights, please contact the following office: by postal mail at Deutsche Post AG // SIMSme; Charles-de-Gaulle-Str. 20; 53113 Bonn or by email to info@sims.me. Insofar as you provided consent for a specific type of processing, you can revoke this at any time at the address provided to you at the time of consent.

11. Data security

Deutsche Post uses all necessary technical and organizational security measures to protect your personal data against loss and misuse. For example, your data is stored in a secure environment that is not accessible to the public. In some cases, your personal data is encrypted during transmission using Secure Socket Layer (SSL) technology. This means that communication between your computer and Deutsche Post servers is handled using an accredited encryption process, presuming your browser supports SSL. If you wish to contact Deutsche Post by email, please not that we cannot ensure the confidentiality of any information you provide. The content of email messages can be intercepted and read by third parties. We therefore recommend that you send us any confidential information solely via postal mail.

12. Last Update of this Data Privacy Notice

We review our Data Privacy Information on a regular basis. Deutsche Post reserves the right to change its data privacy statement at any time and without prior warning. Please visit regularly to inform yourself about any changes. By using this website, you are providing your consent to this data privacy declaration. This declaration was last updated on May 15, 2018.