Privacy Policy
This privacy policy applies to data processing by mim technologies GmbH ("controller", "we" or "us") when using the Informed App ("App") and when visiting our website "informed.so" ("Website").
Informed offers users access to journalistic content from selected partners. The scope of the articles and functions contained in the app depends on whether the user uses the app in the free or paid version (the latter: "subscription").
Using our app and visiting our website involves certain processing of your personal data. Personal data is any information relating to an identified or identifiable natural person, e.g. name, address, email address. We process data that you provide to us independently as well as data that we collect from you when you use the app and visit our website.
When processing your personal data, we observe the applicable data protection laws, in particular the European Data Protection Regulation ("DSGVO") and the German Federal Data Protection Act ("BDSG").
With this data protection declaration, we would like to inform you about which personal data we process, for what purposes and on what legal basis.
1. Name and contact details of the data protection officer
Responsible for the processing of your data is mim technologies GmbH; address: Wallstr. 67, 10179 Berlin; phone: 030 62931793, e-mail: contact@informed.so.
2. Collection and storage of personal data as well as type and purpose of their processing, relevant legal basis and storage period
1. Download the app
When you download our app, the information required for the download is transmitted to the app store you accessed, i.e. in particular your user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data insofar as it is necessary for downloading the app to your mobile device.
2. Use of our app and website
When you use our website and our app, we automatically collect and store data that your browser transmits to our server (so-called server log files), whereby logging only takes place to the extent that is technically necessary.
The following information is collected:
- Operating system and information on the Internet browser used, including installed add-ons;
- IP address (internet protocol address) of the end device from which the online offer is accessed;
- Internet address of the website from which the online offer was accessed (so-called origin or referrer URL);
- Name of the service provider through which the online offer is accessed;
- Name of the retrieved files or information;
- Date and time as well as duration of the retrieval.
The legal basis for the collection of this data is Art. 6 para. 1 p. 1 lit. f) DSGVO. Our legitimate interest in collecting this data follows from the following purposes:
- Ensure optimal use of our website and app,
- Ensure smooth connection establishment,
- Evaluation of system security and stability.
3. Creation of an Informed Account
1. Sign-in with Apple
You have the option of registering in our app via the Apple sign-in function. As an Apple user, this saves you time when registering . When you sign in with your Apple ID, either your email address stored with Apple and/or your name or a one-time email address generated by Apple will be sent to us, depending on your selection. In this case, Apple receives the information that you are a user of our app.
The legal basis for the integration of the Apple Sign-In in our app is Art. 6 para. 1 p. 1 lit. f) DSGVO. With the sign-in function, we pursue the legitimate interest of offering you a quick and easy registration option. The sign-in function is therefore in our interest as well as yours.
For more information about Apple's privacy policy, please visit https://www.apple.com/legal/privacy/de-ww/.
2. Registration with email address
In addition, you can register directly in our app by entering your e-mail address. We use the so-called double opt-in procedure to confirm the e-mail address you have provided. This means that after your registration, we will send you an email to the email address you provided, in which we ask you to confirm your email address. During registration, you can voluntarily enter your name in your profile.
We process your email address and, if applicable, your name in order to fulfil the usage contract concluded with you for the use of our app. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b) DSGVO.
3. Storage period
We delete the data collected and stored in connection with the creation of your Informed Account at the latest when you delete your Informed Account. However, premature deletion of your personal data is not possible if and to the extent that your data is still required to process a subscription via our app.
Irrespective of this, we store your data processed when concluding a subscription until the expiry of the statutory or possible contractual warranty rights. After the expiry of this period, we retain the information of the contractual relationship required under commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.
4. Data processing for personal addressing by e-mail
If you give us your express consent, we will send you information about our Informed offers by e-mail. For this purpose, we collect and process your name and your e-mail address. When you register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered with your e-mail address, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you actually wish to receive the newsletter.
The legal basis for sending our newsletter is Art. 6 para. 1 p. 1 lit. a) DSGVO.
If you have subscribed to our newsletter, we also collect information about how you use the newsletter (e.g. email opens and email clicks). A so-called tracking pixel (also called web beacon or tracking pixel) is embedded in the HTML emails sent with the newsletter for this purpose. A web beacon is a small graphic that contains unique identifiers that allow us to analyse the success or failure of our newsletter campaigns. Our service provider records the email address, IP address, date and time of each open and click to provide us with aggregate reports on how an email campaign was conducted and how our subscribers use the newsletter. This allows our service provider to generate reports on the success or failure of an email campaign so that we can optimise the content of our newsletter. The data processing is carried out on the legal basis of the consent given when subscribing to the newsletter in accordance with Art. 6 para. 1 p. 1 lit. a) DSGVO. For more information on the service providers we use, please see section 4.2.
5. Optimisation of the apps and website
1. Cookies
On our website, we use cookies that are stored temporarily in your RAM ("session cookie") or permanently on your hard drive ("permanent cookie"). Cookies are small text files that are automatically created by the browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. These files enable us to design the website more efficiently. Most of the cookies we use are session cookies, which are only stored in the RAM but not on your hard drive and expire when you close your internet browser and are therefore automatically deleted. Session cookies enable us to recognise that you have already visited individual pages of our website or that you have already logged into your account. Other cookies remain on the terminal device you are using so that you can be recognised on your next visit.
Most browsers accept cookies automatically. However, you can set your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is set. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
The activation of cookies is necessary for the smooth functioning of the website. We therefore have a legitimate interest in their use. The legal basis for the associated data processing is therefore Art. 6 para. 1 p. 1 lit. f) DSGVO.
If we use other cookies (e.g. cookies to analyse your surfing behaviour), we will inform you separately in this privacy policy.
2. Segment
In our app and on our website , we use the software of Segment.io, Inc., 101 15th Street, San Francisco, CA 94103 USA ("Segment") on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO. The tool collects and stores data from which usage profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are evaluated to improve our offer. Cookies may be used for this purpose, which enable the user to be recognised. The pseudonymised usage profiles are not combined with personal data about the bearer of the pseudonym without a separate, express consent.
When using Segment, data may be transferred to the USA. For this purpose, we have concluded EU standard contractual clauses with Segment, which can be viewed at https://segment.com/legal/data-protection-addendum/ which can be viewed at
For more information, please see Segment's privacy policy: https://segment.com/docs/legal/privacy/
3. Other recipients of personal data
To process your personal data, we sometimes use the services of other external service providers (IT providers, payment service providers). These service providers only process your personal data for the purposes set out in this data protection declaration, on our behalf and in accordance with our instructions.
1. Hosting
1. Amazon Web Services
We process the data we store on servers operated by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxenburg, L-1855, Luxenburg ("AWS"). We store data that you enter yourself on our website and in our app on the servers of AWS (registration data such as email address) as well as data that we automatically collect from you when you visit our website and use our app (such as your IP address and your location). We have concluded an order processing agreement with AWS in accordance with Art. 28 DSGVO. Your personal data is stored exclusively on servers in Frankfurt and is therefore not transferred to data recipients outside the European Union . Further information on data protection at AWS is available at https://aws.amazon.com/de/compliance/germany-data-protection/.
2. Newsletter dispatch
We collect and process your personal data for sending newsletters and any associated analysis of the use of our newsletter on the basis of your unambiguous consent (see above under 3.4). In some cases, we use service providers to send newsletters.
1. Sendgrid
For sending newsletters, we use the Sendgrid service of Twilio Inc., 889 Winslow Street, Redfort City, California 94063, USA ("Sendgrid") on the basis of a commissioning contract in accordance with Art. 28 DSGVO. Sendgrid receives both the email addresses of our users and the content of the messages to be sent. Sendgrid may store data in the USA. For this reason, we have concluded EU standard contractual clauses with Sendgrid, which you can find at https://www.twilio.com/legal/data-protection-addendum which you can view. For more information on Sendgrid's privacy policy, please visit: https://sendgrid.com/resource/general-data-protection-regulation-2/.
2. Customer.io.
For sending newsletters and analysing user behaviour, we also use the services offered under customer.io by Peaberry Software Inc, 921 SW Washington Street, Suite 820, Portland, Oregon 97205, USA ("Customer.io") on the basis of a contract on commissioned data processing pursuant to Art. 28 DSGVO. Customer.io collects and stores the following data each time a file is requested: IP address, website from which the respective file was accessed, name of the file, date and time of access, amount of data transferred and notification of the success of the access. This access data is processed exclusively in non-personalised form for the technical optimisation of the sending and presentation of the e-mails or for statistical purposes. As data may be transferred to countries outside the EU and the EEA , we have concluded EU standard contractual clauses with Customer.io, which are available at https://customer.io/legal/scc/ which can be found at You can also find more information about data protection at Customer.io here: https://customer.io/legal/privacy-policy/.
3. Workflows
1. Zapier
For the integration of different tools, we use Zapier, a service of Zapier Inc., 62411 Market Street, San Francisco, CA 94104-5401, USA ("Zapier") on the basis of a commissioning agreement pursuant to Art. 28 DSGVO. Zapier makes it possible to link different web applications with each other, to transfer data and thus to realise process automation. If personal data are processed in the tools that are linked by Zapier, these personal data are also processed by Zapier in the automation of workflows. Zapier is used for process automation in order to optimise workflows and minimise errors. The use of Zapier is thus based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f) DSGVO.
As Zapier is based in the USA, the transfer of data to countries outside the EU and the EEA is possible. For this purpose, we have agreed with Zapier that the EU standard contractual clauses apply (https://cdn.zappy.app/a6ceaed01cc4d9bbde1800a5e9671cb3.pdf). You can find more information on data processing by Zapier at https://zapier.com/help/account/data-management.
2. Launch Darkly
For error analysis, we use the LaunchDarkly tool, a service provided by LaunchDarkly, Catamorphic Co, 405 14th Street, Oakland, CA 94612, USA ("LaunchDarkly"). LaunchDarkly enables us to analyse errors and generate crash reports for our website. If personal data is processed in this context, it is in the category of usage data. LaunchDarkly therefore enables us to improve the stability of our website and services by monitoring our system and recording code errors. The use of LaunchDarkly is thus based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f) DSGVO. Further information on data processing by LaunchDarkly can be found at: https://launchdarkly.com/policies/privacy/
3. AppsFlyer
To improve the user experience, we use AppsFlyer, an analytics service provided by AppsFlyer Inc. 111 New Montgomery St, San Francisco, CA 94105, United States ("AppsFlyer"). AppsFlyer enables us to optimise the user experience by collecting various session and interaction data from users and storing it for this purpose. However, this data is never processed in a personalised form, but only in a pseudonymised form. The use of AppsFlyer is thus based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f) DSGVO.
As part of AppsFlyer's data processing, data may be transferred to the USA. To protect your personal data, we have concluded the EU standard contractual clauses with AppsFlyer, which can be viewed at https://www.appsflyer.com/gdpr/dpa.pdf. can be viewed.
For more information about privacy at AppsFlyer, please visit: https://www.appsflyer.com/legal/privacy-policy/
4. Payment services
For the transmission, verification and evaluation of in-app purchases, we use Revenue Cat, a service of Revenue Cat, Inc., 633 Tarava St. Suite 101, San Francisco, California 94116, USA ("Revenue Cat"). We process payment data collected from you in this context to fulfil the usage contract concluded with you via the app. The legal basis is therefore Art. 6 para. 1 p. 1 lit. b) DSGVO.
Data may be transferred to the USA as part of Revenue Cat's data processing. To protect your personal data, we have entered into the EU standard contractual clauses with Revenue Cat, which can be viewed at https://www.revenuecat.com/dpa which can be viewed at
For more information about Revenue Cat's privacy policy, please visit: https://www.revenuecat.com/gdpr
5. Transfer of data to third countries
Except in the cases mentioned under point 1, we do not transfer your personal data to recipients in countries outside the European Union or the European Economic Area where a level of data protection comparable to that in the European Union cannot be readily assumed.
4. Data security
All personal data transmitted by you is transferred using the secure and proven SSL (Secure Socket Layer) standard, which is also used for online banking, for example. We also use appropriate technical and organisational security measures to protect stored personal data against manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. In particular, we ensure that sensitive personal data is stored exclusively on servers hosted in the EU that are certified in accordance with DIN ISO/IEC 27001 (as amended).
5. Your rights
In relation to our processing of your personal data, you have the following rights free of charge:
1. Right to information pursuant to Art. 15 DSGVO
You have the right to receive information from us about whether and what data we process about you. This includes information on how long and for what purpose we process the data, the source of the data and the recipients or categories of recipients to whom we pass on the data. We can also provide you with a copy of this data.
2. Right to rectification pursuant to Art. 16 DSGVO
You have the right to request that we correct information about you that is not or no longer accurate without delay. In addition, you can request that we complete your incomplete personal data. If required by law, we will also inform third parties of this correction if we have disclosed your personal data to them.
3. Right to erasure pursuant to Art. 17 DSGVO
You have the right to request that we delete your personal data without delay if one of the following cases applies:
- Your data is no longer necessary for the purposes for which it was collected or otherwise processed or the purpose has been achieved;
- You withdraw your consent and there is no other legal basis for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing; in the case of the use of personal data for direct marketing, a mere objection by you to the processing is sufficient;
- Your personal data has been processed unlawfully;
- the deletion of your personal data is necessary for compliance with a legal obligation under European Union law or the law of a Member State to which we are subject.
Your right to deletion may be restricted on the basis of statutory provisions. This includes in particular the restrictions listed in Art. 17 DSGVO and § 35 BDSG.
4. Right to restriction of processing pursuant to Art. 18 DSGVO
You have the right to request us to restrict the processing of your personal data if one of the following grounds applies:
- You dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data;
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of your personal data;
- we no longer need your personal data for the purposes of processing; however, you need them for the assertion, exercise or defence of legal claims, or
- You have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.
If you have obtained a restriction on processing under the above list, we will inform you before the restriction is lifted.
5. Right to data portability pursuant to Art. 20 DSGVO
You have the right to obtain personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to others. The exercise of this right does not affect your right to erasure.
6. Right of objection according to Art. 21 DSGVO
According to Art. 21 DSGVO, you have in particular the right to object to the processing of your data at any time for reasons arising from your particular situation, if we base this processing on legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) DSGVO. If you object, we will no longer process your personal data, except in two cases:
- we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
- the processing serves the assertion, exercise or defence of legal claims.
In particular, if we process your personal data for direct marketing, you have the right to object at any time to the processing of your data for the purpose of such marketing. If you object to the processing of your data for direct marketing purposes, we will no longer use your personal data for this purpose.
7. Right of withdrawal b of consent according to Art. 7 DSGVO
You can revoke your consent given to us at any time with effect for the future. This revocation can take the form of an informal communication to the above contact addresses. If you revoke your consent, the legality of the data processing carried out up to that point will not be affected.
8. Right to complain to the supervisory authority
If you believe that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities. The supervisory authority responsible for us is the:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
Phone: 030 13889-0
Fax: 030 2155050
E-mail: mailbox@datenschutz-berlin.de
Last change: 04.04.2022