You can get our "SketShDb" mobile app from the app store and download it on to your mobile device. We take the protection of your personal data seriously. We only collect and process your personal data in compliance with the provisions of the EU General Data Protection Regulation ("GDPR") and other provisions of European and applicable national data protection law. In the sections below, we inform you about how we protect your data and how your use of our "SketShDb" app affects you.
1. Controller with responsibility for data privacy
5byfive GmbH (referred to in the following as "5byfive") is responsible as the service provider and with regard to data privacy law. If you have any questions, suggestions or criticisms relating to data privacy and our "SketShDb" app, please contact:
2. What is personal data?
Personal data covers all information which can be used to identify you personally in any way whatsoever. This may, for example, be your name, your address or your e-mail address. Data which cannot be assigned in any form to any specific person is therefore not personal data (e.g. number of users of the "SketShDb" app).
3. For what purposes do we process your personal data?
3.1 General information
We process your personal data for the purposes stated or for purposes directly linked to the functioning of the "SketShDb" app. We only transmit data to third parties if this is explicitly permitted by law. The processing of personal data is essential for the conclusion and performance of the contract. We also have a legitimate interest in knowing who exactly we have entered into a contract with and how we can contact them. Statutory retention periods may also apply.
It is possible, however, that European regulations, applicable national laws or other rules may require that we store data which we have processed for a longer period of time. We will erase or restrict the processing of your data when these periods of storage have expired.
3.2 What data are processed when you download the "SketShDb" app?
When you download the "SketShDb" app the necessary information is first transmitted to the app store. This includes in particular your user name, your e-mail address and the customer number of your account, the time at which the app is downloaded, payment information and your individual device number. We have no influence on the collection of these data and responsibility is held solely by the app store.
We have no influence on the processing of data by Apple1. Nonetheless, it is the case that Apple Inc., 1 Infinite Loop, Cupertino, California, USA, 95014, also states that it takes strict technical measures to protect your personal data. Apple online services protect your personal data during transmission by means, for example, such as Transport Layer Security (TLS). Apple may disclose your personal data to third parties which offer Apple products and services themselves or which support Apple's marketing to customers. Apple also passes on data to companies which provide services for Apple. It may also sometimes be necessary for Apple – on the basis of legal regulations, legal procedures and/or the requirements of public and government authorities, either in your country of residence in another country – to disclose personal data.
In some circumstances, Apple may also transmit the information to countries outside the European Economic Area. Apple does, however, claim to take the necessary steps to ensure that an appropriate level of data protection is maintained. If Apple sends your data to the United States, for example, Apple states that it takes additional measures, such as concluding EU-compliant data transmission agreements with the data importer if this is necessary.
More information is available at: https://www.apple.com/legal/privacy/en-ww/
3.3 What data are processed for your registration and login?
You can register with the "SketShDb" app by logging in with your e-mail address, a user name (pseudonym) which you have chosen and a password.
During your registration we process
- the e-mail address used by you to register;
- a user ID created by us; and
- the password (naturally not in plain text, but hashed) provided by you when you registered;
- the time of your registration and the "SketShDb" app version number you used when you registered; and
- the ID of the token generated for verification.
The legal basis for the processing of this data is Article 6 (1) sentence 1 b) GDPR as we need your data in order to perform the contract. We also erase your data if they are no longer needed for the stated purpose and if they are not subject to contractual or legal retention periods.
The e-mail address provided when you register and which is linked to your account is never displayed to other users by the "SketShDb" app. Other users only find out about the e-mail address in the app if you actively enter the address as data in one of your projects or as a comment or if another user does this. Your user ID is not shown openly in the "SketShDb" app either. It is stored in the "SketShDb" app database and could therefore be read out by a technically adept person who has direct access to the server used by you.
3.4 Validation of user ID
From time to time (about once a week), the app contacts our server to check the validity of the registration. This, of course, only happens if you use the app and if your terminal equipment is connected to the Internet. If the registration cannot be verified for more than 3 weeks, the registration data in the app becomes invalid. The registration must then be repeated (using the same e-mail address), so that the app and the data in the app can continue to be used.
During validation, only your user ID (see above) is sent to the server and checked to determine whether the registration is still valid.
The legal basis for the processing of this data is Article 6 (1) f) GDPR. This verification is unfortunately necessary for the app, as the app – in contrast to most other apps - otherwise works entirely separately from our servers. This means that – except for registration, validation and naturally synchronisation, export and creating backups – you can use the app completely offline and you also have offline access to all the data stored in the app.
3.5 Use of the e-mail address
We only use your e-mail address to send you security-related information and important user information (e.g. on error prevention). You have the right to object to the use of your e-mail address for these purposes at any time without incurring additional costs other than your provider's usual transmission costs. Please send your objection to the recipient stated under 1. above.
We will explicitly ask for your permission if we also process your personal data for a purpose for which your permission is required by law. You can withdraw any permission you have given to us at any time (see 1. above).
The legal basis is Article 6 (1) Sentence 1 a) GDPR. Article 6 (1) sentence 1 b) and f) GDPR also apply to information concerning problems and solutions relating to the app and to free updates. This concerns performance of the contract and not marketing.
3.6 What data are processed when the "SketShDb" app is used?
The data which you enter in your projects are stored in encrypted form in the "SketShDb" app. They will remain exclusively in the "SketShDb" app on your device until you yourself set up a replication with a server, or export the data manually via the export function, or create a backup or template. These procedures are under your complete control. In particular, the data from your projects are not stored on our servers. We are not responsible for processing your data in this step. This is entirely your own responsibility.
IMPORTANT! For this reason, you are also solely responsible for backing up your data! As we have no access to the data stored in your "SketShDb" app, we cannot back up or restore these data.
Your data is not exchanged with partners' servers either as long as you or another user do not actively use and share your project. The server operator is responsible for protecting and securing data on any replication server which you might use. At present we do not provide such servers.
Please note that our "SketShDb" app can also be used without a server. However, projects cannot be shared with other users without replications.
Regardless of the "SketShDb" app services and functions you use, other personal data may be collected by operating system functions and possibly processed by Apple. These data include data which you have entered in the "SketShDb" app yourself when creating a project, such as location data, etc. We are not responsible for data processing in this step either.
You also undertake, when creating and updating your SketShDb projects, to comply with the applicable data protection laws, including but not limited to when you share data with others via the SketShDb app.
3.7 Backups and templates
At the present time, backups and templates can only be stored from the "SketShDb" app directly in iCloud Drive. The Apple data privacy rules for the iCloud service apply. This means that only you yourself or Apple are responsible for the processing of your data. Further information on iCloud security measures is available here: https://support.apple.com/en-us/HT202303
The Apple data privacy rules can be read here: https://www.apple.com/legal/privacy/en-ww/
Instead of producing backups your project may be replicated with a server which you operate yourself with backups being produced of this server databases. At present we do not provide such servers.
3.8 Use of Google2 Logins for data export/import to/from "Google Docs"
You can use the app to share data from your projects with the Google Sheets service provided by Google LLC ("Google"), Amphitheatre Parkway, Mountain View, CA 94043, USA.
You must log in with a Google user account for this purpose. The SketShDb app and 5byfive cannot access the Google user account (especially the user name or e-mail address). A "token" is stored in the app to represent the login status which can, however, only be assigned to a user account by Google.
Please note that the SketShDb app only provides you with technical options. Google services are integrated by you; 5byfive has no influence on the use which is made of Google services. Google is therefore the controller (responsible) for processing the personal data in connection with the Google account used.
More information about data protection in the Google Cloud is available here:
However, we wish to point out in particular here that the login status is also stored outside the app in the system. This means that the token may continue to be used in other apps or in your terminal device's browser. This mechanism is not part of the "SketShDb" app but is fully under the control and the responsibility of Google. 5byfive does not have any influence either on the data which are collected and processed by Google.
You can log off from Google in the app itself. The token is then erased from the app.
In order to use the export/import function in the app, you must allow the app to access your files and to process your sheets stored in Google Docs. This is technically necessary for the export/import function. Apart from the export/import data which you explicitly select, only the values (including the name or the ID of the last used document and the name of the last used tab within a document) are stored in the app. The sole purpose of this is to save you having to make a selection or to make it easier to make a selection for the next export.
The export/import settings contain no personal data and are at no time communicated to 5byfive or anyone else. They are overwritten as soon as an export/import is performed with other settings or are completely erased when the app is removed from the device.
You can simply stop using the export/import function with Google Docs if you do not want your Google login to be used in the app or the app to access your Google Docs. This will not limit the use of the remaining app functions and you will still be able to export or import your data in CSV format.
3.9 Processing of location data
When you activate the positioning service in the "SketShDb" app, the app has access to your current geographic location. This function is only used to
- display your current location in a map views;
- make it easier for you to enter your present location in a project;
- to inform you – at your request only - whenever you are near a location entered in the app (geofencing).
The data are only processed in the app for precisely these purposes and are not transmitted to or by 5byfive in any other way.
3.10 Push notifications
3.10.1 Registration for the receipt of messages
Registration for the delivery of push notifications takes place automatically in the "SketShDb" app if the project is shared by means of replication and if one of the three notification modes "Unspecific notification of changes", "Only event type and project name" or "Complete push notifications" has been set.
If shared projects are used with push notifications (configurable by you or the project administrator for each project), further data must be stored on our servers for technical reasons according to each mode of notification. In all cases, these data are anonymized as far as possible and only the data are stored which are absolutely necessary for the push notification service to operate. When the data are no longer needed and we are aware of this (e.g. because the mode of notification has been changed), we will erase the data from our servers. The mode of notification can be set precisely in the "SketShDb" app to determine which information is sent to us. Specifically this is:
- a randomly produced database ID which identifies the project and enables the push notifications to be assigned;
- the automatically generated device identifier ("SketShDb" app-specific) as the addressee for notifications;
- the required types of notification (new object, erased object, new comment, etc.) to filter notifications according to your settings; and
- the project name given on your device to be able to show this name in the push notification, because the same project may have a different name on the device of the originator/sender of the push notification.
Your user ID will not be stored with the push notifications and no relationship will be created between the registration data (your e-mail address) and the data for the push notifications.
The following table provides an overview of the data we store for each mode of notification.
|Mode||Database-ID||Device identifier||Types of notification||Project name|
|Only local notifications||-||-||-||-|
|Push in background||X||X||-||-|
|Unspecific notification of changes||X||X||-||-|
|Only event type and project name||X||X||X||X|
|Complete push notifications||X||X||X||X|
3.10.2 Sending and delivery of notifications
As soon a user makes a change in a project, push notifications are sent automatically in the "SketShDb" app if a project is shared by means of replication and if one of the three notification modes "Unspecific notification of changes", "Only event type and project name" or "Complete push notifications" has been set for this project.
When a push notification is actually sent (in contrast to the use of local messages) all the information in the notification and the device identifiers of the addressees are sent to our notification servers in order to send the notification.
These data are independent of the mode of notification set by you. The following table provides an overview of the data sent to our server:
|Mode||Database-ID||Type of notification||Name of the changed object in the project||Name (Nickname) of the changing user||Commentary text or user name of the newly registered user (according to type of event)|
|Only local notifications||-||-||-||-||-|
|Push in background||X||-||-||-||-|
|Unspecific notification of changes||X||-||-||-||-|
|Only event type and project name||X||X||-||-||-|
|Complete push notifications||X||X||X||X||X|
The database ID is changed on our server into a list of device identifiers using the list of registered recipients. The following data for the delivery of the message are then sent to the push notification service:
|Mode||Device identifier||Project name||Type of notification||Name of the changed object in the project||Name (nickname) of the changing user||Commentary text or user name of the newly registered user (according to type of event)|
|Only local notifications||-||-||-||-||-||-|
|Push in background||X||-||-||-||-||-|
|Unspecific notification of changes||X||-||-||-||-||-|
|Only event type and project name||X||X||X||-||-||-|
|Complete push notifications||X||X||X||X||X||X|
Apple is responsible for further data processing after the data have been received and provides information itself about data privacy at Apple: https://www.apple.com/legal/privacy/en-ww/
The legal basis for this processing is Article 6 (1) sentence 1 b) and f) GDPR as such processing is necessary for sending push notifications.
4. Are your personal data passed on to third parties?
4.1 General information
Our website - and with it your user account - is hosted by Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States (referred to in the following as "Amazon"). Amazon also adopts stringent technical measures to protect your personal data. Amazon does not pass on your personal data to third parties unless this is necessary in order to perform the agreed services or if Amazon is required to do so by law or to comply with a valid and mandatory instruction issued by a government or regulatory authority. The data provided for this purpose are kept to a minimum.
In some circumstances, Amazon may also store the information in countries outside the European Economic Area. Amazon will, however, take the necessary steps to ensure that an appropriate level of data protection is maintained. If Amazon sends your data to the United States, for example, additional measures are taken, such as concluding EU-compliant data transmission agreements with the data importer if this is necessary. Amazon participates in the EU-US Privacy Shield Framework.
The legal basis for the processing of data is Article 6 (1) sentence 1 f) GDPR. We have a legitimate interest in using Amazon servers. We erase your data as soon as they are no longer needed to achieve their intended purpose and if they are not subject to contractual or legal retention periods.
More information from Amazon about data protection is available at: https://aws.amazon.com/de/compliance/eu-data-protection/
5. What are your rights?
You can ask for information from us at any time, in particular about
- your personal data stored by us,
- the purposes for which we process data and
- the categories of recipients to which personal data has been or will be disclosed.
- Any permission you may have granted regarding the use of your personal data may be revoked at any time in the future.
- You can have the user account which you have set up with us erased at any time. You also have the right to have any incorrect data rectified or to have personal data erased or its processing restricted where statutory requirements are met.
- You also have the right to have your personal data, which you have transmitted to us, transmitted to another controller.
- Right to withdraw consent
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6 (1) sentence 1 f) GDPR (cf. Article 21(1) GDPR). We may then no longer process the personal data relating to you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If the personal data relating to you are processed for the purposes of engaging in direct marketing, you have the right to object at any time to the processing of your personal data for such advertising purposes (cf. Article 21(2) GDPR).
You may inform us about your wishes by contacting us as described in 1. above.
- You also have the right to lodge a complaint with the supervisory authority if you believe that the processing of the personal data relating to you is in breach of the GDPR or other European and German data protection laws.
6. Time at which personal data is erased
We erase your personal data as soon as it is no longer necessary for the purpose for which it was collected. If there are technical or legal reasons why data cannot be erased (such as when special retention duties apply), the processing of such data is restricted.
We will not automatically erase your registration data after a certain period of time has passed. If your data are erased you will not be able to use any of the databases which you have previously created or the app. If we are to erase your registration data (because you no longer use the app), please use the notification option in the "SketShDb" app or send us an e-mail to the address shown in 1. above.
The delivery data for push messages are erased automatically as soon as the notifications are switched off or the project has been erased.
7. Data security
We have implemented current technical measures to protect your personal data, including in particular against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. These security measures will be adopted in line with the current state of the art.
All communication between the "SketShDb" app and our servers, as well as between our servers and the push notification service, is encrypted.
8. Modifications to the data privacy statement
We may alter all or parts of this data privacy statement at any time according to current circumstances. This is especially the case whenever there is a compelling reason, such as a technical reason, for making such changes. We will inform you in advance of any changes made to this data privacy statement. You may delete your account if you do not agree with such changes.