Privacy statement for using the Murmuras-App

Für die deutsche Version bitte hier klicken.

Below you will find the privacy policy and terms of use for Murmuras app. Additional study-specific agreements can be made between researcher, Murmuras or participants. Participants will be informed about study-specific deviating agreements prior to study participation.

1. Information regarding the collection of personal data

(1) In addition to our online offer, we provide you with a mobile app ("Murmuras app") that you can download on your mobile device. Hereinafter we inform you about the collection of personal data when using our Murmuras app. Personal data is all the data that can be personally related to you, i.e. name, address, e-mail addresses, user behavior.

(2) Responsible according to art. 4 paragraph 7 EU-General Data Protection Regulation (DSGVO/GDPR) is

Murmuras GmbH
Represented by managers Ionut Andone, Qais Kasem, Alexander Markowetz
Meckenheimer Allee 73
53115 Bonn, Germany
info@murmuras.com

as well as

Researcher (Forscher) of the respective study

Contact data: see app for "contact"

Our data protection officers can be reached at:

JURANDO GmbH
Contact person: Dr. Dennis Werner
Rathausplatz 21
58507 Lüdenscheid, Germany
Tel: 0049 2351-66854-37
Fax: 02351-66854-44
E-Mail: datenschutzbeauftragter@jurando.de

Or by post under our post address by mentioning "data protection officers".

2. Processing of personal data when using our Murmuras-App

The Murmuras-App allows you to participate in scientific studies and makes your behavioral data available to the corresponding researcher and/or Murmuras. Personal data is used exclusively for study purposes. Especially the use for personalized advertising, personal credit scoring or other automated decisions about individual participants is excluded.

(1) Usage levels

The collected data is used on two levels:

(a) As part of the study, the researcher has access to all collected questionnaires and user behavior data. You will be informed separately about the purpose of the evaluation and the questionnaires used by the researcher within the study.

(b) Moreover, Murmuras processes your data for its own statistics and publications. We will examine your data especially when requesting studies from other researchers, if your participation within the study is considered. In this case, you may receive a request to participate. To that end we use your registered email address.

Murmuras manages the data internally as far as possible pseudonymized. Despite this precaution, it is treated at all times as if it were directly personal.

(2) Analysis period

Murmuras collects via mobile telephone in a first phase („Analysis period")personal data regarding questionnaires and user behavior data. Part of the collected questionnaires are collected for all users alike by Murmuras. In addition, a researcher can submit his own questionnaires before, during and at the end of the study.

The Murmuras-App collects the following kinds of data:

  • 1. It regularly records the location of the participant. This results for example, in deriving later the daily action radius of the participant. It evaluates, for example, how much time the participant spends at home or if they are often away from home.
  • 2. It records the mobile network and smartphone behavior of the participant. In particular, it records from when to when they use the phone (phone session) and from when to when they use which app (app session). From this, it can later be deduced, for example, how long the participant was online in total and which apps they used particularly frequently.
  • 3. It collects questionnaires as part of the study. At the beginning, during and at the end of the study, the supplier addresses common factors amongst all participants (onboarding questions). These include, for example, demographic information such as age, gender and marital status or personality traits such as introversion and openness.
  • 4. In addition, the researcher may submit their own study-specific questionnaires before, during and at the end of the study.
  • 5. It collects seen content and activities (e.g. clicks) in apps. The app is designed to measure advertising media and consumption data. In particular, it records sponsored content and publicly shared content in social media apps, as well as interactions and viewed content in shopping, mobile, and media apps. This can later be used to infer, for example, which ads the participants were exposed to, how often they see certain product categories, and which of these they click on, mark as "liked," or share. However, personal content from emails, text messages or chat messengers is not recorded. Also, no names, user names or telephone numbers are collected from the address book. If this data is transmitted within other apps or personal account information is collected due to the technical functionality of our methods, no further processing of this data takes place and it is deleted shortly after its collection is recognized.
  • 6. As part of the collection of consumption data, receipts are scanned and the data they contain is processed. Depending on the functionality of the shopping app, this may involve a screen scan of the digital receipt, a PDF upload of the digital receipt or a photo upload of the paper receipt.

During the analysis period, there is a shared responsibility between Murmuras GmbH and the respective researcher.

(3) Survey period

Should you grant your agreement, the Murmuras app collects the aforementioned data in points 1 to 3 in a second phase ("survey period"), after completing the study. This survey is for statistical purposes and for the potential invitation to further studies.

In the survey period, Murmuras is solely responsible.

The legal basis for the processing of your personal data is art. 6 (1) (a) GDPR (Consent).

See our Terms of Use for more details.

(4) App-Store

When you download the Murmuras app, the required information is transferred to the App Store, in particular your account username, email address and client number of your account, time of download, payment information and unique device code. We have no influence on this data collection and are not responsible for it. We only process the data as far as it is necessary for the downloading of the mobile app to your mobile end device.

The supplier of the App Store (here Google Play Store) can be reached at the following contact details: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US Framework.

You can also download the Murmuras app for free via our website directly to your mobile end device. Upon download, we will process further data via the website and inform you about that in the privacy policy of our website.

(5) App-Store:

We use the following Google Firebase products for the Murmuras app: Crashlytics and Firebase Cloud Messaging. Within the range of products, different data categories are sometimes processed for different purposes:

  • Firebase Crashlytics: With Crashlytics data while operating the app, including the type of operating system used, information on malfunctions during operation (type of malfunction, time of the malfunction, duration of the malfunction, use of the app at the time of the malfunction) and device information are being processed. Based on this data, we can get an overview of various malfunctions or issues occurring while operating the app and analyze them based on their relevance for use in order to ensure efficient troubleshooting and ensure the stability of the app. The data processing is based on art. 6 (1) sentence 1 letter f GDPR. We have a legitimate interest to identify and fix stability problems that affect the quality of the app. This also increases the user-friendliness of the app for our customers.
  • Firebase Cloud Messaging: Firebase Cloud Messaging enables us to inform users with targeted and contextual messages about our offer and to encourage them to use the app. Information on the subject, type of message and time of sending the message as well as data regarding whether and when a message was received and read is also processed. Some of this data is also used in the analysis. Cloud messaging is only used if you have given your consent (art. 6 (1) sentence 1 letter a GDPR).

You can contact the provider of Google Firebase products under the following contact details: Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) - use of Google Firebase.

3. Joint Controllership

Murmuras GmbH and the respective researcher have finalized a contract on joint responsibility in accordance with art. 26 GDPR. This includes regulations on the subject, purpose, means and scope of data processing, on the phases of data processing / competence and responsibilities, on information regarding the data subjects, on the fulfillment of the other rights of the data subjects, on the security of the processing, on the engagement of processors, on the procedure for data protection violations, other common and mutual obligations and cooperation with supervisory authorities as well as liability.

4. Rights of subjects

Upon request and in accordance with legal requirements, we will provide you free of charge with information regarding the status of the personal data collected about you as well as that of the further processing of these data. For example, we may correct, block or delete your personal information partially or entirely in accordance with the legal requirements:

(1) Right of access by the data subject (article 15 GDPR)

The right to information gives you access to the data or data categories that concern you and some other important criteria, such as the processing purposes or the duration of the storage. Please note that under certain circumstances your right to information may be restricted in accordance with the legal provisions (e.g. art. 34 Federal Data Protection Act).

(2) Right to corrections (art. 16 GDPR)

Should the data concerning you be incorrect - or no longer correct -, you may request a correction under the provisions of art. 16 GDPR. If your data is incomplete, you may request a completion.

(3) Right to erasure (art. 17 GDPR)

You may request the deletion of your personal data under the conditions of art. 17 GDPR. Your claim for deletion may be restricted for example by the fact that we still need the data to fulfill statutory retention requirements. If we have made your personal data public, you may also be entitled to a "right to be forgotten". You may require proportionate action in order for us to inform the persons responsible regarding your request for erasure. Please note that under certain circumstances your right to erasure may be restricted in accordance with the statutory provisions (e.g. art. 35 Federal Data Protection Act). Notwithstanding your right to erasure, your data will be erased as soon as it is no longer required for the purposes on which it was collected or after 10 years.

(4) Right to restriction of processing (art. 18 GDPR)

Under the provisions of art. 18 GDPR, you may request the restriction of processing. We shall mark your stored personal data with the purpose of limiting its future processing. On the basis of this right you may, for example, exercise other rights in the review phase.

(5) Right to information (art. 19 GDPR)

In case of rights exercising, we shall inform all recipients of the correction, deletion or limitation of data processing under the provisions of art. 19 GDPR. Upon request, we will inform you regarding those recipients.

(6) Right to data portability (art. 20 GDPR)

Under the provisions of art. 20 GDPR, you are entitled to receive from us the respective personal data in a common, machine-readable format. In addition, you can request a direct forwarding to another responsible person, provided that this is technically feasible.

(7) Right to object (art. 21 GDPR)

In an extraordinary situation, you are entitled to object to the further processing of your personal data in accordance with art. 6 paragraph 1, point e) or f) GDPR. We will cease the data processing provided that a statutory exception does not apply. Should that be the case, we may continue the data processing, if e.g. there are compelling protection-worthy reasons that outweigh your interests, rights and freedoms, or in order to assert, exercise or defend legal claims.

(8) Right of complaint

You may also address a complaint to the statutory authority. The statutory authority for us is:

The Federal Commission for Data Protection and Freedom of Information Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Tel.: +49 211 38424-0
Fax: +49 211 38424-10
E-Mail: poststelle@ldi.nrw.de

Terms of use of the Murmuras-App for participants

1. General

Murmuras GmbH, based in Bonn, Germany ("provider"), offers the Murmuras app for analyzing mobile communications behavior for the user of the app ("participant") and the operator of studies ("researcher"). The data is processed on German servers and is subject to European law (GDPR). Uncommunicated use or even the transfer of data to third parties is excluded. Likewise, the data is used exclusively for studies and will not be used against the user (e.g. through target advertising).

2. Range of functions

Murmuras allows researchers to research smartphone behavior through studies. To this end, the participants in a study install the Murmuras app on their mobile phone.

The Murmuras app collects the following types of data:

  • 1. It regularly records the location of the participant. This can help, for example, to derive later the daily radius of action of the participant. For example, how long the participant spends at home or whether they are often away from home is evaluated.
  • 2. It collects the subscriber's mobile communications or smartphone behavior. In particular, it records from when to when they use the phone (phone session) and from when to when they use which app (app session). From this it can later be derived, for example, how long the participant was online in total and which apps they used particularly often. It also records the number of different contacts and phone numbers in the address book. The size of a participant's social network, for example, can be later deduced based on this.
  • 3. It collects questionnaires as part of the study. At the beginning, during and at the end of the study, the supplier addresses common factors amongst all participants (onboarding questions). These include, for example, demographic information such as age, gender and marital status or personality traits such as introversion and openness.
  • 4. In addition, the researcher may submit their own study-specific questionnaires before, during and at the end of the study.
  • 5. 5. It collects seen content and activities (e.g. clicks) in apps. The app is designed to measure advertising media and consumption data. In particular, it records sponsored content and publicly shared content in social media apps, as well as interactions and viewed content in shopping, mobile, and media apps. This can later be used to infer, for example, which ads the participants were exposed to, how often they see certain product categories, and which of these they click on, mark as "liked," or share. However, personal content from emails, text messages or chat messengers is not recorded. Also, no names, user names or telephone numbers are collected from the address book. If this data is transmitted within other apps or personal account information is collected due to the technical functionality of our methods, no further processing of this data takes place and it is deleted shortly after its collection is recognized.
  • 6. As part of the collection of consumption data, receipts are scanned and the data they contain is processed. Depending on the functionality of the shopping app, this may involve a screen scan of the digital receipt, a PDF upload of the digital receipt or a photo upload of the paper receipt.

For the purpose of the study, the researcher has access to the entire range of the data collected. With the exception of the study-specific questionnaires as defined by the researcher, the provider also processes the data for their own statistics and publications. In case of inquiries from other researchers, the provider also checks this data to determine whether the participant can also be a subject for these further studies. In this case, the participant may receive a separate invitation to participate in this study.

The participant can gain insight into an analysis of his phone-related behavior (digital lifestyle). Thus, the participant remains the master of his own data.

The app is free to use. The participant is responsible for his hardware (phone), software (e.g. operation system) and the data transfer (e.g. mobile data) and bears the corresponding costs.

3. Registration and access data

The Murmuras app can be used by participants at the invitation of the researcher using a participant code (e.g. QR code). Participants register by using an email address. The participant makes sure that no conclusion about the natural person can be drawn from the email address. For this purpose, a generic email address shall be used by the participant.

4. Rights of use

The provider grants the participant the non-exclusive, revocable, non-sublicensable and non-transferable right to use the Murmuras platform including all digital content contained therein in accordance with these terms of use for private purposes free of charge.

The granting of the above-mentioned rights of use is subject to the condition of compliance with these terms of use. If the user violates these terms of use, the rights to use the Murmuras platform including its content are terminated.

In the event of a reasonable assumption that the researcher violates these terms of use or causes damage to the Murmuras platform through their use (e.g. through malware), the provider may, at their own discretion and without prior notice, block the access of a researcher to the Murmuras platform including all its functions and block content, in whole or in part.

5. Warranty

The provider assumes no commitment of complete availability of the Murmuras platform. Warranty rights are excluded for the app that can be used free of charge, unless the provider has caused defects intentionally or through gross negligence.

The provider is not responsible for third-party content, especially for the design of a researcher's study.

6. Liability

The provider is always liable for intent, gross negligence, for injury to life, limb or health, according to the Product Liability Law and for guarantees expressly granted by the provider.

The liability of the provider is otherwise excluded insofar as this is legally permissible. Statutory mandatory rights of the researcher remain unaffected. For damages caused by minor negligence on the part of the provider, the provider is only responsible should a breach of an essential contractual obligation occur. The amount of this compensation is limited to the foreseeable damage. Significant contractual obligations in this sense are those obligations whose fulfillment the researchers can trust and do so on a regular basis and whose fulfillment is essential for the achievement of the purpose of the contract.

7. Data protection

The provider takes the protection of personal data seriously and observes the legal requirements of the GDPR and other data protection regulations. There is a focus on the principles of "privacy by design" and "privacy by default". Details can be found in the data protection declarations of participants.

8. Additional provisions

Should individual provisions of these terms of use be or become invalid in whole or in part or not enforceable, the effectiveness of the remaining provisions remains unaffected. The ineffective provision is considered to be replaced by an effective provision that comes closest to the purpose of the ineffective provision. The same applies to any loopholes in the regulations.

The law of the Federal Republic of Germany applies.