Status 13/03/2025 - At CIB, we see it as our responsibility to protect your data and privacy. As a German company based in Munich, we have always been subject to one of the strictest data protection laws in the world.
We utilise the highest security standards for processing and storing data. CIB collects and uses your personal data exclusively in accordance with the statutory provisions, in particular the General Data Protection Regulation (‘GDPR’) and the German Federal Data Protection Act (‘BDSG’). With this privacy policy, we would like to inform you about the type, scope and purpose of the collection, use and processing of your personal data by CIB when you use the CIB flow web application or the CIB flow app.
1. Information on the processing of personal data
(1) In the following, we inform you about the processing of personal data when using the CIB doXicloud App. Personal data means all data that can identify you personally, for example name, address, e-mail addresses, user behaviour.
(2) The controller according to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
CIB software GmbH
Elektrastraße 6a
81925 Munich
Germany
Telephone: +49 89 143 60 – 0
Email: info@cib.de
We have appointed a data protection officer for our company. You can contact our data protection officer, Mr Christian Hammerbacher, by post [SPH IT+Consulting GmbH & Co. KG, Bartholomäusstr. 26 (Haus D), 90489 Nuremberg] or by e-mail (datenschutz@sph-consulting.de).
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after storage is no longer necessary (e.g. after processing your enquiry has been completed) or restrict processing if there are legal obligations to retain data.
(4) If we use commissioned service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
2. You have the following rights regarding personal data concerning you:
(1) You have the following rights in relation to personal data concerning you:
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
3. Processing of personal data when using the CIB flow web application
(1) When you use the CIB flow web application with login, we process your personal data in accordance with an agreement with a third party (usually your employer or client). If you have any questions about the processing of your personal data, please first contact the organisation from which you received your access data, which is responsible for the processing of your data.
(2) If you use the CIB flow signature solution without logging in, we process the personal data described below, which is technically necessary for us to offer you the functions of our signature solution.
If you receive the invitation to sign from a CIB Group company, CIB software GmbH is responsible for the processing. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
We will retain the data you entered when you signed the form until you ask us to erase it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. termination of the contractual relationship). Mandatory statutory provisions - in particular retention periods - remain unaffected.
If you have received the invitation to sign from a third party, we generally use, process and store the personal data as a processor. In these cases, our customer is the controller and is responsible for most aspects of the processing of the personal data, such as the duration of the retention period.
The data is processed and stored in the EU and is not transferred to third countries. The data transfer between client and server is encrypted.
4. Processing of personal data when using CIB flow app
(1) When downloading the mobile app, the required information is transferred to the App store. We have no influence on this data processing and are not responsible for it. We only process the data to the extent necessary for downloading CIB flow app to your mobile device. For more information, please visit www.policies.google.com/privacy
(2) When you use the CIB flow app, we process the personal data described below to enable you to use the functions conveniently. If you wish to use the CIB flow app, we process the following data, which is technically necessary for us to offer you the functions of our mobile app. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR:
We will treat your data confidentially and delete it if you revoke your right to use it or if it is no longer required to provide the services and there are no legal obligations to retain it.
(3) Crash reports by Firebase Crashlytics
a. To ensure the stability and security of CIB flow, we require crash reports. We use "Firebase Crashlytics" to generate anonymised crash reports. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
b. If a crash occurs, information (e.g. the timestamp of the crash; the name and version number of the operating system of the device; the model name of the device, the CPU architecture, the amount of RAM and storage space) will be transmitted to Google’s servers in the USA. This information may also include the following personal data
The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. The crash reports are only sent with your consent.
The crash reports are only sent with your consent. You can consent to the sending of the crash report in the app setting.
Revocation of consent: You can revoke your consent by deactivating the ‘Crash reports’ item in the CIB flow app under Settings.
c. Google stores the collected data for 90 days.
(4) Usage analysis by Google Analytics for Firebase
a. To improve the CIB flow App for you, we use Google Analytics for Firebase. In this process, data is transmitted anonymously to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for analysis purposes. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
b. Google evaluates information on how you use the App (e.g., number of visits and sessions, session duration, operating systems, device models) on our behalf so that we can improve the App. Your IP address is only stored in anonymised form. Firebase Analytics also uses identifiers (advertising IDs). These IDs are assigned to the user and allow us to link various events. Further information on data collection by Google Analytics for Firebase can be found at https://support.google.com/firebase/answer/6318039?hl=de&ref_topic=6317497
The data collected will not be merged with your other customer information but will be included in anonymous statistics. We only use Google Analytics with your consent. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. a DSGVO.
You can revoke your consent at any time in the app under settings or restrict the use of advertising IDs in your end device.
For Android devices: Open the settings on your smartphone and select Google. Under the subitem Ads, you can reset or delete the advertising ID.
For an iOS device: You can deactivate ad tracking under Settings and then under the item Privacy, in the menu Advertising.
c. The data transmitted and linked to Google Analytics will be automatically deleted after two months. The deletion of data whose retention period has been reached takes place automatically once a month. Google Analytics for Firebase stores certain data associated with advertising IDs for 60 days.
(5) We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google tools.
Further information on Google’s data protection can be found in Firebase’s data protection information at https://firebase.google.com/support/privacy
5. Support
(1) If you send us support enquiries by email or e-mail, your details, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass this data on to third parties outside the CIB Group without your consent.
(2) The processing of the data provided in the support enquiry is based on our legitimate interest in processing your request (Art. 6 para. 1 lit. f GDPR).
(3) The data you provide will remain with us until you ask us to delete it or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). This usually takes place after 1 year from the last contact. Mandatory statutory provisions - in particular retention periods - remain unaffected.
6. Concluding
(4) Our business operations require that data is collected and processed. Where data collection and processing take place, data protection and data security must be guaranteed. This is not only a legal requirement for us, but a real concern.
(5) If you have any questions about data protection in connection with the CIB flow, please do not hesitate to contact us by using the above contact details.