Privacy Policy

Hint: This document has been automatically translated from English. The original version in German is legally binding. You can find the version here.

Privacy Policy

Version 5.19.0 of February 01, 2026

I Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

UniNow GmbH
DorotheenstraĂźe 10
39104 Magdeburg
Germany Tel.: +49 391 5054670
Email: info@uninow.de
Website: www.uninow.de

Contact Data Protection

Email: datenschutz@uninow.de

II General information on data processing

1. Scope of processing of personal data

In principle, we only collect and use personal data of our users insofar as this is necessary to provide a functional mobile application as well as our content and services. The collection and use of personal data of our users takes place regularly only with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for actual reasons and the processing of the data is permitted by legal regulations.

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for processing.

3. Recipients of the data and categories of recipients

Within our company, we ensure that only those persons receive your data who need it to fulfill contractual and legal obligations. In this context, service providers support us in fulfilling these obligations in certain cases. The necessary data protection contracts have been concluded with all these service providers. These are IT service providers, including

Furthermore, your data will only be passed on to third parties (in particular universities) within the framework of legal provisions (e.g. due to mandatory legal regulations to external bodies such as supervisory authorities or law enforcement agencies) or with appropriate consent.

4. Hosting

Servers and databases for the app are hosted in data centers in the EU.

5. Third country transfer / Intention to transfer to third countries

Data transfer to third countries (outside the European Union or the European Economic Area) only takes place if this is necessary for the performance of the contractual relationship, is required by law or you have given us your consent.

Note on Push Service (Firebase Cloud Messaging, Google LLC, USA):
Possible access from the USA is carried out exclusively within the framework of our push service. However, this is only done if you have given your consent. Details on recipients, protective guarantees and your rights can be found in Section VI “Delivery of push notifications”. Otherwise, we currently do not transfer your personal data to service providers outside the European Economic Area.

6. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

7. Storage and encryption of personal data on the user’s device

The app stores the personal data requested by the user locally on the user’s device in order to enable the user to use the app even without an internet connection. All data is encrypted on the user’s device if their device has been provided with a device code. If this is not the case, secure encryption of the data cannot be guaranteed by the controller. The controller therefore recommends that the user use a device code to ensure the security and encryption of the data.

8. Secure transmission of your data

In order to protect the data stored by us as best as possible against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously checked in cooperation with security experts and adapted to new security standards.

Data exchange from and to our application takes place in encrypted form. We offer TLS as the encryption protocol for secure data transmission. In addition, there is the possibility of using alternative communication channels (e.g. by post).

9. Access rights

For the app to work on your device, it is necessary to grant the app various permissions to access certain functions of the device. For all devices, regardless of the operating system they have, it is necessary to grant the app certain permissions, which we call “basic permissions”. Depending on the operating system of the device you use, it may have additional functions for which it is necessary to grant further permissions for the app to work. We list these following the “basic permissions” sorted by operating system (Android or iOS).

The basic permissions (Android and iOS) are:

➢ Receive push notifications: Is required if the push notifications functionality is used.

➢ Retrieve Wi-Fi connections: Is required so that content can be retrieved in the app.

➢ Retrieve network connections: Is required so that content can be retrieved in the app.

➢ Retrieve location: Is required if a functionality with GPS navigation is used.

➢ Take pictures and videos: Is required if a functionality with camera (e.g. scanning QR code) is used.

If you use the app via a device running the Android operating system, the following permissions are also required due to the operating system:

➢ Read USB storage contents: The permission is required so that documents stored on the USB storage of the device can be read.

➢ Change or delete USB storage contents: The permission is required so that documents stored on the USB storage of the device can be changed or deleted or stored for the first time.

If, however, you use the app via a device running the iOS (Apple) operating system, the following permissions are additionally required due to the operating system, in addition to the basic permissions:

➢ Mobile data/access to mobile data: If the user wishes to download documents exclusively via Wi-Fi, they can make a corresponding setting in the app menu and deactivate the use of mobile data. Access to mobile data is necessary in this respect so that the functionality of switching off document downloads via mobile data can be ensured.

➢ Receive critical push notifications: Is required to receive critical push notifications.

10. Automated individual decision-making

We do not use purely automated processing processes to bring about a decision.

III Creation of a UniNow account

1. Description and scope of data processing

As part of the registration, the user can create a UniNow account and is asked to provide some personal information. The controller stores the following user data entered during the registration process:

  1. Email address
  2. Password
  3. First name and last name (optional)
  4. Profile picture (optional)

The legal basis for the processing of personal data is Art. 6 Para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of the data on the servers of the controller is necessary to create an account.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose of their processing or until revocation by the data subject.

5. Possibility of objection and elimination

The user has the option to delete their account and the associated personal data at any time. The revocation or deletion request takes place via the website accounts.uninow.com.

IV Provision of the app and creation of log files

1. Description and scope of data processing

Each time our app is accessed, our system automatically collects data and information from the system of the accessing device. Processing this data serves to ensure system security, the stability of technical operations, error analysis, and the defense against and tracking of security incidents.

The following data is collected:

  1. Date and time of access
  2. Information about the app version used
  3. Operating system and operating system version of the user
  4. Accessed system route or function within the app
  5. IP address of the user

The data is stored in server log files. This log data is not combined with other personal data of the user. There is no transfer of the data processed in this context to recipients in third countries within the meaning of Art. 44 et seq. GDPR.

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 lit. c GDPR.

UniNow is obliged by contractual obligations towards the respective university to ensure the security, integrity, stability and traceability of the technical operation of the app.

The processing of log data is necessary to fulfill this legal obligation, in particular to detect, analyze and document security incidents, to defend against attacks and to ensure proper operation.

3. Purpose of data processing

The temporary storage of the IP address is necessary to enable delivery of the content to the device.

Storage in log files also takes place for: Ensuring IT security, maintaining system stability, error diagnosis and technical optimization, detection and defense against unauthorized access, verifiability in the event of security or abuse incidents.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose of their processing.

In the case of collection for the provision of content, this is the case when the respective session has ended.

In the case of storage in log files, deletion takes place after 30 days at the latest, unless security-relevant events require longer storage in individual cases.

5. Possibility of objection and elimination

The collection of data for the provision of the app and storage in log files is strictly necessary to fulfill contractual obligations towards the respective university and to ensure IT security. Consequently, there is no possibility for the user to object.

V Use of the support chat

1. Description and scope of data processing

In the app, there is the possibility to contact the controller via an integrated chat function.

The use of the support chat serves to process technical or content-related inquiries in connection with the use of the app. The content entered by the user and technical metadata (e.g. time of the request and user ID) are processed.

The chat history is used exclusively for processing the respective service request and ensuring proper contract fulfillment. The controller has no influence on which personal data the user communicates in the context of chat communication.

The legal basis for the processing of personal data transmitted in the support chat is Art. 6 Para. 1 lit. c GDPR.

UniNow is obliged by contractual obligations towards the respective university to provide technical support. The processing of data transmitted within the scope of the support chat is necessary to fulfill this legal obligation.

3. Purpose of data processing

The data is processed for the purpose of processing support requests, technical troubleshooting, user support and ensuring the contractually owed services to the respective university.

4. Duration of storage

The data processed in the context of the support chat will be deleted as soon as they are no longer required to achieve the purpose of their processing.

Deletion takes place at the latest after one year of inactivity, unless there are statutory retention obligations or legitimate interests in longer storage.

5. Possibility of objection and elimination

The processing of personal data transmitted in the support chat is necessary to fulfill contractual obligations towards the respective university.

Consequently, there is no possibility for the user to object.

VI Optimization of the app

1. Description and scope of data processing

In order to continuously improve the app technically, fix errors and ensure stability and performance, we carry out error and performance monitoring as well as product and usage analyses. For this purpose, we process technical usage and event data (e.g. accessed functions, app version, device type, operating system version, timestamp and shortened or anonymized IP address). To evaluate this log and event data, we use the solutions RudderStack (product and usage analysis) and Sentry (error and performance monitoring), which are operated exclusively on servers in the European Economic Area (see Section III Item 5 „Hosting“). There is no transfer of the data processed in this context to recipients in third countries within the meaning of Art. 44 et seq. GDPR.

The legal basis for the processing of analysis data is Art. 6 Para. 1 lit. f GDPR.

Our legitimate interest lies in ensuring the technical functionality, stability, security and continuous improvement of the app as well as error analysis and performance optimization.

3. Purpose of data processing

The processing of data serves exclusively for technical optimization, further development and ensuring stable operation of the app.

4. Duration of storage

The data is deleted or anonymized as soon as it is no longer required to achieve the purpose of its processing.

Insofar as further storage for statistical purposes takes place, the data is anonymized beforehand so that a personal reference can no longer be established.

5. Possibility of objection and elimination

According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data based on Art. 6 Para. 1 lit. f GDPR for reasons arising from your particular situation.

In the event of an objection, we will no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection is made within the app by notification in the support chat or by email to support@uninow.de

VII Retrieval and processing of personal data from the university network

1. Description and scope of data processing

The user’s authentication data required for logging into the university network are processed or stored on the controller’s servers at no time. The user’s authentication data for retrieving data from the university network is sent exclusively directly from the user’s device to the university network. In individual cases, the following user data may be concerned if stored in the university network:

  1. Name of the university
  2. Surname, first name
  3. Matriculation number
  4. Subjects of study
  5. Lectures
  6. Exams and grades

The controller has no influence on which further data is stored by the university in the university network and could therefore be retrieved by the app.

The legal basis for the processing of university information is Art. 6 Para. 1 lit. a GDPR. You can find the underlying declaration of consent here.

3. Purpose of data processing

The processing of the data on the servers of the controller is necessary to provide the information for the app.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. The personal data of the user retrieved from the university network will be deleted immediately from the controller’s server after processing.

5. Possibility of objection and elimination

The user has the option to revoke their consent to the processing of personal data at any time. The revocation of the declaration of consent takes place by clicking on Disconnect account in the app settings.

VIII Delivery of push notifications

1. Description and scope of data processing

We use the Firebase Cloud Messaging service from Google LLC (hereinafter “Google”) to deliver push notifications. For this purpose, a notification token is generated by the operating system (iOS or Android) and stored in the service. Further information can be found at: Firebase Cloud Messaging.

The legal basis for the use of the Firebase Cloud Messaging service is Art. 6 Para. 1 lit. a GDPR and §25 Para. 1 TDDDG.

3. Purpose of data processing

On behalf of the app operator, Google will use this information to deliver push notifications to the device.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose of their processing.

5. Possibility of objection and elimination

You can stop receiving push notifications at any time. This option is usually found in the settings of the device.

6. Third country transfer

When using the push service, access to your data by Google LLC, USA may occur. For the United States, there has been an adequacy decision by the EU Commission („EU-US Data Privacy Framework“) in accordance with Art. 45 GDPR since July 10, 2023; Google LLC is certified under this framework. In addition, we have concluded the EU Standard Contractual Clauses (SCC) with Google. This ensures an appropriate level of data protection.

IX Surveys

1. Description and scope of data processing

Within our news feed you have the possibility to participate in surveys, whereby participation is of course voluntary in each case. The survey results are anonymous and freely viewable for all users of the app who have also participated in the survey.

If you participate in the survey, your user ID will also be processed by us in this context so that the results can be published per federal state and/or subject area. A conclusion on your person is excluded in any case with the published evaluation.

The legal basis for collecting the data is your consent according to Art. 6 Para. 1 lit. a GDPR.

3. Purpose of data processing

The purpose of data processing is the evaluation and publication of the described surveys.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose of their processing.

5. Possibility of objection and elimination

The user has the option to revoke their consent to the processing of personal data (here user ID) at any time. The revocation of the declaration of consent takes place within the app via the support chat or by email to support@uninow.de

X Career recommendations and advertisements

1. Description and scope of data processing

In the app, the user is shown career recommendations in the form of job or company offers and advertisements. These displays are based on the data collected from the user. The data collected involves:

  1. Selected university
  2. Course of study and subject area
  3. Semester

The legal basis for the display of career recommendations and advertising is the user agreement concluded between the provider and the user in accordance with Art. 6 Para. 1 lit. b GDPR and §25 Para. 2 TDDDG, in which the display of career recommendations and advertising and consequently the use of the data for this purpose is agreed in return for the free opportunity to use the app.

3. Purpose of data processing

The data is used to be able to show the user suitable career recommendations and advertising.

4. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose of their processing.

5. Possibility of objection and elimination

You can object to the use of data at any time, individually in each case, by deactivating the switch “Personalized advertisements” or “Personalized career recommendations” in Settings -> Data protection. Use of the app is still possible.

XI Contact by companies

1. Description and scope of data processing

The user has the option in the app, if interested in a job offer or in being contacted by the company, to transmit their contact details to the responsible company. The company can then contact the user. The data collected involves:

as well as optional:

The legal basis for contact by companies is Art. 6 Para. 1 lit. a GDPR. You can find the underlying declaration of consent here.

3. Purpose of data processing

The use of the data is necessary to give companies the opportunity to contact the user.

4. Duration of storage

For the duration of storage in connection with the contact by the responsible company selected by the user, the respective company is independently responsible, so that the provider is not responsible for this.

5. Possibility of objection and elimination

The user has the option to revoke their consent to the processing of personal data at any time. The revocation of the declaration of consent takes place within the app in the career portal or via the support chat of the app. In the case of a job advertisement, revocation is additionally possible within the app in the settings under Data Protection -> Application Profile -> Delete Data. In the case of a contact approach by the company, revocation is possible by deactivating or deleting the contact request of the respective company.

XII Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights towards the controller:

To exercise these rights, please contact: datenschutz@uninow.de. The same applies if you have questions about data processing in our company or would like to revoke consent given. You also have the right to lodge a complaint with a data protection supervisory authority.

Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The controller no longer processes the personal data concerning you, unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services — notwithstanding Directive 2002/58/EC — to exercise your right of objection by means of automated procedures using technical specifications.