Data Protection Notice


General Data Protection Notice

The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organizational measures to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it. To protect your personal data, it is transmitted in encrypted form. To ensure the permanent protection of your data, the technical security measures are regularly reviewed and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and according to our instructions.

Information in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).

With the following general information, we would like to inform you as a data subject,
– on what basis we process your personal data,
– how we handle your personal data,
– what rights you have against us under data protection law and
– whom you can contact to assert your rights or if you have questions about data protection.
Personal data within the meaning of Article 4 (1) GDPR are, for example, information about you, but also about facts that are related to your person. Depending on the processing situation, we collect personal data from you (e.g. in the case of a visit to our website) or also from publicly accessible sources (e.g. the Internet).
You will find general information on data processing by us below. Detailed information on various case constellations can be found under „Data protection statements on individual processing situations“. If your concerns are not adequately reflected here or if there are any questions or uncertainties, please contact our data protection officer.

Contact details of the controller
The controller for the processing of personal data is:

APPsolute Mobility GmbH
Allersberger Str. 185, Building L4
90461 Nuremberg
Managing Directors: Victoria von Wachtel, Alexandra Kulfanová
E-mail: info@appsolute-mobility.com
Phone: +49 911 893139-0

Contact details of the data protection officer
Questions on the subject of data protection can be directed to our data protection officer:
Bernhard Höllerer
Management & Personnel Consulting
E-mail: datenschutz@appsolute-mobility.com

Purposes and legal basis of processing
As a matter of principle, we only process your personal data insofar as this is necessary to provide a functional website and our content and services, or if you have given your consent. In doing so, we collect, process and use your personal data for the following purposes: establishment and implementation of contractual relationships, sending a newsletter, marketing measures, customer satisfaction surveys and analyses, product evaluations, customer service and customer support and for order processing of our online range of goods.

Fulfillment of a contractual obligation
When processing personal data that is required for the fulfillment of a contract, Article 6 (1) (b) GDPR also serves as the legal basis in individual cases.

Consent
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR is the legal basis for the processing of your personal data.

Existence of a legal obligation
When processing personal data where we are subject to a legal obligation (such as to comply with tax obligations), Art. 6(1)(c) GDPR is the legal basis for processing your personal data.

Legitimate interest
When processing personal data that is applied on the basis of our legitimate interests (e.g., when using service providers as part of processing your orders, such as shipping service providers, or when conducting statistical surveys and analyses, as well as logging registration procedures), Art. 6 (1) (f) GDPR is the legal basis for processing your personal data. Our interest is directed towards the use of a user-friendly, appealing and secure presentation as well as optimization of our web offer, which both serves our business interests and meets your expectations.

Existence of special categories
Special categories of personal data (such as health data) are processed by us on the basis of Art. 9 Ab. 2 GDPR and the respective legal basis, insofar as this is necessary in exceptional cases within the scope of our activities.

Existence of other purposes
If the processing of personal data takes place for a purpose other than the one for which it was collected, the legal basis results from Article 6 (4) GDPR.

Recipients of personal data
We only disclose your personal data to our employees and third parties on the basis of legal requirements or if we have your express consent.
Within our company, only those persons who need to access your personal data in order to perform their tasks are granted access to it.
In addition, we sometimes work together with order processors. These can be natural or legal persons, authorities, institutions or other bodies that process personal data on our behalf. The contractor is bound by instructions, which means that he may only process the data in a way that we have explicitly instructed him to do.

Data Transfer to Third Party Providers/To Third Party Countries.
Our business activities are supported by a network of computers, cloud-based servers and other infrastructure and information technologies. Furthermore, we use various service providers („Third-Party Providers“) or their products to optimize our offerings and services; this also applies when our services link to other platforms such as social media. The aforementioned parties may be located in countries outside the European Union, the European Economic Area and Switzerland, if applicable. In these cases, we share personal data with the aforementioned parties in order to provide the requested service.
Data transfers to countries that do not have an adequate level of data protection that complies with the requirements of the GDPR („third countries“) may therefore arise in the context of the administration, development and operation of IT systems, marketing and customer communications and securing our offers.

Such data transfers only take place insofar as the transfer is permissible in principle and special requirements for a transfer to a third country exist. In particular, we ensure that the party processing the data there guarantees an adequate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries. Other data transfers may be based on other contractual protections.
We conclude contracts with our partners and service providers to ensure an adequate level of data protection, depending on the respective circumstances. These may be data processing agreements (DPAs) where there is commissioned processing, contracts based on the EU standard contractual clauses (SCCs) where there is shared responsibility, or binding corporate rules (BCRs).

Storage period
Personal data collected by us may be recorded both in paper form and electronically. According to Art. 17 GDPR, personal data must be deleted as soon as they are no longer required for the above-mentioned purposes and the deletion does not conflict with any legal retention requirements. We thus process and store your personal data only for the period of time required to fulfill the purpose of storage or if this has been provided for in laws or regulations. After discontinuation or fulfillment of the purpose, your personal data will be deleted or blocked. In the case of blocking, deletion will take place as soon as legal, statutory or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause disproportionate effort due to the special nature of the storage.

Collection of log files
If you visit our website for informational purposes only, without providing personal data via registration or otherwise, only the Internet connection data that your browser transmits to our server will be processed. With each call, our website collects a number of general data and information, which are temporarily stored in log files of a server. A log file is created in the course of an automatic log of the processing computer system.
The following data can be collected: Access to the website (date, time and frequency), how you got to the website (previous page, hyperlink, etc.), amount of data sent, which browser and browser version you are using, which operating system you are using, which internet service provider you are using, your IP address, which your internet access provider assigns to your computer when connecting to the internet.

The legal basis for this data processing is Art. 6 (1) letter b GDPR, as the collection and storage of this data is necessary for the operation of the website, to ensure the functionality of the website and to deliver the content of our website correctly. In addition, the data serves us to optimize our website and to ensure the security of our IT systems; in this respect, the processing is based on Art. 6 (1) letter f GDPR.

Data subject rights
You have the following rights vis-à-vis us, which you can assert with regard to personal data concerning you:

Right to information, Art. 15 GDPR.
You have the right to information about whether we process personal data about you. In addition, the right of access provides you with information about the data concerning you and some other important criteria, such as the purposes of processing or the duration of storage. It makes it much easier for us to provide you with information if you tell us in what context we receive your data.

Right to rectification, Art. 16 GDPR.
You have the right to rectification if you wish to have inaccurate personal data corrected.

Right to erasure, Art. 17 GDPR
Under the conditions of Art. 17 GDPR, you can request that we delete your personal data. However, this is only possible if the personal data concerning you is no longer necessary, is being processed unlawfully, or consent in this regard has been revoked.

Right to restriction of processing, Art. 18 GDPR.
The right to restriction of processing gives you the opportunity to prevent further processing of the personal data concerning you for the time being. The GDPR restricts this right when it concerns the exercise of legal claims, public interests worthy of protection or interests of another person.

Right of objection, Art. 21 GDPR
According to Art. 21 GDPR, you have the possibility to object to the processing of personal data concerning you. This means that in a specific situation, you may object to the further processing of your personal data insofar as it is carried out on the basis of the performance of public tasks.

Right to data portability, Art. 20 GDPR.
The right to data portability means the possibility for you to receive your personal data from us in a common, machine-readable format in order to transfer it to another controller, if necessary. However, according to Article 20 (3) sentence 2 GDPR, this right does not apply to data processing that is in the public interest or in the exercise of official authority.

Right to withdraw consent, Art. 7 (3) GDPR.
Insofar as the processing of personal data is based on consent, you may revoke this consent at any time for the relevant purpose. The lawfulness of the processing based on the consent given remains unaffected until receipt of the revocation.

Right of complaint, Art. 77 GDPR
You also have a right of appeal to the supervisory authority under data protection law.
You can also contact our data protection officer mentioned above with questions and complaints.

Links to Internet sites of other companies
Our website contains links to Internet sites of other companies. We are not responsible for the data protection precautions on external websites that you can reach via these links. Please inform yourself about the data protection of these external websites.

Subject to change
We reserve the right to change the data protection information in order to adapt it to changed legal situations or in the event of changes to the service or data processing. In the course of the further development of our Internet offer and the technologies used, changes to this data protection information may also become necessary. We therefore recommend that you visit this page regularly if you wish to keep up to date. If your consent is required or parts of the data protection information contain regulations of the contractual relationship with you, the changes will only be made with your consent.

You will find the current status of this data protection notice at the end of this document.

Data Protection Notices for special processing situations

In addition to the general data protection information, you will find further information on specific processing situations below.

Cookies and local storage
Our website uses cookies to ensure functionality, for statistical evaluations of usage and for range measurement. These evaluations help us to improve the online offers for you. We also use service providers for this purpose.

Cookies
Cookies are small text files that are collected by your browser and temporarily stored on your computer. They do not reveal any personal data and can neither access the data on your hard drive nor cause any damage there.

Management of cookies
When you visit our website, you must declare which cookies we may use. We do this by means of a so-called Consent Management System – commonly referred to as a „cookie banner“.
A distinction is made between so-called „essential cookies“ / necessary cookies, which are required for the correct functioning of the website and the functions offered on it (such as registration form for test access), and those that we use to improve our website and the functions offered on it; this also includes cookies that we use to measure the success of our website and the other websites connected to it. You may object to the use of the latter cookies; if you do so, no such cookies will be set.
We use cookies in the legitimate interest of being able to provide you with an attractive fully functional offer (Art. 6 para 1 lit. f GDPR).
In addition, you can manage cookies in your web browser and delete them completely. We would like to point out that this may result in functional restrictions on our website.

Local Storage
In order to enable you to adapt our Internet offer to your personal needs and usage, we use not only cookies but also the so-called local storage technology (also called „local data“ and „local memory“). In this process, data is stored locally in the cache of your browser, which continues to exist and can be read even after the browser window is closed or the program is terminated – unless the cache is deleted.
Local Storage makes it possible for your preferences when using our Internet offer to be stored on your computer and used by you.
Third parties cannot access the data stored in Local Storage. They are not passed on to third parties and are not used for advertising purposes.

We use these techniques in the legitimate interest of being able to provide you with an attractive, fully functional offer (Art. 6 para. 1 lit. f GDPR).
If you do not want us to use cookies and local storage functions, you can control this in the settings of your respective browser. You will also receive an overview of your stored cookies there. You can delete cookies at any time or block them from the outset. You manage local storage content in the browser via the settings for „History“ or „Local data“, depending on which browser you use. We would like to point out that this may result in functional restrictions on our website.

Matomo (formerly Piwik)
This website uses the web analytics software Matomo (www.matomo.org), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, („Matomo“) to collect and store information about visitors to our website for optimization and marketing purposes. Pseudonymized usage profiles can be created and evaluated from this data for the same purpose. Cookies can be used for this purpose (for cookies, see the explanations above). The data collected using Matomo technology (including your pseudonymized IP address) is processed on Matomo servers within Germany. The information generated by cookies in the pseudonymous user profile is not used to personally identify visitors to this website and is not merged with personal data about the bearer of the pseudonym.
If you do not agree with the storage and analysis of this data from your visit, then you can disable or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. Matomo also supports the „Do Not Track“ procedure of current web browsers. If you want to generally prevent the analysis of your web behavior, we recommend that you activate this option in your browser. You can find more information about the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy

HubSpot
Purpose of processing
We use the service of HubSpot for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing and sales. The resulting data, as well as the content of our website, is stored on HubSpot’s servers.

Email marketing
We use HubSpot for our email marketing, among other things. Visitors to our website can subscribe to topic-related newsletters and mailings as well as download certain documents. This requires, for example, the provision of the name and e-mail address. We use this data to contact visitors to our website.

Reporting and contact management
In addition to email marketing, we use HubSpot for the purposes of reporting (e.g. traffic sources, accesses) and contact management (user segmentation and CRM). This involves the use of cookies that are stored on your computer, which enable an analysis of your use of the website by us. This information is analyzed on our behalf by HubSpot to generate reports about visits to our pages. This enables us to determine which services from our company are of interest to you. This, in turn, enables us to constantly improve our products and make our offers more customer-oriented.

Legal basis
The legal basis for e-mail marketing is your consent (Art. 6 para. 1 lit. a GDPR), which you give, for example, when ordering our newsletter.
You can revoke your consent to receive newsletters, mailings or downloads at any time via a link at the end of each e-mail or by sending us a message. After your revocation, your contact data will be deleted immediately from the corresponding emailing lists.
The legal basis for reporting and contact management is your consent (Art. 6 para. 1 lit. a GDPR); you give this via the cookie banner.
If you generally do not want HubSpot to collect data, you can prevent the storage of unnecessary cookies at any time by setting your browser accordingly.

Registration for trial/test access, for the newsletter and for various downloads.
With registration for one of the above services, we process the data you provide for the provision of the services as well as for the proof of registration. Based on your consent, the legal basis for the processing is Art. 6 para. 1 lit. a) GDPR.
Your registration for our services can be revoked at any time with effect for the future.

Legal basis
When registering for one or more of the above-mentioned services via our website, we process the data you provide for the conclusion and implementation of the corresponding service (Art. 6 para. 1 lit. b GDPR).
We measure the success of our websites and in particular the so-called „conversion rate“, i.e. how many visitors register for one of our services. This serves to optimize our offers in order to be able to offer the services as simply and optimized as possible. The legal basis for the corresponding data processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR).
You can revoke your consent to receive newsletters, mailings or downloads at any time via a link at the end of each e-mail or by sending us a message. After your revocation, your contact data will be deleted immediately.

Involved subcontractors
The recipient of your personal data as a service provider is:
HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA; the company has a branch in Ireland (2nd Floor 30 North Wall Quay, Dublin 1, Ireland) and a branch in Germany (Koppenstraße 93, 10234 Berlin).
As part of the processing of your data via HubSpot, this data may also be transferred to the USA. We have concluded a contract with HubSpot; in this contract, HubSpot undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

LinkedIn Insight Tag
Purpose of processing
The LinkedIn Insight Tag allows us to track and analyze LinkedIn members‘ visits to our website. When we run ad campaigns on LinkedIn that link to offers or information on our website, we can use it to measure the performance of these ads. This means, among other things, that we can track conversions, retarget our website visitors, and thereby gain additional information about the members who view our ads.

Categories of Personal Data
The LinkedIn Insight tag creates a unique LinkedIn browser cookie in your browser; this enables the collection of the following data for that cookie: metadata such as IP address, URL, referrer URL, timestamp, and page events (e.g., page views). IP addresses are shortened or (if used to reach members across devices) hashed.

You can prevent the use of cookies by not giving your consent to the setting of cookies that are not necessary when you access our website (in the „cookie banner“). You can revoke your given consent at any time with effect for the future by calling up the cookie settings and changing your selection there.

You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
LinkedIn does not share any personal data with us, but only provides reports and notifications about website audience and ad performance. LinkedIn members cannot be identified in the process.

Storage period
The collected data is anonymized within seven days and deleted within 90 days.

Legal basis
The legal basis for the processing of your personal data is our legitimate interest (Art. 6 para. 1 lit. f GDPR). Further legal basis is your consent according to Art. 6 para. 1 lit. a GDPR, which is related to your consent to a cookie use (see information on cookies).

Involved subcontractors
The recipient of the data is
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

WordPress
Purpose of processing
We use the open-source content management system „WordPress“ as well as plug-ins for our website. Plug-ins are function-related extensions of the „WordPress“ software. In the course of using these plug-ins, personal data, such as your IP address, may be processed.
We use plug-ins in particular for the following purposes:

– to protect against abusive comments („spam“),
– to find faulty links,
– to improve the loading speed of our mobile websites.

Legal basis
We use WordPress as well as the respective plug-ins used on the basis of legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest is to achieve the purposes described above. If you have given your consent, Art. 6 (1) lit. a GDPR is the legal basis.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Storage period
We store your data for as long as we need it for the specific processing purpose.

Further information
For more information about Wordpress and data protection, please visit:
https://wordpress.org/about/privacy/

YouTube video service
Purpose of processing
We embed videos on our website. The content of these videos is stored directly on the provider’s platform and embedded on our site.

Categories of personal data
Provided that you call up such a video and have allowed the cookies for external media, the IP address, technical information such as browser, operating system and basic device information as well as the website you visited are communicated. Personal data is only transmitted when you call up a video, because only then is a connection to YouTube servers established and a corresponding cookie is set, which is used to save the settings you have selected.

You can prevent the use of cookies by not giving your consent to the setting of cookies that are not necessary when you call up our website (in the „cookie banner“). You can revoke your given consent at any time with effect for the future by calling up the cookie settings and changing your selection there.

You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
By calling up a video, you leave our website and enter the external platforms of YouTube, which are beyond our control. Before you call up a video, you will be informed about it again. If you have an account with the provider of the video service, it may be able to identify you. You can avoid this by logging out of your account before playing a video.
We have embedded the YouTube videos in a privacy-friendly manner in „Enhanced Privacy Mode“.

Legal basis
The legal basis for the activation of these videos is your consent pursuant to Art. 6 (1) lit. a GDPR, which is related to your consent to a cookie use (see information on cookies).

Involved subcontractors
The recipient of the processed data is
YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA; YouTube LLC is part of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA94043, USA.
We have concluded an order processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

Info about social media fanpages
APPsolute Mobility maintains a social media profile on the social network Facebook (so-called „Fanpage“). On our Fanpage, we regularly publish and share content, offers and product information. With every interaction on our Fanpage or other Facebook websites, the social network operator records your usage behavior using cookies and similar technologies. Fanpage operators may view general statistics about the interests and demographic characteristics (such as age, gender, region) of the Fanpage audience. When you use social networks, the nature, scope and purposes of social network data processing are primarily determined by the social network operators.

Provider / responsible party
The social network Facebook is offered by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland („Facebook“).
Insofar as you communicate directly with us via our fan page or share personal content with us, APPsolute Mobility is responsible for processing your data. An exception applies to the data processing described below for usage analysis (page insights); we are jointly responsible for this with Facebook.

Processing of your data by Facebook
Please note that Facebook also processes your data when you use our Fanpage for its own purposes, which are not depicted in this privacy policy. We have no influence on these data processing operations at Facebook. In this respect, we refer to the data protection information: Privacy notices of Facebook usage analysis (page insights).

With every interaction with fan pages, Facebook records the usage behavior of the fan page visits using cookies and similar technologies. On this basis, the fan page operators receive so-called „page insights“. Page insights contain only statistical, depersonalized (anonymized) information about visitors to the fan page, which can therefore not be assigned to any specific person. We have no access to the personal data used by Facebook for the creation of Page Insights („Page Insights data“). The selection and processing of Page Insights data is carried out exclusively by Facebook.
With the help of Page Insights, we obtain insights into how our Fanpages are used, what interests the visitors to our Fanpages have, and which topics and content are particularly popular. This allows us to optimize our fan page activities, for example, by better responding to the interests and usage habits of our audience when planning and selecting our content.
APPsolute Mobility and Facebook are jointly responsible for processing your data to provide Page Insights. For this purpose, we and Facebook have entered into an agreement specifying which company fulfills which data protection obligations under the GDPR with respect to the processing of Page Insights data.

More info about page insights
You can view the agreement with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum
Facebook has summarized the main contents of this agreement (including a list of Page Insights data) for you here: https://www.facebook.com/legal/terms/information_about_page_insights_data

Legal basis
Insofar as you have consented to Facebook in relation to the creation of Page Insights described above, the legal basis is Article 6(1)(a) GDPR (consent). Otherwise, the legal basis is Article 6(1)(f) GDPR, whereby our legitimate interests lie in the above-mentioned purposes.

Facebook Pixel
So-called tracking pixels are integrated on our pages via the „Website Custom Audiences“ pixel from Facebook. When you visit our pages, a direct connection is established between your browser and the Facebook server via the tracking pixel. Facebook thereby receives, among other things, the information from your browser that our page was called up from your end device. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences/.

We also use the „conversion pixel“ or visitor action pixel of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA („Facebook“). By calling this pixel from your browser, Facebook can subsequently recognize whether a Facebook ad was successful. We receive from Facebook for this purpose exclusively statistical data without reference to a specific person. This allows us to record the effectiveness of the Facebook ads for statistical and market research purposes. Via the settings on Facebook, you as a Facebook user can revoke the consent to Conversion Pixel under the following link: https://www.facebook.com/settings?tab=ads.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect privacy. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used to suppress data transmission to Facebook.

Status of this privacy notice
February 2022

General Data Protection Notice for Apps

As the data protection officer, we hereby inform you about the processing of your personal data during the use of our mobile applications (apps) for mobile devices such as smartphones and tablets and our browser-based editorial system (APPsolute Mobility Platform) as well as about your rights as a user.

The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organizational measures to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound to data secrecy and must comply with it. To protect your personal data, it is transmitted in encrypted form. To ensure the permanent protection of your data, the technical security measures are regularly reviewed and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and according to our instructions.

Information in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).

With the following general information, we would like to inform you as a data subject,

– on what basis we process your personal data,
– how we handle your personal data,
– what rights you have against us under data protection law and
– whom you can contact to assert your rights or if you have questions about data protection.

Personal data within the meaning of Article 4 (1) GDPR are, for example, information about you, but also about facts that are related to your person. Depending on the processing situation, we collect personal data from you (e.g. in the event of a visit to our website or other offers) or also from publicly accessible sources (e.g. the Internet).

You will find general information on data processing by us below. Detailed information on various case constellations can be found under „Data protection statements on individual processing situations“. If your concerns are not adequately reflected here or if there are any questions or uncertainties, please contact our data protection officer.

Contact details of the controller
The controller responsible for the processing of personal data is:

APPsolute Mobility GmbH
Allersberger Str. 185, Building L4
90461 Nuremberg
Managing Directors: Victoria von Wachtel, Alexandra Kulfanová
E-mail: info@appsolute-mobility.com
Phone: +49 911 893139-0

Contact details of the data protection officer
Questions on the subject of data protection can be directed to our data protection officer:
Bernhard Höllerer
Management & Personnel Consulting
E-mail: datenschutz@appsolute-mobility.com

Purposes and legal bases of processing
As a matter of principle, we only process your personal data insofar as this is necessary for the provision of our content and services or if you have given your consent.

Fulfillment of a contractual obligation
When processing personal data that is required to fulfill a contract, Article 6 (1) (b) GDPR also serves as the legal basis in individual cases.

Consent
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) (a) GDPR is the legal basis for the processing of your personal data.

Existence of a legal obligation
When processing personal data where we are subject to a legal obligation (such as to comply with tax obligations), Art. 6(1)(c) GDPR is the legal basis for processing your personal data.

Legitimate interest
When processing personal data based on our legitimate interests (e.g., when using service providers in the processing of your orders, such as shipping service providers or when conducting statistical surveys and analyses and logging registration procedures), Art. 6 (1) (f) GDPR is the legal basis for processing your personal data. Our interest is directed towards the use of a user-friendly, appealing and secure presentation as well as optimization of our offer, which both serves our business interests and meets your expectations.

Existence of special categories
Special categories of personal data (such as health data) are processed by us on the basis of Art. 9 para. 2 GDPR and the respective legal basis, insofar as this is necessary in exceptional cases within the scope of our activities.

Existence of other purposes
If the processing of personal data takes place for a purpose other than the one for which it was collected, the legal basis results from Article 6 (4) GDPR.

Recipients of personal data
We only disclose your personal data to our employees and third parties on the basis of legal requirements or if we have your express consent.
Within our company, only those persons who need to access your personal data in order to perform their tasks are granted access to it.
In addition, we sometimes work together with order processors. These can be natural or legal persons, authorities, institutions or other bodies that process personal data on our behalf. The contractor is bound by instructions, which means that he may only process the data in a way that we have explicitly instructed him to do.

Data Transfer to Third Party Providers/To Third Party Countries.
Our business activities are supported by a network of computers, cloud-based servers and other infrastructure and information technologies. Furthermore, we use various service providers („Third-Party Providers“) or their products to optimize our offerings and services; this also applies when our services link to other platforms such as social media. The aforementioned parties may be located in countries outside the European Union, the European Economic Area and Switzerland, if applicable. In these cases, we share personal data with the aforementioned parties in order to provide the requested service.

Data transfers to countries that do not have an adequate level of data protection that complies with the requirements of the GDPR („third countries“) may therefore arise in the context of the administration, development and operation of IT systems, marketing and customer communications and securing our offers.

Such data transfers only take place insofar as the transfer is permissible in principle and special requirements for a transfer to a third country exist. In particular, we ensure that the party processing the data there guarantees an adequate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries. Other data transfers may be based on other contractual protections.

We conclude contracts with our partners and service providers to ensure an adequate level of data protection, depending on the respective circumstances. These may be data processing agreements (DPAs) where there is commissioned processing, contracts based on the EU standard contractual clauses (SCCs) where there is shared responsibility, or binding corporate rules (BCRs).

Storage period
Personal data collected by us may be recorded both in paper form and electronically. According to Art. 17 GDPR, personal data must be deleted as soon as they are no longer required for the above-mentioned purposes and the deletion does not conflict with any legal retention requirements. We thus process and store your personal data only for the period of time required to fulfill the purpose of storage or if this has been provided for in laws or regulations. After discontinuation or fulfillment of the purpose, your personal data will be deleted or blocked. In the case of blocking, deletion will take place as soon as legal, statutory or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause disproportionately high expense due to the special nature of the storage.

Data subject rights
You have the following rights vis-à-vis us, which you can assert with regard to the personal data concerning you:

Right to information, Art. 15 GDPR.
You have the right to information about whether we process personal data about you. In addition, the right of access provides you with information about the data concerning you and some other important criteria, such as the purposes of processing or the duration of storage. It makes it much easier for us to provide information if you tell us in what context we receive your data.

Right to rectification, Art. 16 GDPR
You have the right to rectification if you wish to have inaccurate personal data corrected.

Right to erasure, Art. 17 GDPR
Under the conditions of Art. 17 GDPR, you can request that we delete your personal data. However, this is only possible if the personal data concerning you is no longer necessary, is being processed unlawfully, or consent in this regard has been revoked.

Right to restriction of processing, Art. 18 GDPR.
The right to restriction of processing gives you the opportunity to prevent further processing of the personal data concerning you for the time being. The GDPR restricts this right when it concerns the exercise of legal claims, public interests worthy of protection or interests of another person.

Right to object, Art. 21 GDPR
According to Art. 21 GDPR, you have the possibility to object to the processing of personal data concerning you. This means that in a specific situation, you may object to the further processing of your personal data insofar as it is carried out on the basis of the performance of public tasks.

Right to data portability, Art. 20 GDPR.
The right to data portability means the possibility for you to receive your personal data from us in a common, machine-readable format in order to transfer it to another controller, if necessary. However, according to Article 20 (3) sentence 2 GDPR, this right does not apply to data processing that is in the public interest or in the exercise of official authority.

Right to revoke consent, Art. 7 (3) GDPR
Insofar as the processing of personal data is based on consent, you may revoke this consent at any time for the relevant purpose. The lawfulness of the processing based on the consent given remains unaffected until receipt of the revocation.

Right of complaint, Art. 77 GDPR
You also have a right of appeal to the supervisory authority under data protection law.

You can also contact our data protection officer mentioned above with questions and complaints.

Subject to change
We reserve the right to change the data protection information in order to adapt it to changed legal situations, or in the event of changes to the service or data processing. In the course of the further development of our Internet offer and the technologies used, changes to this data protection information may also become necessary. We therefore recommend that you visit this page regularly if you wish to be kept up to date. If your consent is required or parts of the data protection information contain regulations of the contractual relationship with you, the changes will only be made with your consent.

You will find the current status of this data protection notice at the end of this document.

Data Protection Notices for special processing situations App and Cockpit

Automated collection of data via our editorial system / the cockpit (website).

Purpose of processing
When visiting the editorial system (website), data is required to provide the corresponding service. The data is stored in central log system.

This information is used by us exclusively for purposes of technical administration of our editorial system, in support cases, for performance monitoring and ensuring the required performance; and for defense against illegal actions in connection with our system.

We reserve the right to check this log data retrospectively if there is a justified suspicion of an illegal act on the basis of concrete indications. Insofar as personal data is processed in this context, we do so exclusively to protect our legitimate interest in defending against unlawful acts in connection with our website for the editorial system.

Categories of personal data
During your visit to our editorial system, the following data is collected, among others:

– Information about IP address
– referring URL
– user ID
– date
– time of day
– browser version
– operating system
– URL

Storage period
The data is stored for a maximum period of 6 months and then automatically deleted if there are no indications of illegal use.

Legal basis
The legal basis for the processing of your personal data is our legitimate interest (Art. 6 para. 1 lit. f GDPR) or, if the user has given his consent, Art. 6 para. 1 lit. a GDPR.

Processing of data in our apps and in our editorial system (website)
Registration, user account

Purpose of data processing
Only data that is required for the smooth functioning and processing of your activities with the editorial system is stored in your user account. You can edit this information at any time in your user account.
All data fields marked as mandatory for the registration of the user account are required for the execution of the contract. Failure to provide this information will result in the contractual service not being able to be performed. The provision of further data is voluntary.

Legal basis
The legal basis for the processing of your personal data is the performance of contractual obligations (Art. 6 para. 1 lit. b GDPR).

Feedback function
Purpose of data processing

We offer feedback functions in some of our apps and in the editorial system, whereby additional personal data must be stored in order to display the functionality.

Categories of personal data
When you use the feedback function, the following data, among others, are collected:

– Email address
– Feedback text

Legal basis
The legal basis for the processing of your personal data is your consent (Art. 6 para. 1 lit. a GDPR).

Information when using our apps
Purpose of data processing

We regularly make apps available for download on sites of third-party providers (such as App Store, Google Play Store, etc.). If, according to the applicable terms of use of such a provider, we become your contractual partner for the purchase of the app, we process the data provided to us by the third-party provider to the extent necessary in each case for the performance of the contract so that you can download the app to your mobile device.
Our apps use the following permissions for the purposes listed behind them, which give them access to certain features of your mobile device:

– Memory – to store data in the app.
– Network connections – for checking, establishing and disconnecting a mobile network connection
– WLAN connection information – for checking, establishing and disconnecting a WLAN connection
– Microphone – composing voice messages, dictation function
– Album / photos – uploading photos in the feedback form
– Calendar – access to calendars installed on the device
– Camera – creating photos/videos/live stream, using the barcode scanner
– Contacts – access to the address books/contacts installed on the device
– Push notifications – sending push messages to the mobile device
– Location data – to determine the current location of the device via GPS

Cookies
Purpose of data processing

For the correct functioning of our website for the editorial system, we need to set a few cookies. These are so-called „essential cookies“, without which the functions we offer cannot be realized. Your consent is not required for these types of cookies. We do not use any other cookies beyond these essential cookies.

In addition, you can manage cookies in your web browser and delete them completely. We would like to point out that this may result in functional restrictions.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited; this may mean that you cannot use certain functions at all.
When using apps, a technology comparable in function is used instead of cookies.

Legal basis
We use cookies in the legitimate interest to be able to make them an attractive fully functional offer (Art. 6 para 1 lit. f GDPR). Furthermore, all technically necessary cookies are required for the performance of the contract (Art. 6 para 1 lit. b GDPR). If this information is not stored, the consequence is that the contractual service cannot be fully performed.

Tracking and analysis
Purpose of data processing

In some of our apps, we partially use tracking services. Usage profiles can be created from the collected data. We use this information to tailor the use of the app in an automated and real-time manner. All data is stored pseudonymously.

The pseudonymized usage profiles are not merged with personal data about the bearer of the pseudonym without a separate consent to be given, unless you have given us a corresponding consent.

Categories of personal data

Examples of the categories of data collected are:

– Which templates and documents were worked with, when and for how long,
– which data sets were saved and shared via the „Sharing Center“,
– whether the blank templates or PDF documents were shared via the „Sharing Center“,
– which links were clicked and when.

Legal basis
The legal basis for the processing of your personal data is your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest in optimizing our services (Art. 6 para. 1 lit. f GDPR).

Google Crashlytics
Crashlytics is an analytics tool; it can be used to generate so-called crash reports, i.e. reports about malfunctions or failures of the app, where and in what context they occurred, how many users of the app are affected by them, and other information related to your problem.

Purpose of data processing
We use these reports to learn about malfunctions or failures, to be able to react faster, more targeted and more efficiently and to improve the App technically accordingly. With the information, Crashlytics (and thus we) subsequently we gain insights into whether and how the App is working and being used, especially including any malfunctions or failures that occur.

Categories of Personal Data
Crashlytics records information about the crash and general data of the respective IT environment together with your App ID; in particular, this is information about the terminal device used, the mobile carrier and the operating system.

Storage period
Insofar as personal or pseudonymous data is contained in the collected data, Crashlytics deletes it after seven days at the latest.

Legal basis
The legal basis for the processing of your personal data is your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest in optimizing our services (Art. 6 para. 1 lit. f GDPR).

Subcontractors involved
The recipient of your personal data as a processor is:

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

A transfer of data to the USA cannot be ruled out. The recipient of your personal data in this case is.

Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We have concluded an order processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

Google Firebase Push Notification Service
For some of our apps, we use the Firebase Push Notification Service for push notifications. For this, a unique identification string is generated when logging in to the service, which allows to send messages to a specific device. These unique strings are linked to the logged-in user on our servers in order to notify them specifically about information available to them.

Legal basis
The legal basis for the processing of your personal data is the performance of contractual obligations (Art. 6 para. 1 lit. b GDPR).

Involved subcontractors
The recipient of your personal data as a processor is:

Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

A transfer of data to the USA cannot be excluded. The recipient of your personal data in this case is.

Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We have concluded an order processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

ElasticSearch
Purpose of data processing

We rely on ElasticSearch as a centralized logging platform.
We use these reports to learn about malfunctions or failures, to be able to react faster, more targeted and more efficiently, and to improve the apps and Cockpit technically accordingly. With this information, we gain insights into whether and how the Apps and Cockpit are functioning and being used, especially including malfunctions and failures that occur.

Categories of personal data
– Information about IP address
– referring URL
– URL
– user ID
– date
– time of day
– browser version
– Operating System
– App name
– App version

Storage period
The data is stored for a maximum period of 6 months and then automatically deleted if there are no indications of illegal use.

Legal basis
The legal basis for the processing of your personal data is the performance of contractual obligations (Art. 6 para. 1 lit. b GDPR).

Status: March 2022

Below you will find our general data processing agreement (Art. 28 GDPR). It describes our procedure when we process on your behalf personal data (Art. 4 (8) GDPR) for which you are the responsible person Art. 4 (7) GDPR). Individual arrangements are possible in individual agreements at any time. Such individual arrangements will of course not be published here.

As of: 19/05/2021

Data Processing Agreement (DPA) of APPsolute Mobility GmbH

As an annex to an agreement used by the client to specify the obligations of both contracting parties with regard to data protection

 

Between

 

-Client-

(hereinafter referred to as – client -)

 

and

 

APPsolute Mobility GmbH

Allersberger Str. 185 – Geb. L4 (Das blaue Haus)
90461 Nürnberg

(hereinafter referred to as – contractor -)

  1. General

(1) The contractor shall process personal data on behalf of the client within the meaning of Art. 4 No. 8 and Art. 28 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR). This agreement regulates the rights and obligations of the parties in connection with the processing of personal data.

(2) Where the term “data processing” or “processing” (of data) is used in this agreement, the definition of “processing” within the meaning of Art. 4 (2) GDPR shall apply.

  1. Subject of the agreement

The subject matter of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects are set out in Annex 1 to this agreement.

  1. Rights and obligations of the client

(1) The client is the responsible person within the meaning of Art. 4 (7) GDPR for the processing of data on behalf of the contractor. Pursuant to clause 4 (5), the contractor shall be entitled to notify the client if data processing which it considers to be legally inadmissible is the subject of the order and/or an instruction.

(2) The client shall be responsible as the controller for safeguarding the rights of the data subjects. The contractor shall inform the client without delay if data subjects assert their data protection rights against the contractor.

(3) The client shall have the right to issue supplementary instructions to the contractor at any time regarding the type, scope and procedure of data processing. Instructions must be given in text form (e.g. email).

(4) Regulations on any remuneration of additional expenses incurred by the contractor due to supplementary instructions of the client shall remain unaffected.

(5) The client may appoint persons authorised to issue instructions. If persons authorised to issue instructions are to be named, they shall be specified in Annex 1. In the event that the persons authorised to give instructions at the client change, the client shall notify the contractor thereof in text form.

(6) The client shall inform the contractor without delay if it discovers errors or irregularities in connection with the processing of personal data by the contractor.

(7) In the event that there is an obligation to inform third parties pursuant to Art. 33, 34 GDPR or any other statutory notification obligation applicable to the client, the client shall be responsible for compliance therewith.

  1. General obligations of the contractor

(1) The contractor shall process personal data exclusively within the framework of the agreements made and/or in compliance with any supplementary instructions issued by the client. This does not apply to legal regulations which may oblige the contractor to process the data in another way. In such a case, the contractor shall notify the client of these legal requirements prior to the processing, unless the law in question prohibits such notification due to an important public interest. The purpose, nature and scope of the data processing shall otherwise be governed exclusively by this agreement and/or the client’s instructions. The contractor is prohibited from processing data in any way deviating from this, unless the client has agreed to this in writing.

(2) The contractor itself shall only transfer data in member states of the European Union (EU) or the European Economic Area (EEA) in the case of commissioned data processing. If this cannot be guarantees, e.g. in the case of subcontractors, only companies in countries for which the European Commission has decided that they have a level of data protection comparable to the EU will be selected in any case.

(3) In the area of commissioned data processing, the contractor shall ensure that all agreed measures are carried out in accordance with the agreement.

(4) The contractor shall be obliged to organise its company and its operating procedures in such a way that the data which it processes on behalf of the client are secured to the extent necessary in each case and protected against unauthorised access by third parties. The contractor shall coordinate with the client in advance changes in the organisation of the commissioned data processing which are significant for the security of the data.

(5) The contractor shall inform the client without delay if, in its opinion, an instruction issued by the client violates statutory regulations. The contractor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the client. If the contractor can demonstrate that processing in accordance with the client’s instructions may lead to liability on the part of the contractor pursuant to Art. 82 GDPR, the contractor shall be entitled to suspend further processing in this respect until the liability between has been clarified between the parties.

(6) The commissioned processing of data on behalf of the client outside the premises of the contractor or subcontractors is only permitted with the consent of the client in writing or text form. Processing of data for the client in private residences is only permitted in individual cases with the consent of the client in writing or text form.

(7) The contractor shall process the data it processes on behalf of the client separately from other data. Physical separation is not mandatory.

(8) The contractor may name to the client the person(s) authorised to receive instructions from the client. If persons authorised to receive instructions are to be named, they shall be specified in Annex 1. In the event that the persons authorised to receive instructions change at the contractor, the contractor shall notify the client thereof in text form.

  1. Data protection officer of the contractor

(1) The contractor confirms that it has appointed a data protection officer in accordance with Art. 37 GDPR. The contractor shall ensure that the data protection officer has the necessary qualifications and expertise. The contractor shall inform the client of the name and contact details of its data protection officer separately in text form.

(2) The obligation to appoint a data protection officer pursuant to paragraph 1 may be waived at the discretion of the client if the contractor can prove that it is not legally obliged to appoint a data protection officer and the contractor can prove that operational regulations are in place which ensure the processing of personal data in compliance with the statutory provisions, the provisions of this agreement and any further instructions of the client.

  1. Reporting obligations of the contractor

(1) The contractor is obliged to notify the client without delay of any infringement of data protection regulations or of the contractual agreements made and/or of the client’s instructions, which has occurred in the course of the processing of data by the contractor or other persons involved in the processing. The same shall apply to any breach of the protection of personal data processed by the contractor on behalf of the client.

(2) Furthermore, the contractor shall inform the client without undue delay if a supervisory authority takes action against the contractor pursuant to Art. 58 GDPR; this may also concern an inspection of the processing that the contractor provides on behalf of the client.

(3) The contractor is aware that the client may be subject to a reporting obligation pursuant to Art. 33, 34 GDPR, which provides for notification to the supervisory authority within 72 hours of becoming aware of it. The contractor shall support the client in the implementation of the reporting obligations. The contractor shall in particular notify the client of any unauthorised access to personal data processed on behalf of the client without undue delay, but at the latest within 48 hours of becoming aware of such access. The contractor’s notification to the client shall in particular contain the following information:

  • A description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects, the categories concerned and the approximate number of personal data records concerned;
  • A description of the measures taken or proposed by the contractor to address the personal data breach and, where appropriate, measures to mitigate its possible adverse effects.
  1. Cooperation obligations of the contractor

(1) The contractor shall support the client in its obligation to respond to requests for the exercise of data subject rights pursuant to Art. 12-23 GDPR. The provisions of clause 11 of this agreement shall apply.

(2) The contractor shall participate in the drawing up of the registers of processing activities by the client. It shall provide the client with the information required in this respect in an appropriate manner.

(3) The contractor shall support the client in complying with the obligations set out in Art. 32-36 GDPR, taking into account the nature of the processing and the information available to it.

  1. Inspection rights

(1) The client shall have the right to inspect the contractor’s compliance with the statutory provisions on data protection and/or compliance with the contractual provisions made between the parties and/or compliance with the client’s instructions at any time to the extent required.

(2) The contractor is obliged to provide the client with information, insofar as this is necessary to carry out the inspections within the meaning paragraph 1.

(3) The client may demand to inspect the data processed by the contractor on behalf of the client as well as the data processing systems and programmes used.

(4) The client may carry out the inspections within the meaning of paragraph 1 at the contractor’s premises during normal business hours after prior notification with reasonable notice period. The client shall ensure that the inspections are only carried out to the extent necessary in order not to disproportionately disrupt the contractor’s operations as a result of the inspections.

(5) The contractor shall be obliged, in the event of measures taken by the supervisory authority vis-à-vis the client within the meaning of Art. 58 GDPR, in particular with regard to information and inspection obligations, to provide the necessary information to the client and to enable the respective competent supervisory authority to carry out an on-site inspection. The client shall be informed by the contractor about corresponding planned measures.

  1. Subcontracting

(1) The commissioning of subcontractors by the contractor is only permissible with the consent of the client in text form. The contractor shall list all subcontracting relationships already existing at the time of the conclusion of the agreement in Annex 2 to this agreement.

(2) The contractor shall carefully select the subcontractor and check before commissioning that the subcontractor can comply with the agreements made between the client and the contractor. In particular, the contractor shall check in advance and regularly during the term of the agreement that the subcontractor has taken the technical and organisational measures required under Art. 32 GDPR to protect personal data. The result of the check shall be documented by the contractor and transmitted to the client upon request.

(3) The contractor shall be obliged to have the subcontractor confirm that it has appointed an in-house data protection officer in accordance with Art. 37 GDPR. In the event that no data protection officer has been appointed at the subcontractor’s, the contractor shall point this out to the client and provide information to the effect that the subcontractor is not legally obliged to appoint a data protection officer.

(4) The contractor shall ensure that the regulations agreed in this agreement and, if applicable, supplementary instructions of the client also apply to the subcontractor.

(5) The contractor shall conclude a data processing agreement with the subcontractor that complies with the requirements of Art. 28 GDPR. In addition, the contractor shall impose the same personal data protection obligations on the subcontractor as are laid down between the client and the contractor. The client shall be provided with a copy of the data processing agreement upon request.

(6) The contractor shall in particular be obliged to ensure by contractual provisions that the inspection rights (clause 8 of this agreement) of the client and of supervisory authorities also apply vis-à-vis the subcontractor and that corresponding inspection rights of the client and supervisory authorities are agreed. It must also be contractually stipulated that the subcontractor must tolerate these inspection measures and any on-site inspections.

(7) Services which the contractor uses from third parties as a purely ancillary service in order to carry out the business activity are not to be regarded as subcontracting relationships within the meaning of paragraphs 1 to 6. This includes, for example, cleaning services, pure telecommunication services without any specific reference to services provided by the contractor to the client, postal and courier services, transport services, security services. The contractor shall nevertheless be obliged, also in the case of ancillary services provided by third parties, to ensure that appropriate precautions and technical and organisational measures have been taken to guarantee the protection of personal data. The maintenance and servicing of IT systems or applications constitutes a subcontracting relationship requiring consent and commissioned data processing within the meaning of Art. 28 GDPR if the maintenance and testing concerns IT systems that are also used in connection with the provision of services to the client and personal data processed on behalf of the client can be accessed during the maintenance.

  1. Confidentiality obligation

(1) When processing data for the client, the contractor is obliged to maintain the confidentiality of data which it receives or becomes aware of in connection with the data processing. The contractor undertakes to observe the same rules on the protection of secrets as are incumbent on the client. The client shall be obliged to inform the contractor of any special rules on the protection of secrets.

(2) The contractor warrants that it is aware of the applicable data protection regulations and is familiar with their application. The contractor further warrants that it has familiarised its employees with the provisions of data protection applicable to them and has obliged them to maintain confidentiality. The contractor further warrants that it has in particular obliged the employees engaged in the performance of the work to maintain confidentiality and has informed them of the client’s instructions.

(3) The obligation of the employees pursuant to paragraph 2 shall be proven to the client upon request.

  1. Safeguarding of data subject rights

(1) The client shall be solely responsible for safeguarding the rights of the data subjects. The contractor is obliged to support the client in its duty to process requests from data subjects in accordance with Art. 12-23 GDPR. The contractor shall in particular ensure that the information required in this respect is provided to the client without delay so that the client can in particular fulfil its obligations under Art. 12 (3) GDPR.

(2) Insofar as the cooperation of the contractor is necessary for the safeguarding of data subject rights – in particular for information, rectification, blocking or erasure – by the client, the contractor shall take the respective necessary measures according to the client’s instructions. The contractor shall, as far as possible, support the client with suitable technical and organisational measures in fulfilling its obligation to respond to requests to exercise data subject rights.

(3) Regulations on any remuneration of additional expenses incurred by the contractor due to cooperation in connection with the assertion of data subject rights vis-à-vis the client shall remain unaffected.

  1. Secrecy obligations

(1) Both parties undertake to treat all information received in connection with the performance of this agreement as confidential for an unlimited period of time and to use it only for the performance of the agreement. Neither party is entitled to use this information in whole or in part for purposes other than those just mentioned or to make this information available to third parties.

(2) The above obligation shall not apply to information which one of the parties has demonstrably received from third parties without being obliged to maintain confidentiality or information which is publicly known.

  1. Remuneration

The contractor’s remuneration shall be agreed separately.

  1. Technical and organisational measures for data security

(1) The contractor undertakes vis-à-vis the client to comply with the technical and organisational measures required to comply with the applicable data protection provisions. This includes, in particular, the requirements of Art. 32 GDPR.

(2) The status of the technical and organisational measures existing at the time of the conclusion of the agreement shall be an integral part of this agreement. The parties agree that changes to the technical and organisational measures may be necessary in order to adapt to technical and legal circumstances. The contractor shall agree in advance with the client on any significant changes that may affect the integrity, confidentiality or availability of the personal data. Measures that only entail minor technical or organisational changes and do not negatively affect the integrity, confidentiality and availability of the personal data may be implemented by the contractor without consultation with the client. The client may request an up-to-date version of the technical and organisational measures taken by the contractor at any time.

(3) The contractor shall check the effectiveness of the technical and organisational measures it has taken on a regular basis and also on an ad hoc basis. In the event that there is a need for optimisation and/or modification, the contractor shall inform the client.

  1. Duration of the data processing agreement

(1) The agreement shall commence upon signature and shall be concluded for an indefinite period.

(2) It may be terminated with three months’ notice to the end of the quarter.

(3) The client may terminate the agreement at any time without notice if there is a serious breach by the contractor of the applicable data protection provisions or of obligations under this agreement, if the contractor is unable or unwilling to carry out an instruction of the client or if the contractor refuses access by the client or the competent supervisory authority in breach of the agreement.

  1. Termination

(1) After termination of the agreement, the contractor shall return to the client or delete, at the client’s discretion, all documents, data and processing or utilisation results produced which have come into its possession and which are connected with the contractual relationship. The deletion shall be documented in a suitable manner. Any statutory retention obligations or other obligations to store the data remain unaffected. In the case of data carriers, these must be destroyed if the client wishes to delete them, whereby at least security level 3 of DIN 66399 must be complied with; proof of destruction must be provided to the client with reference to the security level in accordance with DIN 66399.

(2) The client has the right to check the complete and contractual return and deletion of the data at the contractor. This can also be done by inspecting the data processing equipment at the contractor’s premises. The on-site inspection shall be announced by the client with reasonable notice.

  1. Right of retention

The parties agree that the defence of the right of retention by the contractor within the meaning of § 273 BGB (German Civil Code) is excluded with regard to the processed data and the associated data carriers.

  1. Final provisions

(1) Should the property of the client at the contractor be endangered by measures of third parties (for example by seizure or attachment), by insolvency proceedings or by other events, the contractor shall inform the client immediately. The contractor shall inform the creditors without delay of the fact that the data involved is being processed on behalf of a client.

(2) The written form is required for ancillary agreements.

(3) Should individual parts of this agreement be invalid, this shall not affect the validity of the remaining provisions of the agreement.

 

Page break

Annex 1 – Subject of the agreement

  1. Subject matter and purpose of the processing

The client’s commissioning of the contractor includes the following work and/or services:

The type, scope and purpose of the data processing result from the main agreement.

  1. Type(s) of personal data

The following types of data are regularly the subject of processing:

  • Email address, password and user name
  • The data types of further personal data depend on which information the respective APPsolute Mobility user specifies as relevant in the app. As a rule, these are likely to be:
  1. a) Full name, company, email, password, gender, etc.
  2. b) Contact details of contact persons’ business cards, e.g. company name, postal and/or email address, telephone and/or fax numbers as text and/or as image information;
  3. c) Photos of the contact person or other identification documents (driving licence, ID card, etc.)
  4. d) Time and place of the meeting, including the name of the meeting/event, etc.
  5. e) Bank details of the contact person
  6. f) Signatures as text and/or as image information
  7. h) Various media (photos, audios, videos, …)
  8. i) Barcode information
  9. j) Location data via GPS
  10. Categories of data subjects

Groups of data subjects affected by the data processing:

  • a) Users authorised by the client to use APPsolute Mobility (identified by email and names of users)

 

(b) Other persons who are/were in contact with the user and whose data was recorded using the APPsolute Mobility App. This can include, among others: Names, contact and address data, dates of birth, bank details, etc. (see also § 2)

  1. Persons authorised to receive instructions at the contractor

 

  1. Data protection officer

datenschutz@appsolute-mobility.comPage break

Annex 2 – Subcontractor

For the processing of data on behalf of the client, the contractor uses the services of third parties who process data on its behalf (“subcontractors”).

This is the following company or companies:

Subcontractor 1

Theano GmbH

Kiefernweg 8

49205 Hasbergen

www.theano.de

Phone: +49 (0)5405-9282 5431

(1) Tasks of the subcontractor

  1. a) IBAN calculator (the IBAN validator functionality can be booked as an option in the FORMS module of the APPsolute Mobility platform)

 

Subcontractor 2

Byteplant GmbH Software Solutions & Consulting

HeilsbronnerStrasse 4

91564 Neuendettelsau

www.byteplant.com

Phone: +49 (0)9874 322 466

(1) Tasks of the subcontractor

  1. a) Address validator (the address validator functionality can be optionally booked in the FORMS module of the APPsolute Mobility platform)

 

 

Subcontractor 3

Hetzner Online GmbH

Industriestr. 25
91710 Gunzenhausen

www.hetzner.com

Phone: +49 (0) 9831 505-0

(1) Tasks of the subcontractor

  1. a) Data centre / web hosting

 

Subcontractor 4

Telekom Deutschland GmbH
Landgrabenweg 151

D-53227 Bonn

www.telekom.de

Phone: +49 (0) 228 – 181 0

(1) Tasks of the subcontractor

  1. a) Open Telekom Cloud data centre / web hosting

 

Subcontractor 5

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4 – Ireland

  1. Tasks of the subcontractor
  2. Crashlytics: Crash Report Service

Firebase Push Notification Service: Service for sending push notifications (the push notifications functionality can be optionally booked in the APPsolute Mobility platform)

©2020 APPsolute Mobility | Legal notice | Data protection | Career