Datenschutzhinweise


General Data Protection Notice 

The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organisational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound by and must comply with data secrecy. To protect your personal data, it is transmitted in encrypted form. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and according to our instructions.

Information pursuant to Art. 13 and 14 of the General Data Protection Regulation (GDPR) 

With the following general information, we would like to inform you as a data subject about

 

  • the basis on which we process your personal data,
  • how we handle your personal data,
  • what rights you have against us under data protection law and
  • whom you can contact to assert your rights or if you have questions about data protection.

 

Personal data within the meaning of Art. 4 (1) GDPR comprises, for example, details about you, but also about facts that are connected to your person. Depending on the processing situation, we collect personal data from you (e.g. in the case of a visit to our website) or also from publicly accessible sources (e.g. the Internet).

You will find general information on data processing by us below. Detailed information on various case constellations can be found under “Data protection notices on individual processing situations”. If your concern is not adequately reflected here or if there are any questions or uncertainties, please contact our data protection officer.

 

Contact details of the controller 

The controller for the processing of personal data is:

 

APPsolute Mobility GmbH

Allersberger Str. 185, Building L4

90461 Nuremberg

Managing Directors: Victoria von Wachtel, Alexandra Kulfanová

E-mail: info@appsolute-mobility.com

Phone: +49 911 893139-0

 

Contact details of the data protection officer 

 

Questions on the subject of data protection can be directed to our data protection officer:

Bernhard Höllerer

Management & Personnel Consulting

 

E-mail: datenschutz@appsolute-mobility.com

 

Purposes and legal bases of the processing 

As a matter of principle, we only process your personal data insofar as this is necessary for the provision of a functioning website as well as our contents and services, or if you have given your consent. We collect, process and use your personal data for the following purposes: Establishment and implementation of contractual relationships, dispatch of a newsletter, marketing measures, customer satisfaction surveys and analyses, product evaluations, customer service and customer support and for order processing of our online range of goods.

 

Fulfilment of a contractual obligation 

When processing personal data that is required for the performance of a contract, Art. 6 (1) (b) GDPR also serves as the legal basis in individual cases.

 

Consent 

Insofar as we obtain the consent of the data subject for processing operations on personal data, Art. 6 (1) (a) GDPR is the legal basis for the processing of your personal data.

 

Existence of a legal obligation 

When processing personal data where we are subject to a legal obligation (such as to comply with tax obligations), Art. 6 (1) (c) GDPR is the legal basis for processing your personal data.

 

Legitimate interest 

When processing personal data based on our legitimate interests (e.g. when using service providers as part of processing your orders, such as shipping service providers or when carrying out statistical surveys and analyses as well as logging registration procedures), Art. 6 (1) (f)GDPR is the legal basis for processing your personal data. Our interest is directed towards the provision of a user-friendly, appealing and secure presentation as well as optimisation of our offer, which both serves our business interests and meets your expectations.

 

Presence of special categories of personal data

Special categories of personal data (such as health data) are processed by us on the basis of Art. 9 (2) GDPR and the respective legal basis, insofar as this is necessary in exceptional cases within the scope of our activities.

Presence of other purposes 

If the personal data is processed for a purpose other than the one for which it was collected, the legal basis is Art. 6 (4) GDPR.

 

Recipients of personal data 

We only disclose your personal data to our employees and third parties on the basis of legal regulations or if we have your express consent.

Within our company, only those persons who need to have access to your personal data in order to fulfil their tasks will have access to it.

In addition, we sometimes work together with processors. These may be natural or legal persons, authorities, institutions or other bodies that process personal data on our behalf. The contractor is bound by instructions, i.e. it may only process the data in a way that we have explicitly instructed it to do.

 

Data transfer to third parties/ to third countries 

Our business activities are supported by a network of computers, cloud-based servers and other infrastructure and information technologies. Furthermore, we use various service providers (“third-party providers”) or their products to optimally design our offers and services; this also applies if our services establish links with other platforms such as social media. The aforementioned parties may be located in countries outside the European Union, the European Economic Area and Switzerland, as the case may be. In these cases, we share personal data with the aforementioned parties in order to provide the requested service.

Data transfers to countries in which there is no adequate level of data protection that complies with the requirements of the GDPR (“third countries”) may therefore arise in the context of the administration, development and operation of IT systems, marketing and customer communications and the securing of our offers.

Such data transfers only take place insofar as the transfer is permissible in principle and special conditions for a transfer to a third country exist. In particular, we ensure that whoever processes the data there guarantees an adequate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries. Other data transfers may be based on other contractual provisions on data protection.

We conclude contracts with our partners and service providers to ensure an appropriate level of data protection, depending on the respective circumstances. These can be data processing agreements (DPAs) if commissioned processing is used, contracts based on the EU standard contractual clauses (SCCs) in the case of joint responsibility or binding corporate rules (BCRs).

Storage period 

Personal data collected by us may be recorded in paper form or electronically. According to Art. 17 GDPR, personal data must be deleted as soon as it is no longer required for the above-mentioned purposes and the deletion does not conflict with any legal retention requirements. We therefore only process and store your personal data for the period of time required to fulfil the purpose of storage or where this has been provided for in laws or regulations. After discontinuation or fulfilment of the purpose, your personal data will be deleted or blocked. In the event of blocking, the data will be deleted as soon as there are no legal, statutory or contractual retention periods to the contrary, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.

 

Log file recording 

If you visit our website for information purposes only, without providing personal data via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each visit, which is temporarily stored in log files of a server. A log file is created in the course of an automatic logging of the processing computer system.

The following can be recorded: Access to the website (date, time and frequency), how you got to the website (previous page, hyperlink, etc.), amount of data sent, which browser and browser version you are using, which operating system you are using, which internet service provider you are using, your IP address that your internet access provider assigns to your computer when you connect to the internet.

The legal basis for this data processing is Art. 6 (1) (b) GDPR, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly. In addition, we use the data to optimise our website and to ensure the security of our IT systems; in this respect, the processing is based on Art. 6 (1) (f) GDPR.

 

Rights of data subjects 

You have the following rights against us which you can exercise in respect of personal data relating to you:

 

Right to information, Art. 15 GDPR 

You have the right to be informed whether we process personal data about you. In addition, the right to information provides you with information about the data concerning you and some other important criteria such as the purposes of processing or the duration of storage. It makes it much easier for us to provide information if you tell us in what context we receive your data.

 

Right to rectification, Art. 16 GDPR 

You have the right to rectification if you wish to have inaccurate personal data corrected.

 

Right to erasure, Art. 17 GDPR 

Under the conditions of Art. 17 GDPR, you can request the deletion of your personal data from us. However, this is only possible if the personal data relating to you is no longer necessary, is being processed unlawfully or consent in this regard has been revoked.

 

Right to restriction of processing, Art. 18 GDPR 

The right to restrict processing gives you the opportunity to prevent further processing of the personal data concerning you for the time being. The GDPR restricts this right when it concerns the exercise of legal claims, public interests worthy of protection or the interests of another person.

 

Right to object, Art. 21 GDPR 

In accordance with Art. 21 GDPR, you have the possibility to object to the processing of personal data concerning you. This means that in a specific situation you can object to the further processing of your personal data insofar as it is carried out on the basis of the performance of public tasks.

 

Right to data portability, Art. 20 GDPR 

The right to data portability means the possibility for you to receive your personal data from us in a common, machine-readable format in order to transfer it to another controller if necessary. However, according to Art. 20 (3) (2) GDPR, this right does not apply to data processing that is in the public interest or in the exercise of official authority.

 

Right to withdraw consent, Art. 7 (3) GDPR 

Insofar as the processing of personal data is done on the basis of consent, this consent can be revoked at any time for the respective purpose. The legality of the processing on the basis of the exercised consent remains unaffected until receipt of the withdrawal of consent.

 

Right to complain to a supervisory authority, Art. 77 GDPR 

You also have a right to complain to a supervisory authority.

You can also turn to the above-named data protection officer with questions and complaints.

 

Links to Internet sites of other companies 

Our website contains links to Internet sites of other companies. We are not responsible for the data protection practices of external websites that you may access through these links. Please inform yourself there about the data protection policies of these external websites.

Reservation of changes 

We reserve the right to change this data protection notice in order to adapt to the changed legal situation or in the event of changes to the service or data processing. During the course of the the further development of our internet offer and the technologies used, changes to this data protection notice may also be required. We therefore recommend that you regularly check this site to get up-to-date information. Insofar as consent is required or components of the data protection notice contain regulations on the contractual relationship with you, changes will take place only with your consent.

 

The respective status of this data protection notice can be found at the end of this document.

 

Data protection notices on special processing situations 

In addition to the general data protection notice, you will find further information on specific processing situations below.

 

Cookies and local storage 

Our website uses cookies to ensure functionality, for statistical evaluations of usage and for reach measurement. These evaluations help us to improve the online offers for you. We also use service providers for this purpose.

 

Cookies 

Cookies are small text files that are collected by your browser and temporarily stored on your computer. They do not reveal any personal data and can neither access nor cause damage to the data on your hard drive.

 

Cookies management 

When you visit our website, you must declare which cookies we may use. We realise this through a so-called Consent Management System – commonly referred to as a “cookie banner”.

A distinction is made between so-called “essential cookies” / necessary cookies, which are required for the correct functioning of the website and the functions offered on it (such as registration form for trial access) and those that we use to improve our website and the functions offered on it; this also includes cookies that we use to measure the success of our website and the other websites linked to it. You can object to the use of the latter cookies; if you do so, no corresponding cookies will be set.

We use cookies in the legitimate interest of providing you with an attractive, fully functional offer (Art. 6 (1) (f) GDPR).

In addition, you can manage cookies in your web browser and delete them completely. We would like to point out that this may lead to functional restrictions on our website.

 

Local storage 

In order for you to be able to adapt our internet offer to your personal needs and usage, we also use so-called local storage technology (also called “local data” and “local storage”) in addition to cookies. In the process, data is stored locally in the cache of your browser, which continues to exist and can be read even after the browser window is closed or the programme is terminated – provided you do not delete the cache.

Local storage allows your preferences when using our Internet offer to be stored on your computer and used by you.

Third parties cannot access the data stored in the local storage. It will not be passed on to third parties and will not be used for advertising purposes.

We use this technology in the legitimate interest of being able to provide you with an attractive, fully functional offer (Art. 6 (1) (f) GDPR).

If you do not want us to use cookies and local storage functions, you can control this in the settings of your respective browser. You will also receive an overview of your stored cookies there. You can delete cookies at any time or block them from the outset. You manage local storage content in the browser via the settings for “History” or “Local data”, depending on which browser you use. We would like to point out that this may lead to functional restrictions on our website.

 

FunnelCockpit

 

Purpose of the processing 

Our website, or parts thereof, were produced, programmed and/or supplemented with the help of the marketing software FunnelCockpit. In the same way, we use the tool to analyse advertising measures.
Cookies 

When you visit a website created in FunnelCockpit, the following cookies are stored in the browser you are using:

__cfduid, used to identify a user to defend against attacks by CloudFlare, https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies, storage period 30 days, controller: CloudFlare Inc.

funnelPage-X-splitTestPagId, storage of default settings for the operation of the website, storage period 365 days, data processor: FunnelCockpit.com

gdprcookienotice, storage for which cookies, if any, consent has been declared, storage period 30 days, data processor: FunnelCockpit.com

You can delete these cookies at any time in the browser you are using.

 

Registration for trial/test access, for the newsletter and for various downloads 

When you register for one of the above services, we process the data you provide for the provision of the services and for proof of registration. The legal basis for the processing is Art. 6 (1) (a) GDPR based on your consent.
Your registration for our services can be revoked at any time with effect for the future.
Legal basis 

When registering for one or more of the above-mentioned services via our website, we process the data you provide for the conclusion and implementation of the corresponding service (Art. 6 (1) (b) GDPR).

We measure the success of our websites and in particular the so-called “conversion rate”, i.e. how many visitors register for one of our services. This serves to optimise our offers in order to be able to provide the services as simply and optimised as possible. The legal basis for the corresponding data processing is our legitimate interest (Art. 6 (1) (f) GDPR).

You can revoke your consent to receive newsletters, mailings or downloads at any time via a link at the end of each email or by sending us a message. After your revocation, your contact details will be deleted immediately.

FunnelCockpit uses cookies, which are stored on your computer and enable an analysis of the use.

You can prevent the use of cookies by not giving your consent to the setting of cookies that are not necessary when you visit our website (in the “cookie banner”). You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.

You can also prevent cookies from being stored by setting your browser software accordingly. We would like to point out that the corresponding functions cannot then be used.

 

Subcontractors involved 

The recipient of your personal data is:

FunnelCockpit.com; this is a civil law company represented by Just Viral GmbH & Co. KG, Reinholdstraße 5, 21073 Hamburg.

We have concluded a data processing agreement with Just Viral.

 

Google Analytics 

Purpose of the processing 

We use the “Google Analytics” service on our website to analyse website usage. With the help of the information collected, an evaluation of website use and website activity is created and further services associated with internet use are provided to us. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness.

 

Categories of personal data 

During your visit to our website, the following data, among others, is collected:

 

  • The pages you have accessed (your “click path”),
  • Achievement of “website goals” (conversions, e.g. newsletter sign-ups, downloads, purchases),
  • Your user behaviour (for example, clicks, dwell time, bounce rates),
  • Your approximate location (region),
  • Your IP address (in shortened form),
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution),
  • Your internet provider,
  • The referrer URL (via which website or which advertising medium you came to this website).

 

We use IP anonymisation (so-called “IP masking”) on our website to ensure data protection-compliant processing. Your IP address is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of the IP address. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Furthermore, in accordance with the principle of data minimisation, we have given Google as few releases of data as possible.

Google Analytics uses cookies that are stored on your computer and enable an analysis of the use.

You can prevent the use of cookies by not giving your consent to the setting of cookies that are not necessary when you visit our website (in the “cookie banner”). You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

 

Storage period 

The data sent by us and linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

 

Legal basis 

The legal basis for the processing of your personal data is our legitimate interest (Art. 6 (1) (f) GDPR) or, if the user has given their consent, Art. 6 (1) (a) GDPR.

 

Subcontractors involved 

The recipient of your personal data as a data processor is:

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

A transfer of data to the USA cannot be ruled out. The recipient of your personal data in this case is

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We have concluded a data processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

 

Google Web Fonts 

Purpose of the processing 

We use “Google Web Fonts” to improve the loading time of the website and to enable a consistent display of the website on different end devices and platforms.

 

Categories of personal data 

Little usage data such as the IP address is transmitted to Google. Google uses this data to determine the popularity of fonts with aggregated usage figures and to determine which websites use Google Fonts. According to Google, personal data is transmitted through the use of the web fonts only to the minimum extent technically necessary. Google also says it does not merge the data with other Google services.

 

Legal basis 

The legal basis for processing your personal data is our legitimate interest (Art. 6 (1) (f) GDPR).

 

Subcontractors involved 

The recipient of the processed data is

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We have concluded a data processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

 

HubSpot 

Purpose of the processing 

We use the HubSpot service for our online marketing activities. It is an integrated software solution that we use to cover various aspects of our online marketing and sales. The resulting data and the content of our website are stored on HubSpot’s servers.

 

Email marketing 

We use HubSpot for our email marketing, among other things. Visitors to our website can subscribe to themed newsletters and mailings and download certain documents. For this purpose, for example, the name and email address are required. We use this data to contact visitors to our website.

 

Reporting and contact management 

In addition to email marketing, we use HubSpot for reporting purposes (e.g. traffic sources, accesses) and contact management (user segmentation and CRM). This uses cookies that are stored on your computer, which allow us to analyse your use of the website. This information is analysed on our behalf by HubSpot in order to generate reports about visits to our pages. This enables us to determine which services from our company are of interest to you. This in turn enables us to constantly improve our products and make our offers more customer-oriented.

 

Legal basis 

The legal basis for email marketing is your consent (Art. 6 (1) (a) GDPR), which you give e.g. when ordering our newsletter.

You can revoke your consent to receive newsletters, mailings or downloads at any time via a link at the end of each email or by sending us a message. After your revocation, your contact details will be deleted immediately from the relevant emailing lists.

The legal basis for reporting and contact management is your consent (Art. 6 (1) (a) GDPR); you give this via the cookie banner.

If you generally do not want HubSpot to collect data, you can prevent the storage of unnecessary cookies at any time by setting your browser accordingly.

 

Subcontractors involved 

The recipient of your personal data as a data processor is:

HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA; the company has a branch in Ireland (2nd Floor 30 North Wall Quay, Dublin 1, Ireland) and a branch in Germany (Koppenstraße 93, 10234 Berlin).

As part of the processing of your data via HubSpot, this data may also be transferred to the USA. We have concluded a data processing agreement with HubSpot; in this agreement, HubSpot undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

 

LinkedIn Insight Tag 

Purpose of the processing 

With the LinkedIn Insight Tag, we can record and analyse the visits of LinkedIn members to our website. When we run ad campaigns on LinkedIn that link to offers or information on our website, we can use this to measure the performance of those ads. This means, among other things, that we can track conversions, retarget our website visitors and gain additional information about the members who view our ads.

 

Categories of personal data 

The LinkedIn Insight Tag creates a unique LinkedIn browser cookie in your browser; this allows the following data to be collected for that cookie: Metadata such as IP address, URL, referrer URL, timestamp and page events (e.g. page views). IP addresses are shortened or (if used to reach members across devices) hashed.

You can prevent the use of cookies by not giving your consent to the setting of cookies that are not necessary when you visit our website (in the “cookie banner”). You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

LinkedIn does not share any personal data with us, but only provides reports and notifications about website audience and ad performance. LinkedIn members cannot be identified in the process.

 

Storage period 

The collected data is anonymised within seven days and deleted within 90 days.

 

Legal basis 

The legal basis for processing your personal data is our legitimate interest (Art. 6 (1) (f) GDPR). The further legal basis is your consent pursuant to Art. 6 (1) (a) GDPR, which is related to your consent to cookie use (see information on cookies).

 

Subcontractors involved 

The recipient of the data is

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland.

 

WordPress 

Purpose of the processing 

We use the open-source content management system “WordPress” as well as plug-ins for our website. Plug-ins are function-related extensions of the “WordPress” software.  The use of these plug-ins may involve the processing of personal data, such as your IP address.

We use plug-ins in particular for the following purposes:

 

  • To protect against abusive comments (“spam”),
  • To find faulty links,
  • To improve the loading speed of our mobile websites.

 

Legal basis 

We use WordPress and the respective plug-ins on the basis of legitimate interest (Art. 6 (1) (f) GDPR). Our legitimate interest is to achieve the purposes described above. If you have given your consent, Art. 6 (1) (a) GDPR is the legal basis.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

 

Storage period 

We store your data for as long as we need it for the specific processing purpose.

 

Further information

For more information on Wordpress and data protection, please visit
https://wordpress.org/about/privacy/

 

YouTube video service 

Purpose of the processing 

We integrate videos on our website. The content of these videos is stored directly on the provider’s platform and embedded on our site.

 

Categories of personal data 

Provided that you access such a video and have allowed the external media cookies, the IP address, technical information such as browser, operating system and basic device information as well as the website you have visited will be communicated. Personal data is only transmitted when you call up a video, because only then is a connection to YouTube servers established and a corresponding cookie set, which is used to save the settings you have selected.

You can prevent the use of cookies by not giving your consent to the setting of cookies that are not necessary when you visit our website (in the “cookie banner”). You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

By accessing a video, you leave our website and enter YouTube’s external platforms, which are beyond our control. Before you access a video, you will be informed about it again. If you have an account with the video service provider, they may be able to identify you. You can avoid this by logging out of your account before playing a video.

We have embedded the YouTube videos in a data protection-friendly way in “extended data protection mode”.

 

Legal basis 

The legal basis for the activation of these videos is your consent pursuant to Art. 6 (1) (a) GDPR, which is related to your consent to a cookie use (see information on cookies).

 

Subcontractors involved 

The recipient of the processed data is

YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA; YouTube LLC is part of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA94043, USA.

We have concluded a data processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

 

Status of this data protection notice 

January 2021

General Data Protection Notice for Apps

We, as the data controller, hereby inform you about the processing of your personal data during the use of our mobile applications (apps) for mobile devices such as smartphones and tablets and our browser-based editorial system (APPsolute Mobility Platform) as well as about your rights as a user.

The security of your personal data is a high priority for us. We therefore protect your data stored with us by technical and organisational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal data are bound by and must comply with data secrecy. To protect your personal data, it is transmitted in encrypted form. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and according to our instructions.

 

Information pursuant to Art. 13 and 14 of the General Data Protection Regulation (GDPR)

With the following general information, we would like to inform you as a data subject about

 

  • the basis on which we process your personal data,
  • how we handle your personal data,
  • what rights you have against us under data protection law and
  • whom you can contact to assert your rights or if you have questions about data protection.

 

Personal data within the meaning of Art. 4 (1) GDPR comprises, for example, details about you, but also about facts that are connected to your person. Depending on the processing situation, we collect personal data from you (e.g. in the case of a visit to our website or other offers) or also from publicly accessible sources (e.g. the Internet).

 

You will find general information on data processing by us below. Detailed information on various case constellations can be found under “Data protection notices on individual processing situations”. If your concern is not adequately reflected here or if there are any questions or uncertainties, please contact our data protection officer.

 

Contact details of the controller

The controller responsible for the processing of personal data is:

 

APPsolute Mobility GmbH

Allersberger Str. 185, Building L4

90461 Nuremberg

Managing Directors: Victoria von Wachtel, Alexandra Kulfanová

E-mail: info@appsolute-mobility.com

Phone: +49 911 893139-0

 

Contact details of the data protection officer

Questions on the subject of data protection can be directed to our data protection officer:

 

Bernhard Höllerer

Management & Personnel Consulting

 

E-mail: datenschutz@appsolute-mobility.com

 

Purposes and legal bases of the processing

As a matter of principle, we only process your personal data insofar as this is necessary for the provision of our content and services or if you have given your consent.

 

Fulfilment of a contractual obligation

When processing personal data that is required for the performance of a contract, Art. 6 (1) (b) GDPR also serves as the legal basis in individual cases.

 

Consent

Insofar as we obtain the consent of the data subject for processing operations on personal data, Art. 6 (1) (a) GDPR is the legal basis for the processing of your personal data.

 

Existence of a legal obligation

When processing personal data where we are subject to a legal obligation (such as to comply with tax obligations), Art. 6 (1) (c) GDPR is the legal basis for processing your personal data.

 

Legitimate interest

When processing personal data based on our legitimate interests (e.g. when using service providers as part of processing your orders, such as shipping service providers or when carrying out statistical surveys and analyses as well as logging registration procedures), Art. 6 (1) (f)GDPR is the legal basis for processing your personal data. Our interest is directed towards the provision of a user-friendly, appealing and secure presentation as well as optimisation of our offer, which both serves our business interests and meets your expectations.

 

Presence of special categories of personal data

Special categories of personal data (such as health data) are processed by us on the basis of Art. 9 (2) GDPR and the respective legal basis, insofar as this is necessary in exceptional cases within the scope of our activities.

 

Presence of other purposes

If the personal data is processed for a purpose other than the one for which it was collected, the legal basis is Art. 6 (4) GDPR.

 

Recipients of personal data

We only disclose your personal data to our employees and third parties on the basis of legal regulations or if we have your express consent.

 

Within our company, only those persons who need to have access to your personal data in order to fulfil their tasks will have access to it.

 

In addition, we sometimes work together with processors. These may be natural or legal persons, authorities, institutions or other bodies that process personal data on our behalf. The contractor is bound by instructions, i.e. it may only process the data in a way that we have explicitly instructed it to do.

 

Data transfer to third parties/ to third countries

Our business activities are supported by a network of computers, cloud-based servers and other infrastructure and information technologies. Furthermore, we use various service providers (“third-party providers”) or their products to optimally design our offers and services; this also applies if our services establish links with other platforms such as social media. The aforementioned parties may be located in countries outside the European Union, the European Economic Area and Switzerland, as the case may be. In these cases, we share personal data with the aforementioned parties in order to provide the requested service.

 

Data transfers to countries in which there is no adequate level of data protection that complies with the requirements of the GDPR (“third countries”) may therefore arise in the context of the administration, development and operation of IT systems, marketing and customer communications and the securing of our offers.

 

Such data transfers only take place insofar as the transfer is permissible in principle and special conditions for a transfer to a third country exist. In particular, we ensure that whoever processes the data there guarantees an adequate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries. Other data transfers may be based on other contractual provisions on data protection.

 

We conclude contracts with our partners and service providers to ensure an appropriate level of data protection, depending on the respective circumstances. These can be data processing agreements (DPAs) if commissioned processing is used, contracts based on the EU standard contractual clauses (SCCs) in the case of joint responsibility or binding corporate rules (BCRs).

 

Storage period

Personal data collected by us may be recorded in paper form or electronically. According to Art. 17 GDPR, personal data must be deleted as soon as it is no longer required for the above-mentioned purposes and the deletion does not conflict with any legal retention requirements. We therefore only process and store your personal data for the period of time required to fulfil the purpose of storage or where this has been provided for in laws or regulations. After discontinuation or fulfilment of the purpose, your personal data will be deleted or blocked. In the event of blocking, the data will be deleted as soon as there are no legal, statutory or contractual retention periods to the contrary, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.

 

Rights of data subjects

You have the following rights against us which you can exercise in respect of personal data relating to you:

 

Right to information, Art. 15 GDPR

You have the right to be informed whether we process personal data about you. In addition, the right to information provides you with information about the data concerning you and some other important criteria such as the purposes of processing or the duration of storage. It makes it much easier for us to provide information if you tell us in what context we receive your data.

 

Right to rectification, Art. 16 GDPR

You have the right to rectification if you wish to have inaccurate personal data corrected.

 

Right to erasure, Art. 17 GDPR

Under the conditions of Art. 17 GDPR, you can request the deletion of your personal data from us. However, this is only possible if the personal data relating to you is no longer necessary, is being processed unlawfully or consent in this regard has been revoked.

 

Right to restriction of processing, Art. 18 GDPR

The right to restrict processing gives you the opportunity to prevent further processing of the personal data concerning you for the time being. The GDPR restricts this right when it concerns the exercise of legal claims, public interests worthy of protection or the interests of another person.

 

Right to object, Art. 21 GDPR

In accordance with Art. 21 GDPR, you have the possibility to object to the processing of personal data concerning you. This means that in a specific situation you can object to the further processing of your personal data insofar as it is carried out on the basis of the performance of public tasks.

 

Right to data portability, Art. 20 GDPR

The right to data portability means the possibility for you to receive your personal data from us in a common, machine-readable format in order to transfer it to another controller if necessary. However, according to Art. 20 (3) (2) GDPR, this right does not apply to data processing that is in the public interest or in the exercise of official authority.

 

Right to withdraw consent, Art. 7 (3) GDPR

Insofar as the processing of personal data is done on the basis of consent, this consent can be revoked at any time for the respective purpose. The legality of the processing on the basis of the exercised consent remains unaffected until receipt of the withdrawal of consent.

 

Right to complain to a supervisory authority, Art. 77 GDPR

You also have a right to complain to a supervisory authority.

 

You can also turn to the above-named data protection officer with questions and complaints.

 

Reservation of changes

We reserve the right to change this data protection notice in order to adapt to the changed legal situation or in the event of changes to the service or data processing. During the course of the the further development of our internet offering and the technologies used, changes to this data protection notice may also be required. We therefore recommend that you regularly check this site to get up-to-date information. Insofar as consent is required or components of the data protection notice contain regulations on the contractual relationship with you, changes will take place only with your consent.

 

The respective status of this data protection notice can be found at the end of this document.

 

Data protection notices on individual processing situations for apps and Cockpit

 

Automated collection of data via our editorial system / the Cockpit (website)

Purpose of the processing

 

When visiting the editorial system (website), data is required in order to provide the corresponding service. The data is stored in a central log system.

 

This information is used by us exclusively for the purposes of the technical administration of our editorial system, in support cases, for performance monitoring and ensuring the required performance, and for the defence against illegal actions in connection with our system.

 

We reserve the right to check this log data retrospectively if there is a justified suspicion of an illegal act on the basis of concrete indications. Insofar as personal data is processed in this context, we do so exclusively to safeguard our legitimate interest in defending against unlawful acts in connection with our website for the editorial system.

 

Categories of personal data

During your visit to our editorial system, the following data, among others, is collected:

 

  • Information about IP address
  • Referring URL
  • User ID
  • Date
  • Time
  • Browser version
  • Operating system
  • URL

 

Storage period

The data is stored for a maximum period of 6 months and then automatically deleted if there are no indications of illegal use.

 

Legal basis

The legal basis for the processing of your personal data is our legitimate interest (Art. 6 (1) (f) GDPR) or, if the user has given their consent, Art. 6 (1) (a) GDPR.

 

 

Processing of data in our apps and in our editorial system (website)

Registration, user account

 

Purpose of the data processing

 

Only data required for the smooth functioning and processing of your activities with the editorial system will be stored in your user account. You can edit this information at any time in your user account.

All data fields marked as mandatory for the registration of the user account are required for the execution of the contract. Failure to provide this data shall result in the contractual service not being able to be performed. The provision of further data is voluntary.

 

Legal basis

The legal basis for the processing of your personal data is the performance of contractual obligations (Art. 6 (1) (b) GDPR).

 

Feedback function

Purpose of the data processing

 

We offer feedback functions in some of our apps and in the editorial system, whereby additional personal data must be stored in order to be able to display the functionality.

 

Categories of personal data

When you use the feedback function, the following data, among others, is collected:

 

  • Email address
  • Feedback text

 

Legal basis

The legal basis for the processing of your personal data is your consent (Art. 6 (1) (a) GDPR).

 

Notes on the use of our apps

Purpose of the data processing

 

We regularly make apps available for download on third-party sites (such as App Store, Google Play Store, etc.). If we become your contractual partner for the purchase of the app in accordance with the applicable terms of use of such a provider, we will process the data provided to us by the third-party provider to the extent necessary in each case for the performance of the contract so that you can download the app to your mobile device.

 

Our apps use the following permissions for the purposes listed behind them, which give them access to certain functions of your mobile device:

 

  • Memory – for storing data in the app
  • Network connections – for testing, establishing and disconnecting a mobile network connection
  • WIFI connection information – for checking, establishing and disconnecting a WIFI connection
  • Microphone – for composing voice messages, dictation function
  • Album / Photos – for uploading photos in the feedback form
  • Calendar – for access to the calendars installed on the device
  • Camera – for creating photos/videos/live stream, using barcode scanner
  • Contacts – for access to the address books/contacts installed on the machine
  • Push notifications – for sending push messages to the mobile device
  • Location data – for determining the current location of the device via GPS

 

Cookies

Purpose of the data processing

 

For the correct functioning of our website for the editorial system, we need to set a few cookies. These are so-called “essential cookies”, without which the functions we offer cannot be realised. This type of cookie does not require your consent. We do not use cookies other than these essential cookies.

In addition, you can manage cookies in your web browser and delete them completely. We would like to point out that this may result in functional restrictions.

 

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited; this may mean that you cannot use certain functions at all.

 

When using the apps, a technology comparable in function is used instead of cookies.

 

Legal basis

 

We use cookies in the legitimate interest of providing you with an attractive, fully functional offer (Art. 6 (1) (f) GDPR). Furthermore, all technically necessary cookies are required for the performance of the contract (Art. 6 (1) (b) GDPR). If this information is not stored, the consequence is that the contractual service cannot be fully performed.

 

Tracking and analysis

Purpose of the data processing

 

We use tracking services in some of our apps. Usage profiles can be created from the data collected. We use this information to automate the use of the app in real time to meet your needs. All data is stored pseudonymously.

 

The pseudonymised usage profiles will not be merged with personal data about the bearer of the pseudonym without your separate consent, unless you have given us your consent to do so.

 

Categories of personal data

 

Examples of the categories of data collected are:

 

  • which templates and documents were worked with, when and for how long,
  • which records have been saved and shared via the “Sharing Center”,
  • whether the blank templates or PDF documents were shared via the “Sharing Center”,
  • which links were clicked and when.

 

Legal basis

The legal basis for the processing of your personal data is your consent (Art. 6 (1) (a) GDPR) or our legitimate interest in optimising our services (Art. 6 (1) (f) GDPR).

 

Google Crashlytics

Crashlytics is an analysis tool; it can be used to generate so-called crash reports, i.e. reports about malfunctions or failures of the app, where and in what context they occurred, how many users of the app are affected by them and other information related to your problem.

 

Purpose of the data processing

We use these reports to learn about malfunctions or failures, to be able to react faster, more targeted and more efficiently and to improve the app technically accordingly. With the information, Crashlytics (and therefore we) subsequently gain insight into whether and how the app is working and being used, especially including any malfunctions and failures that occur.

 

Categories of personal data

Crashlytics records information about the crash and general data of the respective IT environment together with your app ID; this is in particular information about the end device used, the mobile phone provider and the operating system.

 

Storage period

Insofar as the data collected contains personal or pseudonymous data, Crashlytics deletes this data after seven days at the latest.

 

Legal basis

The legal basis for the processing of your personal data is your consent (Art. 6 (1) (a) GDPR) or our legitimate interest in optimising our services (Art. 6 (1) (f) GDPR).

 

Subcontractors involved

The recipient of your personal data as a processor is:

 

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

 

A transfer of data to the USA cannot be ruled out. The recipient of your personal data in this case is

 

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

We have concluded a data processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

 

Google Firebase Push Notification Service

For some of our apps, we use the Firebase Push Notification Service for push notifications. For this purpose, a unique identification string is generated when logging on to the service, which allows notifications to be sent to a specific device. These unique strings are linked to the registered user on our servers in order to notify them specifically of information available to them.

 

Legal basis

The legal basis for the processing of your personal data is the performance of contractual obligations (Art. 6 (1) (b) GDPR).

 

Subcontractors involved

The recipient of your personal data as a processor is:

 

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

 

A transfer of data to the USA cannot be ruled out. The recipient of your personal data in this case is

 

Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

We have concluded a data processing agreement with Google; in this agreement, Google undertakes to process personal data within the framework of the standard data protection clauses approved by the EU Commission. The basis for this is Art. 46 GDPR.

ElasticSearch

 

Purpose of the data processing

We rely on ElasticSearch as a centralised logging platform.
We use these reports to learn about malfunctions or failures, to be able to react faster, more targeted and more efficiently, and to improve the apps and the Cockpit accordingly in technical terms. This information provides us with insights into whether and how the apps and the Cockpit are functioning and being used, especially including any malfunctions and failures that occur.

Categories of personal data

  • Information about IP address
  • Referring URL
  • URL
  • User ID
  • Date
  • Time
  • Browser version
  • Operating system
  • App name
  • App version

 

Storage period

The data is stored for a maximum period of 6 months and then automatically deleted if there are no indications of illegal use.

 

Legal basis

The legal basis for the processing of your personal data is the performance of contractual obligations (Art. 6 (1) (b) GDPR).

 

 

As of: March 2021

Below you will find our general data processing agreement (Art. 28 GDPR). It describes our procedure when we process on your behalf personal data (Art. 4 (8) GDPR) for which you are the responsible person Art. 4 (7) GDPR). Individual arrangements are possible in individual agreements at any time. Such individual arrangements will of course not be published here.

As of: 19/05/2021

Data Processing Agreement (DPA) of APPsolute Mobility GmbH

As an annex to an agreement used by the client to specify the obligations of both contracting parties with regard to data protection

 

Between

 

-Client-

(hereinafter referred to as – client -)

 

and

 

APPsolute Mobility GmbH

Allersberger Str. 185 – Geb. L4 (Das blaue Haus)
90461 Nürnberg

(hereinafter referred to as – contractor -)

  1. General

(1) The contractor shall process personal data on behalf of the client within the meaning of Art. 4 No. 8 and Art. 28 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR). This agreement regulates the rights and obligations of the parties in connection with the processing of personal data.

(2) Where the term “data processing” or “processing” (of data) is used in this agreement, the definition of “processing” within the meaning of Art. 4 (2) GDPR shall apply.

  1. Subject of the agreement

The subject matter of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects are set out in Annex 1 to this agreement.

  1. Rights and obligations of the client

(1) The client is the responsible person within the meaning of Art. 4 (7) GDPR for the processing of data on behalf of the contractor. Pursuant to clause 4 (5), the contractor shall be entitled to notify the client if data processing which it considers to be legally inadmissible is the subject of the order and/or an instruction.

(2) The client shall be responsible as the controller for safeguarding the rights of the data subjects. The contractor shall inform the client without delay if data subjects assert their data protection rights against the contractor.

(3) The client shall have the right to issue supplementary instructions to the contractor at any time regarding the type, scope and procedure of data processing. Instructions must be given in text form (e.g. email).

(4) Regulations on any remuneration of additional expenses incurred by the contractor due to supplementary instructions of the client shall remain unaffected.

(5) The client may appoint persons authorised to issue instructions. If persons authorised to issue instructions are to be named, they shall be specified in Annex 1. In the event that the persons authorised to give instructions at the client change, the client shall notify the contractor thereof in text form.

(6) The client shall inform the contractor without delay if it discovers errors or irregularities in connection with the processing of personal data by the contractor.

(7) In the event that there is an obligation to inform third parties pursuant to Art. 33, 34 GDPR or any other statutory notification obligation applicable to the client, the client shall be responsible for compliance therewith.

  1. General obligations of the contractor

(1) The contractor shall process personal data exclusively within the framework of the agreements made and/or in compliance with any supplementary instructions issued by the client. This does not apply to legal regulations which may oblige the contractor to process the data in another way. In such a case, the contractor shall notify the client of these legal requirements prior to the processing, unless the law in question prohibits such notification due to an important public interest. The purpose, nature and scope of the data processing shall otherwise be governed exclusively by this agreement and/or the client’s instructions. The contractor is prohibited from processing data in any way deviating from this, unless the client has agreed to this in writing.

(2) The contractor itself shall only transfer data in member states of the European Union (EU) or the European Economic Area (EEA) in the case of commissioned data processing. If this cannot be guarantees, e.g. in the case of subcontractors, only companies in countries for which the European Commission has decided that they have a level of data protection comparable to the EU will be selected in any case.

(3) In the area of commissioned data processing, the contractor shall ensure that all agreed measures are carried out in accordance with the agreement.

(4) The contractor shall be obliged to organise its company and its operating procedures in such a way that the data which it processes on behalf of the client are secured to the extent necessary in each case and protected against unauthorised access by third parties. The contractor shall coordinate with the client in advance changes in the organisation of the commissioned data processing which are significant for the security of the data.

(5) The contractor shall inform the client without delay if, in its opinion, an instruction issued by the client violates statutory regulations. The contractor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the client. If the contractor can demonstrate that processing in accordance with the client’s instructions may lead to liability on the part of the contractor pursuant to Art. 82 GDPR, the contractor shall be entitled to suspend further processing in this respect until the liability between has been clarified between the parties.

(6) The commissioned processing of data on behalf of the client outside the premises of the contractor or subcontractors is only permitted with the consent of the client in writing or text form. Processing of data for the client in private residences is only permitted in individual cases with the consent of the client in writing or text form.

(7) The contractor shall process the data it processes on behalf of the client separately from other data. Physical separation is not mandatory.

(8) The contractor may name to the client the person(s) authorised to receive instructions from the client. If persons authorised to receive instructions are to be named, they shall be specified in Annex 1. In the event that the persons authorised to receive instructions change at the contractor, the contractor shall notify the client thereof in text form.

  1. Data protection officer of the contractor

(1) The contractor confirms that it has appointed a data protection officer in accordance with Art. 37 GDPR. The contractor shall ensure that the data protection officer has the necessary qualifications and expertise. The contractor shall inform the client of the name and contact details of its data protection officer separately in text form.

(2) The obligation to appoint a data protection officer pursuant to paragraph 1 may be waived at the discretion of the client if the contractor can prove that it is not legally obliged to appoint a data protection officer and the contractor can prove that operational regulations are in place which ensure the processing of personal data in compliance with the statutory provisions, the provisions of this agreement and any further instructions of the client.

  1. Reporting obligations of the contractor

(1) The contractor is obliged to notify the client without delay of any infringement of data protection regulations or of the contractual agreements made and/or of the client’s instructions, which has occurred in the course of the processing of data by the contractor or other persons involved in the processing. The same shall apply to any breach of the protection of personal data processed by the contractor on behalf of the client.

(2) Furthermore, the contractor shall inform the client without undue delay if a supervisory authority takes action against the contractor pursuant to Art. 58 GDPR; this may also concern an inspection of the processing that the contractor provides on behalf of the client.

(3) The contractor is aware that the client may be subject to a reporting obligation pursuant to Art. 33, 34 GDPR, which provides for notification to the supervisory authority within 72 hours of becoming aware of it. The contractor shall support the client in the implementation of the reporting obligations. The contractor shall in particular notify the client of any unauthorised access to personal data processed on behalf of the client without undue delay, but at the latest within 48 hours of becoming aware of such access. The contractor’s notification to the client shall in particular contain the following information:

  • A description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects, the categories concerned and the approximate number of personal data records concerned;
  • A description of the measures taken or proposed by the contractor to address the personal data breach and, where appropriate, measures to mitigate its possible adverse effects.
  1. Cooperation obligations of the contractor

(1) The contractor shall support the client in its obligation to respond to requests for the exercise of data subject rights pursuant to Art. 12-23 GDPR. The provisions of clause 11 of this agreement shall apply.

(2) The contractor shall participate in the drawing up of the registers of processing activities by the client. It shall provide the client with the information required in this respect in an appropriate manner.

(3) The contractor shall support the client in complying with the obligations set out in Art. 32-36 GDPR, taking into account the nature of the processing and the information available to it.

  1. Inspection rights

(1) The client shall have the right to inspect the contractor’s compliance with the statutory provisions on data protection and/or compliance with the contractual provisions made between the parties and/or compliance with the client’s instructions at any time to the extent required.

(2) The contractor is obliged to provide the client with information, insofar as this is necessary to carry out the inspections within the meaning paragraph 1.

(3) The client may demand to inspect the data processed by the contractor on behalf of the client as well as the data processing systems and programmes used.

(4) The client may carry out the inspections within the meaning of paragraph 1 at the contractor’s premises during normal business hours after prior notification with reasonable notice period. The client shall ensure that the inspections are only carried out to the extent necessary in order not to disproportionately disrupt the contractor’s operations as a result of the inspections.

(5) The contractor shall be obliged, in the event of measures taken by the supervisory authority vis-à-vis the client within the meaning of Art. 58 GDPR, in particular with regard to information and inspection obligations, to provide the necessary information to the client and to enable the respective competent supervisory authority to carry out an on-site inspection. The client shall be informed by the contractor about corresponding planned measures.

  1. Subcontracting

(1) The commissioning of subcontractors by the contractor is only permissible with the consent of the client in text form. The contractor shall list all subcontracting relationships already existing at the time of the conclusion of the agreement in Annex 2 to this agreement.

(2) The contractor shall carefully select the subcontractor and check before commissioning that the subcontractor can comply with the agreements made between the client and the contractor. In particular, the contractor shall check in advance and regularly during the term of the agreement that the subcontractor has taken the technical and organisational measures required under Art. 32 GDPR to protect personal data. The result of the check shall be documented by the contractor and transmitted to the client upon request.

(3) The contractor shall be obliged to have the subcontractor confirm that it has appointed an in-house data protection officer in accordance with Art. 37 GDPR. In the event that no data protection officer has been appointed at the subcontractor’s, the contractor shall point this out to the client and provide information to the effect that the subcontractor is not legally obliged to appoint a data protection officer.

(4) The contractor shall ensure that the regulations agreed in this agreement and, if applicable, supplementary instructions of the client also apply to the subcontractor.

(5) The contractor shall conclude a data processing agreement with the subcontractor that complies with the requirements of Art. 28 GDPR. In addition, the contractor shall impose the same personal data protection obligations on the subcontractor as are laid down between the client and the contractor. The client shall be provided with a copy of the data processing agreement upon request.

(6) The contractor shall in particular be obliged to ensure by contractual provisions that the inspection rights (clause 8 of this agreement) of the client and of supervisory authorities also apply vis-à-vis the subcontractor and that corresponding inspection rights of the client and supervisory authorities are agreed. It must also be contractually stipulated that the subcontractor must tolerate these inspection measures and any on-site inspections.

(7) Services which the contractor uses from third parties as a purely ancillary service in order to carry out the business activity are not to be regarded as subcontracting relationships within the meaning of paragraphs 1 to 6. This includes, for example, cleaning services, pure telecommunication services without any specific reference to services provided by the contractor to the client, postal and courier services, transport services, security services. The contractor shall nevertheless be obliged, also in the case of ancillary services provided by third parties, to ensure that appropriate precautions and technical and organisational measures have been taken to guarantee the protection of personal data. The maintenance and servicing of IT systems or applications constitutes a subcontracting relationship requiring consent and commissioned data processing within the meaning of Art. 28 GDPR if the maintenance and testing concerns IT systems that are also used in connection with the provision of services to the client and personal data processed on behalf of the client can be accessed during the maintenance.

  1. Confidentiality obligation

(1) When processing data for the client, the contractor is obliged to maintain the confidentiality of data which it receives or becomes aware of in connection with the data processing. The contractor undertakes to observe the same rules on the protection of secrets as are incumbent on the client. The client shall be obliged to inform the contractor of any special rules on the protection of secrets.

(2) The contractor warrants that it is aware of the applicable data protection regulations and is familiar with their application. The contractor further warrants that it has familiarised its employees with the provisions of data protection applicable to them and has obliged them to maintain confidentiality. The contractor further warrants that it has in particular obliged the employees engaged in the performance of the work to maintain confidentiality and has informed them of the client’s instructions.

(3) The obligation of the employees pursuant to paragraph 2 shall be proven to the client upon request.

  1. Safeguarding of data subject rights

(1) The client shall be solely responsible for safeguarding the rights of the data subjects. The contractor is obliged to support the client in its duty to process requests from data subjects in accordance with Art. 12-23 GDPR. The contractor shall in particular ensure that the information required in this respect is provided to the client without delay so that the client can in particular fulfil its obligations under Art. 12 (3) GDPR.

(2) Insofar as the cooperation of the contractor is necessary for the safeguarding of data subject rights – in particular for information, rectification, blocking or erasure – by the client, the contractor shall take the respective necessary measures according to the client’s instructions. The contractor shall, as far as possible, support the client with suitable technical and organisational measures in fulfilling its obligation to respond to requests to exercise data subject rights.

(3) Regulations on any remuneration of additional expenses incurred by the contractor due to cooperation in connection with the assertion of data subject rights vis-à-vis the client shall remain unaffected.

  1. Secrecy obligations

(1) Both parties undertake to treat all information received in connection with the performance of this agreement as confidential for an unlimited period of time and to use it only for the performance of the agreement. Neither party is entitled to use this information in whole or in part for purposes other than those just mentioned or to make this information available to third parties.

(2) The above obligation shall not apply to information which one of the parties has demonstrably received from third parties without being obliged to maintain confidentiality or information which is publicly known.

  1. Remuneration

The contractor’s remuneration shall be agreed separately.

  1. Technical and organisational measures for data security

(1) The contractor undertakes vis-à-vis the client to comply with the technical and organisational measures required to comply with the applicable data protection provisions. This includes, in particular, the requirements of Art. 32 GDPR.

(2) The status of the technical and organisational measures existing at the time of the conclusion of the agreement shall be an integral part of this agreement. The parties agree that changes to the technical and organisational measures may be necessary in order to adapt to technical and legal circumstances. The contractor shall agree in advance with the client on any significant changes that may affect the integrity, confidentiality or availability of the personal data. Measures that only entail minor technical or organisational changes and do not negatively affect the integrity, confidentiality and availability of the personal data may be implemented by the contractor without consultation with the client. The client may request an up-to-date version of the technical and organisational measures taken by the contractor at any time.

(3) The contractor shall check the effectiveness of the technical and organisational measures it has taken on a regular basis and also on an ad hoc basis. In the event that there is a need for optimisation and/or modification, the contractor shall inform the client.

  1. Duration of the data processing agreement

(1) The agreement shall commence upon signature and shall be concluded for an indefinite period.

(2) It may be terminated with three months’ notice to the end of the quarter.

(3) The client may terminate the agreement at any time without notice if there is a serious breach by the contractor of the applicable data protection provisions or of obligations under this agreement, if the contractor is unable or unwilling to carry out an instruction of the client or if the contractor refuses access by the client or the competent supervisory authority in breach of the agreement.

  1. Termination

(1) After termination of the agreement, the contractor shall return to the client or delete, at the client’s discretion, all documents, data and processing or utilisation results produced which have come into its possession and which are connected with the contractual relationship. The deletion shall be documented in a suitable manner. Any statutory retention obligations or other obligations to store the data remain unaffected. In the case of data carriers, these must be destroyed if the client wishes to delete them, whereby at least security level 3 of DIN 66399 must be complied with; proof of destruction must be provided to the client with reference to the security level in accordance with DIN 66399.

(2) The client has the right to check the complete and contractual return and deletion of the data at the contractor. This can also be done by inspecting the data processing equipment at the contractor’s premises. The on-site inspection shall be announced by the client with reasonable notice.

  1. Right of retention

The parties agree that the defence of the right of retention by the contractor within the meaning of § 273 BGB (German Civil Code) is excluded with regard to the processed data and the associated data carriers.

  1. Final provisions

(1) Should the property of the client at the contractor be endangered by measures of third parties (for example by seizure or attachment), by insolvency proceedings or by other events, the contractor shall inform the client immediately. The contractor shall inform the creditors without delay of the fact that the data involved is being processed on behalf of a client.

(2) The written form is required for ancillary agreements.

(3) Should individual parts of this agreement be invalid, this shall not affect the validity of the remaining provisions of the agreement.

 

Page break

Annex 1 – Subject of the agreement

  1. Subject matter and purpose of the processing

The client’s commissioning of the contractor includes the following work and/or services:

The type, scope and purpose of the data processing result from the main agreement.

  1. Type(s) of personal data

The following types of data are regularly the subject of processing:

  • Email address, password and user name
  • The data types of further personal data depend on which information the respective APPsolute Mobility user specifies as relevant in the app. As a rule, these are likely to be:
  1. a) Full name, company, email, password, gender, etc.
  2. b) Contact details of contact persons’ business cards, e.g. company name, postal and/or email address, telephone and/or fax numbers as text and/or as image information;
  3. c) Photos of the contact person or other identification documents (driving licence, ID card, etc.)
  4. d) Time and place of the meeting, including the name of the meeting/event, etc.
  5. e) Bank details of the contact person
  6. f) Signatures as text and/or as image information
  7. h) Various media (photos, audios, videos, …)
  8. i) Barcode information
  9. j) Location data via GPS
  10. Categories of data subjects

Groups of data subjects affected by the data processing:

  • a) Users authorised by the client to use APPsolute Mobility (identified by email and names of users)

 

(b) Other persons who are/were in contact with the user and whose data was recorded using the APPsolute Mobility App. This can include, among others: Names, contact and address data, dates of birth, bank details, etc. (see also § 2)

  1. Persons authorised to receive instructions at the contractor

 

  1. Data protection officer

datenschutz@appsolute-mobility.comPage break

Annex 2 – Subcontractor

For the processing of data on behalf of the client, the contractor uses the services of third parties who process data on its behalf (“subcontractors”).

This is the following company or companies:

Subcontractor 1

Theano GmbH

Kiefernweg 8

49205 Hasbergen

www.theano.de

Phone: +49 (0)5405-9282 5431

(1) Tasks of the subcontractor

  1. a) IBAN calculator (the IBAN validator functionality can be booked as an option in the FORMS module of the APPsolute Mobility platform)

 

Subcontractor 2

Byteplant GmbH Software Solutions & Consulting

HeilsbronnerStrasse 4

91564 Neuendettelsau

www.byteplant.com

Phone: +49 (0)9874 322 466

(1) Tasks of the subcontractor

  1. a) Address validator (the address validator functionality can be optionally booked in the FORMS module of the APPsolute Mobility platform)

 

 

Subcontractor 3

Hetzner Online GmbH

Industriestr. 25
91710 Gunzenhausen

www.hetzner.com

Phone: +49 (0) 9831 505-0

(1) Tasks of the subcontractor

  1. a) Data centre / web hosting

 

Subcontractor 4

Telekom Deutschland GmbH
Landgrabenweg 151

D-53227 Bonn

www.telekom.de

Phone: +49 (0) 228 – 181 0

(1) Tasks of the subcontractor

  1. a) Open Telekom Cloud data centre / web hosting

 

Subcontractor 5

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4 – Ireland

  1. Tasks of the subcontractor
  2. Crashlytics: Crash Report Service

Firebase Push Notification Service: Service for sending push notifications (the push notifications functionality can be optionally booked in the APPsolute Mobility platform)

©2020 APPsolute Mobility | Legal notice | Data protection | Career