Datenschutzerklärung für die Verwendung der GroupAlarm App (iOS/Android/Web) - Privacy Policy

1 data protection 2 general information and obligatory information 3 data protection officer 5. Tools used
6. Data collection in our apps

1. privacy policy

The following privacy policy applies to registered subscribers of GroupAlarm.com and describes what data is processed in our iOS/Android/Web apps. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

2 General notes and mandatory information

Note on the responsible entity

The responsible party for data processing on this website is:

cubos Internet GmbH
Eurode-Park 1-82
52134 Herzogenrath
Germany

Managing Director: Hanno Heeskens
Register court: Local court Aachen
Registration number: HRB 17734

E-Mail: [email protected]
Data protection inquiries: [email protected]

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

Revocation of your consent to data processing.

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of complaint to the competent supervisory authority

In the event of violations of data protection law, the data subject has a right of appeal to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found in the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, GroupAlarm.com uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. With SSL or TLS encryption activated, the data you transmit to us cannot be read by third parties.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

3. data protection officer

Data protection officer required by law

We have appointed a data protection officer for our company.

Ralf Meschke
Am Haarberg 27
52080 Aachen

Phone: +49-(0)241-4120 2406
E-mail: [email protected]

4. data collection on our website

1. Cookies
2. server log files
3. cloudflare

Cookies

The internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited. Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and browser version
.
• Operating system used
• referrer URL
• Host name of the accessing computer
.
• Time of the server request
• IP address

A combination of this data with other data sources is not made. The basis for the data processing is Art. 6 (1) lit. f DSGVO, which permits the processing of data for the performance of a contract.

Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f DSGVO). A CDN is a network of globally distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare.

Cloudflare is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO not to operate a content delivery network ourselves.

You have the right to object to the processing. Whether the objection is successful is to be determined as part of a balancing of interests.

The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.

Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.

For more information on objection and removal options vis-à-vis Cloudflare, please see: Cloudflare DPA.

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

5. analytics tools, communications and advertising.

1. Google Analytics Remarketing
2. Google reCAPTCHA
3. CRISP Live Chat

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google account. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting. You can permanently opt-out of cross-device remarketing/targeting by disabling personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/. The aggregation of the collected data in your Google account is based solely on your consent, which you can You can give or revoke at Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 (1) lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes. Further information and the privacy policy can be found in Google’s privacy policy at: https://www.google.com/policies/technologies/ads/.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to verify whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. For more information on Google reCAPTCHA and Google’s privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Live chat

On our website there is the possibility to contact us via the live chat function. For this purpose, we use the services of Crisp. In this context, no data is passed on to third parties. The data is used exclusively for processing the conversation. The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

The use of the service provider Crisp is based on our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. For the purpose of customer management and to ensure the fastest possible support for the best possible user experience, we use the service Crisp of the company CRISP IM SARLS 2 Boulevard de Launay, 44100 Nantes (France) for sending messages by e-mail and for live chats. In these purposes also lies our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO. Further information: Crisp Privacy Statement and GDPR Status.

6. Data collection in our apps.

GroupAlarm.com provides apps for iOS and Anroid for enrolled participants. The apps can be obtained from their respective app stores:

• GroupAlarm.com for iOS
• GroupAlarm.com for Android

The apps process personal data in the same way as the web app at app.groupalarm.com. The contract for order processing is available there for customers.

Data processing when using GroupAlarm.com

Creation of a user account

For the duration of the contractual relationship, we store at least your e-mail address and the password you set in encrypted form. The legal basis for this is Art. 6 para. 1 lit. b) DSGVO (“processing for contract performance”). In addition, you can provide further data within GroupAlarm, this is done on the legal basis of consent (Art. 6 para. 1 lit. a).

The data will be stored until the contractual relationship is terminated. The data can be viewed by you at any time and can be changed / deleted.

Access to device services

In order to ensure a smooth alarming process, GroupAlarm needs access to device functions, depending on the scope of functions. This is required at least for

• Device memory (e.g. ringtones, messages, app memory).
• network access, data transfer (encrypted), mobile data
• Location data of the device (also in the background, backgroud location).

You can enable or disable individual functions during installation, proper function may then no longer be given.

Geolocation of devices / background location data / background location.

The app uses the user’s own device location for some functions when enabled by the user, e.g. for automatic calculation of the approach route or localization within specified geofences.

Geofences

A so-called geofence is defined by a position and a circle of a defined size around this position. Geofences are stored in the system on mobile devices and crossing the boundaries triggers different actions depending on the direction (e.g. enter geofence or leave geofence). In order for the end devices to perform localization for the geofences, the exact location is required. However, the exact location is not transmitted to GroupAlarm, only the entry/exit from the geofence. An exact localization of the user is therefore not possible. The user has the possibility to deactivate all geofences at any time. The core functionality of the alerting is not restricted by this.

Geofences for alerting

For alerting, different geofences are created within the org and distributed to the end devices. Each user decides for which organization he wants to use the functionality. The administrator and authorized participants can see who is in which geofence. However, it is not possible to infer the exact location.

Geofences for availability

Participants can create their own geofences in their apps to control availability in their organizations. GroupAlarm has no knowledge of these geofences, but only reacts to the messages resulting from the entries/exits and sets the user to “Available” or “Not available”.

Map services

To display the addresses / geo-coordinates, our apps use the services of Google and Apple, respectively. When displayed, IP address and your location are passed on to the operator of the map services. For more information on the processing of this data, please contact your manufacturer.

Push notifications

For communication with our systems, e.g. for the delivery of alerts, invitation to appointments or delivery of messenger messages, we use the push notifications of the manufacturers Apple and Google. The so-called device IDs / device IDs are processed in order to deliver the notifications to the devices. The transmission is completely encrypted. The device ID does not allow any conclusions to be drawn about the user.

Sentry

We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as device details or time of error, are collected anonymously and are not used in a personalized manner and are subsequently deleted. For more information, please see Sentry’s privacy policy: https://sentry.io/privacy/ .