1. General Information
“Controller” is the party who collects, processes or uses the personal data (e.g. name, e-mail addresses, etc.) The Controller for data processing within the scope of the present App is:
NECDIGIT ONE GmbH
8280 Kreuzlingen (Switzerland)
E-mail address: firstname.lastname@example.org
3. Purpose of the Data Processing
The Controller operates an App which is intended to support you with prevention of Corona infections. The personal data required for the App to function are treated with strict confidentiality. As far as possible, personal data will only be processed in a way which does not permit any conclusions regarding identity.
4. Which personal data are collected?
For the use of this App no personal data will be collected. When you use the App, for the purposes of identification and connection to the server, a randomly generated ID number is created, which does not allow any conclusions with regard to the identity of the user. The server receives, in connection with this randomly generated ID number, the risk status chosen by the user in the App. This risk status is not linked to any personal data but exclusively to the randomly generated ID number.
The data collected within the app cannot be read out by either the app store or the Controller (app-developer). The Controller will only receive personal data from you if you contact him via Support or voluntarily enter data on the website (however, in this case the app developer will not receive any information on the risk data entered into the app either).
Collection of this data is on the basis of Art. 6 Sect. 1 lit. b GDPR (contractual performance) and Art. 6 Sect. 1 lit. f GDPR (legitimate interest in the defect-free provision of the app).
In addition, we collect the following technical data:
- IP addresses
- Meta data
- Device identification
These data are necessary for the functioning of the app and therefore we have a legitimate interest in the collection of these data pursuant to Sect. 6 para. 1 Clause 1 lit. f GDPR. Technical data will be collected and processed without the possibility of drawing conclusions regarding identity.
5. Duration of Storage
Data stored by the Controller will be retained by him until the purpose of the storage ceases to apply, you revoke your consent or you request their deletion. The purpose of storage of the data normally ceases to apply when you sign out from or close the App. Where there are compulsory statutory records preservation periods however, the data will only be deleted after expiration of the statutory periods (e.g. records preservation duties for invoice data under Tax Law).
6. Access Rights of the App
For provision of our services via the app we require the following rights of access which allow us to access specific functions of your device:
- Location data: The data collection is for the following purpose: Provision of the “radar function”.
The access rights are necessary for providing and enabling specific functions of the app.
The legal basis for access is your consent, which you gave within the framework of the installation (Art. 6 Sect. 1 lit. a GDPR).
The location data are automatically deleted upon turning off/signing out of the app.
This app uses encryption for security reasons and for protection of the transmission of confidential information such as requests sent by you to us as the App operator or communication between the App users. This encryption prevents the data you send us from being read by unauthorized third parties.
8. Your Rights
You have the following data protection rights:
Revocation of your consent to data processing
Many data processing procedures are only possible with your consent. We will explicitly obtain this consent from you before the start of the data processing. You may revoke this consent at any time. For this purpose, informal notification per e-mail to us will suffice. The legality of the data processing procedures carried out up until the time of revocation will remain unaffected by the revocation.
Right to Data Transferability
You have the right to have data which we process automatically on the basis of your consent or for performance of the contract handed over to you or another responsible party in a customary, machine-readable format. To the extent that you request direct transmission of the data to another responsible party this will only be done to the extent that it is technically feasible.
Information, Deletion, Correction
You have the right at any time to free information regarding your stored personal data, their origin and recipients and the purpose of the data processing as well as a right to correction or deletion of these data. For this purpose and for further questions on the topic of personal data you may contact us at any time at the address specified in the imprint.
Restriction of the Data Processing
You have the right to demand the restriction of the processing of your personal data by us. For this purpose, you may contact the address specified in the imprint at any time. The right to restriction of the data processing exists in the following cases:
- Where you dispute the accuracy of the personal data stored by us, we normally will need some time to check this. During the time we are checking you have the right to demand the restriction of processing of your personal data.
- Where the processing of your personal data was or is being carried out illegally you may demand of restriction of the data processing instead of their deletion.
- Where we no longer need your personal data but you need them for exercising, defending or asserting legal claims you have the right to demand restriction of the processing of your personal data.
- Where you lodged an appeal pursuant to Art. 21 Sect. 1 GDPR your interests must be weighed up against our interests. Where it cannot be concluded whose interests prevail you have the right to demand the restriction of processing of your personal data.
Where the processing of your personal data was restricted these personal data-with the exception of their storage- may only be processed with the consent of the party concerned or for the assertion, exercise or defense of legal claims or for protection of another natural or legal entity or on grounds of a relevant public interest of the European Union or of a member state.
Right of Complaint to Relevant Supervisory Body
Please be advised that in the case of breaches of data protection law you have a right of objection with the relevant supervisory body.
9. RIGHT OF OBJECTION AGAINST THE DATA COLLECTION IN SPECIFIC CASES AS WELL AS AGAINST DIRECT ADVERTISING (ART. 21 GDPR)
WHERE THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 SECT. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO LODGE AN OBJECTION AGAINST THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS ARISING FROM YOUR SPECIFIC SITUATION; THIS WILL ALSO APPLY TO PROFILING BASED ON THESE TERMS. THE RESPECTIVE LEGAL BASIS OF THE PROCESSING IS SET OUT IN THE PRESENT DATA PROTECTION STATEMENT.
IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PROVE COMPELLING REASONS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR PROCESSING IS FOR THE PURPOSE OF THE ASSERTION, EXCERCISE OR DEFENSE AGAINST LEGAL CLAIMS.
WHERE YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT AT ANY TIME TO LODGE AN OBJECTION AGAINST THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING; THIS WILL ALSO APPLY TO THE PROFILING TO THE EXTENT THAT IT IS ASSOCIATED WITH SUCH DIRECT ADVERTSING. WHERE YOU OBJECT YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING.
10. Amendment of the present Data Protection Statement
We reserve the right to amend the present data protection regulations at any time, while complying with the statutory regulations.
As per: June 20