Information on the processing of personal data in the utilization of the ACC app (data utilization declaration according to GDPR)
We hereby inform you about the processing of your personal data in the utilization of the ACC app according to the General Data Protection Regulation (GDPR 2018) and the German Federal Data Protection Act (BDSG 2018) as follows:
The ACC app was developed and supplied for use by:
Alarm IT Factory GmbH | Rotebühlstr. 51A | D-70178 Stuttgart
Managing Director/CEO: Dipl. Ing. (FH) Peter Gunsser
Stuttgart district court HRB 744409 | VAT ID: DE288432278
E-mail: email@example.com | Website: www.alarm-it-factory.de
Phone: + 49 711 62 007 69 – 0 | Fax: + 49 711 62 007 69 – 9
How the ACC app works
The app, which is utilized by the consumer, clearly displays messages on terminal devices which were sent by the ACC that we developed. As part of this process, messages are transferred to the ACC web service in the cloud (Azure Cloud hosted by us and administered/used by us) via an interface (ACC channel). This ACC web service is necessary in order to send the terminal device push notifications. The terminal device can then download the messages from the ACC web service and display them on the ACC app. More information on this process and the complete range of functions is available in our information brochure “ACC DE iPhone-App.pdf”. Subsequently, messages can be accepted or declined via the app (feedback to the ACC web service and thus to the ACC). In addition, there are further functions, such as “Set participant status” in order to directly interact with the ACC (or the ACC web service). In doing so, the content of the ACC database is updated.
Localization of the data used in the processing operation
Data processing is carried out via two servers, the ACC server, which is operated by the user, and the above-mentioned cloud server (ACC web service). The message data are thus located in the cloud server (message text, times, etc.).
Type of personal user data processed by the app
- • The user’s user name (identification or telephone number)
- • The user’s personal password (encrypted storage)
- • Other app-specific individual settings made by the user, e.g. ringtone settings
- • Information or messages transmitted by the ACC to the user (message text, message status, etc.)
Evaluation of personal user data processed by the app
We do not carry out evaluations of personal data processed by the app (for example individual usage analyses, determination of score values etc.) . The user receives (only) the information they have requested in a processed form.
There is the option of placing a support request and this involves sending the data which was also described above via e-mail to the ACC support.
Security of the user’s personal data
- • Data security is always carried out on the basis of state-of-the-art technology with the latest security systems: In the app: In a database (SQLite) and in the internal app memory
- • In the ACC web service: In a Microsoft SQL server database
Deletion of the user’s personal data
The user can manually delete the messages in the ACC app. Depending on the settings, the messages can be stored for a maximum of 99 days. Data such as user name, user password and settings are saved until the user account is deleted.
Deletion is carried out when the employee no longer works for the company or is no longer to be warned by the ACC. If the app is uninstalled from the smartphone, the personal data are also deleted however they remain available in the ACC web service.
Otherwise, a deletion of all personal data processed through utilization of the ACC app is carried out after the expiration of legal, in particular tax-law retention periods.
Rights of the user
The user of the ACC app has the following rights according to Articles 15 – 21 of the GDPR:
- • Right of access by the data subject according to Art. 15 GDPR
- • Right to rectification according to Art. 16 GDPR
- • Right to erasure (“right to be forgotten”) according to Art. 17 GDPR
- • Right to restriction of processing according to Art. 18 GDPR
- • Right to data portability according to Art. 20 GDPR
- • Right to object according to Art. 21 GDPR
To assert the above-mentioned rights, an e-mail to: firstname.lastname@example.org suffices. All information and all our activities according to the preceding regulations are – depending on the technical and legal situation – always transferred or carried out free of charge within the normatively stipulated periods. Information on the company’s data protection officer Our data protection officer is listed in the registry of the respective authority. They are available to answer any questions concerning protection of personal data and can be reached using the following e-mail address: email@example.com.
Dated: April 2020