// A3M Privacy

Global Monitoring Business App - Privacy Policy

Privacy Policy

A3M Global Monitoring GmbH built the Global Monitoring Business app as a Commercial app. This Service is provided by A3M Global Monitoring and is intended for use as is.

This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

1 What we collect:

1.1.   Profile data

In order to be able to use the app, the following information must first be provided:

  • Company key (issued by A3M Global Monitoring GmbH)
  • First and last name
  • Email address
  • Password

In addition, a unique identification number (app ID) is generated when the app is installed. With each subsequent start of the app, a time stamp is recorded together with this app ID.
The profile data and the app ID are automatically encrypted using HTTPS and sent to our server when a first entry or change has been made to them and the next time you have cellular network or WiFi reception.

1.2. Movement data

Your smartphone or tablet has a GPS sensor and possibly other functions (sensors, WLAN) for determining your position. With the help of these functions – provided with a time stamp and the app ID (and only if and as long as you have granted authorization!) – your current location is regularly recorded (geographic coordinates).

1.3 Automatic data collection and processing

The identification number (app ID) is assigned to the following data on the server:

  • Device type, operating system and app version
  • The geographic coordinates and registration ID of the device for the push notification service
  • Registration data

2 Use of customer information

The Global Monitoring app informs you about risks and events in your area. You will receive important warnings and instructions on how to behave directly on your mobile phone such as:

  • Active notification (push notifications) about risks at the current location / travel location.
  • Location-related warnings with display of danger areas for the individual events.
  • Immediate warnings when staying in the respective danger areas.
  • Overview of all current events worldwide on a map.
  • Current information, instructions on how to behave and risk classifications for the respective events.
  • Identification of the respective event category.
  • Overview of personal risks.
  1. Security and Data Retention

(Data protection officer in terms of article 4  paragraph 7 of the EU General Data Protection Regulation (GDPR) and § 55.2 RfStV)

The position of data protection officer is held by Mr Carsten Fischer, Alter Fischmarkt 5, 20457Hamburg, datenschutz@a3mobile.com

If and to the extent that personal data is collected, stored and processed by us for the use or use of the app, this is done exclusively for the purpose of contract execution according to Art. 6 I b) GDPR vis-à-vis the customer.

When installing the app, the user of the app must explicitly consent to the determination of his location in accordance with Art. 7 GDPR by granting the location authorization for this app and can deactivate this authorization at any time by setting the authorization for the app or centrally for all apps. When the device or app authorization location is withdrawn, the storage of new location data is immediately terminated.

The data collected is collected, stored and processed in accordance with Art. 6 I b GDPR exclusively for the purpose of contract processing.

The app saves certain location points (geographic coordinates) and assigns them to the registration ID of the device for the push notification service.

With the creation of favorite locations, location points (geographic coordinates) are saved and linked to the registration ID of the end device for push notification.

When the GPS function is activated, the user’s position is automatically determined. This position is transmitted to our server after a change of location of 500 meters and not before 15 minutes after the last position transmission. Our server only saves the last updated position of the device, no history is saved. All previous positions are overwritten by the most recent position.

The notification service is provided by the Google Cloud Messaging service for Android or by Firebase Cloud Messaging for iOS via the registration ID of the end device.

Data calls require direct communication between the end device and our server. This communication is secured by end-to-end encryption (HTTPS according to the latest and previous TLS standard). The IP address of the end device is only stored in anonymous form – by shortening the last octet – in log files.

To ensure the necessary support services and system improvements, data changes and their content are anonymized and stored in log files for a maximum of 6 months.

 Cookies

Apart from session cookies, no cookies and no market research data are collected, stored or used.

Our servers are located in German data centers.

  1.  Emergency Calls

In the settings, the user can specify whether his data for emergency calls may be passed on to an emergency service provider based on his consent in accordance with Art. 6 I a GDPR and, from the start of an active emergency call, to his service provider / subcontractor (emergency services at the user’s location, hospitals at the user’s location, etc.) .

In the event that there is no general consent for the data to be passed on, the emergency call service provider first receives the data in the event of an active emergency call on the basis of Art. 6 I d) GDPR and can then transfer the data to a service provider / subcontractor (emergency services at the user’s location, hospitals at the user’s location, etc). The emergency telephone call to the contractually agreed service number itself is also regarded as consent in accordance with Art. 6 I a GDPR for data transfer to service providers that are required for emergency measures but outside the scope of Art. 6 I d GDPR (e.g. billing data for doctors, paramedics and hospitals).

  1. Subcontractors

If and to the extent necessary, we will pass on your data to companies that we use exclusively for the purpose of executing the contract in accordance with Art. 28 GDPR; these are the following companies:

  • Med con team, Gerhard-Kindler-Str. 6, 72770 Reutlingen
  • Possibly other service providers in an emergency
  1. Disclosure due to official request

Otherwise, data will only be passed on in accordance with Art. 6 I c GDPR to sovereign legal entities that are legally entitled to information, such as data protection authorities, in compliance with a corresponding legal obligation or obligation issued by a court.

  1. Data transfer to Google (Google Maps)

If you request position data, exit or call up the submenu with the map view and are in a WLAN or have activated mobile data transfer, a map from Google will be loaded which is centered on your current position. Google (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) receives at least the IP address assigned to your smartphone and thus the information about where this IP address is currently located.

  1. Deletion

All data stored for an app are deleted automatically if:

  • the app has not been accessed for six months,
  • the app has been deleted on the device and the deletion has been recognized.

If you would like to end your participation and the data that has already been transmitted to be deleted, please first delete your user account and then uninstall the app or contact the contact given below, stating your identification number.

  1. Right to information and contact

You can request information about the data we have stored, including information on the origin and recipient of this data and the purpose of their processing.
Please address your inquiries to:

A3M Global Monitoring GmbH
Hintere Grabenstrasse 26
D-72070 Tübingen
Germany
Email: info@a3mobile.com

  1. User rights

According to applicable laws, you have various rights in regards to your personal data. If you would like to exercise these rights, please address your request by e-mail or by post to the address stated above for the controller and provide clear identification.

In the following, you will find an overview of your rights.

  1. a) Right to confirmation and information

You have the right to receive a confirmation from us at any time regarding whether your personal data is being processed. If this is the case, you have the right to receive information at no charge about your stored personal data and a copy of any such data. In addition, you have the right to the following information: 

  • the purposes for the processing;
  • the categories of personal data that are being processed;
  • the recipients or categories of recipients to whom the personal data has been disclosed or is being disclosed, particularly for recipients in non-EU countries or in international organisations;
  • if possible, the planned duration for the storage of the personal data, or if this is not possible, the criteria for the determination of this duration;
  • any rights to correct or delete your personal data or to limit of the processing of such data by controllers or to refuse the processing of such data;
  • any rights to file a grievance with a supervisory authority;
  • if the personal data was not collected from you, all available information about the source of the data;
  • the existence of any automated decisions, including profiling in terms of article 22 paragraphs 1 and 4 GDPR and – at least in such cases – significant information about the logic used in such decisions as well as the scope and intended effects of such processing for you.

If personal data is transferred to a non-EU country or an international organisation, you have the right to be informed of the respective guarantees in terms of article 46 GDPR in connection with such transfer.

  1. b) Right to correction

You have the right to demand that we immediately correct any incorrect personal data. In consideration of the purposes of the collected data, you have the right to demand the completion of incomplete personal data – including by means of a supplemental declaration.

  1. c) Right to deletion (“right to be forgotten”)

You have the right to demand that we immediately delete your personal data, and we are required to immediately delete personal data if any of the following reasons occur:

  1. The personal data is no longer required to achieve the purposes for which it was collected.
  2. You revoke the consent that allowed the processing according to article 6 paragraph 1 GDPR a) or article 9 paragraph 2 a) GDPR and there is no other legal basis for the processing.
  3. You submit an objection to the processing of your data in accordance with article 21 paragraph 1 GDPR and there are no overriding legal grounds for the processing, or you submit an objection to the processing in accordance with article 21 paragraph 2 GDPR.
  4. The personal data was unlawfully processed.
  5. The deletion of personal data is required under the legal provisions stated in EU law or the law of a member country to which we are subject.
  6. The personal data was collected in connection to information society services according to article 8 paragraph 1 GDPR.

There is no right to deletion if the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation to EU law or the laws of member countries to which the controller is subject, or to fulfil a task that is in the public interest or occurs in the exercise of official authority and requires a transfer of data from the controller;
  3. due to public interest in the area of public health according to article 9 paragraph 2 h) and i) or article 9 paragraph 3 GDPR;
  4. for archival purposes that affect the public interest or serve scientific or historical research purposes, or for statistical reasons according to article 89 paragraph 1 GDPR, if the relevant right is likely to make it impossible to realise the goals of such processing or to seriously hinder them.
  5. for the assertion, exercise or defence of legal claims.

If we have made the personal data public and if we are required by article 17 GDPR to delete it, we will take appropriate measures in consideration of the available technologies and their implementation costs to inform the parties responsible for the processing of the personal data that you have requested that they delete all links to such personal data, including copies or replications.

  1. d) Right to the limitation of processing

You have the right to demand that we limit the processing of your data if one of the following conditions occurs:

  1. you contest the accuracy of the personal data (and such data has been stored for a period that has allowed us to check its accuracy),
  2. the processing is unlawful and, instead of deleting the personal data, you have decided to demand that the usage of such data be limited;
  3. we no longer require the personal data to achieve the purposes for which it was collected but you require the data to assert, exercise or protect legal claims, or 
  4. you have submitted an objection to the processing of your data according to article 21 paragraph 1 GDPR, if it has not yet been determined whether our company’s legitimate purposes override your legitimate purposes.

If the processing of your personal data has been limited, such data – apart from its storage – can only be processed with your consent or for the exercise or protection of legal claims or to protect the rights of another natural or legal entity or for the purposes of an important public interest for the EU or a member country. 

  1. e) Right to data portability

You have the right to receive the personal data that we have been provided in a structured, conventional and machine-readable format, and you have the right to transfer such data to another controller through our company with no obstacles on our part, if

  1. the processing is being carried out based on a declaration of consent in accordance with article 6 paragraph 1 a) GDPR or article 9 paragraph 2 a) GDPR or an agreement in terms of article 6 paragraph 1 b) GDPR, and
  2. the processing takes place using automated procedures.

In exercising your right to data portability according to paragraph 1, you have the right to ensure that we transfer the personal data directly to another controller, if technically possible.

The right to data portability does not apply to the processing of personal data that is required for the completion of a task that is in the public interest or takes place as part of the exercise of public authority that has been required of the controller.

  1. f) Right of refusal

You have the right to refuse at any time the processing of your personal data for purposes stated in article 6 paragraph 1 e) or f) GDPR for reasons arising from your personal situation; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms or if the processing serves the assertion, exercise or protection of legal claims.

If we process the personal data for the purpose of direct advertisement, you have the right to enter an objection at any time against the processing of such data for the purposes of such advertisement; this also applies to profiling, if it is in connection to such direct advertising.

You have the right to refuse at any time the processing of your personal data for scientific or historical research purposes or for statistical purposes in terms of article 89 paragraph 1 GDPR for reasons arising from your personal situation, unless such processing is necessary to fulfil a task that is in the public interest.

  1. g) Automated decisions including profiling

You have the right to refuse to be subject to a decision that is based exclusively on automated processing, including profiling, that legally affects you or has any similar significant effect.

  1. h) Right to revocation of a declaration of consent regarding personal data

You have the right to revoke a declaration of consent regarding the processing of personal data at any time.

  1. i) Right to submit grievances to a supervisory authority

You have the right to submit grievances to a supervisory authority, particularly in the EU member country in which you live, where your place of work is located or in the location of the supposed infringement if you believe that the processing of your personal data is unlawful.

  1. j) Right to information

If you have exercised the right to information, deletion or limitation of processing by the controller, such party is required to communicate this information, deletion or limitation of the processing to all recipients of the personal data, unless this is proven to be impossible or disproportionately difficult.
You have the right to be informed by the controller of any such recipients.