// A3M Datenschutz
Global Monitoring App
The Global Monitoring App is supplied by:
A3M Global Monitoring GmbH (hereafter referred as A3M)
represented by the CEO Thomas Dillon
Alter Fischmarkt 5
2547 Hamburg, Germany
info(at)a3mobile.com
(Controller according to art. 4 para. 7 GDPR and in the meaning of art. 18 para. 2 MStV (German Medien Staatsvertrag))
Data protection officer: Carsten Fischer, Alter Fischmarkt 5, 20457 Hamburg, Germany, datenschutz(at)a3mobile.com
1. Data processing aims and purposes through the Global Monitoring App
App´s function: The Global Monitoring App informs you via push-messages and/or email about dangers and events. Important warnings and behavioral instructions are sent directly to your smartphone. The app includes following information/functionality:- Map overview of current events worldwide
- Travel Alerts based on the traveler´s current location
- Travel Alerts of upcoming trips
- Travel Alerts of countries and/or event categories (Watchlist)
- Location-based local emergency numbers
- Country and health relevant information of upcoming trips
- Integration of the A3M Country Information
- SOS-Button to easily establish contract with the Assistance Provider of the company
2. Processed data
Following data categories are processed via the App:2.1 Profile data
In order to be able to use the app, the following information must first be provided:- Company key (issued by A3M)
- First and last name
- Email address
- Password
2.2 Movement data
Your smartphone or tablet has a GPS sensor and possibly other functions (sensors, WLAN) for determining your position. With the help of these functions – provided with a time stamp and the app ID (and only if and as long as you have granted authorization!) – your current location is regularly recorded (geographic coordinates). The data collected is collected, stored and processed in accordance with art. 6 para. 1 lit. b GDPR exclusively for the purpose of contract processing.3. Automatic data collection and processing
The identification number (app ID) is assigned to the following data on the server:- Device type, operating system and app version
- The geographic coordinates and registration ID of the device for the push notification service
- Registration data
4. Emergency Calls
In the settings, the user can specify whether his data for emergency calls may be passed on to an emergency service provider based on his consent in accordance with art. 6 para 1 lit. a GDPR and, from the start of an active emergency call, to his service provider / subcontractor (emergency services at the user’s location, hospitals at the user’s location, etc.). In the event that there is no general consent for the data to be passed on, the emergency call service provider first receives the data in the event of an active emergency call on the basis of art. 6 para. 1 lit. d GDPR and can then transfer the data to a service provider / subcontractor (emergency services at the user’s location, hospitals at the user’s location, etc). The emergency telephone call to the contractually agreed service number itself is also regarded as consent in accordance with Art. 6 I a GDPR for data transfer to service providers that are required for emergency measures but outside the scope of art. 6 para. 1 lit. d GDPR (e.g. billing data for doctors, paramedics and hospitals).5. Subcontractors
If and to the extent necessary, we will pass on your data to companies that we use exclusively for the purpose of executing the contract in accordance with art. 28 GDPR; these are the following companies:- Corporate Trust Business Risk & Crisis Management GmbH, Graf-zu-Castell-Straße 1, 81829 Munich, Germany
- Falck Global Assistance A/S, Sydhavnsgade 18, 2450 Copenhagen, Denmark
- MD Medicus Assitance Service GmbH, Industriestraße 2a, 67063 Ludwigshafen am Rhein, Germany
- med con team GmbH, Gerhard-Kindler-Str. 6, 72770 Reutlingen, Germany
- Result Group GmbH Global Risk and Crisis Management, Waldstraße 3a, 82343 Pöcking/Starnberger See, Germany
- Possibly other service providers.
6. Disclosure due to official request
Otherwise, data will only be passed on in accordance with art. 6 para. 1 lit. c GDPR to sovereign legal entities that are legally entitled to information, such as data protection authorities, in compliance with a corresponding legal obligation or obligation issued by a court.7. Data transfer to Google (Google Maps)
If you request position data, exit, or open the submenu with map view and are either connected to WLAN or have activated mobile data transfer, then a map from Google centred on your current position will load. At the minimum, Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) receives the IP address assigned to your smartphone and thus the information about where this IP address is currently located. This information is typically transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, then Google can use Google Fonts to ensure the uniform display of fonts. When you open Google Maps, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly. Google Maps is used to ensure the attractive presentation of our online products and make it easier to find the places that we have referenced on our website. This represents a legitimate interest within the scope of art. 6 para. 1 lit. f GDPR. If the corresponding consent has been requested, then processing takes place exclusively on the basis of art. 6 para. 1 lit. a GDPR and art. 25 para. 1 TTDSG (German Telecommunications-Telemedia Data Protection Act), such that this consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the scope of the TTDSG. This consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. You can find more information on the management of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=en.8. Analysis tool
This app uses the open-source web analytics tool Countly. With the help of Countly, we are able to collect and analyse the usage data for our app. This allows us to determine when which page views occurred and from which region they came, among other things. We also collect various log files (e.g., IP addresses, device IDs, referrer, browsers, and operating systems used) and can determine whether our app users perform certain actions (e.g., clicks, etc.). The use of this analysis tool is based on art. 6 para. 1 lit. f GDPR. The app operator has a legitimate interest in analysing user behaviour in order to optimise both its web/app offering and its advertising. If as the corresponding consent has been requested, then processing is carried out exclusively on the basis of art. 6 para. 1 li. a GDPR and art. 25 para. 1 TTDSG (German Telecommunications-Telemedia Data Protection Act), such that this consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the scope of the TTDSG. This consent can be revoked at any time. IP Anonymisation We use IP anonymisation for analysis with Countly. In this case, your IP address is shortened before analysis such that it can no longer be clearly tracked. Hosting We host Countly exclusively on our own servers, which means that all analysis data remains with us and is not passed on to a third party.9. Deletion
All data stored for an app are deleted automatically if:- the app has not been accessed for six months,
- the app has been deleted on the device and the deletion has been recognized.
10. Right to information and contact
You can request information about the data we have stored, including information on the origin and recipient of this data and the purpose of their processing. Please address your inquiries to: A3M Global Monitoring GmbH Alter Fischmarkt 5 20457 Hamburg, Germany Email: info(at)a3mobile.com11. User rights
According to applicable laws, you have various rights in regards to your personal data. If you would like to exercise these rights, please address your request by e-mail or by post to the address stated above for the controller and provide clear identification. In the following, you will find an overview of your rights.a) Right to confirmation and information
You have the right to receive a confirmation from us at any time regarding whether your personal data is being processed. If this is the case, you have the right to receive information at no charge about your stored personal data and a copy of any such data. In addition, you have the right to the following information:- the purposes for the processing;
- the categories of personal data that are being processed;
- the recipients or categories of recipients to whom the personal data has been disclosed or is being disclosed, particularly for recipients in non-EU countries or in international organisations;
- if possible, the planned duration for the storage of the personal data, or if this is not possible, the criteria for the determination of this duration;
- any rights to correct or delete your personal data or to limit of the processing of such data by controllers or to refuse the processing of such data;
- any rights to file a grievance with a supervisory authority;
- if the personal data was not collected from you, all available information about the source of the data;
- the existence of any automated decisions, including profiling in terms of article 22 paragraphs 1 and 4 GDPR and – at least in such cases – significant information about the logic used in such decisions as well as the scope and intended effects of such processing for you.
b) Right to correction
You have the right to demand that we immediately correct any incorrect personal data. In consideration of the purposes of the collected data, you have the right to demand the completion of incomplete personal data – including by means of a supplemental declaration.c) Right to deletion (“right to be forgotten”)
You have the right to demand that we immediately delete your personal data, and we are required to immediately delete personal data if any of the following reasons occur:- The personal data is no longer required to achieve the purposes for which it was collected.
- You revoke the consent that allowed the processing according to art. 6 para. 1 lit. a GDPR ) or art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
- You submit an objection to the processing of your data in accordance with art. 21 para. 1 GDPR and there are no overriding legal grounds for the processing, or you submit an objection to the processing in accordance with art. 21 para. 2 GDPR.
- The personal data was unlawfully processed.
- The deletion of personal data is required under the legal provisions stated in EU law or the law of a member country to which we are subject.
- The personal data was collected in connection to information society services according to art. 8 para. 1 GDPR.
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation to EU law or the laws of member countries to which the controller is subject, or to fulfil a task that is in the public interest or occurs in the exercise of official authority and requires a transfer of data from the controller;
- due to public interest in the area of public health according to art. 9 para. 2 lit. h and I or art. 9 para. GDPR;
- for archival purposes that affect the public interest or serve scientific or historical research purposes, or for statistical reasons according to art. 89 para. 1 GDPR, if the relevant right is likely to make it impossible to realise the goals of such processing or to seriously hinder them.
- for the assertion, exercise or defence of legal claims.
d) Right to the limitation of processing
You have the right to demand that we limit the processing of your data if one of the following conditions occurs:- you contest the accuracy of the personal data (and such data has been stored for a period that has allowed us to check its accuracy),
- the processing is unlawful and, instead of deleting the personal data, you have decided to demand that the usage of such data be limited;
- we no longer require the personal data to achieve the purposes for which it was collected but you require the data to assert, exercise or protect legal claims, or
- you have submitted an objection to the processing of your data according to art. 21 para. 1 GDPR, if it has not yet been determined whether our company’s legitimate purposes override your legitimate purposes.
e) Right to data portability
You have the right to receive the personal data that we have been provided in a structured, conventional and machine-readable format, and you have the right to transfer such data to another controller through our company with no obstacles on our part, if- the processing is being carried out based on a declaration of consent in accordance with art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a) GDPR or an agreement in terms of art. 6 para. 1 lit. b GDPR, and
- the processing takes place using automated procedures.