Privacy Policy

App



1. Introduction

Data privacy is important to us. This means that we process data about identified or identifiable individuals, which is called personal data, with due care and in accordance with applicable data protection law.

This Privacy Notice describes how we process personal data we collect from individuals in relation to their use of our Application and the measures we take to assist the users of our Application to comply with data protection law that applies to them. In legal terms, we are the data controller, as we determine the means and/or purposes of the processing.

This Privacy Notice only covers data processing carried out by Sensafety. The Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties.


2. Data Collection

The personal data we collect from individuals using our Service and Application (“Users”) consists of user data limited to device ID, geographic location, the time and date of the use of the Application. We do not collect any names, e-mail address, home address or phone numbers. Consequently, our Users do not need to create user profiles in order to be able to use our Application.

Our Users are asked to give an answer to the question of perceived safety at a particular time and place. The answer of the User, which in combination with other data collected qualifies as personal data, is aggregated and stored with pseudonymous identifiers at Google Firebase. For further information concerning the terms and conditions of use and data privacy of Firebase please visit: https://firebase.google.com/support/privacy/#examples_of_end-user_personal_data_processed_by_firebase

When using the Application we automatically record certain technical information such as the Internet Protocol address (IP address), the device address and/or device type.

We use Google Analytics, an analytics service provided by Google, Inc. ("Google"). The information generated about your use of the Application (including your IP address) will be transmitted to and stored by Google on servers in the United States. On behalf of the Technische Universität Berlin, Google will use this information for the purpose of evaluating your use of the Application, compiling reports on Application usage activity and providing other services relating to Application activity. You can refuse the use of Google Analytics within the Application. However, please note that if you do this, you may not be able to use the full functionality of the Application.

For further information concerning the terms and conditions of use and data privacy at Google please visit: https://www.google.com/analytics/terms/us.html or https://www.google.com/policies/.


3. Purposes

We process your personal data for the following purposes:

• for scientific research,
• to collect responses from users in order to meet the purpose of the Service,
• to trace individual responses to each device within the database,
• to perform tracking of the use of our Application.

In consideration of the collection and processing for the purposes listed above, Sensafety is supported by the Technische Universität Berlin acting as data controllers.

4. Storage Period

We store your personal data in accordance with the Statute on the Safeguarding of Good Academic Practice at Technische Universität Berlin for no longer than 10 years for research purposes.

We erase personal data after the above described storage period or when the User requests us to erase his/her personal data.


5. Legitimate Grounds for Processing

We process your personal data to pursue our legitimate interest for research purposes only within the research group of Technische Universität Berlin. The collected data is not used for commercial purposes.


6. Rights of Users

Right to access: Any User may contact us to get confirmation as to whether or not we are processing User’s personal data. Where we do process User’s personal data, we will inform User of what categories of personal data we process regarding him/her, the processing purposes, the categories of recipients to whom personal data have been or will be disclosed and the envisaged storage period or criteria to determine that period.

Right to withdraw consent: In case our processing is based on a consent granted by the User, the User may withdraw the consent at any time by contacting us or by using the functionalities of our Services. Withdrawing a consent may lead to fewer possibilities to use our Services.

Right to rectification: Any User has the right to have inaccurate or incomplete personal data we store about the User rectified or completed.

Right to object: Any User has the right to object to our processing at any time, even if our processing is based on our legitimate interest in the operation, maintenance and further development of our Services. We shall then no longer process User’s personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override User’s interests, rights and freedoms or for legal claims.

Right to restriction of processing: Any User has the right to obtain from us restriction of processing of User’s personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after User’s contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for User’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.

Right to data portability: Any User has the right to receive User’s personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on User’s consent and carried out by automated means.

Right to erasure: Any User has the right to have personal data we process about the User erased from our systems if the personal data are no longer necessary for the related purposes, or if we have unlawfully processed the personal data. Any User furthermore has the right to erasure if the User withdraws consent or objects to our processing as meant above, unless we have a legitimate ground to not erase the data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.

How to use these rights: To exercise any of the above mentioned rights, User should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, Customer shall send us a letter or email to the address set out below under Contact, including the following information: device ID. We may request additional information necessary to confirm User’s identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.


7. Security

We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction. Access to the user data is only available to Technische Universität Berlin employees within the group, and only to those who have been granted access explicitly.

Should despite of our security measures, a security breach occur that is likely to result in a risk to the data privacy of Users, we will inform the relevant Users and other affected parties, as well as relevant authorities when required by applicable data protection law, about the security breach as soon as reasonably possible.


8. Recipients

We only share your personal data within our research group if and as far as necessary for the purposes specified in this Privacy Notice. Our staff members processing personal data are bound to confidentiality.

We do not share your personal data with any third party outside of our organization unless one of the following circumstances applies.

Necessary for the purposes. We may share your personal data with third parties to the extent our Services foresee such disclosure and Users submit their personal data for that purpose, such as to facilitate our Services.

For legal reasons. We may share your personal data with third parties only if we have good-faith belief that their access to and use of the personal data is necessary (i) to meet any applicable law and/or court order, (ii) to detect, prevent or otherwise address fraud, security or technical issues, and/or (iii) to protect the interests, properties or safety of us, our Users or the public, in accordance with the law. We will notify Users about such disclosure, as far as reasonably possible.

Upon User’s consent. We may share your personal data with third parties for other reasons than the ones mentioned above, if we obtained User’s explicit consent to do so. The User has the right to withdraw this consent at any time.


9. Location and Transfer

We and our research groups operate only from locations based in Germany.

Our User´s data however may be transferred by Google Firebase to other locations for storage purposes.

Google Firebase ensures that any personal data processed in different locations receives an adequate level of protection, by meeting the data protection standard stipulated by the EU data protection law. More details on how Google Firebase achieves this, please visit here: https://firebase.google.com/support/privacy/ .

Further information regarding the international transfer of personal data may be obtained by contacting us.


10. Lodging a Complaint

In case any User considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint may be lodged with the local supervisory authority for data protection.


11. Changes

This Privacy Notice is dated February 15, 2019. We may update this Privacy Notice at any time if required in order to reflect changes in our data processing practices, in personal data protection laws or otherwise. For substantial changes to this Privacy Notice, we will use reasonable endeavours to provide notice thereof.

The English version of this Privacy Notice shall govern in the event of any conflict with or substantial translation changes into a non-English language.


12. Contact

Any User having any question or request on this Privacy Notice or our privacy practices, can contact us

• by email at sensafety@snet.tu-berlin.de

Further privacy related questions may be addressed to the Data Protection Office of the Technische Universität Berlin:

• by email at k-3-ds@tu-berlin.de

• by mail at:
Annette Hiller K 3 DS
Data Protection Officer (DPO) - legal supervisory affairs of the AS and its commissions, support arrangements for committee members, meeting fees, policy matters in the area of academic self-government
Room H 1038
Straße des 17. Juni 135
Berlin, Germany

You also have the right to contact the local controlling authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219 / visitor entrance via Puttkamerstr. 16-18
10969 Berlin, Germany
mailbox@datenschutz-berlin.de