Data protection information for eurodata AG mobile apps

Use of telephone and data connection

A data connection is required for the use of the eurodata app. The costs of data transmission depend on the network operator.

Information about the collection of personal data

In the section that follows, we will inform you about how your personal data are collected and processed when you use our apps. Personal data are any data that can be seen to relate to you personally, e.g. name, address, e-mail addresses, user behaviour.

Controller

The data are processed by eurodata AG (the processor), pursuant to Article 28 of the EU General Data Protection Regulation (GDPR), on behalf of the controller as defined in Article 4 7. of the GDPR.

Name and contact data of the processor and its data protection officer

The processor pursuant to Article 28 of the GDPR is:

eurodata AG,
Grossblittersdorfer Strasse 257-259,
66119 Saarbrücken,
Telephone: +49 681 8808-0
Telefax: +49 681 8808-300
E-mail: info@eurodata.de

The contact details of our data protection officer are:
Mario Arndt,
DEUDAT GmbH,
Zehntenhofstrasse 5b,
65201 Wiesbaden,
Telephone: +49 611 950008-40
E-mail: datenschutzbeauftragter@eurodata.de

Description of eurodata apps
edcloud | Beleg, PISA | Beleg

Purpose of processing

The app serves the purpose of uploading documents from the mobile device into the edcloud / PISA pendulum file and in edcloud Finanzen or PISA Finanzen.

What data are required for the use of the app?

In the section that follows we should like to inform you about the data that are collected, processed and saved via the app.

  • Log-in data
    User name, e-mail
    When the user logs in, these are transmitted in encrypted form to the server and matched there. So that the user can remain logged in permanently, an off-line token is recorded on the device (OpenID Connect) for authentication on the server.
  • Password
    A personal password allocated for the use of the app. The password is not saved, but only used for logging in on the target systems.

Authorisations required

For the app to be able to function properly, it is necessary for the user to allow access to certain smartphone functions and data. For example, the user is requested to issue the relevant access authorisation once at the beginning or when wishing to use the function in question.

  • Camera
    Access to the camera at system level is required in order to be able to send a supporting document to eurodata. Supporting documents can be photographed with the camera or selected from among the photos which are already on the device. To allow access to the photo memory or camera, the user has to give his or her consent actively in the app.
  • SD memory card access and memory access
    The app saves the photographed supporting documents on the device for as long as it takes for the device to reach the app server at eurodata and transfer the documents. After that, they are removed again. Only files within the app are processed. No other files or folders outside the app will be modified or removed.
  • WLAN connection information
    To save mobile data volume, the app can be set in such a way that documents are only transmitted to the server when there is a WLAN connection. For that, it is necessary for the app zu recognise whether there is a WLAN connection or not.

Duration of storage

Supporting documents are saved locally. They are not finally deleted until after the successful upload. When the app is deinstalled all the data will be deleted.

edtime/edpep (now edtime PLUS) and edcloud Personal 

Purpose of processing

With the app, time worked, interruptions and statutory breaks can be clocked in easily via the employee’s smartphone. The employees can view the current roster at any time and administer periods of absence, holidays and shift enquiries simply and easily with their smartphone. Synchronisation with the edpep web application makes permanent communication with the team possible. Work instructions can be issued, messages sent and tasks allocated via the app.

What data are required for the use of the app?

In the section that follows, we should like to inform you about the data that are gathered, processed and saved via the app.

  • Log-in data
    User name, e-mail
    At the time of log-in, these data are transmitted in encrypted form to the server and matched there. So that the user can remain logged in permanently, the user name / e-mail address and encrypted password are saved locally on the device. The log-in data are not readable in text form and are not recovered.
  • Password
    A personal password allocated for the use of the app.

Authorisations required

For the app to be able to function properly, it is necessary for the user to allow access to certain smartphone functions and data. For example, the user is requested to issue the relevant access authorisation once at the beginning or when wishing to use the function in question.

  • Use of location data, GPS data (optional if assigned by the controller)
    The clocking function in the app can be set by the employer in such a way that employees can only clock in and out in a defined radius around predetermined coordinates. For this, the app uses the location service of the smartphone. The location service is not used until the app is opened. When someone tries to use the clocking function, the app simply checks whether the user is at that location, i.e. within the defined radius of the coordinates recorded for it or not. The coordinates are read into the smartphone from the server. A check is run on the smartphone to establish whether the coordinates detected via the location service are within the radius of the location coordinates recorded. If the smartphone is within that radius, certain functions of the app are duly enabled. These are the clocking function and access to work documents. The positional data detected by the location service are not transported to the server. Movement profiles are not drawn up.
  • Camera
    The employee can upload his or her profile image via the smartphone. To do that, the app requires access to the photos and/or the camera so that the employee can upload the image. This is polled on initial installation, once the app has been downloaded. To allow access to the photo memory or camera, the user has to give his or her consent actively in the app.
  • SD memory card access and memory access
    In the app, access to the memory is required for documents. The application caches documents on the device so as be able to make them available off line. The app can only see and modify its own documents. It has no access to any other folders on the device.
  • WLAN connection information
    To save mobile data volume, the app can be set in such a way that documents can only be transmitted to the server if there is a WLAN connection. For this, it is necessary for the app to recognise whether there is a WLAN connection or not.
  • Push messages
    When the app is opened for the first time, the user receives an enquiry as to whether push messages are allowed to be received. The receipt of push messages can also be approved or suppressed by issuing the relevant authorisation on the menu of the smartphone under settings and messages.

For push notifications, we use the services Amazon SNS, Firebase Cloud Messaging by Google (Android) and Apple Push Notifications (iOS). Firebase and Apple generate a computed code, which comprises the identification of the app and its device identifier. This code is recorded on our push platform. The Firebase and Apple servers cannot draw any conclusions whatsoever about enquiries from message recipients or gather any other data that can be related to a particular person. Amazon SNS, Firebase and Apple serve exclusively as transmitters.

Duration of storage

Data (log-in data, images) are saved during use and deleted again when the app is deinstalled. The image is saved on the server for as long as the employee is kept on record in the web application by the employer. All the data are deleted when the app is deinstalled.

Push messages are not saved permanently on the smartphone.

Deployment of Sentry.io

For the crash reports in this app, we use Sentry.io so as to be able to optimise our app in the future. This tool is provided by Functional Software Inc., 1 Baker Street, #5B, San Francisco, CA 94117, USA. We save the data that have been gathered on our servers in our data centre and do not transmit them to any third parties, i.e. not to Functional Software Inc. either. Deployment of the tool enables real-time crash reports to be drawn up with information on register codes and devices. This makes maintenance simpler and enables the stability of the app to be improved. The following data are also gathered, so that we can provide our customers with optimum support if an error occurs: IP address, user name, user ID.

These data are saved for 90 days.

The legal basis for the processing of these data is Art. 6 1. Sentence1 (f) of the GDPR. These data are technically necessary to enable us to guarantee the stability and security of the app.

Your rights

With regard to the personal data that relate to you, you have the following rights in respect of us:

  • right of access
  • right to rectification or erasure
  • right to restriction of processing
  • right to file an objection to processing
  • right to data portability.

You also have the right to complain to a supervisory authority for data protection about the processing of your personal data in our enterprise.

Collection of personal data when the app is used

When the app is downloaded, the necessary information will be transmitted to the app store of your provider, including, in particular, your user name, e-mail address and the customer number of your account, the time of the download, payment information and the individual device code. We do not have any influence on the gathering of these data by your app store provider, and we bear no responsibility for it. We only process the data to the extent necessary for the download of the app to your mobile device.

Data transmission

In the app, the data collected are transmitted in encrypted form to the central IT systems of eurodata for further processing. All the data transmitted will only be used for services provided by eurodata and forwarded by eurodata to service providers deployed, but not to third parties.

Provider

The provider of the app is

eurodata AG,
Grossblittersdorfer Strasse 257-259,
66119 Saarbrücken,
Telephone: +49 681 8808-0
Telefax: +49 681 8808-300
E-mail: info@eurodata.de
https://www.eurodata.de

General statements on data privacy:
https://www.eurodata.de/datenschutz

Issue: June 2022