Privacy policy apps
1. scope of application and person responsible
This privacy policy explains how we process your data, what rights you have and to what extent the data we store is transferred to third parties.
We treat your personal data confidentially and in accordance with the statutory data protection regulations in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Digital Services Act (DDG), this privacy policy and other data protection regulations.
The controller for the processing of personal data within the meaning of Art. 4 No. 7 GDPR is
PROSIS GmbH
Rinnberg 25
85296 Rohrbach
Tel: 08458 33 30 - 0; Fax: 08458 33 30 - 9899
E-mail: info@prosis.de
2. data protection officer
You can reach the data protection officer of PROSIS GmbH in accordance with Art. 37 GDPR at
PROSIS GmbH, Data Protection Officer
Carl-Benz-Ring 4 - 6
85080 Gaimersheim
Phone: +49 8458 33 30 - 893
Fax: +49 8458 33 30 - 9899
Mail: dsb@prosis.de
3. personal data and sources
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes, for example, the name, address, e-mail address or telephone number. In addition, purely technical data that can be assigned to a person is also considered personal data.
We process personal data only to the extent personally authorized by you. We only collect and process the data that is absolutely necessary to maintain and use the services provided to you. All your data belongs to you, which is why we do not forward any of the data transmitted to us to third parties without your consent, unless we are legally obliged to do so, e.g. in the event of a corresponding court order.
4. processing purposes and legal bases
The personal data transmitted by you will be collected and processed for the purpose of contract initiation, contract conclusion or contract fulfillment in accordance with Art. 6 para. 1 lit. b) GDPR.
However, the collection and processing of personal data may also be subject to the protection of our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR, e.g. for the further development of our services and products.
If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Consent given can be withdrawn at any time (Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR). Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
We also process data to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c) GDPR, e.g. from the German Commercial Code (HGB) or the German Fiscal Code (AO).
5 Data erasure and storage duration
Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract. In addition, data may be stored for longer due to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO).
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, data may be stored for longer due to various legal requirements.
6. individual processing
6.1 Access data/server log files
When you use our applications, we automatically collect a range of technical data that constitutes personal data. These are so-called IT usage data, such as user ID, roles, authorizations, login times, computer name, IP address, GID, etc.
If you report an error in the mobile app, we may ask you to activate the transfer of log entries on your mobile device. We will then also ask you for an ID that was created in the mobile app and that can be used to assign the transferred log entries to your mobile device.
Log files and the data they contain are used exclusively for error analysis. This data is not merged with data sources outside our applications.
The personal data in log files are processed on the basis of Art. 6 para. 1 lit. f) GDPR. The server log files are stored for as long as they are required to provide the service.
6.2 Feedback and support requests
If you send us feedback or a support request, your e-mail address will only be used for correspondence with you and only for the clarification of your support case. It will not be passed on to third parties.
As part of the support you have requested, you may be required to provide us with some of your personal data so that we can fulfill our contractual obligations. In these cases, your prior consent pursuant to Art. 6 (1) (a) GDPR is not required.
6.3 Cookies
Only technically necessary cookies are used in our applications. These are required, for example, to maintain the user session.
6.4 Usage behavior
There is no analysis of user behavior within our applications using tracking tools.
7. authorizations required by the app and their use
To enable some functions of the mobile app, it requires certain access rights, which are explained in more detail below.
If you refuse this, you will not be able to use the mobile app. If you allow access to this data, the app will only access this data and transfer it to the servers to the extent necessary to provide the functionality. We will treat this data confidentially and delete it when the rights are no longer required to provide the service and there are no legal obligations to retain it.
7.1 iOS
- Camera authorization:
For taking a photo for the sick note function (e.g. certificate of incapacity for work). - Access to the photo gallery:
Authorization to access a photo within the photo gallery (e.g. selection of a previously recorded certificate of incapacity for work). - Access to photos:
Authorization to use a photo within the photo gallery (e.g. to add a certificate of incapacity for work to a sick note).
7.2 Android
- Network status:
Authorization to be able to distinguish within the app whether the app has Internet access or not. - Internet:
Authorization to communicate with the app via the Internet. - Reading and writing from/to external memory chips:
Authorization to use a photo within the photo gallery (e.g. to add a certificate of incapacity for work to a sick note). - Camera:
For taking a photo for the sick note function (e.g. certificate of incapacity for work).
7.3 Mobile data
8. data security
8.1 Technical safety precautions
8.1.1 Server
All servers used are operated in an ISO/IEC27001-certified data center in Germany. The hardware used is designed to be fail-safe and redundant. We do not store any data on other servers, especially not abroad.
We treat all data you transmit to us responsibly and process it in accordance with all legal provisions on data protection, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as well as the current state of the art in data processing and storage in order to protect your data from theft and misuse.
8.1.2 Data transmission
Your data is transmitted exclusively via TLS-encrypted connections from your end device to servers in German data centers. The data will not be passed on to third parties unless this is necessary to provide the app. Without your consent, data will only be passed on to third parties if we are legally obliged to do so (Art. 6 para. 1 lit. c) GDPR). We will inform you separately about the details if this applies and is required by law.
8.2 Organizational safeguards
We use an external service provider for IT support. This service provider may gain access to personal data as part of its activities. However, processing takes place exclusively on the basis of an order processing contract in accordance with Art. 28 GDPR, which ensures that your data is only processed within the scope of the instructions and in compliance with all data protection regulations. Suitable technical and organizational measures are implemented in accordance with Art. 32 GDPR.
9. your rights as a data subject
According to the GDPR, you have the right to information about your stored data (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure of your data (Art. 17 GDPR), the right to restriction of processing of your personal data (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object to the processing of personal data concerning you at any time (Art. 21 GDPR). All you need to do is send an informal email or letter to the contact details of the data protection officer listed under no. 2.
In addition, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority.
The contact details of the Bavarian State Office for Data Protection Supervision (BayLDA) are as follows:
Promenade 27
91522 Ansbach
Phone: +49 981 - 53 1300
Fax: +49 981 - 53 98 1300
Mail: poststelle@lda.bayern.de; https://www.lda.bayern.de/
