Privacy Policy

App



1. Introduction

Data privacy is important to us. This means that we process data about identified or identifiable individuals, which is called personal data, with due care and in accordance with applicable data protection law.

This Privacy Notice describes how we process personal data we collect from individuals in relation to their use of our Application and the measures we take to assist the users of our Application to comply with data protection law that applies to them. In legal terms, we are the data controller, as we determine the means and/or purposes of the processing.

This Privacy Notice only covers data processing carried out by Sensafety. The Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties.


2. Data Collection

Where we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

The personal data we collect from individuals who use our mobile applications (hereinafter "Users") consists of User data limited to IP address, pseudonymous device system identification number, a pseudonymous device identifier, geographic location (as latitude and longitude), an estimate of the accuracy of the identified geographic location, the time and date the application was used, the User response to the binary question about perceived sense of safety, and the User's selected reasons for perceived sense of safety. We do not collect names, email addresses, home addresses, or phone numbers. Therefore, our Users do not need to create User profiles to use our mobile applications. By not requiring registration, it is possible to use the mobile applications in a data-minimising and pseudo-anonymous manner.

Our Users are asked to answer the binary question regarding perceived sense of safety at any time and place. The User's answer, which in combination with the above mentioned collected data is considered personal data, is aggregated and stored with the pseudonymized device system identification number on a server operated by Google Inc. (hereinafter "Google") and stored on a server located in the European Union and on a server located in Germany at the Technische Universität Berlin.

For the purpose of processing and storing the personal data collected, the mobile applications make use of the Google Firebase services "Firebase Authentication", "Cloud Firestore" and "Cloud Functions for Firebase". Firebase Authentication is used to generate a pseudonymous identifier for each mobile device when the mobile applications are first used. The pseudonymous identifier is used for ongoing secure communication between the mobile device with the mobile application and Google Firebase services, and to prevent fraud and tampering attempts by third parties. Cloud Firestore is used to store all of the aforementioned personal data (including the pseudonymous identifier) that is produced when using the mobile application. The storage location is in the European Union. Cloud functions for Firebase are used for pre- and post-processing of the personal data. The data processing and security policies of Firebase Authentication, Cloud Firestore's and Cloud Functions for Firebase can be found here: https://firebase.google.com/terms/data-processing-terms.

For further information concerning the terms and conditions of use and data privacy at Google please visit: https://www.google.com/analytics/terms/us.html or https://www.google.com/policies/.


3. Purposes

We process your personal data for the following purposes:

• for scientific research,
• to collect responses from users in order to meet the purpose of the Service,
• to trace individual responses to each device within the database,
• to perform tracking of the use of our Application.

In consideration of the collection and processing for the purposes listed above, Sensafety is supported by the Technische Universität Berlin acting as data controllers.

4. Storage Period

We store your personal data in accordance with the Statute on the Safeguarding of Good Academic Practice at Technische Universität Berlin for no longer than 10 years for research purposes.

We erase personal data after the above described storage period or when the User requests us to erase his/her personal data.


5. Legitimate Grounds for Processing

We process your personal data for scientific research purposes at the Technische Universität Berlin and jointly within the scope of research cooperations with other public or private research facilities or institutions. The following research facilities and institutions are currently involved in processing your personal data:

• Technische Universität Berlin
• Freie Hansestadt Hamburg
• Hamburgisches WeltWirtschaftsInstitut gemeinnützige GmbH

The collected data is not used for commercial purposes.


6. Rights of Users

Right to access: Any User may contact us to get confirmation as to whether or not we are processing User’s personal data. Where we do process User’s personal data, we will inform User of what categories of personal data we process regarding him/her, the processing purposes, the categories of recipients to whom personal data have been or will be disclosed and the envisaged storage period or criteria to determine that period.

Right to withdraw consent: In case our processing is based on a consent granted by the User, the User may withdraw the consent at any time by contacting us or by using the functionalities of our Services. Withdrawing a consent may lead to fewer possibilities to use our Services.

Right to rectification: Any User has the right to have inaccurate or incomplete personal data we store about the User rectified or completed.

Right to object: Any User has the right to object to our processing at any time, even if our processing is based on our legitimate interest in the operation, maintenance and further development of our Services. We shall then no longer process User’s personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override User’s interests, rights and freedoms or for legal claims.

Right to restriction of processing: Any User has the right to obtain from us restriction of processing of User’s personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after User’s contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for User’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.

Right to data portability: Any User has the right to receive User’s personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on User’s consent and carried out by automated means.

Right to erasure: Any User has the right to have personal data we process about the User erased from our systems if the personal data are no longer necessary for the related purposes, or if we have unlawfully processed the personal data. Any User furthermore has the right to erasure if the User withdraws consent or objects to our processing as meant above, unless we have a legitimate ground to not erase the data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.

How to use these rights: To exercise any of the above mentioned rights, User should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, Customer shall send us a letter or email to the address set out below under Contact, including the following information: device ID. We may request additional information necessary to confirm User’s identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.


7. Security

We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction. Access to User data is only possible for employees of Technische Universität Berlin, research cooperation partners and only for those to whom access has been expressly granted.

Should despite of our security measures, a security breach occur that is likely to result in a risk to the data privacy of Users, we will inform the relevant Users and other affected parties, as well as relevant authorities when required by applicable data protection law, about the security breach as soon as reasonably possible.


8. Recipients

We will disclose your personal data within the Technische Universität Berlin and in the scope of research cooperations to third parties only if and to the extent necessary for the purposes stated in this privacy policy. Employees of the Technische Universität Berlin and research cooperation partners who process personal data are bound to confidentiality.

We do not share your personal data with any third party outside of our organization unless one of the following circumstances applies.

Necessary for the purposes. We may share your personal data with third parties to the extent our Services foresee such disclosure and Users submit their personal data for that purpose, such as to facilitate our Services.

For legal reasons. We may share your personal data with third parties only if we have good-faith belief that their access to and use of the personal data is necessary (i) to meet any applicable law and/or court order, (ii) to detect, prevent or otherwise address fraud, security or technical issues, and/or (iii) to protect the interests, properties or safety of us, our Users or the public, in accordance with the law. We will notify Users about such disclosure, as far as reasonably possible.

For research purposes: We may disclose your personal data to third parties insofar as a research cooperation for the purpose of joint scientific research exists between Technische Universität Berlin and a third party.

Upon User’s consent. We may share your personal data with third parties for other reasons than the ones mentioned above, if we obtained User’s explicit consent to do so. The User has the right to withdraw this consent at any time.


9. Location and Transfer

We and our research groups operate only from locations based in Germany.

Our User´s data however may be transferred by Google Firebase to other locations for storage purposes.

Google ensures that any personal data processed in different locations receives an adequate level of protection, by meeting the data protection standard stipulated by the EU data protection law. More details on how Google Firebase achieves this, please visit here: https://firebase.google.com/support/privacy/ .

Further information regarding the international transfer of personal data may be obtained by contacting us.


10. Lodging a Complaint

In case any User considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint may be lodged with the local supervisory authority for data protection.


11. Changes

This Privacy Notice is dated April 19, 2021. We may update this Privacy Notice at any time if required in order to reflect changes in our data processing practices, in personal data protection laws or otherwise. For substantial changes to this Privacy Notice, we will use reasonable endeavours to provide notice thereof.

The English version of this Privacy Notice shall govern in the event of any conflict with or substantial translation changes into a non-English language.


12. Contact

Any User having any question or request on this Privacy Notice or our privacy practices, can contact us

• by email to

Dr. Sandro Rodriguez Garzon
Service-centric Networking
Institut für Telekommunikationssysteme
Technische Universität Berlin
Ernst-Reuter-Platz 7
10587 Berlin, Deutschland
sensafety@snet.tu-berlin.de

Further privacy related questions may be addressed to the Data Protection Office of the Technische Universität Berlin:

• by email to

Annette Hiller
Alexander Hoffmeier
Dr. Mattis Neiling

Straße des 17. Juni 135
Berlin, Germany
info@datenschutz.tu-berlin.de

You also have the right to contact the local controlling authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219 / visitor entrance via Puttkamerstr. 16-18
10969 Berlin, Germany
mailbox@datenschutz-berlin.de

The privacy policy was created in close collaboration with Zana Ahmetgjekaj-Deva and coordinated with the data protection team of the Technische Universität Berlin.