Data Protection Declaration for the AchemAsia App
Version 1.0, 18/03/2019
Thank you for our interest in our app. The protection of your personal data when processing it for the use of the app is paramount to us. Your personal data is collected and processed in compliance with the applicable data protection regulations, particularly the General Data Protection Regulation (hereinafter referred to as “GDPR”) and the regulations of the EU member states which apply to us. This Data Protection Declaration provides information on the type, scope and purpose of the personal data processing activities within the scope of the use of the app and related functions. This Data Protection Declaration also explains your rights.
By downloading and installing / using our app, you enter into a contract with us on the use of the app and explicitly agree with the information and methods stated in the Data Protection Declaration.
The controller within the meaning of the General Data protection Regulation, other national data protection laws of the EU member states and other data protection regulations is:
2. Data protection officer
The data protection officer responsible for data processing is:
Dr. Ulrich Westhaus
Tel.: +49 69 7564-229
Please contact our data protection officer directly should you have questions or suggestions relating to data protection or wish to object to the processing of your data in accordance with this Data Protection Declaration.
This Data Protection Declaration is based on the terminology of the GDPR. Please refer to the definitions in Art. 4 GDPR in this respect.
a. personal data
'personal data' means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
c. restriction of processing
'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future.
'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4. Data processing
a. Device information and events
We process device data for crash reporting to determine errors that may have caused the app to crash. This includes the following data: device ID, model and name, operating system, time stamp and error cause.
The data is required for crash reporting in order to analyse and correct errors and/or app crashes. This purpose represents our legitimate interest in the data processing activities and the legal basis for the processing is therefore Art. 6 (1) lit. f GDPR.
The data is essential for crash reporting; you cannot object to this processing. Please uninstall the app if you object to the data being processed for this purpose. The crash data is deleted as soon as it is no longer required for analysis and error correction purposes.
b. Calendar access
We need to access your calendar to give you the option to store the dates of your trade fair visit plans in your calendar. We do not read or store any personal data from your calendar during this process. You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.
c. Address book access
We need to access your address book to give you the option to store contacts you have been given in the form of digital business cards, matchmaking or list of exhibitors. We do not read or store any personal data from your address book during this process. You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.
d. Camera access
We need to access your camera to take pictures. The data is stored on your device. You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.
Further to the types of access stated above, we only process personal data within the scope of the use of individual app functions. We do not collect any additional personal data if you do not use these functions.
5. Security measures
We have implemented numerous technical and organisational measures for the processing of personal data to ensure that the processed personal data is as fully protected as possible. However, we would like to point out that it is impossible to fully protect the data against third-party access during internet-based data transfer due to the general security gaps of the latter.
6. Transfer to third parties and countries
We generally only use your personal data within our company.
We only disclose or transfer personal data to other persons or companies or grant them any other form of access to the data within the scope of our processing activities if we are permitted to do so by law, have your consent and/or a legal obligation to do so or if this is based on our legitimate interests.
In the event of us engaging a third party with the processing of personal data based on an order processing agreement, the legal basis is Art. 28 GDPR.
We do not, and do not plan to, transfer the data to instances or persons outside the EU, with the exception of the use of Google Analytics. In this case, the data is only processed in a third country under the special terms and conditions stated in Art. 44 et seqq. GDPR. The data is therefore processed on the basis of special guarantees, such as the official determination of a data protection standard which matches that of the EU (in this case the “EU-US Privacy Shield”).
7. Rights of the data subject
The applicable laws give you various rights regarding your personal data. If you wish to assert these rights, please send your request, including a clear identification of your person, via e-mail or mail to the address stated in No. 2.
Below is an overview of your rights.
a. Right to information
You have the right to request confirmation from us if we are processing any personal data relating to you at any time.
If we process your personal data, you have the right to request free-of-charge information on which data is being processed and receive copies of the data. You further have the right to receive the following information:
Data processing purposes;
Categories of personal data being processed;
Recipients or categories of recipients to whom your personal data has been, or will be, disclosed;
Planned storage period for your personal data or criteria for determining the storage period if it is impossible to specify;
Existence of the right to correction or deletion of your personal data, the right to limit its processing by us or the right to object against such processing;
Existence of the right to complain to a supervisory authority;
All information available on the origin of the data if it has not been collected from the data subject;
Existence of an automated decision-making process, including profiling, in accordance with Art. 22 (1) and (4) GDPR and meaningful information on the logic involved as well as the consequences and intended effects of such processing on you.
If your personal data is transferred to a third country or international organisation, you have the right to be informed about the suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.
b. Right to correction
You have the right to request for us to correct any of your personal data that is inaccurate and complete any incomplete personal data relating to you without delay.
c. Right to deletion
You have the right to request for us to delete your personal data immediately and we are obliged to delete such personal data without delay if one of the following reasons applies:
Your personal data is no longer required for the purposes for which it was collected or processed in any other manner.
You withdraw your consent for the processing in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for such processing.
You object against the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate interests for the processing or you object to the processing in accordance with Art. 21 (2) GDPR.
Your personal data has been processed illegally.
The personal data has to be deleted in order to fulfil a legal obligation under EU law or the law of the member states applicable to us.
The personal data was collected with regard to services offered by the information company in accordance with Art. 8 (1) GDPR.
If we have published your personal data and are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall implement adequate measures, including technical measures that take into consideration the available technologies and implementation costs, to inform the controllers that are processing the personal data that you, the data subject, have requested the deletion of all links to this personal data, copies or duplicates thereof.
The right to deletion does not exist if the processing is required for
Exercising the right to freedom of speech and information;
Fulfilling a legal obligation which is governed by EU law or the law of the member states applicable to us, or performing a task transferred to us which is in the interest of the general public or necessary to enforce the orders of a public authority;
Reasons of public interest with regard to public health in accordance with Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
Archiving purposes that are in the interest of the general public, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR if the right to deletion can be expected to make the realisation of the objectives of such processing impossible or if it would significantly impair it; or
Asserting, enforcing or defending legal claims.
d. Right to limitation of processing
You have the right to request for us to limit the processing of your personal data under the following conditions:
You dispute the accuracy of your personal data for a period of time which enables us to check its accuracy;
The processing activities are illegal and you reject the deletion of your personal data and instead request for the use of it to be restricted.
We no longer require the personal data for the purposes of the processing activities, but you require the data for asserting, enforcing or defending legal claims; or
You have objected against the processing of the data in accordance with Art. 21 (1) GDPR and it has not yet been asserted if our legitimate interests outweigh yours.
e. Right to data transferability
You have the right to receive your personal data which you provided to us in a structured, standard and machine-readable format. You also have the right to transfer this data to another controller without obstruction from us if the processing is based on consent in accordance with Art. 6 (1) lit. a or Art. 9 (1) lit. a GDPR or on a contract in accordance with Art. 6 (1) lit. b GDPR and automated methods are used for processing the data. In accordance with Art. 6 (2) GDPR, you further have the right to request for us to transfer your personal data to another controller if this is technically possible and does not violate the rights and freedoms of other persons in accordance with Art. 6 (4) GDPR.
f. Right to objection
You have the right to object against the future processing of your personal data which is based on Art. 6 (1) lit. e or f GDPR at any time. This also applies to any profiling based on this provision. In particular, you may object to processing for the purposes of direct advertising.
In the event of an objection, we no longer process your personal data, unless we have proof of compelling reasons for the processing activities that are worth protecting and which outweigh your interests, rights and freedoms, or the processing activities serve to enforce, execute or defend legal claims.
You have the right to object against the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is required for fulfilling a task which is in the interest of the general public.
g. Right to withdraw consent to process personal data
You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of this consent does not affect the legality of the processing based on the consent until its withdrawal.
h. Automated decision-making
You have the right not to be subjected to decisions exclusively based on automated processing, including profiling, which have legal implications or similar negative effects on you.
This does not apply if the decision
Is required for concluding or fulfilling a contract between you and us;
Is legal in accordance with EU law or the laws of the EU member states which apply to us and these laws contain adequate measures for maintaining your rights and freedoms as well as your legitimate interests; or
Is made with your explicit consent.
i. Right to complain to a supervisory authority (Art. 77 GDPR)
You have the right to complain to a responsible supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR.
8. Amendments to our Data Protection Declaration
We reserve the right to amend this Data Protection Declaration to ensure that it always meets legal requirements. Please refer to the version number, including date, at the top of the Data Protection Declaration in this respect.