keyboard_arrow_up

Information Requirements for use of SmapOne pursuant to ART. 13 GDPR

Data Protection Information

The following data protection information provides you with general information on the functionality of the app and the processing of data within the scope of using the app.

 

Responsible Party Within The Meaning Of The Data Protection Laws:

Rhenus Warehousing Solutions SE & Co. KG

Rhenus Platz 1

59439 Holzwickede

 

Data Protection Officer

If you have any questions regarding data protection law or questions about data processing when using the app, you can reach our data protection officer at:

Norbert Geyer; Deputy: Michaela Berger

RDP Röhl, Dehm & Partner Rechtsanwälte mbB

Moritzplatz 6

86150 Augsburg

E-mail: [email protected]

 

Data Processing During Installation And Use Of The App

 

Automatic data processing when using the app. After the free installation of the app from the Apple App Store, Google Play Store or Microsoft Store, personal data is processed when the app is opened. This happens automatically without you having to take any further action, such as filling out and sending a contact form. These automated processing operations concern:

 

Processing The IP Address And Other Device Data

 

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

When the app is opened, requests are sent to the server which it must answer. For this purpose, your IP address must be collected and processed by the server so that the corresponding server requests can be answered.

Other data collected in this context are:

Platform

Device type

Screen size and resolution

Version of the runtime and the operating system

Language

Unique numbers of the unit that make identification possible are not collected. A unit cannot be distinguished by SmapOne from another unit of the same type.

 

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of this data is Art. 6 para. 1 lit. f) DSGVO.

 

3. PURPOSE OF THE DATA PROCESSING

The purpose of processing your IP address and other data is to establish and secure the functionality of the app and to make it technically possible to retrieve it.

 

4. LEGITIMATE INTEREST

Our legitimate interest in the temporary storage of the IP address lies in the fact that the functionality and provision of the technical retrieval option of the app is not possible without this storage.

 

5. DURATION OF STORAGE

The data is deleted again as soon as further storage is no longer necessary because the purpose has been achieved. This usually occurs after a period of 30 days.

 

6. RECIPIENTS OF PERSONAL DATA

smapOne AG, Freundallee 11a, 30173 Hanover as host of the app, administration and support.

 

7. TRANSMISSION TO A THIRD COUNTRY

It is not intended to transfer the personal data to a third country or to an international organisation.

 

8. AUTOMATED DECISION MAKING/PROFILING

No automated decision-making or so-called profiling takes place.

 

 

Processing Of Server Log Files

 

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

The IP addresses collected when opening the app are also stored in so-called server log files in order to detect technical faults and/or attempts to manipulate and break into the server structure and to make them remediable.

In addition, the hosting provider automatically collects, stores and processes information in so-called server log files that are automatically transmitted by the app. However, this information is not merged with other data sources.

This information is:

Time of the request

URL

Response Code

Runtime ID of the device

If applicable, the ID of the smap to which the request refers.

 

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR.

 

3. PURPOSE OF THE DATA PROCESSING

The purpose of processing your IP address and the above information is to detect malfunctions and attempts to gain entry. This serves the security structure of the app and the system integrity of the servers.

 

4. LEGITIMATE INTEREST

Our legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical environment.

 

5. DURATION OF STORAGE

The data is deleted as soon as further storage is no longer necessary due to the achievement of the purpose. This is regularly the case after a period of 30 days. After that, only statistical information is retained.

 

6. RECIPIENTS OF PERSONAL DATA

smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support

 

7. TRANSMISSION TO A THIRD COUNTRY

It is not intended to transfer the personal data to a third country or to an international organisation.

 

8. AUTOMATED DECISION MAKING / PROFILING

No automated decision-making or so-called profiling takes place.

 

DATA PROCESSING WHEN ENTERING USER DATA / PROCESSING HISTORY

 

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

 

In order to be able to use the app within the scope of the employment relationship, the processing of user data is required. For this purpose, an account must be applied for in the Field Business Intelligence and a registration on the platform of the provider SmapOne must be made with the official e-mail address. After downloading the app, a link to the user account via the official e-mail address is required. The individual actions associated with the registration are processed according to the type of action and date for the purpose of proving that the registration has been completed and linked to a specific licence.

 

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.

 

3. PURPOSE OF THE DATA PROCESSING

Unambiguous identification of the authorised use. Verifiability of registration and linkage to a specific licence.

 

4. DURATION OF STORAGE

The data processed as part of the registration will be deleted when the user account is deleted.

 

5. RECIPIENTS OF PERSONAL DATA

smapOne AG, Freundallee 11a, 30173 Hannover as host of the app, administration, support

 

6. TRANSMISSION TO A THIRD COUNTRY

It is not intended to transfer the personal data to a third country or to an international organisation.

 

7. AUTOMATED DECISION MAKING / PROFILING

No automated decision-making or so-called profiling takes place.

 

Use Of Cookies/Usage Analyses

 

Numerous cookies are processed when using the SmapOne website. Rhenus Warehousing has no influence over these cookies. The responsible party in line with the DSGVO for the processing of the cookies mentioned below is SmapOne AG. SmapOne AG’s data protection information is available at: https://www.smapone.com/datenschutzhinweise/

 

The following cookies are required to use the SmapOne website.

 

Name

Purpose

Expiry

Type

Provider

CookieConsent

Saves your consent to the use of cookies.

1 year

HTML

Website

fe_typo_user

Assigns your browser to a session on the server. This only affects the content you see and is not evaluated or processed by us.

Session

HTTP

Website

registrationEmail

Used to create a user account in the registration process.

1 hours

HTTP

Website

registrationAsCreator

Used to create a user account in the registration process.

1 hours

HTTP

Website

. AspNet.ApplicationCookie

Platform authorisation cookie.

2 hours

HTTP

Website

ARRAffinity

Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure.

Session

HTTP

Website

ARRAffinitySameSite

Used in Azure to support users who need to stay on a particular instance of a web app or website in Azure.

Session

HTTP

Website

CurrentCulture

Saves the language setting in the corresponding ISO country code.

1 year

HTML

Website

TiPMix

Azure Websites Testing in Production (TiP).

Session

HTTP

Website

__RequestVerificationToken

Prevents attacks for counterfeit cross-site requests (XSRF/CSRF) in ASP.NET Core.

Session

HTTP

Website

x-ms-routing-name

Azure App Service – Forwarding production data traffic.

Session

HTTP

Website

ai_session

This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. It is a unique, anonymous session identifier cookie.

Session

HTML

Website

ai_user

This cookie is linked to Microsoft Application Insights software, which stores statistical usage and telemetry data for apps developed on the Azure cloud platform. This cookie uniquely identifies a user and counts the number of users who access the app over time.

1 year

HTML

Website

 

 

The following optional cookies are activated if the cookies are consented to by default:

 

Name

Purpose

Expiry

Type

Provider

_gcl_au

Used by Google AdSense to experiment with advertising efficiency on websites.

3 months

HTML

Google

AMP_TOKEN

Contains a token that can be used to retrieve a Client ID from the AMP Client ID Service. Other possible values indicate opt-out, request in progress or an error retrieving a client ID from the AMP Client ID Service.

1 year

HTML

Google

_dc_gtm_--property-id--

Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests.

2 years

HTML

Google

_ga

Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously.

2 years

HTML

Google

_gat

Used to throttle the rate of queries sent to Google Analytics. It also increases the efficiency of network calls.

10 minutes

HTML

Google

_gid

Used to better understand general user behaviour on our website and for Google Ads to improve the performance of our ad placements. The respective visitor data is collected anonymously.

1 day

HTML

Google

_ga_--container-id--

Used by DoubleClick (Google Tag Manager) to identify visitors by age, gender or interests.

2 years

HTML

Google

_gac_--property-id--

Contains information about campaigns for the user. If you have linked your Google Analytics and Google Ads accounts, efficiency measurement elements will read this cookie unless you disable it.

3 months

HTML

Google

_fbp

Used to display a range of advertising products, e.g. real-time bids from third party advertisers.

28 days

HTML

facebook

fr

Used to display a range of advertising products, e.g. real-time bids from third party advertisers.

3 months

HTML

facebook

facebookPixel

If JavaScript is not enabled, this pixel initiates a connection with Facebook.

none

Pixel

facebook

_pk_id

Used for Matomo (Piwik) to store information about users, e.g. unique, anonymised visitor ID.

13 months

HTML

Website

_pk_ref

Used to store the user's originating website information.

6 months

HTML

Website

_pk_ses

Used by Matomo (Piwik) to store the attribution information and referrer originally used to visit the website.

30 minutes

HTML

Website

_pk_cvar

Short-term cookie to store temporary data of the visit.

30 minutes

HTML

Website

_pk_hsr

Short-term cookie to store temporary data of the visit.

30 minutes

HTML

Website

_hjid

Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID.

1 year

HTML

Hotjar

_hjFirstSeen

Used to identify the first session of a new user, as well as to recognise returning visitors to our website across different domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID.

1 year

HTML

Hotjar

_hjTLDTest

Used to identify the first session of a new user, as well as to recognise returning visitors to our website across domains. It also ensures that behaviour on subsequent visits to the same page can be attributed to the same anonymous user ID.

1 year

HTML

Hotjar

UserMatchHistory

Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.

6 months

HTML

LinkedIn

bcookie

Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.

6 months

HTML

LinkedIn

lang

Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.

6 months

HTML

LinkedIn

BizoID

Used by LinkedIn for the evaluation of visitors for the analysis of LinkedIn Ads.

6 months

HTML

LinkedIn

 

Cookies can only be selected by clicking on the link: “Detailed Settings” in the pop-up “Information about Cookies.” The optional cookies are not preselected. The cookie selection in question is set with “Save Selection.”

 

Access To Device Functionalities

 

The app needs access to the camera to capture images. Images are used to document, for example, damage to the object being examined.

 

 

Functionalities Of The App And Individual Processing

 

Processing history within the framework of working with smaps:

 

1. Description And Scope Of Data Processing

 

Smaps and individual data per smap (see processing activity) are derived from the process.

Only the forwarding, assignment and sending of data records are stored in the respective data record. No content editing history is created for the entries.

 

2. Legal Basis For Data Processing

The legal basis for the processing of this data is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR.

 

3. Purpose Of Data Processing

The purpose of processing the data is to control abuse.

 

4. Duration Of Storage

The data will be deleted when the user account is deleted.

 

5. Recipients Of Personal Data

smapOne AG, Freundallee 11a, 30173 Hannover is host of the app, administration and support.

 

6. Transmission To A Third Country

There is no intention to transfer the personal data to a third country or to an international organisation.

 

7. Automated Decision-Making/Profiling

No automated decision-making or so-called profiling takes place.

 

Rights Of The Data Subject

As explained above, we do not process any personal data when you use the app. However, we would like to inform you about your rights under the DSGVO when processing personal data:

If you process personal data, you are the data subject within the meaning of the general data protection regulation. You therefore have rights vis-à-vis the controller. To exercise your data protection rights against us as the data controller, please contact the following e-mail address: [email protected].

.

1. Right to Information - Art. 15 GDPR

You have the right to obtain confirmation from the controller as to whether personal data concerning you are being processed.

If there is such processing, you have the right to access this personal data and to receive the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  • if possible, the planned period for which the personal data will be stored or, if that is not possible, the criteria for determining the storage period;
  • the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, comprehensive information about the logic involved and the scope and intended effects of such processing for the data subject.

 

In addition, you have the right to request information on whether the personal data concerning you have been transferred to a third country or to an international organisation. In this context, you may also request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

 

2. Right to Correction – Art. 16 GDPR

You have the right to obtain from the controller the correction and/or completion of data relating to you without undue delay if the personal data processed is inaccurate or incomplete.

 

3. Right to Deletion – Art. 17 GDPR

 

Obligation to Delete:

 

You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:

  • the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You have revoked your consent on which the processing was based pursuant to Art. 6 (1) a) or Art. 9 (2) a) GDPR and there is no other legal basis for the processing;
  • You have objected to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you have objected to the processing pursuant to Article 21(2) GDPR;
  • the personal data concerning you have been processed unlawfully;
  • the deletion of the personal data concerning you is necessary for compliance with a legal obligation to which the controller is subject under European Union or member state law;
  • the personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

Exceptions:

  • A right to erasure does not exist insofar as the processing is necessary;
  • To exercise the right to freedom of expression and information;
  • To comply with a legal obligation which requires processing under EU or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the controller;
  • for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3);
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89
  • of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the assertion, exercise or defence of legal claims.

 

4. Right to Restriction of Processing – Art. 18 GDPR

You have the right to request the restriction of processing of personal data concerning you under the following conditions:

  • if you contest the accuracy of personal data concerning you for a period enabling the controller to verify its accuracy;
  • if the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of its use;
  • if the controller no longer needs the personal data for the purposes of processing but you need it for the assertion, exercise or defence of legal claims; or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

 

Where the processing of personal data relating to you has been restricted, such data may, with the exception of storage,  be processed only with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or due to substantial public interest on the part of the European Union or a member state. If the restriction of processing has itself been restricted on the basis of the above conditions, you will be informed by the controller before the restriction is lifted.

 

5. Right to Information – Art. 19 GDPR

If you have exercised one of your rights to rectification, deletion or restriction of processing, we are obliged to communicate the rectification, erasure of data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

 

6. Right to Data Portability – Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, as long as:

 

a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and

 

(b) the processing is carried out with the aid of automated procedures.

 

In exercising this right to data portability, you also have the right to ensure that the personal data concerning you is transferred directly from one controller to another insofar as this is technically feasible.

 

7. Right of Objection – Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

 

The controller shall no longer process the personal data concerning you unless he or she can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

 

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.

 

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right of objection by means of automated procedures using technical specifications.

 

8. Right to Revoke the Declaration of Consent under Data Protection Law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

9. Right to Complain to a Supervisory Authority – Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the general data protection regulation.

 

The supervisory authority with which you lodge a complaint shall inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

 

This data protection notice will be updated at regular intervals.