Data protection declaration for the use of our navigation applications

Version 6 dated December 21, 2020

Service provider:

Catchup Applications KG
Glockengießerwall 26
20095 Hamburg
datenschutz@catchup-apps.com

 

Data protection officer:

Mr. Oliver Guderjahn
Kedua GmbH
datenschutz@catchup-apps.com

The service provider (we ”) takes the protection of your personal data very seriously. We treat your personal data confidentially and process your personal data in accordance with the statutory data protection regulations such as the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Please read the following data protection declaration carefully before you download and use one of our applications from the app stores. By downloading, installing or using our software, you agree to our end user agreement.

§ A General

1. If you send us personal data by post, e-mail, contact form or other means, your details will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not pass on this personal data without your consent. If the purpose of the data processing has been fulfilled, we will delete or destroy them again.

2. You have the right to information, correction, deletion, restriction of processing, objection due to a particular situation of a data subject and data portability at any time. Data portability is understood to mean the handing over of your personal data stored by us to you or a third party provider of your choice. As part of your request, we are obliged to identify you beyond any doubt. To do this, you must send us identifying data in case of doubt.

3. You can revoke your consent to the processing of your personal data at any time.

4. You also have the right to lodge a complaint with the relevant supervisory authority at any time.

5. Your personal data will be treated according to the purpose limitation principle. This means that your data will be stored by us for as long as is necessary to fulfill the purpose of processing. If this purpose is fulfilled, the data will be deleted again.

§ B Navigation via web or smartphone application

§ B 1 Description of the live outdoor / indoor navigation

Live navigation guides the user (you), taking into account your current, changing location. You will be shown directions for guidance. The live navigation takes place directly in our smartphone applications, so that no pre-installed navigation application has to be used.

§ B 2 Description of step-by-step navigation

The step-by-step navigation is a route for the user (you), which can be used either without taking your location into account or taking your current location into account. If your location is not taken into account, you manually select a start and destination point and you will be navigated step by step using a map view. If you want your location to be taken into account, you can track your current position using a built-in button. There is no live navigation during which your location is continuously tracked. The step-by-step navigation takes place either in our web or in our smartphone applications. If you call up the step-by-step navigation using a QR code, this will be used for the one-time determination of your location without accessing the location functions of your device.

§ B 3 Access rights to your smartphone

To calculate and carry out the live navigation and to record your current location in the step-by-step navigation, we need access to your location. If you do not allow our applications this access right, no live navigation or tracking of your current location is possible. Your location data will only be saved in our applications for the duration of the navigation and will be automatically deleted after this has ended.

§ B 4 Movement of your data and cooperation with third-party providers

We work with third-party providers to enable you to start live outdoor navigation from any location. This is necessary so that we can access comprehensive map material outside of our customers’ premises. During the live outdoor navigation, your location data will also be anonymized and transmitted to these third-party providers.

Our current third party provider for live outdoor navigation is the OpenStreetMaps (OSM) provider MapBox. OSM is an international project that provides maps from around the world. However, the further processing and utilization of the material takes place independently of OSM and no data is transmitted to OSM. The MapBox system is integrated into our products via a programming interface (API).

We have carefully selected this partner as they will not link your location data to any other data set. The data protection regulations can be found on the following website: End user conditions for MapBox (English): https://www.mapbox.com/privacy

§ B 5 Navigation Settings

You can make navigation settings in some of our applications. For example, we will ask you if you have restricted mobility so that we can offer you a route with easily accessible paths and without stairs. These settings are transmitted to our server for route guidance and are otherwise only saved locally on your smartphone.

§ C Data Collection

§ C 1 Collected Data

If the corresponding features are used in one of our applications, the following data is recorded anonymously by us, which means that neither a pseudonym nor a real person can be assigned to you:

1. Location of the user while using the live navigation

2. Selected navigation destinations

3. Start our smartphone application (s)

4. SessionID (if possible)

5. Selected phone numbers from the phone book

6. User reviews (with the exception of the representation in §C4)

The following data is stored locally on your smartphone, which means we have no access to it:

7. Selected navigation destinations listed as “Recently Used”

8. Selected phone numbers from the phone book that are listed as “Recently Used”

9. Settings related to live navigation

10. Settings regarding the appointment storage

11. Settings regarding the display of relevant events

In addition, we save a pseudonymized “token” on your smartphone and on our server. It allows us to determine that we can send you push messages. This is a common procedure for the secure delivery of push notifications. You can see which services we use for sending push notifications in §C6.

§ C 2 Reasons for collecting your data

We collect your anonymized data for the following reasons:
1. Your current, changing location is required to use the live navigation.

2. In order to be able to offer our customers a data basis for improving the wayfinding systems, we record which destinations are called up and with what frequency.

3. In order to be able to evaluate the added value and the associated use of our smartphone applications, the frequency of app starts is saved. These are absolute frequencies without any relation to individual devices.

4. To make it easier to use, we save some data locally on your smartphone (§C1 points 6.-10.). This enables us, for example, to show you the last used parking space when navigating. You can delete this data at any time with a click. When our application is uninstalled, this data is automatically and completely deleted.

5. We try to generate a SessionId every time the app is started. If this is successful, search and navigation requests are assigned to this SessionId in order to improve the search. The SessionId cannot be assigned to any device, any preceding or subsequent SessionID. Re-identification is not possible, the user is anonymized.

§ C 3 Selection of your user role

In some of our applications, after the first app start, you will be asked to assign yourself to a predefined user group. For example, we ask you if you are a patient, a student or an employee. We save your entry by storing a “token”. In this way, if you allow the receipt of push messages, we can send targeted messages to one or more user groups. If you do not want to assign yourself to a user group, you can skip this question.

§ C 4 User reviews

Our users can leave a rating in some of our applications. This includes a rating system in the form of smileys and the option of entering free text. If you pass on personal data to us via the free text, we will proceed with this as shown in §A1.

§ C 5 Generation of crash reports

Our Android applications use the “Crashlytics” program from Google’s Firebase. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google adheres to the applicable EU-U.S. Privacy Shield conditions and has been certified for this by the Department of Commerce.
The Crashlytics program helps us to create and evaluate reports on app errors and crashes in order to correct the errors that lead to them. When creating the report, Crashlytics creates an instance ID with a time stamp. This is personal data that allows conclusions to be drawn about processes. We cannot identify any individuals with this instance ID and we only process this data to maintain the functionality of our applications.
The data protection regulations can be found on the following website: Data protection regulations for Firebase Crashlytics (English): http://try.crashlytics.com/terms/privacy-policy.pdf

§ C 6 Sending of push notifications

Our Android applications use the “Cloud Messaging” program from Google’s Firebase. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google adheres to the applicable EU-U.S. Privacy Shield conditions and has been certified for this by the Department of Commerce.
You can find the data protection regulations on the following website: Data protection regulations for Firebase Cloud Messaging (English): https://firebase.google.com/support/privacy
Our iOS applications use the Apple Push Notification Service from Apple. The provider is Apple Inc., One Apple Park Way, Cupertino, CA 95014. You must allow this service to send you notifications when you start our application for the first time.
Both programs use a “token” to send push messages, which contains a unique instance ID and records whether we are allowed to send you push messages. This instance ID is stored on your device, in our database and in the database of the relevant provider. After deinstallation of our application or after revocation of the permission to receive push notifications, this token will be deleted from all databases as well as from your device.

§ D Links to 3rd party applications

§ D 1 Data collected

1. Some of our applications contain links to our own website. You can read the data protection conditions for www.catchup-apps.com in detail under the following link. Here you can also object to the placement of cookies:
https://www.catchup-apps.com/datenschutzerklaerung
2. Some of our applications contain links to external websites over whose content and data protection regulations we have no influence. If a third-party website opens in your browser, you can decide in accordance with applicable law whether or not you want to agree to the data protection provisions of the relevant operator.