Privacy Policy – Hospital App - Catchup Applications

Version 9 of May 8, 2025

Privacy Policy for the Use of Our Navigation Applications

Service Provider

Catchup Applications KG
Glockengießerwall 26
20095 Hamburg
datenschutz@catchup-apps.com

Data Protection Officer

Mr. Oliver Guderjahn
Kedua GmbH
datenschutz@catchup-apps.com

The service provider (“we”) take the protection of your personal data very seriously. We treat your personal data confidentially and process it in accordance with the applicable data protection laws, such as the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Please read the following privacy policy carefully before downloading and using any of our applications from the app stores. By downloading, installing, or using our software, you agree to our End User Agreement.

§ A General

1. If you provide us with personal data by post, email, contact form, or any other means, your information will be stored for the purpose of processing your inquiry and in case of follow-up questions. We will not disclose this personal data without your consent. Once the purpose of the data processing has been fulfilled, the data will be deleted or destroyed.

2. You have the right to request information, correction, deletion, restriction of processing, objection based on a particular situation of the data subject, and data portability at any time. Data portability refers to the transfer of your personal data stored with us to you or to a third-party provider of your choice. As part of your request, we are obligated to unequivocally identify you. Therefore, if necessary, you will need to provide us with identifying data.

3. You can withdraw your consent to the processing of your personal data at any time.

4. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority at any time.

5. Your personal data is processed in accordance with the principle of purpose limitation. This means that your data will be stored by us only for as long as it is necessary to fulfill the purpose of the processing. Once this purpose has been fulfilled, the data will be deleted.

§ B Navigation via Web or Smartphone Application

§ B 1 Description of Live Outdoor/Indoor Navigation

Live navigation provides users (you) with route guidance based on your current and changing location. Directional instructions are displayed to guide you along the way. Live navigation takes place directly within our smartphone applications, so there is no need to rely on any pre-installed navigation app.

§ B 2 Description of Step-by-Step Navigation

Step-by-step navigation provides users (you) with route guidance that can be used either without considering your location or by optionally using your current location. If your location is not used, you manually select a starting point and a destination and are guided step by step via a map view.
If you wish to include your current location, you can track your position using a built-in button. There is no live navigation in which your location is continuously tracked.
Step-by-step navigation is available either in our web or smartphone applications.
If you access the step-by-step navigation via a QR code, the QR code is used solely for one-time location detection without accessing your device’s location services.

§ B 3 Access Permissions on Your Smartphone

To calculate and carry out live navigation and to determine your current location in step-by-step navigation, we require access to your location. If you do not grant our applications this permission, live navigation and tracking of your current location will not be possible.

Depending on the application, this may also require access to Bluetooth, as we use this technology for indoor positioning.

Depending on the application, you have the option – provided you give your explicit consent – to share the step counter data integrated into your smartphone (e.g., Google Fit or Apple Health). Access is solely for the purpose of improving the accuracy of live navigation, particularly for indoor orientation. This permission is not required to use live navigation. The data is processed locally on the device and is not shared with third parties.

§ B 4 Data Transfer and Cooperation with Third-Party Providers

To display the campus map and the world map outside our customers’ campuses, we cooperate with the OpenStreetMap (OSM) provider MapTiler from Switzerland. OSM is an international project that provides worldwide map data. However, the further processing and utilization of the data are carried out independently of OSM, and no data is transmitted to OSM. The data from MapTiler is integrated into our products via the open-source library MapLibre.

We have carefully selected this partner because they do not combine your location data with any other datasets and do not forward it, for example, to the USA, Russia, or China. MapTiler’s business model is not based on processing user data but on licensing by providers such as Catchup Applications. You can find the privacy policy at the following website:

End user conditions for Map Tiler (English): https://www.maptiler.com/privacy-policy/

§ B 5 Navigation Settings

In some of our applications, you can adjust navigation settings. For example, we may ask if you have any mobility restrictions so that we can offer you a route with easily walkable paths and no stairs. These settings are transmitted to our server for route guidance and are otherwise stored only locally on your smartphone.

§ C Data Collection

§ C 1 Collected Data

The following data is anonymously collected by us when the corresponding features in one of our applications are used, meaning that neither a pseudonym nor a real person can be assigned to it:

1. Launch of our smartphone application(s)

2. Opening a tab or (sub)page (e.g., Navigation, News, Events, Phonebook, etc.)

3. Interactions with links or buttons (e.g., starting a search, selecting a post, clicking an entry on the map)

4. Entered search terms

5. Selected start and destination for navigation, including route mode

6. User’s location during the use of live navigation

7. User ratings (with the exception of those described in §C4)

8. Selected phone numbers from the phonebook

Each upload also transmits hardware information. This includes the operating system (e.g., Android, iOS, Windows, Linux), the operating system version, web app and, if applicable, smartphone app version. Additionally, the attributes stored in the settings (e.g., user group, mobility impairment, disabled parking permit available, visual impairment mode activated, etc.) are also transmitted.

The following data is stored locally on your smartphone, which means we do not have access to it:

9. Selected navigation destinations listed as “Recently Used”

10. Selected phone numbers from the phonebook listed as “Recently Used”

11. Settings regarding appointment storage

12. Settings regarding the display of relevant events

13. Information from the step counter

Additionally, we store a pseudonymized “token” on your smartphone and on our server. This allows us to determine that we are permitted to send you push notifications. This is a common procedure for the secure delivery of push notifications. The services we use to send push notifications are listed in §C6.

§ C 2 Reasons for collecting your data

We collect your anonymized data for the following reasons:
1. To use live navigation, your current and changing location is required.

2. To provide our clients with a data basis for improving their wayfinding systems, we collect information on which destinations are accessed and how frequently.

3 To evaluate the added value and corresponding usage of our smartphone applications, we record the frequency of app launches. These are absolute frequencies without any relation to individual devices.

4. To simplify usage, we store certain data locally on your smartphone (see §C1, items 6–10). This allows us to, for example, show you the most recently used parking spot during navigation. You can delete this data at any time with a single click. These data are automatically and completely deleted when you uninstall our application.

5. We attempt to generate a Session ID each time the app is launched. If successful, search and navigation queries are assigned to this Session ID in order to improve search functionality. The Session ID cannot be linked to any device, previous, or future Session ID. Re-identification is excluded, and the user remains anonymous.

§ C 3 Selection of Your User Role

In some of our applications, you will be asked to assign yourself to a predefined user group upon first launching the app. For example, we may ask whether you are a patient, a student, or a staff member. Your selection is saved by assigning a “token.” This allows us to send targeted messages to one or more user group(s), provided you have allowed the receipt of push notifications. If you do not wish to assign yourself to a user group, you can skip this question.

§ C 4 User Ratings

In some of our applications, users can submit a rating. This includes a rating system using smileys as well as an optional free-text input. If you provide us with personal data through the free-text input, we will handle it as described in §A1.

§ C 5 Generierung von Crash-Reports

Our Android applications use the “Crashlytics” program from Google’s Firebase. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google complies with the applicable EU-U.S. Privacy Shield conditions and has been certified for this by the Department of Commerce.
The Crashlytics program helps us to create and evaluate reports on app errors and crashes in order to fix the errors that cause them. When the report is created, Crashlytics creates an instance ID with a timestamp. This is personal data that allows conclusions to be drawn about processes. We cannot identify individuals with this instance ID and only process this data to maintain the functionality of our applications.
You can find the data protection regulations on the following website: Data protection regulations for Firebase Crashlytics (English): http://try.crashlytics.com/terms/privacy-policy.pdf

§ C 6 Sending of Push Notifications

Our Android applications use the “Cloud Messaging” service from Google’s Firebase. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google complies with the applicable EU-U.S. Privacy Shield framework and has been certified by the Department of Commerce accordingly.
The privacy policy can be found on the following website: Privacy Policy for Firebase Cloud Messaging (English): https://firebase.google.com/support/privacy
Our iOS applications use the “Apple Push Notification Service” from Apple. The provider is Apple Inc, One Apple Park Way, Cupertino, CA 95014. You must allow this service to send you messages when you first start our application.
Both services use a “token” to send push notifications. This token contains a unique instance ID and records whether we are allowed to send you push notifications. This instance ID is stored on your device, in our database, and in the database of the respective provider. After you uninstall our application or revoke permission to receive push notifications, this token is deleted from all databases as well as from your device.

§ D Links from Our Applications

§ D 1 Collected Data

Some of our applications contain links to our own website. You can read the data protection conditions for www.catchup-apps.com in detail at the following link. You can also object to the placement of cookies here:
https://www.catchup-apps.com/datenschutzerklaerung
Some of our applications contain links to external websites, over whose content and privacy policies we have no influence. When an external website opens in your browser, you can decide, according to applicable law, whether you want to agree to the privacy policies of the respective operator or not.