With this data protection information we inform you about the processing of your personal data by us when you
– use the Staffice employee app (“App”), or
– visit the web interface at aap.staffice.app of the web interface, e.g. to use functions of the app in the browser or to log in as administrator or editor in the backend.
In addition, we explain the rights you are entitled to under the EU General Data Protection Regulation (GDPR).
The Employee App and the Web Interface are hereinafter collectively referred to as “MAPP”.
Our general data protection information for employees also applies.
2. Responsible person and data protection officer
We, ATINO GmbH, Springorumallee 2, 44795 Bochum, Germany, firstname.lastname@example.org, 02345200890, are the responsible party.
Contact details of the data protection officer: René Rautenberg, ATINO GmbH, Springorumallee 2, 44795 Bochum, Germany
3. User account and master data
To use MAPP, you need a user account. You can either create this yourself or we can create it for you.
The following master data is assigned to the usage account:
– Access data (e.g. e-mail and password)
– Contact details (e.g. name, business email address, telephone number)
– Organisational data (e.g. company, department, groups, role, supervisor)
– Roles and rights (e.g. reading and editing rights of contributions)
Your mobile phone number is not required to use MAPP.
We may also use your email address within MAPP for system-related emails, e.g. notice of changes to privacy notices or workflow notifications (e.g. approvals granted). As part of the registration process, you may receive an email to your business email address asking you to click a link. This is to ensure that the email address is assigned to you.
We generally store the master data in MAPP for the duration of your user account; this corresponds to the time of your employment with or for us. Your data will also be deleted if you or we delete your user account, e.g. if we discontinue the Employee App as a whole or you decide you no longer wish to use MAPP. To delete your user account, please contact us (email@example.com).
Within MAPP, your contact and organisation data are generally visible to all other MAPP users of our company.
Within MAPP, your contact and organisation data are generally visible to all other MAPP users of our company. However, you cannot use MAPP without your data. There is no obligation to use MAPP.
4. individual app functions
Below we explain how we handle your data when you use individual functions of MAPP. This may also describe functions that are not (yet) available to you.
With the chat function, you can send messages to other staff members (individual chat) and to groups (group chat). The chat is available to all users of MAPP of our company.
In addition to the chat messages themselves, the date/time when messages were sent and the read status of the message are also saved. The sender of a message in the individual chat can see whether – but not when – you as the recipient have read a message. In addition, you can optionally upload a profile picture that all users of the chat can see.
We use the data to provide you with the chat function. The chat content is official communication (similar to an e-mail), to which our general rules for company communication apply, unless otherwise stated.
Messages basically remain even if their user account is deleted, as the messages are still contained in the recipients’ mailboxes (similar to an e-mail). It is not possible to delete individual messages after you have sent them.
Chat messages are routinely deleted by us after a certain period of time. See also point 9.4.
Only users directly involved in the chat have access to messages. Messages in the one-on-one chat are encrypted end-to-end, even we cannot access their content. Messages in the group chat are encrypted in transit, but are available on the server in unencrypted form, but can only be viewed by administrators.
If you participate in a survey, your answers will not be assigned to your user account (anonymous survey). We only count the number of answers per question or the answer text for free text fields to determine the aggregated survey result. This data will not be added to your user account. We only record “that” you have taken part in the survey to prevent multiple voting. When the survey is finished, the information that you participated in the survey is also deleted.
Once you have sent your reply, you can no longer delete or change it.
Unless otherwise stated, participation in surveys is voluntary.
Details on data protection, such as the purpose of use, the recipients and the storage period may be specified in additional data protection information on the survey.
4.3. Applications and notifications (e.g. sick leave, holiday application)
If you use MAPP to send us applications or notifications relating to your employment relationship (e.g. sickness notifications or holiday applications) via functions specially designed for this purpose, we will receive the data or content entered by you as well as the date and time of submission. We provide the data to a responsible employee (e.g. in the personnel department). In this respect, MAPP is merely an additional communication channel.
If you send photos in your applications and messages that were taken within the staff app, the photos are deleted immediately after they are sent. When you select photos from your smartphone’s gallery, the image remains on your device.
The purposes, storage period, legal basis and recipients are also governed by our general data protection information for employees.
4.4. Content contributions (e.g. on the intranet or notice board)
If you publish content contributions in MAPP (e.g. on the intranet or noticeboard), whether in your role as a user, editor or administrator, the content, your name including contact details as well as the date and time of the contribution are generally visible to all MAPP users in our company.
The contributions remain stored until they are deleted by you or an editorially responsible employee. In the event of a deletion, the contribution itself or all identifying information (author’s property) will be deleted. Contributions are generally visible to all users of MAPP of our company.
5. notifications on mobile devices (push notifications)
We can send push notifications to your device if it is running the iOS or Android operating system. Push notifications are messages that are displayed on your end device even if you are not currently using the employee app. It is therefore a function of the operating system provider and not the employee app itself.
You can individually set the receipt of push notifications in the settings menu of the employee app. You can also disable the delivery of our push notifications in the operating system settings of your mobile device.
We use push notifications, e.g. to inform you about incoming chat messages. MAPP can also be used without the push function.
For the delivery of push notifications, we need to hand over the content of the notifications to a technical service of your operating system provider. In the case of end devices with Android operating system, this is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland and takes place as part of the “Firebase Cloud Messaging” service; in the case of iOS, this is Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014. The addressing of your device takes place technically via a pseudonymous identification number which is provided to us by your operating system provider and which only applies to our app and your specific end device. We do not transmit any information that directly identifies you, such as your name or email address, to the operating system provider.
The basis for a data transfer to the USA, as an unsafe third country within the meaning of the GDPR, is the provision of the push functionality expressly requested by you, Art. 49 (1) b) GDPR (performance of contract).
6. data processing for analysis purposes
6.1. Server log files (web interface)
In principle, we do not keep any server log files. We only activate this when necessary in the event of troubleshooting. In this case:
When you call up an individual page of the web interface, our web servers record in a log file the address (URL) of the page called up, the date and time of the call-up, any error messages and, if applicable, the operating system and browser software of your end device as well as the website from which you are visiting us. We also store the IP address of your computer in our log files.
The log file data is used by us exclusively to ensure the functionality of our services (e.g. error analysis, guarantee of system security and protection against misuse) and deleted after problem resolution, at the latest after 7 days, or shortened in such a way that a personal reference can no longer be established.
Insofar as log file data qualify as personal data in individual cases, the legal basis for the processing of log file data is our legitimate interest (error analysis, ensuring system security and protection against misuse).
6.2. Usage statistics
We collect anonymous usage statistics about which functions and pages were used and how often. These are simple meters. There is no association with your device or your user account or your name and no pseudonymous profiles are created. No third-party service providers are used to compile usage statistics.
7. system permissions (apps)
The staff app requires the following system permissions on your terminal and uses them as follows:
– Camera: to take photos that you take in the employee app and send to us (e.g. holiday application).
– Memory: for sending photos that you have saved on your terminal device (e.g. photo of the holiday application from your gallery).
– Internet access: for communication with our servers, e.g. retrieving content, sending chat messages.
Cookies are small text files that are stored in the browser of your end device and transferred to us each time you visit our website.
When you log in to the web interface with your user account, our server sets a cookie on your computer: this contains a random code and is technically necessary because it serves to recognise you as a logged-in user. This cookie is deleted when you close the browser (so-called “session cookie”).
9 Supplementary information on the obligation to provide data, legal basis, data recipients and storage period
Unless otherwise stated in this privacy notice, the following applies:
9.1. Obligation to provide
You are not obliged to provide data. Mandatory information in input forms is marked as such, e.g. by an asterisk (*).
9.2. Legal basis
MAPP is a working tool. The provision by us is voluntary, as is the use by you. In this respect, we provide you with the work tool to facilitate the fulfilment of your employment contract rights and obligations. In this respect, the legal basis is the implementation of the employment relationship (contract implementation, Art. 6 para. 1 lit. a GDPR, § 26 BDSG).
Insofar as MAPP is not used in the context of a direct employment contract, the provision of data takes place within the framework of the balancing of interests and serves to protect our and your legitimate interest in a modern communication platform that is basically available “everywhere and at all times” on mobile devices to improve and facilitate the exchange of information between our employees.
9.3. Data recipients and data exports
Within the company responsible for data protection, your data will be passed on to the relevant departments, e.g. the human resources department.
For the technical operation of the servers for the administration of push messages and for the provision of the web interface, we may use technical service providers within the EU bound by instructions within the framework of so-called order processing, in particular for the operation and maintenance of the server on which your data is stored and the web interface is provided.
We currently use Atino GmbH for this purpose, which in turn uses the hosting provider Host Europe.
Unless otherwise stated in this privacy notice, we do not transfer your data to countries outside the EU and the EEA for which the EU Commission has not determined that they guarantee an adequate level of data protection compared to the EU (no transfers to so-called “unsafe third countries”).
9.4. Storage period
We measure the storage period for your data based on the specific purposes for which we use the data. In addition, we are partly subject to statutory storage and documentation obligations, which result in particular from the German Commercial Code (HGB) and the German Fiscal Code (AO). Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years.
On the device on which you have installed the Employee App, the data stored by the Employee App is deleted when
– you uninstall the app
– your user account ends or is deleted.
Insofar as your data is stored on our server in the backend, the explanations in this data protection information apply.
10. your GDPR rights
By law, we are obliged to inform you of your rights under the GDPR. We explain these rights below. You are entitled to these rights under the conditions of the respective data protection regulations. The following presentation does not grant you any further rights.
You have the right to request confirmation from us as to whether we are processing personal data relating to you; if this is the case, you have a right of access to this personal data and to the information listed in detail in Article 15 of the GDPR.
You have the right to demand that we correct any inaccurate personal data relating to you and, if necessary, complete any incomplete personal data without delay, Art. 16 GDPR.
You have the right to demand that we delete personal data relating to you without delay if one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued.
10.4. Restriction of processing
You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of the review by us.
10.5. Data portability
You have the right, under certain conditions, to receive data concerning you that you have provided to us in a structured, common and machine-readable format, to transmit it and – if technically feasible – to have it transmitted, Art. 20 GDPR.
You have the right to lodge a complaint with a supervisory authority, irrespective of any other administrative or judicial remedy, if you consider that the processing of personal data concerning you by us infringes the GDPR, Art. 77 GDPR. You may exercise this right before a supervisory authority in the Member State of your residence, place of work or the place of the alleged infringement. The contact details of the supervisory authorities in Germany can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
10.7. Revocation (of consent)
If you have given us your data protection consent, you have the right to revoke this at any time with effect for the future. This also applies to data protection consents that you gave us before the GDPR came into force.
10.8. Right of withdrawal
In addition, you have the right to object, which is explained at the end of this document.
11. Appendix: Explanation of terms
Below we explain some of the legal and technical terms used in this privacy notice.
Processors are service providers who process your data according to our instructions and for a specific purpose.
b) Personal data:
Personal data (data) is any information relating to an identified or identifiable natural person.
Processing of personal data is any operation relating to personal data, such as collection via an online form, storage on our servers or use to contact us.
d) IP address:
The IP address is a number that your internet provider assigns to your terminal device, either temporarily or permanently. With a complete IP address, it is possible, for example, to identify the connection owner in individual cases using additional information from your internet access provider.
11.2. Legal basis
The GDPR only allows personal data to be processed if there is a legal basis. We are required by law to inform you of the legal basis for the processing of your data.
In the following, we explain the terms used in this context.
|Art. 6 para. 1 lit. a) GDPR||Consent||This legal basis allows processing if and to the extent that you have given us consent.|
|Art. 6 para. 1 lit. b) GDPR||Contract performance||This legal basis allows processing insofar as it is necessary for the performance of a contract with you, including pre-contractual measures (e.g. performance of the employment contract).|
|Art. 6 para. 1 lit. f) GDPR||legitimate interests||Under this legal basis, we are permitted to process insofar as this is necessary to protect our legitimate interests (or those of third parties) and your conflicting interests do not override these. Unless otherwise stated, our interests are in pursuance of the stated purposes of processing.|
Your right to object
You also have the right to object to the processing of personal data relating to you at any time on grounds relating to your particular situation, provided that we base the processing on Art. 6 (1) lit e. or f GDPR. We will then no longer process this data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (Art. 21 GDPR).
If your personal data is used by us for direct advertising (e.g. via e-mail), you have the right to object to the use of your data for these purposes at any time. This also applies to profiling, insofar as this is connected with direct advertising. Profiling means the use of personal data to analyse or predict certain personal aspects (e.g. interests).