Privacy Policy for App Safe Now GmbH

As of July 2022

Table of contents

  1. Identity and contact details of the data controller
  2. Contact details of the data protection officer
  3. General information on data processing
  4. Rights of the data subject
  5. Provision of app and creation of log files
  6. Creating a profile
  7. Feedback form
  8. Participation in the app tester Program
  9. Hosting
  10. Location data processing when the alarm function is activated
  11. Creation of aggregated statistics and analyses
  12. Content delivery networks
  13. Use of software development kits (SDK)
  14. Telemetry data

 

  1. Identity and contact details of the data controller

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other data protection regulations is:

SafeNow GmbH

Balanstraße 73

81541 Munich

Germany

+49 89 95875085

datenschutz@safenow.de

www.safenow.app

  1. Contact details of the data protection officer

The designated data protection officer is:

DataCo GmbH

Dachauer Str. 65

80335 Munich

Germany

+49 89 7400 45840

www.dataguard.com

  1. General information on data processing

On this page we inform you about the privacy policy applicable in the SafeNow App for Android and iOS ("App"). The App is an offer of SafeNow GmbH, Balanstraße 73, 81541 Munich, Germany ("SafeNow GmbH", "we" or "us").

The responsibility of SafeNow GmbH for the data processing results from the following aspects:

- As part of the registration and provision of the app, SafeNow acts as the sole controller for data processing. SafeNow is solely responsible for data management from registration to the transmission of the data to the triggering of an alarm to operators of SafeNow zones (“Operator”). "Operators" in this regard can be organizations, authorities, companies or associations that offer a SafeNow Zone on a site where they are responsible for security. When an alarm is triggered, the operator can view the data relevant to the alarm within the SafeNow app.

- As soon as the user of the SafeNow User App (hereinafter "App") makes use of the operator's security offer, i.e. triggers an alarm in the SafeNow Zone, the operator receives the associated personal data via the SafeNow operator interface as the recipient of the information. Insofar as the operator provides the user with information via the SafeNow operator interface, SafeNow is solely responsible for processing the data within the app from receipt of this data. The relevant data is the personal data defined under Section X. of this privacy policy.

SafeNow allows customers to take advantage of the following functionalities:

  • Creation of private groups in which members can alert each other in case of emergency.
  • In case of an alert, information about the location, profile picture (optional), name and phone number (optional) are shared with the recipients (helpers) to enable quick help and communication.
  • Helpers can accept or decline the alert to report their availability back to the help seeker. The help seekers, as well as helpers themselves, can see the location of helpers who have accepted the alert.
  • In addition to private groups, organizers can offer public SafeNow zones. In these zones, users of the SafeNow app can alert security forces of the organizer on site.
  • Event organizers can place so-called beacons in areas with poor GPS coverage, such as buildings. These beacons are detected via the smartphone's Bluetooth function and enable precise location of people seeking help, even inside buildings.
  • Users of the SafeNow app can decide what information they share with their helpers in the event of an alarm. The inclusion of name, profile picture and phone number in the profile is optional but enables helpers to find and contact the person seeking help more easily.
  • Users can see a history of alerts they have sent themselves or received in one of their groups.

The provision of functionalities corresponds to the purposes of the processing. In addition, personal data is processed to ensure error-free functionality of the SafeNow app.

1. Scope of processing personal data

We only process personal data of our users to the extent that this is necessary for the provision of a functional, our content and services. The processing of our users’ personal data is only carried out after the user has given consent, if there is a legitimate interest of the processing, or a processing of personal data is necessary for the fulfillment of a contractual relationship.

Within the app, the following data is collected for the purpose of registration:

  • First name
  • Last name (optional)
  • Mobile number (optional)
  • Profile picture (optional)
  • Email address (optional for surveys)
  • User-ID
  • Location data incl. beacon information
  • Motion sensor (for battery power)
  • Name, description and image of the group or SafeNow zone
  • Device ID
  • Device information (language, app version, operating system)
  • Battery level
  • Alarm data (location, start & end, people involved)
  • Date and time of use
  • User feedback
  • Number and location of attention mode

2. Legal basis for the processing of personal data

If we obtain the consent of the data subject for processing their personal data, Art. 6 (1) (a) GDPR.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3. Recipients of personal data

Depending on the modules of SafeNow used, different processors may be recipients of personal data, if they provide a partial service of the processing process. Categories of recipients of personal data are in particular: 

  • Hosting service providers
  • IT service providers for maintenance and support purposes
  • Provider of the content delivery network (CDN)
  • Other processors contracted to provide and improve our platform.

In addition, data can be transmitted to third parties, e.g. operators of SafeNow zones. This is especially the case when a user triggers an alarm in a public SafeNow zone. Operators can be organisations, authorities, companies or associations that offer a public SafeNow Zone on a site where they are responsible for security. In a public SafeNow zone, guests can use the SafeNow app to reach the operator's security staff. 

The logo of the SafeNow Zone or the operator is displayed in the user's app when he or she is in the relevant area. This always gives users full transparency as to who alarm data is being forwarded to.

If recipients of personal data are located outside the EU or the EEA, SafeNow GmbH ensures that appropriate guarantees for legally compliant data transfers to third countries are in place, e.g., by concluding standard data protection clauses in accordance with Art. 46 (2) (c) GDPR.

4. Data erasure and duration of storage

The personal data of the data subject is deleted or blocked as soon as the purpose of storage ceases to apply. Storage of data can exceed these circumstances, if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. The data will be blocked or erased the latest after a period of 6 months, if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

5. Possibility of revocation and removal

Users can delete profile information independently within the app at any time so that this data is no longer processed. In addition, users can withdraw their consent to data processing at any time by sending an informal e-mail to datenschutz@safenow.de. All other rights for you as a data subject can also be addressed to this e-mail address.

  1. Rights of the data subject

When your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:

1. Right to information

You may request the data controller to confirm whether your personal data is processed by them.

If such processing occurs, you can request the following information from the data controller:

  • The purpose for which the personal data is processed.
  • The categories of personal data being processed.
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed.
  • The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage.
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing.
  • The existence of the right to lodge a complaint with a supervisory authority.
  • Where personal data are not collected from you any available information as to their source.
  • The existence of automated decision-making including profiling under Article 22 (1) and Article 22 (4) GDPR and, in certain cases, meaningful information about the data processing system involved, and the scope and intended result of such processing on the data subject.

You have the right to request information on whether your personal data will be transmitted to a third country or an international organization. In this context, you can then request for the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or modification of the data, if your processed personal data is incorrect or incomplete. The data controller must correct the data without delay

3. Right to the restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

  • If you challenge the accuracy of your personal data for a period that enables the data controller to verify the accuracy of your personal data.
  • The processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use instead.
  • The data controller or its representative no longer need the personal data for the purpose of processing, but you need it to assert, exercise or defend legal claims; or
  • If you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate interests of the data controller override your interests.

If the processing of personal data concerning you has been restricted, this data may – with the exception of data storage – only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing has been restricted according to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

If you request from the data controller to delete your personal data without undue delay, they are required to do so immediately if one of the following applies:

  • Personal data concerning you is no longer necessary for the purposes for which they were collected or processed.
  • You withdraw your consent on which the processing is based pursuant to Art. 6 (1) (1) (a) and Art. 9 (2) (a) GDPR and where there is no other legal basis for processing the data.
  • According to Art. 21 (1) GDPR you object to the processing of the data and there are no longer overriding legitimate grounds for processing, or you object pursuant to Art. 21 (2) GDPR.
  • Your personal data has been processed unlawfully.
  • The personal data must be deleted to comply with a legal obligation in Union law or Member State law to which the data controller is subject.
  • Your personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the data controller has made your personal data public and must delete the data pursuant to Art. 17 (1) GDPR, they shall take appropriate measures, including technical means, to inform data processors who process the personal data, that a request has been made to delete all links to such personal data or copies or replications of the personal data, taking into account available technology and implementation costs to execute the process.

c) Exceptions

The right to deletion does not exist if the processing is necessary

  • to exercise the right to freedom of speech and information;
  • to fulfil a legal obligation required by the law of the Union or Member States to which the data controller is subject, or to perform a task of public interest or in the exercise of public authority delegated to the representative.
  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and Art. 9 (2) (i) and Art. 9 (3) GDPR.
  • for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  • to enforce, exercise or defend legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of processing over the data controller, they are obliged to notify all recipients to whom your personal data have been disclosed of the correction or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You reserve the right to be informed about the recipients of your data by the data controller.

6. Right to data portability

You have the right to receive your personal data given to the data controller in a structured and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the data controller who was initially given the data, if:

  • the processing is based on consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or performance of a contract in accordance with Art. 6 (1) (b) GDPR and
  • the processing is done by automated means.

In exercising this right, you also have the right to transmit your personal data directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons shall not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the data controller.

7. Right to object

For reasons that arise from your particular situation, you have, at any time, the right to object to the processing of your personal data pursuant to Art. 6 (1) (e) or 6 (1) (f) GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data in regard to such advertising; this also applies to profiling associated with direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EG, you have the option, in the context of the use of information society services, to exercise your right to object to automated decisions that use technical specifications.

8. Right to withdraw the data protection consent declaration

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

9. Automated decisions on a case-by-case basis, including profiling

You have the right to not be subject to a decision based solely on automated processing – including profiling – that will have a legal effect or substantially affect you in a similar manner. This does not apply if the decision:

  • is required for the conclusion or execution of a contract between you and the data controller,
  • is permitted by the Union or Member State legislation to which the data controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  • is based on your explicit consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) (a) or Art. 9 (2) (b) GDPR applies and reasonable measures have been taken to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to uphold your rights and freedoms as well as your legitimate interests, including the right to obtain assistance from the data controller or his representative, to express your opinion on the matter, and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in the Member State of your residence, or your place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

  1. Provision of app and creation of log files

1. Description and scope of data processing

Each time our app is accessed, our system automatically collects data and relevant information from the system of the calling device.

The following data is collected:

  • The user's operating system
  • Date and time of access
  • Version of the app
  • User-ID

This data is stored in the log files of our system. This does not affect the IP addresses of the user or other data that allow the data to be assigned to a user. This data is not stored together with other personal data of the user.

2. Purpose of data processing

The storage in logfiles is done to ensure the functionality of the app. The data is also used to optimize the app and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place.

For the aforementioned purposes, our legitimate interest lies in the processing of data in compliance with Art. 6 (1) (f) GDPR.

3. Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Art. 6 (1) (f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of the collection of data for the provision of the app, this is the case when the respective session has ended.

5. Objection and removal

The collection of data for the provision of the app as well as the storage of data in log files are essential for the operation of the app. Therefore, the user may not object to the aforementioned processes.

  1. Creating a profile

1. Description and scope of data processing

After downloading the app, we offer users the option of creating a profile by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is only passed on to third parties to make it easier for helpers to find the user in the event of an alarm. 

The following data can be provided by the user on a voluntary basis as part of the process:

  • First name
  • Telephone/Mobile number 
  • Last name (optional)
  • Profile picture (optional)

As part of the process, the user's consent to the processing of this data is obtained.

2. Purpose of data processing

The user's registration is required for the provision of certain content and services on our app.

The identification of the user by the SafeNow app is also required to help the alerted helpers find the user in case of an alarm. If the user wants to alert the helpers of a public SafeNow zone, the verification of the phone number may be mandatory for fraud prevention.

3. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) (a) GDPR, if the user has given his or her consent.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For the generation of the profile, this is the case when the data is no longer required for the fulfilment of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner to fulfil contractual or legal obligations.

5. Objection and removal

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. Users can request the deletion or modification of their data at any time via e-mail to datenschutz@safenow.de or delete or modify the personal data in the user profile.

If the data is required for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

  1. Feedback form

1. Description and scope of data processing

Our app contains a feedback form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.

At the time the message is sent, the following data is stored:

  • E-mail address (optional)
  • First name (optional)
  • Last name (optional)
  • Gender
  • Age
  • Feedback
  • Pictures of the error (optional)
  • Date and time of contact

For the processing of data, your consent is obtained during the submission process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

There is in connection with the data processing through the contact form for the transmission of user feedback a processing of data by the tool:

Google Forms of Google Ireland Limited, Gordon House, Barrow Street, 4, Dublin, Ireland (hereinafter referred to as: Google).

In particular, the following personal data is processed by Google as a result:

  • Data entered via the form
  • Files uploaded via the form
  • IP address
  • Browser and device version

 

By using Google Forms, your personal data may be processed by Google on servers located in the United States. To ensure appropriate safeguards to protect the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by Google is carried out on the basis of appropriate safeguards pursuant to Art. 46 et seq. DSGVO, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR. A copy of the standard data protection clauses can be requested by sending us an informal email.

Further information on the processing of data by Google can be found here: https://policies.google.com/privacy

2. Purpose of the data processing

The processing of personal data from the input mask allows us to contact and to take note of the user feedback. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) (a) GDPR, if the user has given his or her consent.

The legal basis for the processing of data transmitted while sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer required to fulfil the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when the circumstances indicate that the matter in question (e.g., feedback on functionality) has been conclusively clarified.

5. Possibility of objection and removal

The user has the possibility to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by e-mail to datenschutz@safenow.de, he or she can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

  1. Participation in the app tester program

1. Description and scope of data processing

Users can participate in the SafeNow app tester program. The goal of this program is to proactively gather feedback on the app to improve it. Testers are sent questionnaires in which they are asked about topics related to the app and its use. We collect and process the following data as part of the tester program:

  • First name
  • Last name
  • Email address
  • Phone number (optional)
  • Age (optional)
  • Gender (sex)
  • Country of residence
  • Nationality
  • Responses to the questionnaires

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy statement.

2. Purpose of the data processing

The processing of personal data from the input mask serves us to improve the app functionalities, descriptions, explanations, and the user experience.

3. Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) (a) GDPR, if the user has given his or her consent.

4. Duration of storage

The data from the input mask is aggregated and anonymized as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input mask of the questionnaires, this is the case when all queries regarding the feedback have been clarified. Queries are clarified when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Contact information will be deleted as soon as the user unsubscribes from the tester program by emailing datenschutz@safenow.de. From this point on, we will no longer ask any further questions about the feedback.

5. Possibility of objection and removal

The user has the option to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by e-mail at datenschutz@safenow.de, he or she can object to the storage of his or her personal data at any time.

All personal data stored during the App Tester program will be deleted in this case.

  1. Hosting

The app is hosted on servers of a service provider commissioned by us.

Our service provider is:

Amazon Web Services Inc., 

410 Terry Avenue North, 

Seattle WA 98109

USA

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the app. The stored information is:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of server request
  • IP address

This data will not be merged with other data sources. The data is collected based on Art. 6 (1) (f) GDPR. The app operator has a legitimate interest in the technically error-free presentation and optimization of his app - and server log files are therefore recorded.

The service provider may obtain access to the above-mentioned data. For data protection-compliant use and legally compliant data transfer to third countries, appropriate data processing agreements and appropriate guarantees, e.g., standard data protection clauses in accordance with Art. 46 (2) (c) GDPR, have been concluded. 

The server location of the service providers is in Germany and/or in the European Union.

  1. Location data processing when the alarm function is activated

1. Description and scope of data processing

Users of the SafeNow app have the option to notify first responders by activating the alarm function. In case of an alert, information about the location, profile picture (optional), name, phone number (optional) is shared with the recipients (helpers). Helpers can accept or reject the alert to report back their availability to the help seeker. The help seeker, as well as the helpers themselves, can see the location of the helpers who have accepted the alert. Here, the location information (including beacon information) of the help seeker and the helpers is recorded.

To alert the first responders via the SafeNow app, push notifications are sent. The push notifications are sent via the Google Firebase service of Google Ireland Limited, Gordon House, Barrow Street, 4, Dublin, Ireland. However, no analytics functionalities of Firebase are activated in the process.  The data may be transmitted to Google servers in the USA. Part of the data processing agreement with Google are so-called EU standard data protection clauses (Art. 46 (2) (c) GDPR). These are to be classified as an appropriate guarantee for the protection of the transfer and processing of personal data outside the EU. A copy of the standard data protection clauses can be requested by sending us an informal email.

After canceling an alarm, the helpers who were alarmed and the person who raised the alarm can follow the course of the alarm in an alarm history. The place where the alarm was triggered and the place where it was canceled are saved and displayed.

Further information on the processing of data by Google can be found here: https://policies.google.com/privacy

2. Purpose of the data processing

By processing the location data, we find out in which public zones or private groups a user is currently located and can forward the alerts to the appropriate helpers at the user's location.

3. Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) (a) GDPR, if the user has given his or her consent.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of location data for the notification of first responders, this is the case when the respective alarm situation has ended.

5. Possibility of objection and removal

The user has the option to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by e-mail at datenschutz@safenow.de, he or she can object to the storage of his or her personal data at any time.

Within the app, the user can also withdraw the authorization for location access at any time. An objection may have the consequence that services of the app cannot be carried out further, should the processing of personal data be necessary for the provision of services.

  1. Creation of aggregated statistics and analyses

1. Description and scope of data processing

We process pseudonymized usage data of our app for analysis and statistical purposes. The aim is to improve the user-friendliness of our app as well as the safety of all people. For these statistical evaluations and analyses, we aggregate various data sets that we collect as part of the app deployment. We create dashboards or heat maps that show, for example, how many users are active in our app each month or at which locations users often press the attention button or trigger an alarm. 

It is only possible to draw conclusions about individual users by consulting another database. This data is not merged with other data sources for this purpose.

In addition, we process pseudonymized data to optimize the creation of a profile process (after downloading the app) and ensure its functionality. This may result in the processing of pseudonymized data of those users who have downloaded our app but have not necessarily completed the profile creation process.

In detail, this concerns the following data:

  • Number of triggered alarms
  • Location of alarms
  • Average duration of an alarm
  • Number and location of attention mode
  • Location of attention mode
  • User feedback on handling the alarms

 

2. Purpose of data processing

The purpose of data processing is to improve our app and to improve the security of all users.

3. Legal basis for data processing

The legal basis for processing the data is our legitimate interest according to Art. 6 (1) (f) GDPR.

4. Duration of storage

The data will be deleted as soon as they are no longer required to fulfil the purpose for which they were collected.

5. Possibility of objection and removal

If the user contacts us by e-mail via datenschutz@safenow.de, he or she can object to the storage of his or her personal data at any time.

  1. Content delivery networks

Amazon CloudFront

1. Description and scope of data processing

We use functions of the Amazon CloudFront content delivery network of Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon CloudFront). A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet to deliver content, especially large media files such as videos. Amazon CloudFront provides web optimization and security services that we use to improve the load times of our website and protect it from misuse. When you visit our website, a connection will be established to Amazon CloudFront's servers to retrieve content, for example. This allows personal data to be stored and evaluated in server log files, the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and the operating system). For more information on Amazon CloudFront's collection and storage of data, please visit: https://aws.amazon.com/privacy/?nc1=h_ls

2. Purpose of data processing

Amazon CloudFront features are used to deliver and accelerate online applications and content.

3. Legal basis for data processing

The data is collected based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - and server log files are therefore recorded.

4. Duration of storage

Your personal information will be stored as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.

5. Objection and removal

Information about objection and removal options regarding Amazon CloudFront can be found at: https://aws.amazon.com/privacy/?nc1=h_ls

  1. Use of Software Development Kits (SDK)

1. Description and scope of data processing

We use third-party SDKs in our apps as well as in the backend.

For information, please visit: https://app.safenow.live/licenses_de.html

  1. Device permssions

1. Description and scope of data processing

To provide specific functionalities, device permissions for your device are requested during the use of the app. Without these, we cannot provide certain services, such as our location services. Device permissions always require your explicit consent.

2. Information about the device permissions

The following permissions are requested to implement the features in the app:

  • iOS: push notification, critical alerts, photos, motion activity, location services & camera.
  • Android: push notification, location, photos, do not disturb access, motion activity & camera.

Permission assignment is necessary to use certain functionalities of our app. Before explicit permission assignment by the user, the app will not get access to device functionalities. You can change the permissions at any time on your device. In addition, meta information can be collected to monitor our app and identify errors.

3. Purpose of data processing

The processing of photos and camera data is necessary for uploading profile or group images. Location services are used to determine available groups and public SafeNow zones and to share location with helpers. Movement activity information is needed for turning off location services when the phone is not moving and to save battery. Push notifications, critical alerts, and access to do not disturb, respectively, are necessary to alert users when one of their contacts triggers an alarm, even if the phone is silent or on do not disturb.

4. Legal basis for data processing

The meta-information is collected on the basis of Art. 6 (1) (f) GDPR. The app operator has a legitimate interest in the technically error-free presentation and optimization of its app. The permission assignment and processing of internal data of the device is done by your explicit release and thus by your consent according to Art. 6 (1) (a) GDPR. 

 

5. Duration of storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.

6. Withdrawal, objection and removal options.

You can object to the processing or withdraw your consent at any time by sending an informal e-mail to datenschutz@safenow.de. You can prevent the use of device functions yourself at any time by making the appropriate settings on your terminal device.

  1. Telemetry Data

1. Description and scope of data processing

We collect telemetry data on our app. Here, the user ID of an app user can be processed. We implement this with the following tools:

  • Sentry
  • Loki
  • Prometheus
  • Grafana
  • PostHog

2. Purpose of data processing

The data is processed for the following purposes:

  • Infrastructure monitoring
  • Application monitoring
  • Resource optimization
  • Troubleshooting
  • Log analysis

3. Legal basis for data processing

The collection of this data is based on Art. 6 (1) (f) GDPR. The app operator has a legitimate interest in the technically error-free presentation and optimization of its app.

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law.

6. Objection and removal options.

You can object to the processing of your data at any time by sending an informal e-mail to datenschutz@safenow.de. You can also address all other rights as a data subject to this e-mail address.

This privacy policy has been created with the assistance of DataGuard.