Privacy Statement for S&L-apps
At this point, we inform you as users of our S&L-apps about the processing of your personal data. Personal data is data with which you can be identified. Some data is processed automatically while using our apps. This happens already during the installation process on your mobile device. This is for the most part technical data (e.g. name of your internet browser, operating system, date and time). The IP-address with which your device connects to the internet is also recorded, whence a connection to a specific person can be derived according to current law. Other personal data is gathered because you impart it to us. You can do so e.g. in a support ticket via e-mail. The data is partially gathered to ensure a flawless deployment of the app. Other data can be used to analyze your user behavior.
The protection of your personal data is a major concern to the Schultheiss, Langner & Co GmbH as operator of these pages. We treat your personal data confidentially and according to the official data protection rules as well as this data protection declaration.
By using our apps, different personal data is gathered. The present data protection declaration explains which data is gathered and what we use it for. It also explains, how and for which purpose this happens. We would like to point out that data transfer on the internet (e.g. during communication via e-mail) can have security breaches. An end-to-end security of data against third parties‘ access is not possible.
Responsible for data processing
Responsible for the data processing of our apps is:
Schultheiss, Langner & Co GmbH
Balzhofener Strasse 39
phone: 07223 989-0
Responsible for data processing is the natural or juridical person, who decides about purposes and instruments of processing personal data (e.g. name, e-mail addresses, or the like) alone or together with others.
Data protection officer
Revocation of your consent to data processing
Some data processing procedures need your explicit consent. You can revoke an already granted consent at any time. Thereunto, an informal agreement via e-mail is sufficient. The legitimacy of the data processing until the revocation is untouched by the revocation.
Complaint right with a supervisory authority
In case of a violation against the GDPR, the affected person shall have the right to file a complaint with a supervisory authority. Supervisory authority in terms of data protection legal issues is the State Commissioner for Data Protection and Freedom of Information of the state, in which our company is based.
The State Commissioner for Data Protection and Freedom of Information of Baden-Wuerttemberg can be contacted by clicking on the following link: https://www.baden-wuerttemberg.datenschutz.de/
Right of data transmission
You have the right to get personal data, which we process automatically on base of your consent or in order to fulfill a contract, handed out to you or a third party in a common, machine-parsable format. If you demand the direct transmission of data to another responsible person, it only happens to the extent of technical doability.
Information, blocking, deletion
In the framework of the applicable legal regulations, you have the right to free information on your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to rectification, blocking or deletion of this data.
Contact via e-mail
While contacting us via e-mail, the users‘ information is processed for the purpose of the implementation of contact and support cases.
Legal basis for the processing of data with a present consent of the user is Art. 6 Abs. 1 S. 1 lit. a) GDPR. Legal basis for the processing of data, which is transmitted while sending a contact or support request, is Art. 6 Abs. 1 S. 1 lit. f) GDPR. The responsible person has a justified interest in processing and saving data in order to be able to answer user requests via e-mail, to conserve evidence for liability reasons and to fulfill the obligation to preserve records for business letters if necessary. If the e-mail contact aims for a contract closing, Art. 6 Abs. 1 S. 1 lit. b) GDPR is legal basis for the processing additionally.
The users‘ statements can be saved in our customer database or similar inquiry organizations.
The data will be deleted as soon as it is no longer necessary for accomplishing the purpose of its gathering. For the personal data transmitted via e-mail, this is the case, if the respective conversation has been ended. If you can understand from the circumstances that the respective issue has been solved conclusively, the conversation can be considered as finished. We save inquiries aiming for the fulfilling of a contract for the duration of the legal archiving obligation. Afterwards it will be deleted (duration obligation in terms of commercial law (6years) and in terms of tax law (10 years).
You have at any time the possibility to revoke your consent to processing your personal data according to Art. 6 Abs. 1 S. 1 lit. a) GDPR. You can revoke the storage of your personal data by contacting us via e-mail at any time.
Processing data in so called third countries
The processing of your personal data happens inherently within the EU or the European Economic Area („EEA“) respectively.
Merely in exceptional cases (e.g. in coherence with the engagement of providers of web analysis service deliveries) a transmission of information to “third countries” might happen. "Third countries" are countries outside the European Union and/or the treaty of the European Economic Area, in which one cannot assume automatically to have an appropriate level of data privacy protection comparable to the standard of the EU.
Provided that the transmitted information contains also personal data, before such a transmission we make sure that in the respective third country or at the respective receiver in the third country, an appropriate level of data privacy protection is guaranteed, or that you have given your consent or an ulterior consensual fact (e.g. Art. 49 GDPR) is given. An appropriate level of data privacy protection can result from an „adequacy resolution“ of the European Commission or guaranteed through the application of the „EU-treaty clauses“. In case of receivers in the USA, the compliance with the principles of the "EU-US Privacy Shield" can guarantee an appropriate level of data privacy protection. We can provide you with further information about the suitable and appropriate guarantees of compliance with an appropriate level of data privacy protection on request; the contact information can be found at the beginning of this data privacy protection information. Information about the participants of the EU-US Privacy Shield can furthermore be found here: privacyshield.gov/list.
Information We Collect
S&L-apps gather and save information, which your mobile device provides, automatically in the log-files, which belong to the respective app. These are:
- Name of the app
- Name of loaded data
- Date and time of the hit
- Notification about the successful or unsuccessful save process
A merging of this data with other data sources will not be made.
Basis for the data processing is Art. 6 Abs. 1 lit. b GDPR, which allows the processing of data in order to fulfill a contract or a pre-contractual measurement.
Functions of S&L-apps to process data
S&L-apps provide you with different functions regarding from you gathered data and its evaluation depending on the app. For usage of your app, this data will be stored in the app and saved locally on your mobile device.
S&L-apps create a backup file if requested by the user, which contains all gathered and saved within the app data by the user. The backup file will be transferred to an available storage media. Among the possible data storage media for the creation of a backup file online-storage can be counted, which can be made accessible with the previous deployment via user account through the app user. The backup file is not encrypted.
The S&L-app Private Health offers furthermore the possibility of encryption (AES-256) of the given data in the database and the setting of a customized database password. This function must be activated in the app settings.
If you use the microphone or the camera within specific S&L-apps, e.g. for audio broadcast or if you capture picture- or video data, the respective contents will be used exclusively within the app; your personal data will hence not be transmitted to S&L. The transmission of data on the internet (e.g. while saving data on a cloud storage) happens encrypted or unencrypted according to the configuration.
version 1.4 of 30.04.2019