Privacy policy loop app
Section 1 – Information about the collection of personal data
This privacy policy provides you with information about the processing of personal data in connection with the use of the loop app.
loop is a smartphone app for teams, which you can download to your mobile device. It enables team members to access appropriate support in their everyday tasks and provides mechanisms for members of the team to request information and for these requests to be dealt with directly by the team.
For the best use of the app personal data are required. Personal data are any data relating to you personally or by reference to which you can be personally identified, e.g. name, address, email addresses, user behavior.
To use loop you must create a personal user account, which requires an email address and, optionally, a user name to be stored. The email addresses of users who have been invited by team members will also be stored.
Where we wish to make use of the services of other providers for the individual functions of our product, we set out detailed information below about the processes involved. We also specify the criteria that determine the period for which the data is stored.
The following text provides information on the collection of personal data when using our mobile app.
Section 2 - Data controller
1. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws of the Member States and other data protection provisions is:
tts Knowledge Products GmbH
Schneidmühlstrasse 19
69115 Heidelberg
Germany
Phone: +49 6221 894 69-0
Fax: +49 6221 894 69-79
Email: info@tt-s.com; email@loop.how
2. Name and address of the data protection officer
The controller’s data protection officer is:
Data protection officer of the tts group
tts GmbH
Schneidmühlstrasse 19
69115 Heidelberg
Germany
Phone: +49 6221 894 69-0
Fax: +49 6221 894 69-79
Email: dsb@tt-s.com
Website: www.tt-s.com
If you contact us by email or using an online contact form, we will store your email address and, if you have provided them, your name and telephone number in order to answer your questions. We will delete the data arising in this connection once its storage is no longer necessary, or, if a statutory retention period applies, we will restrict its processing.
Section 3 - Your rights
(1) You have the following rights against our company in relation to your personal data:
· right of access,
· right to rectification or erasure,
· right to restriction of processing,
· right to object to processing,
· right to data portability.
(2) In addition, you have the right to lodge a complaint with a supervisory authority for data protection in relation to our company’s processing of your personal data.
Section 4 - Collection of personal data when using loop
Download via the Apple App Store and Google Play Store
loop is made available through the Apple App Store and the Google Play Store. The privacy terms of these providers apply.
When you download the mobile app the information required is communicated to the app store, in particular:
user name,
email address and
customer number of your account,
time of the download,
payment information and
the device serial number.
We have no influence over and are not responsible for this collection of data. In this respect, the provider of the app store is the sole controller of the data. Please consult the information they provide about the processing of your data:
Privacy notice for Google services including Google Play Store:
https://policies.google.com/privacy?hl=en
Privacy notice for the Apple App Store:
https://www.apple.com/legal/privacy/en-ww/
We process the data only to the extent necessary to download the mobile app to your device.
Technical provision of the software and log files
a) Description and scope of the data processing
If you wish to use our mobile app, we collect the following data, which we require for technical reasons to provide you with the functions of our mobile app and to ensure stability and security.
email address
name
IP address
date and time of the request
time difference to Greenwich Mean Time (GMT)
content of the request (specific view in the app)
request status / HTTP status code
data volume transferred
browser and version
operating system - version, interface and language
type and model of device
b) Legal basis for the data processing
The legal basis for the temporary storage of the data is Article 6(1)(f) of the GDPR.
c) Purpose of the data processing
The system’s temporary storage of the data specified is necessary to ensure that loop services function at their best.
d) Duration of the storage
The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. This is usually the case when the user is deleted from the system unless a statutory retention period prevents this.
e) Possibility to object and to have data removed
Collection of the data for the app’s provision and storage of the data in log files is essential for the app to operate. As a result, there is no possibility for the user to object.
Section 5 – App permissions
a) Description and scope of the data processing
To use the mobile app the following permissions are required which will be requested before the app is downloaded. The permissions can be restricted or withdrawn at any time via the settings of your mobile device. As a result, this may mean that certain functions can no longer be used.
b) Legal basis for the data processing
The legal basis for the processing is Article 6(1)(f) of the GDPR.
c) Purpose of the data processing
The giving of your consent, and the data processing that results, is necessary to access of all the app’s functions.
Camera:
The camera function can be used to create photos or videos of information which can then be shared with team members using the app. Gaps in knowledge can also be illustrated using photos. In addition, the camera can be used to create a profile photo.
Microphone:
Sound and voice recordings can be used to record sounds, enabling members of the team to resolve problems (e.g. unusual machine noises).
Storage:
Access to the device's storage is needed for data buffering before transmission. In addition, content can also be made available offline.
Location:
The purpose of identifying a user's location using GPS and the user's mobile phone network is to offer appropriate team know-how which is relevant for the specific location. In this process, the current location of the mobile device is compared with the available geo-contexts, which have different areas of validity. If the user is located within a geofence of this kind, the corresponding information is displayed in the knowledge feed.
The service is also used to enable the creation of geo-contexts.
If the location function is deactivated, the context can be added to the location manually using tags, without communicating the GPS information to loop.
Contacts:
Email addresses from potential team members can be selected form the device’s address book to add them to the service. Other contact details will not be processed.
d) Duration of the storage
The data are retained throughout the entire period of use. Content that has been created will also be retained after the period of use unless it is actively deleted.
e) Possibility to object and to have data removed
Permissions can be withdrawn at any time. Content that has been created can be deleted by the user.
Section 6 - Use of cookies
The mobile app does not use cookies.
Section 7 - Use of third party services
Amazon Web Services (AWS)
a) Description and scope of the data processing
We use an extensive range of AWS services for data storage, synchronisation of the data and the user-created content on mobile devices, authentication and communication between the subsystems such as AppSync, Cognito, CloudWatch, DynamoDB, GraphQL, etc. These data are stored by AWS on servers located exclusively in the EU:
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855 Luxembourg
More information can be found here: https://aws.amazon.com/?nc2=h_lg
Privacy policy: https://aws.amazon.com/privacy/
Privacy policy FAQ: https://aws.amazon.com/compliance/data-privacy-faq/.
AWS has joined the EU-US Privacy Shield programme: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4
We have an agreement in place with AWS concerning the processing of personal data that meets the relevant legal requirements.
b) Legal basis for the data processing
The legal basis for the use of AWS is Article 6(1)(f) of the GDPR.
c) Purpose of the data processing
The use of personal data is necessary for technical reasons in order to access all of the app’s functions. The processing by AWS enables the data to be stored within the app and provides a technical interface.
d) Duration of the storage
The data will be stored until the user account is deleted. Content created and not deleted by the user continues to be available to the remaining members of a loop team. If the entire loop team is deleted, all of the content created in the team will also be deleted.
e) Possibility to object and to have data removed
User-created content containing personal data can be deleted manually by the user. All user details can be removed by deleting the user account.
Elastic
a) Description and scope of the data processing
We use the services of Elastic to display context-dependent search results in the loop knowledge feed and for the storage and analysis of log data. These log data are used to analyze problems with the loop knowledge feed and assist us to continually improve our service. No direct user data are stored with Elastic, only the user and team IDs generated by us. The data are stored exclusively in the EU region. The use of this service is technically absolutely necessary to provide loop.
Elastic
European HQ
Keizersgracht 281
1016 ED Amsterdam
The Netherlands
Further information: https://www.elastic.co/
You can access Elastic’s privacy policy here:
https://www.elastic.co/legal/privacy-statement
https://www.elastic.co/security-and-compliance
b) Legal basis for the data processing
The legal basis for the use of Elastic is Article 6(1)(f) of the GDPR.
c) Purpose of the data processing
Provision of context-dependent search results and analysis of log data.
d) Duration of the storage
The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. This is usually the case when the user account is deleted from the system unless a statutory retention period prevents this.
e) Possibility to object and to have data removed
Collection of the data for the app’s provision and storage of the data is essential for the app to operate. As a result, there is no possibility for a user to object except by deleting the user account.
Sentry
a) Description and scope of the data processing
We use Sentry to display and analyse log data in the event that the app crashes to resolve program errors and ensure the general quality of the product. IP addresses are not stored in this process. In addition, Sentry stores user information only on an anonymised basis. The use of this service is technically absolutely necessary to provide loop.
You can access Sentry’s privacy policy here:
Sentry has joined the EU-US Privacy Shield programme: https://sentry.io/security/#privacy-shield
b) Legal basis for the data processing
The legal basis for the use of Sentry is Article 6(1)(f) of the GDPR.
c) Purpose of the data processing
Sentry enables the logging and analysis of program crashes and errors in the app. These results help us to deliver an ever more resilient version of loop containing fewer errors.
d) Duration of the storage
The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. This takes place on a regular basis. In addition, when the user account is deleted it is ensured that all personal data is removed.
(e) Possibility to object and to have data removed
Collection of the data for the app’s provision and storage of the data is essential for the app to operate. As a result, there is no possibility for a user to object except by deleting the user account.
Google Cloud – Google Maps Platform, Google Fonts
a) Description and scope of the data processing
For the creation of geo-contexts we use Google's mapping data and interfaces to determine the user position.
In addition, we use fonts that are uploaded from Google’s servers to the app.
Information on the third party:
Google Dublin, Google Ireland Ltd.
Gordon House, Barrow Street
Dublin 4, Ireland
Fax: +353 (1) 436 1001.
Privacy policy: www.google.de/intl/en/policies/privacy.
Google has joined the EU-US Privacy Shield programme: www.privacyshield.gov.
b) Legal basis for the data processing
Locations are stored on the basis of Article 6(1)(f) of the GDPR. The same applies for the use of Google Fonts.
c) Purpose of the data processing
The purpose of identifying a user's location is to offer appropriate team know-how which is relevant for this location. In this process, the current location of the mobile device is compared with the available geo-contexts, which have different areas of validity. If the user is located within a geofence of this kind, the corresponding information is displayed in the knowledge feed.
Google fonts is used to display content.
d) Duration of the storage
We have no knowledge of the periods for which Google stores data. We also have no information concerning the deletion of data collected by Google.
e) Possibility to object and to have data removed
By denying loop permission to access the device’s location, this process can be switched off. As a result, the functionality of the app is restricted, as the user must add relevant geo-contexts manually to the knowledge feed.
Geo Contexts within the app can be deleted at any time by the user.
Cloudflare
a) Description and scope of the data processing
We are using Cloudflare’s services to host and stream video content.
Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA
Attention: Data Protection Officer
privacyquestions@cloudflare.com
You can access Cloudflare’s privacy policy here: https://www.cloudflare.com/de-de/privacypolicy/.
b) Legal basis for the data processing
The legal basis for the use of Sentry is Article 6(1)(f) of the GDPR.
c) Purpose of the data processing
Hosting and streaming of video content uploaded via the loop app. No identifiable data is shared with Cloudflare. Videos are be anonymously and securely stored on Cloudflare which provides unique URLs which will be processed with the loop app.
d) Duration of the storage
The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected.
e) Possibility to object and to have data removed
No data is being exchanged when the video features in loop are not used. By manually deleting the videos in loop the videos will also automatically deleted from Cloudflare, too.
GitLab
a) Description and scope of the data processing
We are using GitLab’s services to host content which was published via the “Publish content” feature in loop.
You can access GitLab’S privacy policy here: https://about.gitlab.com/privacy/.
b) Legal basis for the data processing
The legal basis for the use of Sentry is Article 6(1)(f) of the GDPR.
c) Purpose of the data processing
Hosting of content made public with the feature “Publish content” which generates a public URL from which the selected content can be accessed without having to provide any login credentials. By definition, the content can be accessed by anyone in posession of the unique URL.
d) Duration of the storage
The data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected.
e) Possibility to object and to have data removed
No data is being exchanged when the publsih features in loop are not used.