Privacy Policy for the CIB doXicloud App

Use of CIB doXicloud

1. Information on the processing of personal data

(1) In the following, we inform you about the processing of personal data when using the CIB doXicloud App. Personal data means all data that can identify you personally, for example name, address, e-mail addresses, user behaviour.

(2) The controller according to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

CIB software GmbH
Elektrastraße 6a
81925 Munich
Telephone:
+49 89 143 60 – 0
E-Mail: info@cib.de

We have appointed a data protection officer for our company. You can contact our data protection officer, Mr Christian Hammerbacher, by post [SPH IT+Consulting GmbH & Co. KG, Bartholomäusstr. 26 (Haus D), 90489 Nuremberg] or by e-mail (datenschutz@sph-consulting.de).

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after storage is no longer necessary (e.g. after processing your enquiry has been completed) or restrict processing if there are legal obligations to retain data.

(4) If we use commissioned service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

2. You have the following rights regarding personal data concerning you:

(1) You have the following rights in relation to personal data concerning you:

  • Right of access (Art. 15 GDPR),
  • Right to rectification or erasure (Art. 16 and 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent given (Art. 7(3) of the GDPR)

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

3. Processing of personal data when using CIB doXicloud

(1) When downloading the mobile app, the required information is transferred to the App store. We have no influence on this data processing and are not responsible for it. We only process the data to the extent necessary for downloading CIB doXicloud to your mobile device. For more information, please visit policies.google.com/privacy

(2) The CIB doXicloud app is a multi–cloud. You can link the app to different clouds (CIB doXisafe, CIB doXima, Dropbox, Google Drive, One Drive). To do this, you need to create an account with the respective cloud provider and integrate it into the CIB doXicloud.

If you link a cloud to the CIB doXicloud app, we process the following data that is technically necessary for us to offer you the functions of our mobile app. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR:

  • Username of the respective cloud
  • E-mail address

Your user data is only stored on your end device and is not transferred to CIB servers. The data is deleted when you disconnect the connection between the respective cloud and app or delete the app.

(3) If you have connected a cloud to your CIB doXicloud app, the app will gain access to your data stored in the respective cloud (CIB doXisafe, CIB doXima, Dropbox, Google Drive, One Drive). The connection of the CIB doXicloud app with the respective cloud is done through an API interface. The doXicloud app serves as a tool to manage and, in particular, share your data stored in the respective cloud.

When linking a cloud with the CIB doXicloud App, we process the following data which are technically necessary for us to offer you the functions of our mobile app. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR:

  • Photos
  • Files
  • Network

Your content on the other clouds is transferred to the CIB server for a short time to display a preview of these files in the CIB doXicloud app and stored. The transfer of the data is encrypted.

Your data will be treated confidentially by us and deleted if you revoke the rights to use it or it is no longer required to provide the services and there are no legal retention obligations.

(4) Crash reports by Firebase Crashlytics

 a. To ensure the stability and security of doXicloud, we require crash reports. We use “Firebase Crashlytics” to generate anonymised crash reports. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

 b. If a crash occurs, information (e.g., the timestamp of the crash; the name and version number of the operating system of the device; the model name of the device, the CPU architecture, the amount of RAM and storage space) will be transmitted to Google’s servers in the USA. This information may also include the following personal data.

  • Crashlytics installation UUIDs.
  • Stack traces when the application crashes or an error occurs.
  • Breakpad mini-dump formatted data (NDK crashes only).

The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. The crash reports are only sent with your consent. With the Android app, you can consent to the transmission of crash reports to Google and the app developers, centrally on your end device. With the iOS app, you can give your consent in the settings of the app or after a crash.

Revoking consent in the Android app:

You can revoke your consent by selecting the item “Google” in the settings of your end device and clicking on the three-dot menu in the upper right corner. There you can deactivate the item “Use & Diagnosis” under the menu item “Use & Diagnosis”. Further information can be found in the Google Account Help.

Revoking consent in the iOS app:

You can revoke your consent by deactivating the item “Crash reports” under Settings in the doXiscan app.

c. Google stores the collected data for 90 days.

(5) Usage analysis by Google Analytics for Firebase
a. To improve the doXicloud App for you, we use Google Analytics for Firebase. In this process, data is transmitted anonymously to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for analysis purposes. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

b. Google evaluates information on how you use the App (e.g., number of visits and sessions, session duration, operating systems, device models) on our behalf so that we can improve the App. Your IP address is only stored in anonymised form. Firebase Analytics also uses identifiers (advertising IDs). These IDs are assigned to the user and allow us to link various events. Further information on data collection by Google Analytics for Firebase can be found at https://support.google.com/firebase/answer/6318039?hl=de&ref_topic=6317497
The data collected will not be merged with your other customer information but will be included in anonymous statistics. We only use Google Analytics with your consent. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. a DSGVO.

You can revoke your consent at any time in the app under settings or restrict the use of advertising IDs in your end device.

For Android devices: Open the settings on your smartphone and select Google. Under the subitem Ads, you can reset or delete the advertising ID.

For an iOS device: You can deactivate ad tracking under Settings and then under the item Privacy, in the menu Advertising.

c. The data transmitted and linked to Google Analytics will be automatically deleted after two months. The deletion of data whose retention period has been reached takes place automatically once a month. Google Analytics for Firebase stores certain data associated with advertising IDs for 60 days.

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google tools.
Further information on Google’s data protection can be found in Firebase’s data protection information at https://firebase.google.com/support/privacy

4. Registration with CIB doXisafe

(1) You have the option to register with CIB doXisafe in the CIB doXicloud app. Registration/login is voluntary, but without a connection to doXisafe you will not be able to use the advanced features of CIB doXicloud.

(2) When you create a CIB doXisafe account and establish the link between the CIB doXicloud App and your CIB doXisafe account, we process the following data that is technically necessary for us to offer you the functions of our mobile app. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR:

  • Username
  • E-mail address
  • doXisafe ID
  • Photos
  • Files

When using the CIB doXisafe Cloud function, you can upload and store photos and documents via encrypted SSL/TLS connection to our server located in Germany. We protect your data from access by third parties through strict security measures. We will not pass on any data unless we are legally obliged to do so (e.g. valid court order). You yourself are responsible for your data and its security.

We will treat your data confidentially and delete it if you revoke the right to use it or if it is no longer required to provide the services and there is no legal obligation to retain it. You can end the link between your CIB doXisafe account and the CIB doXicloud app at any time. In this case, the CIB doXicloud app will have no further access to your data. It is also possible to delete your account with CIB doXisafe. To delete your account, please contact cibsupport@cib.de.

5. Use of your camera and external storage

(1) At the beginning of the use of our mobile app, we ask you in a pop-up for permission to use your camera and external storage (photos and media). If you do not give permission, we will not use this data. In this case, you will not be able to use all the functions of CIB doXicloud. You can grant or revoke permission later in the operating system settings under [Settings, . . .].

(2) If you allow access to the forementioned data, the CIB doXicloud app will only access your data and transfer it to our server to the extent necessary to provide the functionality. Your data will be treated confidentially by us and deleted if you revoke the rights to use it or if it is no longer necessary for the provision of the services and there are no legal retention obligations.

The legal basis for processing the data requested by you through use of the app functions is Art. 6 para. 1 p. 1 lit. b GDPR.

6. Concluding

(1) Our business operations require that data is collected and processed. Where data collection and processing take place, data protection and data security must be guaranteed. This is not only a legal requirement for us, but a real concern.

(2) If you have any questions about data protection in connection with the CIB doXicloud app, please do not hesitate to contact us by using the above contact details.

Cookies
Privacy Policy
Imprint