Privacy policy for the CIB doXiscan App

Use of the CIB doXiscan app

1. Information on the processing of personal data

(1) In the following we inform you about the processing of personal data when using the CIB doXiscan App. Personal data is all data that can be related to you personally, for example name, address, e-mail addresses, user behaviour.

(2) The controller according to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

CIB software GmbH
Elektrastraße 6a
81925 Munich
Germany

Telephone: +49 89 143 60 – 0
E-Mail: info@cib.de

We have appointed a data protection officer for our company. You can contact our data protection officer, Mr Christian Hammerbacher, by post [SPH IT+Consulting GmbH & Co. KG, Bartholomäusstr. 26 (Haus D), 90489 Nuremberg] or by e-mail (datenschutz@sph-consulting.de).

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after storage is no longer necessary (e.g. after processing your enquiry has been completed) or restrict processing if there are legal obligations to retain data.

(4) If we use commissioned service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

2. You have the following rights regarding personal data concerning you:

(1) You have the following rights in relation to personal data concerning you:

  • Right of access (Art. 15 GDPR),
  • Right to rectification or erasure (Art. 16 and 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent given (Art. 7(3) of the GDPR)

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

3. Processing of personal data when using CIB doXiscan

(1) When downloading the mobile app, the required information is transferred to the App store. We have no influence on this data processing and are not responsible for it. We only process the data to the extent necessary for downloading CIB doXicloud to your mobile device. For more information, please visit policies.google.com/privacy

(2) When you use CIB doXiscan, we process the personal data described below to enable you to use the features comfortably. If you wish to use the CIB doXiscan app, we process the following data that is technically necessary for us to offer you the functions of our mobile app. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR:

– Photos

When using the OCR function, the photos are transferred to the CIB server for a short time and deleted from the CIB server immediately after processing.

The OCR function can be deactivated at any time in the settings of the app under the menu item searchable pdf (OCR). If this function is deactivated, no personal data will be sent to CIB by using the app.

(3) Crash reports by Firebase Crashlytics

a. To ensure the stability and security of doXiscan, we require crash reports. We use “Firebase Crashlytics” to generate anonymised crash reports. Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

b. If a crash occurs, information (e.g. the timestamp of the crash; the name and version number of the operating system of the device; the model name of the device, the CPU architecture, the amount of RAM and storage space) will be transmitted to Google’s servers in the USA. This information may also include the following personal data

  • Crashlytics installation UUIDs.
  • Stack traces when the application crashes or an error occurs.
  • Breakpad mini-dump formatted data (NDK crashes only).

The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. The crash reports are only sent with your consent. With the Android app, you can consent to the transmission of crash reports to Google and the app developers, centrally on your end device. With the iOS app, you can give your consent in the settings of the app or after a crash.

Revoking consent in the Android app:

You can revoke your consent by selecting the item “Google” in the settings of your end device and clicking on the three-dot menu in the upper right corner. There you can deactivate the item “Use & Diagnosis” under the menu item “Use & Diagnosis”. Further information can be found in the Google Account Help.

Revoking consent in the iOS app:

You can revoke your consent by deactivating the item “Crash reports” under Settings in the doXiscan app.

c. Google stores the collected data for 90 days.

(4) Usage analysis by Google Analytics for Firebase
a. To improve the doXiscan App for you, we use Google Analytics for Firebase. In this process, data is transmitted anonymously to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for analysis purposes. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

b. Google evaluates information on how you use the App (e.g., number of visits and sessions, session duration, operating systems, device models) on our behalf so that we can improve the App. Your IP address is only stored in anonymised form. Firebase Analytics also uses identifiers (advertising IDs). These IDs are assigned to the user and allow us to link various events. Further information on data collection by Google Analytics for Firebase can be found at https://support.google.com/firebase/answer/6318039?hl=de&ref_topic=6317497
The data collected will not be merged with your other customer information but will be included in anonymous statistics. We only use Google Analytics with your consent. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. a DSGVO.

You can revoke your consent at any time in the app under settings or restrict the use of advertising IDs in your end device.
For Android devices: Open the settings on your smartphone and select Google. Under the subitem Ads, you can reset or delete the advertising ID.
For an iOS device: You can deactivate ad tracking under Settings and then under the item Privacy, in the menu Advertising.

c. The data transmitted and linked to Google Analytics will be automatically deleted after two months. The deletion of data whose retention period has been reached takes place automatically once a month. Google Analytics for Firebase stores certain data associated with advertising IDs for 60 days.

(5) We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google tools.
Further information on Google’s data protection can be found in Firebase’s data protection information at https://firebase.google.com/support/privacy

4. Use of your camera and external storage device

(1) When you start using our mobile app, we ask you for permission to use your camera and external storage in a pop-up. If you do not give permission, we will not use this data. In this case, you will not be able to use all the functions of CIB doXiscan. You can grant or revoke permission later in the settings of the operating system under [Settings, . . .].

(2) If you allow access to the forementioned data, the CIB doXiscan app will only access your data and transfer it to our server to the extent necessary to provide the functionality. Your data will be treated confidentially by us and deleted if you revoke the rights to use it or if it is no longer necessary for the provision of the services and there are no legal retention obligations. The legal basis for processing the data requested by you through use of the app functions is Art. 6 para. 1 p. 1 lit. b GDPR.

5. Concluding

(1) Our business operations require that data is collected and processed. Where data collection and processing take place, data protection and data security must be guaranteed. This is not only a legal requirement for us, but a real concern.

(2) If you have any questions about data protection in connection with the CIB doXiscan app, please do not hesitate to contact us by using the above contact details.