Data Processing Information for movisensXS
Contact for questions regarding data protection
Please use this contact for all data protection issues. Individual instructions (according to data processing agreement 3.3) have to be sent in written form to this contact.
movisens GmbH
Augartenstraße 1
76137 Karlsruhe
Germany
+49 721 381344-0
privacy@movisens.com
Data protection officer
Michael Salbeck - IT Management
Jollystraße 29
76137 Karlsruhe
Germany
Technical and organizational measures (TOMs)
These technical and organizational measures are taken to adequately protect the client's data:
Access control (rooms and buildings) Objective: Deny unauthorized persons access to data processing systems with which personal data is processed or used or in which personal data is stored. |
|
Access control (IT systems, applications) Objective: Prevent data processing systems from being used by unauthorized persons. |
|
Access control (to data) Objective: It must be ensured that those authorized to use a data processing system can only access the data subject to their access authorization, and that personal data cannot be read, copied, changed, or removed without authorization during processing, use, and after storage. |
|
Input Control (into data processing systems) Objective: It must be ensured that it can be subsequently checked and determined whether and by whom personal data has been entered into data processing systems, changed or removed. |
|
Disclosure control (of data) Objective: To ensure that personal data cannot be read, copied, altered, or removed without authorization during electronic transmission or while being transported or stored on data media, and that it is possible to verify and determine to which entities personal data is intended to be transmitted by data transmission equipment. |
|
Job control Objective: Within the scope of order control, it must be ensured that personal data processed on behalf of the customer can only be processed in accordance with the customer's instructions. |
|
Availability control (of data) Objective: To ensure that personal data is protected against accidental destruction or loss. |
|
Separation control Objective: Data collected for different purposes must also be processed separately (internal multi-client capability/ purpose limitation, separation of functions production/test). |
|
Data deletion
When Particpants and Studies are deleted in the web platform they are at first soft deleted (marked as deleted). After 30 days soft deleted objects are hard deleted (deleted from the database). When a partcipant is deleted all acquired data (i.e. ESM data, mobile sensing data, sensor data) is also deleted. When a Study is deleted all Participants of that Study are also deleted. User Accounts are hard deleted directly. Information needed for accounting will be kept. It usally takes another 30 to 60 days for deleted data to disappear from the backups.
Subcontractors
The contractually agreed services and respectively the partial services described below are carried out with the involvement of subcontractors, namely:
Name and address of the subcontractor | Description of the partial services |
---|---|
1&1 IONOS Cloud GmbH Greifswalder Straße 207 10405 Berlin |
|
TelemaxX Telekommunikation GmbH Amalienbadstraße 41 Bau 61 76227 Karlsruhe |
|
Telekom Deutschland GmbH Landgrabenweg 151 53227 Bonn |
|
Functional Software, Inc. 132 Hawthorne St San Francisco, CA 94107 United States |
|
Rapid7 100 Summer Street Boston, MA 02110–2115 United States |
|
Additional optional subcontractors
The following subcontractors are only used if the respective optional functionality is used.
Name and address of the subcontractor | Description of the partial services |
---|---|
Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 United States |
|