Data Processing Agreement

Contact for questions regarding data protection

Please use this contact for all data protection issues. Individual instructions (according to data processing agreement 3.3) have to be sent in written form to this contact.

movisens GmbH
Augartenstraße 1
76137 Karlsruhe
Germany
+49 721 381344-0
privacy@movisens.com

Data protection officer

Michael Salbeck - IT Management
Jollystraße 29
76137 Karlsruhe
Germany

Technical and organizational measures (TOMs)

These technical and organizational measures are taken to adequately protect the client's data:

Access control (rooms and buildings) Objective: Deny unauthorized persons access to data processing systems with which personal data is processed or used or in which personal data is stored.	1&1 IONOS Cloud GmbH: See TOM 1&1 IONOS Cloud GmbH
Access control (IT systems, applications) Objective: Prevent data processing systems from being used by unauthorized persons.	movisens GmbH: No additional data is stored that goes beyond the subject of the contract. All access data to subcontractors is stored in encrypted form. 1&1 IONOS Cloud GmbH: See TOM 1&1 IONOS Cloud GmbH
Access control (to data) Objective: It must be ensured that those authorized to use a data processing system can only access the data subject to their access authorization, and that personal data cannot be read, copied, changed, or removed without authorization during processing, use, and after storage.	All movisens GmbH employees who have access to data processing systems that relate to this contract are obligated to comply with data protection laws and regulations in accordance with the DSGVO and are trained accordingly. At the application level, database queries are limited to the data with the corresponding access authorization. The client's application administrators determine the access of the client's employees to the respective study data. 1&1 IONOS Cloud GmbH: See TOM 1&1 IONOS Cloud GmbH
Input Control (into data processing systems) Objective: It must be ensured that it can be subsequently checked and determined whether and by whom personal data has been entered into data processing systems, changed or removed.	Data can only be collected from the study participant via smartphones. The assignment takes place via a coupling by means of subject ID Entered data cannot be changed.
Disclosure control (of data) Objective: To ensure that personal data cannot be read, copied, altered, or removed without authorization during electronic transmission or while being transported or stored on data media, and that it is possible to verify and determine to which entities personal data is intended to be transmitted by data transmission equipment.	256 Bit SSL encryption of all data connections. Both the communication between the smartphone and the server and the communication between the server and the researcher's browser are encrypted. The certificates and technologies used for encryption are regularly checked for vulnerabilities. Data on the smartphone is encrypted using cryptography, which ensures that the captured data is not accessible to unauthorized persons even if the device is lost. Furthermore, the transmission path from the smartphone to the server is additionally secured. A hybrid encryption approach was chosen for the encryption, consisting of symmetric and asymmetric encryption. First, a private and a public key are generated. The public key is transmitted to the smartphone. A session key is generated on the smartphone, which is used to symmetrically encrypt the subject's responses. The encryption algorithm used for symmetric encryption is the Advanced Encryption Standard (AES) with a key length of 256 bits. To securely transfer the secret session key used for symmetric encryption from the smartphone to the server, it is encrypted asymmetrically. The RSA algorithm with a key length of 1024 bits is used. The encrypted session key is transmitted to the server together with the encrypted responses. to the server together with the encrypted responses. The server can obtain the session key using the the private key and use it to decrypt the responses. After successful decryption, the data is deleted from the smartphone.
Job control Objective: Within the scope of order control, it must be ensured that personal data processed on behalf of the customer can only be processed in accordance with the customer's instructions.	movisens GmbH does not further process the collected data. Further processing is the responsibility of the ordering party.
Availability control (of data) Objective: To ensure that personal data is protected against accidental destruction or loss.	Daily data backups are created. These are archived for up to 6 months. 1&1 IONOS Cloud GmbH: See TOM 1&1 IONOS Cloud GmbH
Separation control Objective: Data collected for different purposes must also be processed separately (internal multi-client capability/ purpose limitation, separation of functions production/test).	At application level, database queries are restricted to data with the appropriate access authorization.

Data deletion

When Particpants and Studies are deleted in the web platform they are at first soft deleted (marked as deleted). After 30 days soft deleted objects are hard deleted (deleted from the database). When a partcipant is deleted all acquired data (i.e. ESM data, mobile sensing data, sensor data) is also deleted. When a Study is deleted all Participants of that Study are also deleted. User Accounts are hard deleted directly. Information needed for accounting will be kept. It usally takes another 30 to 60 days for deleted data to disappear from the backups.

Subcontractors

The contractually agreed services and respectively the partial services described below are carried out with the involvement of subcontractors, namely:

Name and address of the subcontractor	Description of the partial services
1&1 IONOS Cloud GmbH Greifswalder Straße 207 10405 Berlin	Virtualisation platform for the operations of the movisensXS platform
TelemaxX Telekommunikation GmbH Amalienbadstraße 41 Bau 61 76227 Karlsruhe	Data center for the physical hosting of the movisensXS platform
Telekom Deutschland GmbH Landgrabenweg 151 53227 Bonn	Storage of encrypted Backups of the movisensXS platform
Functional Software, Inc. 132 Hawthorne St San Francisco, CA 94107 United States	Sentry: Storage of error messages of the movisensXS server applications
Rapid7 100 Summer Street Boston, MA 02110–2115 United States	Logentries: Storage of error messages of the movisensXS server applications

Additional optional subcontractors

The following subcontractors are only used if the respective optional functionality is used.

Name and address of the subcontractor	Description of the partial services
Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 United States	Optional: Storage of error messages of the movisensXS Android App: https://firebase.google.com/terms/crashlytics/ Optional: Google Play for the deployment od the movisensXS App in the Play Store: https://play.google.com/about/play-terms.html Optional: Google Play Services for the acquisition of GPS and actvivity: https://play.google.com/store/apps/details?id=com.google.android.gms Optional: Google Play Services for the display of location on maps: https://play.google.com/store/apps/details?id=com.google.android.gms Optional: Google Cloud Messaging for the notifications of participants that a new message from the sudy admin is available. Only the number of unread messages but not the content is transmitted: https://www.google.com/intl/en/policies/privacy/