Informations relatives au traitement des données pour movisensXS

Contact for questions regarding data protection

Please use this contact for all data protection issues. Individual instructions (according to data processing agreement 3.3) have to be sent in written form to this contact.

movisens GmbH
Augartenstraße 1
76137 Karlsruhe
Germany
+49 721 381344-0
privacy@movisens.com

Data protection officer

Michael Salbeck - IT Management
Jollystraße 29
76137 Karlsruhe
Germany

Technical and organizational measures (TOMs)

These technical and organizational measures are taken to adequately protect the client's data:

Pseudonymization and Encryption of Personal Data (Art. 32(1)(a) GDPR; Art. 25(1) GDPR)

Pseudonymization Objective: Pseudonymization shall ensure that the identification of the data subject is excluded or significantly impeded.	Implementation by Client: Separate storage of allocation data: movisens works exclusively with pseudonymized or anonymized data. Clients must take the necessary measures to ensure that study participants cannot be identified by movisens or third parties. In particular, personal data must be pseudonymized or anonymized before being transferred to the web portal. The allocation data that establishes a connection between the pseudonymized data and the actual identities remains exclusively with the client. (see Terms of Service movisensXS Chapter 3.3)

Ensuring the Confidentiality, Integrity, Availability and Resilience of Systems and Services in Connection with Processing (Art. 32(1)(b) GDPR)

Physical Access Control Objective: The purpose of entry control is to prevent unauthorized persons from gaining physical access to data processing systems used to process, use or store personal data.	Implementation by IONOS (see IONOS Cloud TOMs): Alarm system: Use of an alarm system to monitor data centers and report unauthorized entry. Control systems: Control systems monitor and ensure access to the respective data center only for authorized persons.

Logical Access Control Objective: Preventing unauthorized access to processing facilities used to carry out processing.	Implementation by movisens: Automatic locking of inactive sessions: Inactive sessions are automatically logged out of the web interface after a defined period of time. Management of subcontractor access credentials: All access credentials to subcontractors are stored exclusively in encrypted form. Implementation by movisens and Client: User authentication: Access to the system is exclusively via individual user accounts with username and password. For provided API keys, further management is the responsibility of the client. Implementation by Client: Client-side access management: The implementation of measures to control access permissions is the responsibility of the client.

Data Media Control Objective: Prevention of unauthorized reading, copying, modification or deletion of data media.	Implementation by IONOS (see IONOS Cloud TOMs): Secure destruction of data media: Physical data media (end of life or defective) are handled by a certified data destruction company and the complete lifecycle of a data medium is audited.

Data Access Control Objective: Ensuring that persons authorized to use an automated processing system have access exclusively to the personal data covered by their access authorization.	Implementation by movisens: Access restrictions at application level: At the application level, database queries are restricted to data with the corresponding access authorization. Protection of personal data on mobile devices: Data on smartphones is encrypted using cryptography, ensuring that collected data remains inaccessible to unauthorized persons even if the device is lost. Furthermore, the transmission path from the smartphone to the server is secured. Implementation by Client: Client-side disclosure management: The implementation of measures to control disclosure permissions is the responsibility of the client.

Input Control Objective: Ensuring that it can be retrospectively verified and established which personal data have been entered into or modified in automated processing systems, at what time and by whom.	Implementation by movisens: Traceable data collection: Data can only be collected via study participants' smartphones. Assignment is made via coupling using a participant ID. Entered data cannot be modified. Implementation by Client: Client-side input control: The implementation of additional input control measures is the responsibility of the client.

Transport Control Objective: Ensuring that the confidentiality and integrity of data are protected when personal data are transmitted and when data media are transported.	Implementation by movisens: Encrypted data connection: Both the communication between the smartphone and the server and the communication between the server and the researcher's browser are encrypted using 256-bit SSL. Security control of certificates and encryption: The certificates and technologies used for encryption are regularly renewed.

Reliability Objective: Ensuring that all functions of the system are available and that any malfunctions are reported.	Implementation by IONOS (see IONOS Cloud TOMs) and movisens: Monitoring of relevant IT infrastructure: The relevant IT infrastructure (servers, networks, databases) is continuously monitored to ensure that the systems are functioning properly. Monitoring and management of system availability: Continuous monitoring of system availability, identification and handling of malfunctions.

Data Integrity Objective: Ensuring that stored personal data cannot be damaged by system malfunctions.	Implementation by IONOS (see IONOS Cloud TOMs): Resilient data storage: Storage of data on a resilient storage architecture.

Order Control Objective: Ensuring that personal data processed on behalf of a controller can only be processed in accordance with the controller's instructions.	Implementation by movisens: Review of security measures of processors: Before commissioning processors, it is evaluated whether the security measures implemented by the processor are sufficient for the client's requirements. Conclusion of data processing agreements: Required data processing agreements (DPA) or EU standard contractual clauses are concluded with all processors. Purpose-bound and instruction-based processing: Data processed on behalf of a controller is processed exclusively in accordance with the data processing agreement and the controller's instructions. Any further processing is solely the responsibility of the controller.

Availability Control Objective: Ensuring that personal data are protected against destruction or loss.	Implementation by IONOS (see IONOS Cloud TOMs): Physical protection of IT infrastructure: The protection of IT infrastructure is ensured through appropriate technical measures by the sub-service provider.

Separation Objective: Ensuring that personal data collected for different purposes can be processed separately.	Implementation by movisens: Separation of production and test systems: Production and test systems are separated to prevent test data or systems from accessing production data or systems. Multi-tenancy capability: Data and configurations from different tenants can be separated to ensure that each tenant can only access their own data.

Rapid Restoration of Availability and Access to Personal Data in the Event of Physical or Technical Incidents (Art. 32(1)(c) GDPR)

Recoverability Objective: The purpose of recoverability is to ensure that systems in use can be restored promptly in the event of a malfunction.	Implementation by movisens and Client: Backup and recovery concept: Daily data backups are created. These are archived for at least 3 months. Additional data backups are the responsibility of the client.

Incident Management Objective: The purpose of incident management is to systematically detect, evaluate, document and resolve security incidents.	Implementation by movisens and Client: Information of data subjects in case of data protection incidents: Informing affected data subjects is the responsibility of the client. movisens ensures that the client is supported to the best of its ability in order to ensure compliance with data protection obligations.

Data deletion

When Particpants and Studies are deleted in the web platform they are at first soft deleted (marked as deleted). After 30 days soft deleted objects are hard deleted (deleted from the database). When a partcipant is deleted all acquired data (i.e. ESM data, mobile sensing data, sensor data) is also deleted. When a Study is deleted all Participants of that Study are also deleted. User Accounts are hard deleted directly. Information needed for accounting will be kept. It usually takes 3 months for deleted data to disappear from the backups, although in exceptional cases this may take longer.

Subcontractors

The contractually agreed services and respectively the partial services described below are carried out with the involvement of subcontractors, namely:

Name and address of the subcontractor	Description of the partial services
IONOS SE Greifswalder Straße 207 10405 Berlin	Virtualisation platform for the operations of the movisensXS platform
TelemaxX Telekommunikation GmbH Amalienbadstraße 41 Bau 61 76227 Karlsruhe	Data center for the physical hosting of the movisensXS platform
Telekom Deutschland GmbH Landgrabenweg 151 53227 Bonn	Storage of encrypted Backups of the movisensXS platform
Functional Software, Inc. 132 Hawthorne St San Francisco, CA 94107 United States	Sentry: Storage of error messages of the movisensXS server applications

Additional optional subcontractors

The following subcontractors are only used if the respective optional functionality is used.

Name and address of the subcontractor	Description of the partial services
Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 United States	Optional: Storage of error messages of the movisensXS Android App: https://firebase.google.com/terms/crashlytics/ Optional: Google Play for the deployment od the movisensXS App in the Play Store: https://play.google.com/about/play-terms.html Optional: Google Play Services for the acquisition of GPS and actvivity: https://play.google.com/store/apps/details?id=com.google.android.gms Optional: Google Play Services for the display of location on maps: https://play.google.com/store/apps/details?id=com.google.android.gms Optional: Google Cloud Messaging for the notifications of participants that a new message from the sudy admin is available. Only the number of unread messages but not the content is transmitted: https://www.google.com/intl/en/policies/privacy/

Change Log:

January 30, 2026:
- Revision of technical and organizational measures
- Update of technical and organizational measures of subprocessor IONOS SE
- Information on backup archive retention updated to at least 3 months
- Rapid7 removed as subprocessor
June 17, 2019: Initial version