Data protection declaration of the EPICOM app

Data protection declaration 1.0

​

Thank you for your interest in our offer.

The protection of your personal data when using our apps is important to us. Here you can find out which of your personal data is collected and used.

​

​

I contact details of the responsible people

​

Responsible for processing your personal data within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection regulations is:

Friends of Liberia e.V.

Nikolaikirchhof 3

04109 Leipzig

Email: verein@freunde-liberias.de 

​

​

II Contact details of the data protection representative

 

You can contact our data protection representative as follows:

Friends of Liberia e.V.

Nikolaikirchhof 3

04109 Leipzig

Email: datenschutz@freunde-liberias.de 

​

​

III Collection and processing of personal data, purposes of processing and storage duration

 

1. Registration for the EPICOM service

 

No registration data or other personal data is collected from you for the use of the EPICOM service. The data relevant for the service is loaded onto your mobile device via a uniform interface without the need to register with us.

 

​

2. Operation of the EPICOM service

 

During the use of the EPICOM service, the location data of your mobile device will be collected and temporarily stored on it for the purpose of providing the service.

Your location is determined by accessing the GPS data. In this way, EPICOM regularly saves the latitude, longitude and time stamp on your mobile device. The location data can also accessed when EPICOM is not active (background service). 

The location data is required to create your movement profile. Motion profiling is an important function of EPICOM. This is the only way to compare your own movement profile with residence areas assessed as risky and, if necessary, to give you an indication of the risk.

Your location data is stored exclusively on the internal memory of your mobile, internet-enabled device ("device"). We have NO ACCESS to this data. The data is stored for a period of 14 days. Older data will be deleted automatically. Deleting EPICOM from your Device will delete all location data stored on the Device for EPICOM purposes.

Identifying the risk of infection with COVID-19 is determined exclusively on the device by comparing the stored location data with the information loaded from a server of the Robert Koch Institute for the risk assessment of all regions in Germany. In the case that the data comparison shows that you have been in an area marked as risky for at least 15 minutes within the last 14 days, you will receive a corresponding message created on the device.

You can terminate access to your location data by revoking EPICOM access to the location services in the settings of your device. In this case EPICOM cannot access the data. We would like to point out, however, that EPICOM does not function in its core function without determining the location data and loses its essential benefit.

An internet connection is required for EPICOM to function. For this purpose EPICOM accesses your mobile data connection. If you have activated the WLAN connections on your device, EPICOM can also access them.

In order to store your data on the internal memory of your device, we access the internal memory of your device.

Your location data will not be transmitted to authorities or other recipients, even in the event of a warning for being in an area designated as risky. 

​

​

IV. Legal basis for processing your personal data

​

The legal basis for the collection and processing of your location data is your consent in accordance with Article 6 Paragraph 1 Clause 1 lit. a) GDPR.

Since the information about your stay in a risk area for a certain period of time may allow conclusions to be drawn about the possibility of an infection with COVID-19, the legal basis for collecting and processing your location data is also your express consent in Article 9 Paragraph 2 lit. a) GDPR.

You can revoke your consent at any time with future effect. Processing of your data up to the point in time of the revocation remains unaffected and therefore lawful. By deleting EPICOM from your device by uninstalling it, you are also revoking your consent to the collection and processing of your data.

If you revoke your consent or if EPICOM is uninstalled, no further location data will be collected and the location data already stored on your device will be automatically deleted.

​

​

V Your Rights

​

In connection with the processing of your personal data by EPICOM, you have the following rights:

• In accordance with Article 15 GDPR, you can request detailed information on how we process your personal data.

• In accordance with Article 16 GDPR, you have the right to request the correction of incorrect and incomplete personal data about you.

• In accordance with the provisions of Article 17 GDPR, you can request the deletion of your personal data. We will comply with the deletion request, unless we are legally obliged or authorized to continue to store and process your data. Legal retention periods in particular come into consideration as legal obligations. Furthermore, we are entitled to permanent storage if we should not be able to assert, exercise or defend legal claims without your data.

• You have the right to request that we restrict processing in accordance with Article 18 GDPR. As far as processing has been restricted, we are only allowed to save your data. Any further processing is then only permitted with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a member state. You can revoke your consent given in this context at any time. We will notify you before the restriction is lifted.

• If the conditions mentioned in Art. 20 GDPR are met, you can also request the surrender of the personal data you have provided on the basis of your consent or their transfer to another person responsible (right to data portability). However, this does not apply if this is contrary to the rights of third parties, including our company, or if the transfer to another person responsible is technically not feasible

Finally, you have the right to complain to a data protection supervisory authority of your choice (Article 77 GDPR) about the processing of your personal data by us. The supervisory authority responsible for us is the Saxon data protection officer.