DATA PROTECTION INFORMATION
SECANDA APP
Version 1.1 / 16.03.2023
We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations as well as this privacy policy. This privacy policy applies to our mobile iPhone and Android apps (hereinafter referred to as the “SECANDA App”). It explains the type, purpose, and scope of data collection in connection with the use of the app. Please note that data transmission over the Internet may have security vulnerabilities. Complete protection of data from access by third parties is not possible.
The SECANDA App is a user’s personal account and serves as a supplement to the SECANDA system. The SECANDA App allows the user to load funds into their account, view their transaction overview, transfer balance to another user, or block their personal chip card/token. Only registered users of the SECANDA system may use the SECANDA App.
To use the SECANDA App, the user must register once in the app. The user may log out of the app at any time.
The personal data collected by the SECANDA App will be stored until you request us to delete it, revoke your consent to storage, or the purpose for which the data was stored no longer applies. If there is a statutory retention obligation or another legally recognized reason for storing the data (e.g., legitimate interest), the relevant personal data will not be deleted until the reason for retention no longer applies.
The processing of personal data is only permissible if there is a valid legal basis for doing so. Whenever we process your data, it is generally based on your consent in accordance with Art. 6
(1) (a) GDPR (e.g., when you voluntarily provide your data in the SECANDA App), or for the purpose of fulfilling a contract under Art. 6 (1) (b) GDPR (e.g., when using the top-up function in the SECANDA App).
For security reasons and to protect the transmission of confidential content, the SECANDA App uses encryption—for example, for requests you send to us as the app operator or for
communication between app users. This encryption prevents unauthorized third parties from reading the data you transmit.
Polyright AG
Promenade du Canal 83 CH-1950 Sion
Email: info@polyright.com Website: www.polyright.com Tel.: +41 27 303 50 00
Fax: +41 27 303 50 001
The “data controller” is the entity that collects, processes, or uses personal data (e.g., names, email addresses, etc.).
You can reach our company data protection officer at:
Email: datenschutz@secanda.com
We reserve the right to change these privacy provisions at any time in compliance with legal requirements.
The GDPR grants certain rights to data subjects whose personal data is processed by us. We would like to inform you of these rights:
Many data processing operations are only possible with your consent. We will explicitly request your consent before starting such processing. You may withdraw your consent at any time. A simple email notification to us is sufficient. The lawfulness of the data processing carried out before the withdrawal remains unaffected.
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. This right exists without prejudice to other administrative or judicial remedies.
You have the right, at any time and free of charge, to obtain information about your stored personal data, its origin and recipients, and the purpose of the data processing. You also have the right to rectification or deletion of this data. For this purpose, and for any other questions concerning personal data, you may contact us at the address provided in the legal notice at any time.
You have the right to request restriction of the processing of your personal data. You may contact us at the address provided in the legal notice at any time. The right to restrict processing applies in the following cases:
If you contest the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you may request restriction of data processing instead of deletion.
If we no longer need your personal data but you require it to exercise, defend, or establish legal claims, you have the right to request restriction of processing instead of deletion.
If you object pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data—apart from being stored— may only be processed with your consent, for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
You have the right to receive data that we process automatically based on your consent or in performance of a contract, in a commonly used, machine-readable format, and to have it transmitted to yourself or to a third party. If you request the direct transfer of data to another controller, this will only take place if technically feasible.
The SECANDA App does not access the following device functions: location, contacts, photos, videos, microphone.
When you access the SECANDA App via a mobile device, we may automatically collect certain information such as your device’s unique ID, IP address, operating system, type of mobile browser used, and other statistics.
The legal basis for this data processing is our legitimate interest in accordance with Art. 6 (1) (f) GDPR and/or your consent pursuant to Art. 6 (1) (a) GDPR.
The following personal data may be displayed and processed in the SECANDA App:
Name
SECANDA ID
Email address
Most recent booking transactions
Current balance
Information about the payment method
Mandatory fields are last name and email address (minimum required data).
The SECANDA App does not store this data. The app retrieves the data from the background database and displays it. If there is no connection to the database (e.g., when no data network is available), the following message appears: “The server is currently not available”, and no personal data is displayed.
No personal data from the SECANDA App is transferred to third parties.
The processing of this personal data is necessary to ensure the functionality of the SECANDA App. The legal basis for this data processing is our legitimate interest in accordance with Art. 6 (1) (f) GDPR, your consent under Art. 6 (1) (a) GDPR, and/or—if a contract has been concluded—the fulfillment of our contractual obligations pursuant to Art. 6 (1) (b) GDPR.
When you contact us (e.g., by email, telephone, or fax), your request, including all personal data arising from it (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your inquiry.
The processing of this data is based on Art. 6 (1) (b) GDPR, provided your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) (a) GDPR) and/or our legitimate interests (Art. 6
(1) (f) GDPR), as we have a legitimate interest in effectively processing inquiries directed to us.
The data you provide to us via contact requests will remain with us until you request deletion, revoke your consent to storage, or the purpose of storage no longer applies (e.g., after your inquiry has been resolved). Mandatory statutory provisions—particularly statutory retention periods—remain unaffected. We do not share your data without your consent.
When you access our SECANDA App, your behavior may be statistically evaluated using certain analytics tools and analyzed for advertising, market research, or to improve our offerings. When using such tools, we ensure compliance with legal data protection requirements.
When external service providers (processors) are used, we ensure by means of appropriate contracts that data processing complies with German and European data protection standards.
For service purposes, Google Analytics is used to analyze global user behavior. No personal user data is used for this analysis, and it is not possible to identify individuals.
The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of Google Analytics may require the transfer of your personal data to the USA.
Google Analytics is used to optimize the SECANDA App and improve our services. This constitutes a legitimate interest under Art. 6 (1) (f) GDPR.
Status: March 2023