For best GDRP compliance and for customers in the European Union, we do provide for a full data processing agreement which can be examined here and, if needed, signed electronically.
Last change: January 7, 2021
Derdack GmbH (in the following also “Derdack” or “we”) appreciates your interest in the service “SIGNL4” (in the following also “SIGNL4” or “Service”, including all related apps, e.g. the SIGNL4 mobile app). We attach great importance to protecting your privacy. In the following we provide detailed information on how your data is handled.
The data controller is:
Derdack GmbH
Konrad-Zuse-Ring 12b, 14469 Potsdam
Managing director: Matthes Derdack
Email: info@signl4.com
You can reach our data protection officer at dataprivacy@signl4.com
3.1 The Service is an alerting service for companies that monitors processes and procedures and allows alarms to be sent and tracked. The Service supports and automates alerting and communication processes. For this it is necessary that each user first registers for the use of the Service.
3.2 As part of the registration for the app, we collect the following (personal) access data:
Unless you sign in using GoogleSignIn, Microsoft SignIn or your Apple ID, your password will first be generated by us and may then be changed by you.
3.3 Alternatively, you can use the “Sign in with Google” or “Sign in with Microsoft” buttons or register with your Apple ID if you have an identity account with one of these two providers. Google, Microsoft and Apple offer the possibility to log in to other websites via their API with your log-in data, if available. These are services over which we have no control.
3.4 SignIn with Google: Provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). An additional registration or login is therefore not necessary. If you decide to register with Google SignIn and click on the “Login with Google” / “Connect with Google” button, you will automatically be redirected to the Google platform. There you can log in with your usage data. This will link your Google profile to our website or services. This link gives us access to your data stored by Google. This is currently:
The integration of the Google SignIn takes place on the basis of Art. 6 (1) (f) GDPR. This data is used to simplify the registration of your account. This makes it easier to use our services. This is in our legitimate interest. For more information about Google Sign In and Google’s privacy policy, please see the following links: https://policies.google.com/terms and http://www.google.de/intl/de/policies/privacy
In case Google Ireland transfers personal data to the U.S., the following legal framework applies, which indicates that Google relies on the EU Commission’s Standard Contractual Clauses: https://policies.google.com/privacy/frameworks?hl=en-US
3.5 SignIn with Microsoft: If you have a Microsoft account, you can alternatively register via Microsoft. This service is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “Microsoft”). If you click the “Log in with Microsoft” button, you will automatically be redirected to a Microsoft page where you can enter your Microsoft e-mail address or telephone number. This will link your Microsoft account to our website or services. This link gives us access to your data stored with Microsoft. This is currently:
The integration of Microsoft is based on Art. 6 (1) (f) GDPR. This data is used to simplify the registration of your account.
For more information about Microsoft and Microsoft’s privacy statements, see the following links: https://privacy.microsoft.com/en-us/privacystatement
Microsoft also processes your personal data in the United States. The following general conditions apply to this, which show that Microsoft relies on the standard contractual clauses of the EU commission: https://docs.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses
3.6 SignIn with Apple ID: If you have an Apple ID, you can alternatively register with it. This service is provided by Apple Inc., Invinite Loop, Cupertino, CA 95014. If you sign in with Apple, your Microsoft account will be linked to our app. This link gives us access to your data stored with Apple. This is currently:
The integration of the SignIn via the Apple ID is based on Art. 6 (1) (f) GDPR. This data is used to simplify the registration of your account.
For more information about Apple and Apple’s privacy policies, please see the following link: https://www.apple.com/legal/privacy/en-ww/
Apple also processes your personal data in the United States. The following general conditions apply to this, which show that Apple relies on the standard contractual clauses of the EU commission: https://www.apple.com/legal/procurement/docs/ADI_TERMS_COND-0164.pdf
3.7 If at the end of the trial period you decide to subscribe to upgrades of the app with additional functionality, we will also collect the following data:
3.8 On a voluntary basis, you may provide the following additional information when registering or using the App:
3.9 You can revoke the voluntary information (Section 3.3) at any time with effect for the future by deleting the relevant information in your profile or changing the Setting of the App accordingly.
3.10 We use the data listed under Sections 3.1 to 3.3 exclusively for the purpose of enabling you to use the SIGNL4 App (Art. 6 (1) (a) GDPR).
3.11 If you have given us your consent to send you our e-mail newsletter (Art. 6 (1) (a) GDPR), we will use your e-mail address to send you the newsletter. You can withdraw your consent at any time with effect for the future.
4.1 Which data we collect during the use of the app depends on which version of the app you have installed or which additional functionalities you have subscribed to. Below we inform you which data can be collected depending on the installed or subscribed function:
4.2 We use the data mentioned under 4.1 for the following purposes:
4.3 Depending on the installed / subscribed functions, the data mentioned under 4.1. are used within a certain period of time to determine the reaction times within a team, to classify the alarms and their relevance and to evaluate the distribution of alarm acknowledgements to the users of a team. These evaluations are person-related and are also visible to all users of a team or are communicated to them by us.
4.4 We store your data to the extent and as long as legal and/or offered retention period exist.
5.1 If you have moved the slider to the right under the button “(i) About”, next to the text “Transmit location with manual SIGNL”, we can access your location data. To display your location data, we use Google Maps, a service provided by Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”).
We have a legitimate interest in this (Art. 6 (1) (f) GDPR), as it allows us to extend this App with functionalities that are also based on the recording of your location. You can, however, move the slider to the left at any time and thus prevent the acquisition of location data.
By using Google Maps, information about the use of our app (including your IP address) may be transmitted to and stored by Google on servers in the United States. If you do not want data to be transferred to Google through the use of the map, you cannot give or revoke your consent to access location data in the settings as described above. Then you will not be able to use the SIGNL4 functions where your location is shared.
5.2 The Google Maps Terms of Use can be found at: https://www.google.com/intl/en_us/help/terms_maps/
You can find further information on data protection at Google at: https://policies.google.com/privacy?hl=en&gl=de
Google Inc. also processes your personal data in the United States. The following general conditions apply to this, which show that Google Maps relies on the standard contractual clauses of the EU commission: https://support.google.com/adspolicy/answer/10042247?hl=en
6.1 We use various services from Firebase, a service from Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”), specified in more detail below. Firebase uses so-called “Instance IDs” to memorize individual settings of the mobile app. Because each instance ID is unique to a mobile app and the mobile device you are using, Firebase can evaluate and respond to specific events within the mobile app. The information generated by the instance ID about your use of this mobile app on your mobile device is usually transferred to a Google server in the USA and stored there. The legal basis for the use of Firebase is Art. 6 (1) (f) GDPR. The evaluations and analysis allow us to make our offer more attractive.
However, in the settings of your app under the menu item “(i) About”, you can move the shift lever “Send anonymous usage and error logs” to the left: then no further usage data will be transmitted to us.
6.1.1 We use the Firebase Analytics service, which provides us with analytical and device-related information when you use a mobile device with an Android operating system. Firebase Analytics collects so-called “Mobile Ad IDs”, IDs related to the mobile device and so-called “Analytics App Instance IDs”. Firebase Analytics stores this ID-related information for 60 days and stores summary and action-related data without automatic deletion until PIM makes an appropriate setting in Analytics or deletes its project.
6.1.2 We use the Firebase Cloud Messaging service if you are using a mobile device with an Android operating system to determine which mobile device to send messages to by using instance IDs. The instance IDs transmitted are stored by Firebase until we ask Firebase to delete them. Firebase then deletes the data within 180 days.
6.1.3 We use the Firebase Crashlytics service if you are using a mobile device with Android operating system that informs us if a malfunction has occurred in your mobile app. The instance IDs and malfunction reports transmitted are stored by Firebase until we ask Firebase to delete them. Firebase then deletes the data within 180 days.
6.1.4 We use the Firebase Performance Monitoring service, which uses instance IDs to monitor the performance of the mobile app and respond to specific incidents within the app. The findings on these specific processes are stored by Google for 30 days. Instance IDs are stored by Google until we request Google to delete them. Google then deletes the data within 180 days.
6.2 For more information about Google’s use of data over Firebase, see:
https://firebase.google.com/terms/data-processing-terms
https://firebase.google.com/terms/
https://firebase.google.com/support/privacy/manage-iids
https://firebase.google.com/support/privacy/
6.3 In Case Google transfers personal data to the U.S., the following legal framework applies, which indicates that Google relies on the EU Commission´s Standard Contractual Clauses: https://policies.google.com/privacy/frameworks?hl=en-US
6.4 If you use the SIGNL4 app, you can object to the use of Firebase at any time by setting the slider for anonymous statistics in the app under the button “(i) About” so that anonymous usage and error logs are not collected. Then an analysis of your use of the mobile app by Firebase and the transfer of the data to Google will not take place.
As this is an alerting app for teams, the collected data is passed on within the team (see point 4). This includes superiors, if they are part of the team.
Your billing and credit card information will be forwarded to Recurly Inc. for the purpose of user account administration and with Stripe Inc. for the purpose of processing payments. Both companies are located in the USA.
We have a legitimate interest in using these services, as we would not be able to provide our services in full or at all without them (Art. 6 (1) (b) GDPR).
Recurly: https://support.recurly.com/hc/en-us/articles/360050344231-EU-July-2020-Privacy-Shield-Ruling and https://go.recurly.com/rs/439-LSC-903/images/Recurly-EU-Personal-Data-Processing-Agreement.pdf
Stripe: https://stripe.com/de/privacy, and https://stripe.com/privacy-center/legal#data-transfers
Upon your request, you can receive a SMS or a call via your mobile phone number in addition to the alert via the app if you configure SIGNL4 accordingly. We work with the company Twilio Inc. for the associated telecommunications services. The SMS or the voice call will then be sent via Twilio, an offer by the company Twilio Inc. (hereinafter “Twilio”), 645 Harrison St # 3rd Floor, San Francisco, CA 94107 USA.
To do this, we transmit your mobile phone number and the content of your message to Twilio, where it is saved until you delete your user account. Upon deletion of your SIGNL4 user account, we will also ensure the deletion of your mobile phone number from Twilio within 60 days.
For the transfer to Twilio, we use the EU infrastructure of Twilio. For any transfer of personal data outside the EU, Twilio’s Binding Corporate Rules apply: https://www.twilio.com/legal/binding-corporate-ruleshttps://www.twilio.com/legal/binding-corporate-rules
We have a legitimate interest in using Twilio, as we would otherwise not be able to provide the service you have chosen at all or not to its full extent (Art. 6 (1)(b) GDPR).
For more information about Twilio’s privacy policy, see:
https://www.twilio.com/legal/privacy
10.1 The following consent(s) you may have given us expressly and we have your consent logged.
According to the German Telemedia Act, we are obliged to keep the content of consents available for retrieval at all times.
10.2 You can revoke your consent(s) at any time with effect for the future.
In order to ensure data security and the protection of your personal data, Derdack GmbH takes technical protective measures, in particular to prevent third parties from accessing your data. Derdack GmbH shall adapt the technical protective measures in accordance with the current state of the art technology.
12.1 You have the right to obtain information about the personal data stored about you by Derdack and, if applicable, the right to correct, delete or block such data. In order to assert your rights, please contact the responsible body mentioned under point 1.
12.2 You can view and change the data stored in your profile at any time. You can also delete your profile at any time. In the cases of § 35 Para. 3 BDSG (Bundesdatenschutzgesetz, German Data Protection Act), the deletion shall be replaced by the blocking.
12.3 Derdack points out that Derdack is entitled, by order of the competent authority in individual cases, to provide information on data insofar as this is necessary for the purposes of criminal prosecution, to avert danger by the police authorities of the Länder, to fulfil the statutory duties of the Federal and Länder Office for the Protection of the Constitution, the Federal Intelligence Service or the Military Counter-Intelligence Service or to enforce intellectual property rights.
13.1 In the course of technical development, Derdack will also continuously adapt its data protection declaration. Derdack will incorporate changes on this page in good time and, if necessary, obtain your renewed consent.
13.2 Irrespective of this, you should visit this page regularly in order to inform yourself about the current status of the data protection information.