App Privacy Policy
Welcome to the AED Total Solution IOS and Android application! We know that the handling of your personal data is important to you. For this reason, we take the greatest possible care when handling your personal data and thus ensure a high level of data security. We respect the personal rights of our users and are aware of the importance of protecting the personal data we receive from you.
This Privacy Policy contains information about our data protection practices and measures as well as the rights to which you are entitled within the framework of the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq. (the “CCPA”). Further and to provide a uniform framework, we have also adopted the General Data Protection Regulation (“GDPR”).
The Controller
The controller within the meaning of the CCPA and the GDPR for the processing of personal data is:
CPR1, LLC
3652 Ocean Ranch Blvd,
Oceanside, 92056
California, USA
E-Mail: info@aedtotalsolution.com
If you have any questions about the processing of your personal data, as well as your rights regarding data protection, please contact us.
Where this Privacy Policy applies
This privacy policy applies to the AED Total Solution IOS and Android applications (“the App”).
When designing the APP, we also have made sure that as little as possible information that directly identifies you is collected. As however some countries including the European Union, have a broad definition of personal data this policy covers it. In this sense we would need to first of all explore the definition of personal data.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Legal bases for processing
The processing of your personal data may be based on the following legal grounds:
- consent serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose (Art. 6 (1) a) GDPR).
- contract, insofar as the processing of personal data is necessary for the performance of a contract, e.g., if you use the App (Art. 6 (1) b) GDPR). The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about the App.
- legal obligation, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations (Art. 6 (1) c) GDPR).
- legitimate interest, applies on the basis of our legitimate interests, e.g., when using service providers as part of the App (Art. 6 (1) f) GDPR). Our interest is directed towards the use of a user-friendly, appealing, and secure presentation as well as optimization of the App, which serves our business interests as well as meeting your expectations.
What are your rights?
The CCPA grants California residents the following rights:
- Right to Know
- Right of Deletion
- Right of Non-Discrimination
- Right to Opt-Out of Sale
The GDPR grants Passport holders of the European Union the following rights:
- Right of access
- Right to rectification
- Right to restriction of processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object
- Right of withdrawal
- Right to complain to a supervisory authority
To assert these rights, please contact us at any time using the details provided. You also have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority.
Exercising Your Privacy Rights
To exercise your rights, please contact us. In accordance with the CCPA/GDPR, we will need to confirm your identity to process your requests and we may require you to provide information associated with your account or transactions with us, or to provide government identification, signed declarations and other proof of identity.
Accuracy and updating your information
If you believe that the personal data, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer your requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Collection of Personal Data
Personal data may be collected in two ways, that is directly when you for example volunteer it to us or automatically for example when you install and use our APP. As indicated above we have made sure that as little as possible information that directly identifies you is collected.
Logging in
When you log into your account (created on our website and subject to our websites Privacy Policy), we will ask you to provide us with your username and password. We also use a Token-based Authentication system which is a protocol that generates encrypted security tokens and enables users to verify their identity and then generates a unique encrypted authentication token. The legal basis for processing is our legitimate interest and/ or a contractual or pre-contractual measure.
When you contact us
If you contact us per e-mail, your transmitted personal data will be automatically stored for the purpose of processing the request or contacting you. We delete the data accruing in this context after the storage is no longer necessary for the processing of your request or restrict the processing if there are legal retention obligations. The legal basis for processing is our legitimate interest and/ or a contractual or precontractual measure.
Automatically collected data
- a) Downloading the APP
The APP can be downloaded from the “Google Playstore” a service offered by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU and Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland if you are a resident within the EU, or the Apple App service “App Store” a service of Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, US, if you are resident outside the EU and Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland, if you are a resident within the EU, to install our APP.
Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
- b) Installing the APP
As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.
As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.
- c) Starting the App
Every time you start the App, your data is synchronized, and your device communicates with our server through a signed token. The transmission takes place automatically and is a prerequisite for the secure functioning of the APP and is therefore mandatory.
- d) Device information
We or rather Google and Apple on our behalf collects information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, device ID and type, device-specific and APP settings and properties, APP crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.
How we use information?
The main reason we use your data is to deliver and improve our services as follows:
- to provide our APP to you,
- provide you with customer support and respond to your requests,
- to improve our APP and develop new features and services,
- retain data related to fraudulent activities to prevent against recurrences,
- to ensure legal compliance,
- assist law enforcement, and
- enforce or exercise our rights.
How long do we store your data?
We keep your personal data only as long as we need it for legitimate business purposes and as permitted by applicable law. To protect the safety and security of our users on and off our services, we implement a safety retention window of three months following account deletion. During this period, account information will be retained although the account will of course not be visible on the services anymore.
In practice, we delete or anonymize your data upon deletion of your account (following the safety retention window), unless:
- we must keep it to comply with applicable law,
- we must keep it to evidence our compliance with applicable law,
- there is an outstanding issue, claim or dispute requiring us to keep the relevant data until it is resolved, or
- the data must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security.
Keep in mind that even though our APP is designed to carry out data deletion processes according to the above standards, we cannot promise that all data will be deleted within a specific time-frame due to technical constraints.
Duration of data storage
In general, your APP data is saved and stored on our secure servers operated by Amazon (AWS), in the us-west-1 region USA, and we only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, irrespective of the processing purposes. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
How do we protect your data?
We work hard to protect you from unauthorized access to or alteration, disclosure, or destruction of your personal data. As with all online technology, we take steps to secure your data, however we do not promise, and you should not expect, that your personal data will always remain secure. We regularly monitor our systems for possible vulnerabilities and attacks and regularly review our information collection, storage, and processing practices to update our physical, technical, and organizational security measures. We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security.
Further, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
How we share your data?
We may disclose your personal data to third parties:
- for the purposes of providing services that you request from us, fulfilling our obligations arising from any contracts entered into between you and us, in connection with your use of the APP,
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, or
- if we or substantially all of our shares or assets are acquired by a third party, in which case Personal Data held by us about our customers will be one of the transferred assets.
We may also disclose your personal data to a governmental or regulatory body, law enforcement, or other authorities, in order to enforce our terms of use for the APP, to cooperate with any direction, request or order from such parties or to report any suspected unlawful activity.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Do Not Sell
We do not sell data to third parties. However, we might, making available, transfer, communicate electronically, consumer’s personally identifiable information by the business to a business affiliated inclusive with a third party but not for monetary but for other valuable consideration.
Personal data and children
The services available on our website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal data being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
Obligation to provide personal data
You are not obliged to provide us with personal data. However, depending on the individual case as described above, the provision of certain personal data may be necessary for the provision of the services. If you do not provide us with this personal data, we may not be able to provide the requested service.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Uninstall
You can stop the collection of information by our APP by uninstalling it using the standard uninstall procedure for your device.
Automated individual decision-making including profiling
We do not make automated decisions in individual cases, including profiling.
Changes
Because we’re always looking for new and innovative ways to improve our APP, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us using the following contact details:
CPR1, LLC
3652 Ocean Ranch Blvd,
Oceanside, 92056
California, USA
E-Mail: info@aedtotalsolution.com
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.
This Privacy Policy was last updated on Tuesday, September 13, 2022