Please note: You are not obligated to provide us with your personal data (even if this is partially marked as “mandatory” in this statement). However, you may not be able to use our products and services or functionalities may not be available to you or only to a limited extent if you do not provide us with your personal data.
Part A: General
Part B: App
The controller for the processing of your personal data within the meaning of Article 4 No. 7 DS-GVO (Basic Data Protection Regulation) is:
HandHelp UG (limited liability)
Sachsendorfer Street 5
Managing Director: Andreas Jürgen Muchow
Phone: +49 (0) 355 54788905
Fax: +49 (0) 355 86697930
App-Sec-Network UG (limited liability)
Managing Director: Andreas Jürgen Muchow
Phone: +49 (0) 3022321574
Fax: +49 (0) 3022321537
This data protection declaration is based on the following definitions (cf. Art. 4 DS-GVO):
In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes prior to further processing and provide you with all other relevant information.
We do not merge different sets of data for different purposes at any time. We do not use your data for automated decision-making processes and do not create usage profiles of our users.
In principle, any processing of personal data is prohibited by law and only permitted if the data processing is covered by a justification.
In the following, we specify the legal grounds we use. For the processing operations we carry out, we indicate in Part B the applicable legal basis in each case. A processing operation may also be based on several legal bases.
In Part B, you will find information for each of the processing operations carried out by us as to how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the reason for storing it no longer applies.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or if storage is provided for by legal regulations to which we are subject as the responsible party. According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 und 4, Abs. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years according to § 257 Abs. 1 Nr. 2 und 3, Abs. 4 HGB (commercial letters).
If the storage period prescribed by legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
We use external domestic service providers to process our business transactions (e.g. for IT, hosting, logistics, telecommunications, sales and marketing). These will only act on our instructions and have been contractually obligated to comply with data protection regulations in accordance with the requirements of Art. 28 DS-GVO.
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to our online offers.
Our order processors (service providers) are:
Pascal Street 10
Telephone: (030) 300 146 0
Fax: (030) 886 15 111
snafu Society for Interactive Networks mbH
Phone: (030) 25430-0
Fax: (030) 25430-101
Aschauer Street 30
Phone: +49 89 5528 1111
Fax: +49 89 5528 1919
CM.com Germany GmbH
Phone: +49(0)9302 657 0 888
Your data collected and processed by us is only stored on our servers in Germany. In the context of our business relationships, personal data is processed exclusively within the European Economic Area (EEA).
We may be subject to a specific legal or statutory obligation to provide lawfully processed personal data to third parties, in particular public bodies (Art. 6 para. 1 p. 1 lit. c DS-GVO).
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its likelihood and impact on the data subject). Our security measures include, for example, the use of high-performance hardware, regular updates, secure passwords and encryption, and backup plans, and are continuously reviewed and improved in line with technological developments.
We will provide you with more detailed information on this upon request, within reason. We cannot disclose precise information about how we and our service providers secure hardware and software in order to avoid the risk of our security concepts being undermined.
You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided in A.1. above.
You have the following rights as a data subject:
Please note that the aforementioned rights are in some cases subject to further requirements (see the aforementioned articles of the GDPR) and may be restricted by other laws, which means that we are not always able to fulfill your request.
Please also note that in the course of the duty to provide information, we are also obliged to verify your identity, so we may need more detailed information from you.
When you download our app, certain data required for this purpose (e.g., e-mail address, user name, customer number of the downloading account, the individual device identification number, and the time of the download) are transmitted to the corresponding app store (Apple App Store or Google Play).
We have no influence on the collection and processing of this data, which is carried out exclusively by the app store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store of Google or Apple.
When you first launch the app, you will be asked to verify yourself using your mobile phone number or email address. Details that are mandatory to enter in order to use the app are:
Date of birth
Mobile phone number
We collect this information in order to protect the police or fire department / rescue services as well as embassies / consulates / foreign offices from false alarm messages (Art. 6 para. 1 p. 1 lit. c DS-GVO or Art. 6 para. 1 p. 1 lit. f DS-GVO). We reserve the right to block the app from your device in the event of a complaint from the police or fire department / rescue services as well as embassies / consulates / foreign offices due to intentionally false emergency call messages, in order to be able to ensure a smooth operation of the emergency call services.
For more information about the emergency call V for Germany see https://www.gesetze-im-internet.de/notrufv/.
Verification takes place via our partner CM.com Germany GmbH, which acts as our processor.
Other collection and processing when using the app.
Device information: Access data includes the IP address, device ID, device type, device-specific settings and app settings and app properties, the date and time of the retrieval, time zone the amount of data transferred and the message whether the data exchange was complete, crash of the app, browser type and operating system. This access data is processed to technically enable the operation of the app.
Except in the case of an alarm triggering, our app does not collect and process any location data of the app users. This means in particular that the app does not use a so-called location tracker (i.e. a function that reads the location data of your smartphone permanently or at regular intervals and transmits it to the app manufacturer).
However, in order to be able to use the app functions described in more detail below, the processing of location data (strictly limited to the described use) is required in the event of an alarm being triggered.
To use the location data, this function must be activated in your mobile operating system. When using the app for the first time, you will therefore be asked for permission to access the location data. Your confirmation will result in the app having access to your location information in order to be able to help you with your location (emergency location) when an alarm is triggered.
The current location is only transmitted when the alarm is triggered. You can also subsequently specify in the settings of both the Google (Android) and Apple (iOS) operating systems that our app is no longer allowed to receive information about your location. In this case, however, the app will only function to a very limited extent, because access to the location data is necessary in order to be able to send a meaningful alarm message (e.g. to the person you trust).
In order to provide quick and effective assistance, we give users the option to voluntarily provide additional information in the app. The following is a list of the data that is voluntarily submitted (hereinafter referred to as voluntary) and the data that is mandatory submitted (hereinafter referred to as mandatory):
This information remains stored on the end device (smartphone / tablet / wearable) as long as no emergency call or test alarm is executed and can be protected from third parties by entering a password. Only in the event of an emergency call / test alarm will this information be transmitted to the user’s stored and activated helper network as desired.
Our app is delivered without activated emergency call centers and without trusted third parties. By selecting the emergency call centers and by selecting his trusted third parties, the user expressly agrees that information that he has stored in the app and information resulting from the emergency call will be forwarded to the police or fire department / rescue services and abroad to embassies / consulates / foreign offices (foreign missions) and his trusted third parties.
The information is transmitted individually according to the user’s wishes.
The following transmission paths are possible and can be configured in the app:
Furthermore, the PSAPs have the possibility to contact the user via phone call, SMS, chat and videotelephony.
Via direct encrypted connection to the server of Strato AG and snafu Gesellschaft für interaktive Netzwerke mbH
Information that is transmitted to deposited trusted persons:
Via SMS to trusted persons / first responders:
Via e-mail to trusted third parties / first responders:
Information that will be sent to the user:
Via SMS to user:
Via e-mail to user:
Via chat program:
The emergency call centers are not informed / alerted in case of a test alarm!
In case of an emergency call (as a self-affected person)
The following data will be sent via encrypted connection to the server of Strato AG and snafu Gesellschaft für interaktive Netzwerke mbH. There is also an encrypted transmission to retarus AG, which converts the emergency protocol into a PDF – fax, as well as forwarding an e-mail to the services of the police and / or fire / rescue services and optionally to sign language interpreter centers. Transmitted information includes:
Information transmitted to trusted third parties
Via SMS to trusted third parties:
Via e-mail to trusted persons:
Data transmitted to the user:
Via chat program:
In case of an emergency call (as a witness)
The data described below is sent via encrypted connection to the server of Strato AG and snafu Gesellschaft für interaktive Netzwerke mbH. There is also an encrypted transmission to retarus AG, which converts the emergency protocol into a PDF – fax as well as forwarding an e-mail to the services of the police and / or rescue services. Transmitted data includes:
Information sent to trusted third parties
Via SMS to trusted third parties:
Via e-mail to trusted persons:
Data that will be transmitted to the user:
Via chat program:
We generally collect and process data via the app because this is necessary for the fulfillment of the contract between you and us (Art. 6 (1) lit. b DS-GVO), unless a specific legal basis is mentioned above.
Furthermore, we collect and process this data if this is necessary for the functionality of the app (Art. 6 para. 1 lit. f DS-GVO).
We process your voluntarily deposited health data on the basis of your consent (Art. 6 (1) p. 1 lit. a DS-GVO in conjunction with Art. 9 (2) lit. a DS-GVO).
Termination / transmission / storage / deletion periods
An emergency call or a test alarm, if executed in the app, can be canceled within a visible expiring countdown by clicking on the large logo button. If the emergency call is canceled, no data will be transmitted. In case the user uses the Bluetooth emergency button (MyBuddyGuard Button), once a transmission has been started, it cannot be canceled. In case of an accidentally triggered emergency call, the user should immediately inform the police or fire / rescue services.
The data transmitted to us will not be further analyzed, sold or used in any way. They are used exclusively for the purpose of fast and effective help by the authorities responsible for this.
If we do not receive a request to keep this data, your data will be automatically deleted as follows:
Data from test emergency calls – 14 days
Data from emergency calls – 90 days
All emergency call data is stored under an individually generated link with password protection on a secure server of snafu Gesellschaft für interaktive Netzwerke mbH. The servers are protected against unauthorized access by state-of-the-art software and hardware.
In the context of the further development of data protection law as well as technological or organizational changes, our data protection statement is regularly reviewed to determine whether it needs to be adapted or supplemented. In each case, the data protection declaration published on this website applies.
This data protection declaration has the status: June 2022
With the assistance / preparation of the data protection statement: Attorney Thorsten Reh (MEDIAS REHS)
Wir informieren dich, sobald der MyBuddyGuard verfügbar ist.