The APP was developed as part of a research project on gamification for sustainable employee behavior at the University of Koblenz-Landau. It offers the following functionalities:
- Proposals and implementation of actions for sustainable behavior at work
- Individual and team goals as well as competitions among colleagues of a company
- Possibility for colleagues of a company to organize themselves in teams
- Presentation of a ranking list of colleagues and teams of a company
- User profiles with personal statistics on one's own sustainability behavior as well as a goal and action history
- Badges and achievements for reaching certain milestones
- Reminders and tips based on your own goals
In order to be able to alert users to the achievement of a goal or tips on the subject of sustainability, the APP requires the authorization to be able to display notifications to users, even if the APP is closed. This authorization is requested when the APP is started for the first time and can be revoked at any time in the system settings.
The content displayed in the APP is loaded from the Internet. For technical reasons, the APP therefore requires authorization to load data outside of a WLAN network via a mobile data connection, which may result in additional charges depending on the mobile phone contract.
The data is stored on a server hosted in Germany. The data connection between the mobile device and the server is secured using state-of-the-art SSL encryption.
When the APP retrieves data, general data is stored in log files on the server. Among other things, this includes the operating system used, the anonymized IP address, and other non-personal data that serve to avert danger in the event of attacks on the information technology server infrastructure.
The responsible entity for data processing within the scope of this APP is:
"Responsible entity" means the entity that collects, processes or uses personal data (e.g., names, email addresses, etc.).
Personal data is information that can be used to learn your identity. Information that is not associated with your identity (such as number of users of the APP or anonymized behavioral data of users in the APP) is not included.
When you use our APP, we collect the following personal data from you:
- Name and Surname
- Company (by registering with your company email address, you will be assigned to a company)
- Email address
- Profile picture (optionally)
- Pseudonymized, five-digit user ID
- Anonymisiertes Push-Token Ihres Gerätes (bei Einwilligung zur Push-Notifications)
The processing of this personal data is necessary to ensure the functionalities of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfillment of our contractual obligations (Art. 6 (1) lit. b DSGVO).
When you complete the HEXAD Player Type Survey in the APP, we also collect the following data from you separately from the previously mentioned data:
- Pseudonymized, five-digit user ID
- Answers to the 12 player type questions
- Age (optional)
- Gender (optional)
- Nationality (optional)
The entry of this personal data is voluntary. They will be used for the research project on HEXAD gamification user types to demographically describe the entire sample. If you provide personal data, it will be stored in the database along with the pseudonymous user ID. It is therefore not possible to draw conclusions about your person from this pseudonymized data set. Your data record can therefore not be identified as yours in the database.
General storage period of personal data
Legal basis for the storage of personal data
This APP uses encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as APP operator or the communication between APP users. This encryption prevents the data you transmit from being read by unauthorized third parties.
II. Your rights
The GDPR grants certain rights to data subjects whose personal data is processed by us, about which we would like to inform you here:
Revocation of your consent to data processing
Many data processing operations are only possible with your consent. We will explicitly obtain this from you before starting data processing. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Right of complaint to a supervisory authority
In the event of violations of the GDPR, the data subjects shall have a right of appeal to a supervisory authority. The right of appeal is without prejudice to other administrative or judicial remedies.
Information, deletion and correction
You have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing, as well as a right to correct or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened / happens unlawfully, you may request the restriction of the data processing instead of the deletion.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
III. Access rights of the APP
In order to provide our services through the APP, we require the access rights listed below that allow us to access certain features of your device.
- Photos, videos (to select a profile picture)
- Camera (for taking a profile picture)
Access to the device functions is necessary to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfillment of our contractual obligations (Art. 6 (1) lit. b DSGVO).
In order to be able to notify the users of the app of the achievement of a goal or tips and reminders on the topic of sustainability via so-called push notifications, the app requires the authorization to display notifications to the users, even if the app is closed.
The legal basis for the use of push notifications is Art. 6, para. 1 lit b DSGVO.
IV. Data analysis
When you access our APP, your behavior can be statistically analyzed anonymously using certain analysis tools. This is done as part of the evaluation of the use of our APP for the research project on gamification for sustainable employee behavior. No external service providers are commissioned for the analysis.
Amazon Web Services (AWS)
We host our APP on AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereafter AWS).
When you use our APP, your personal data is processed on AWS servers in Frankfurt am Main, Germany.
The use of AWS is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our APP. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
VI. Plugins and tools
Font Awesome (local hosting)
This site uses Font Awesome for consistent font rendering. Font Awesome is installed locally. A connection to servers of Fonticons, Inc. does not take place.
Stand: November 2022