Privacy Policy

I. General

We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy applies to the mobile iPhone and Android apps "Greenify.work" (hereinafter "APP"). It explains the nature, purpose and scope of data collection in the context of APP use. We point out that data transmission on the Internet can have security gaps. Complete protection of data against access by third parties is not possible.

App function

The APP was developed as part of a research project on gamification for sustainable employee behavior at the University of Koblenz-Landau. It offers the following functionalities:

Proposals and implementation of actions for sustainable behavior at work
Individual and team goals as well as competitions among colleagues of a company
Possibility for colleagues of a company to organize themselves in teams
Presentation of a ranking list of colleagues and teams of a company
User profiles with personal statistics on one's own sustainability behavior as well as a goal and action history
Badges and achievements for reaching certain milestones
Reminders and tips based on your own goals

In order to be able to alert users to the achievement of a goal or tips on the subject of sustainability, the APP requires the authorization to be able to display notifications to users, even if the APP is closed. This authorization is requested when the APP is started for the first time and can be revoked at any time in the system settings.
The content displayed in the APP is loaded from the Internet. For technical reasons, the APP therefore requires authorization to load data outside of a WLAN network via a mobile data connection, which may result in additional charges depending on the mobile phone contract.
The data is stored on a server hosted in Germany. The data connection between the mobile device and the server is secured using state-of-the-art SSL encryption.
When the APP retrieves data, general data is stored in log files on the server. Among other things, this includes the operating system used, the anonymized IP address, and other non-personal data that serve to avert danger in the event of attacks on the information technology server infrastructure.

Responsible entity

The responsible entity for data processing within the scope of this APP is:

Jeanine Krath
Universitätsstraße 1
56070 Koblenz
E-Mail: info@greenify.work

"Responsible entity" means the entity that collects, processes or uses personal data (e.g., names, email addresses, etc.).

Personal data

Personal data is information that can be used to learn your identity. Information that is not associated with your identity (such as number of users of the APP or anonymized behavioral data of users in the APP) is not included.
When you use our APP, we collect the following personal data from you:

Name and Surname
Company (by registering with your company email address, you will be assigned to a company)
Email address
Profile picture (optionally)
Pseudonymized, five-digit user ID
Anonymisiertes Push-Token Ihres Gerätes (bei Einwilligung zur Push-Notifications)

The processing of this personal data is necessary to ensure the functionalities of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfillment of our contractual obligations (Art. 6 (1) lit. b DSGVO).

When you complete the HEXAD Player Type Survey in the APP, we also collect the following data from you separately from the previously mentioned data:

Pseudonymized, five-digit user ID
Answers to the 12 player type questions
Age (optional)
Gender (optional)
Nationality (optional)

The entry of this personal data is voluntary. They will be used for the research project on HEXAD gamification user types to demographically describe the entire sample. If you provide personal data, it will be stored in the database along with the pseudonymous user ID. It is therefore not possible to draw conclusions about your person from this pseudonymized data set. Your data record can therefore not be identified as yours in the database.

General storage period of personal data

Unless otherwise stated or specified within this privacy policy, the personal data collected by this APP will be stored until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. If there is a legal obligation to store the data or another legally recognized reason for storing the data (e.g. legitimate interest), the relevant personal data will not be deleted before the respective reason for storing the data no longer applies.

Legal basis for the storage of personal data

The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. If we process your data, this is regularly done on the basis of your consent in accordance with Art. 6 (1) a DSGVO (e.g. when you voluntarily provide your data in the registration mask or as part of the contact form). The relevant legal basis will be specified separately in this privacy policy, if applicable.

Encryption

This APP uses encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as APP operator or the communication between APP users. This encryption prevents the data you transmit from being read by unauthorized third parties.

Amendment of this privacy policy

We reserve the right to change this privacy policy at any time in compliance with legal requirements.

II. Your rights

The GDPR grants certain rights to data subjects whose personal data is processed by us, about which we would like to inform you here:

Revocation of your consent to data processing

Many data processing operations are only possible with your consent. We will explicitly obtain this from you before starting data processing. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Right of complaint to a supervisory authority

In the event of violations of the GDPR, the data subjects shall have a right of appeal to a supervisory authority. The right of appeal is without prejudice to other administrative or judicial remedies.

Information, deletion and correction

You have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing, as well as a right to correct or delete this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened / happens unlawfully, you may request the restriction of the data processing instead of the deletion.
If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

III. Access rights of the APP

In order to provide our services through the APP, we require the access rights listed below that allow us to access certain features of your device.

Photos, videos (to select a profile picture)
Camera (for taking a profile picture)

Access to the device functions is necessary to ensure the functionality of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO, your consent within the meaning of Art. 6 (1) lit. a DSGVO and/or - if a contract has been concluded - the fulfillment of our contractual obligations (Art. 6 (1) lit. b DSGVO).

(Push) Notifications

In order to be able to notify the users of the app of the achievement of a goal or tips and reminders on the topic of sustainability via so-called push notifications, the app requires the authorization to display notifications to the users, even if the app is closed.
The legal basis for the use of push notifications is Art. 6, para. 1 lit b DSGVO.

IV. Data analysis

When you access our APP, your behavior can be statistically analyzed anonymously using certain analysis tools. This is done as part of the evaluation of the use of our APP for the research project on gamification for sustainable employee behavior. No external service providers are commissioned for the analysis.

V. Hosting

Amazon Web Services (AWS)

We host our APP on AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereafter AWS).
When you use our APP, your personal data is processed on AWS servers in Frankfurt am Main, Germany.
For more information, please see the AWS Privacy Policy: https://aws.amazon.com/de/privacy/?nc1=f_pr.
The use of AWS is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our APP. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

VI. Plugins and tools

Font Awesome (local hosting)

This site uses Font Awesome for consistent font rendering. Font Awesome is installed locally. A connection to servers of Fonticons, Inc. does not take place.
For more information about Font Awesome, please see the Font Awesome Privacy Policy at: https://fontawesome.com/privacy.

Stand: November 2022

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.