The InnaMoRuhr app and the associated service record and process your data in order to perform their functions. In addition to general usage data, this also includes personal data, such as your location.
Version und Change History
Version 1 – Created on January 1st, 2022
Version 2 – Created on June 8th, 2022
Changes to Version 1
The new versions of the apps enable you to collect and transmit further information to us with the help of feedback forms and input masks. For this reason, we have added the item „Data that you give us“ to the section on collection and processing and also added this item to the section on storage duration. The changes are highlighted in color.
Responsible Person and Contact
Responsible within the meaning of the General Data Protection Regulation (GDPR) §4 (7) are the project partners of the InnaMoRuhr research project. If you have any questions or comments about this declaration, please contact us at:
Networked Embedded Systems
Dr. Marcus Handte
What data is collected and for what purpose?
- Data on the use of the service: The InnaMoRuhr app communicates with the service via the HTTPS protocol. With every interaction, we save the connection and request data, such as the time of the request, the current IP address of the requesting party, the requested URL and the parameters contained in the request, as well as the duration and results of the request. The purpose of this recording is the (possibly retrospective) detection, analysis and combating of attacks through automatic mechanisms as well as the elimination of program errors and the improvement of the function and performance of the service and the InnaMoRuhr app. Accordingly, the collection takes place according to GDPR §6 (f).
- Data about your mobile device: When you use the InnaMoRuhr app on your device for the first time, we ask you to register the device. When registering, we collect and save device-specific data such as the manufacturer and the device model. The aim of the recording is to rectify device-specific errors, as well as to improve the function and performance of the service and the InnaMoRuhr app. Accordingly, the collection takes place according to GDPR §6 (f).
In order to be able to clearly identify your mobile device at a later point in time, we assign each device a random but unique number when it is registered. From now on, this number will be sent to the service with every request from the device. In this way we prevent another device from changing your data. This identification is required for the implementation of the service and is based on GDPR §6 (a).
In addition, as part of some inquiries, we transmit the version of the InnaMoRuhr app that you have installed on your device. The purpose of this recording is to correct errors in the app or in the associated service as well as the statistical analysis of the versions of the InnaMoRuhr app used. For this reason, the collection is based on GDPR §6 (f).
- Data about your location: The primary function of the InnaMoRuhr app is the automatic recording of your device location for the purpose of scientific data evaluation as part of the InnaMoRuhr research project by employees of the University Duisburg-Essen, the University Bochum and the technical University Dortmund. For this purpose, the InnaMoRuhr App continuously records the location of your device as well as changes in location with the help of the available data sources (GPS, WLAN, motion sensor, etc.) and transmits this to the service.
The transmitted data includes the current position in the form of a WGS84 coordinate with longitude, latitude and altitude as well as the speed and direction of movement, the accuracy of the position information or the state of movement (e.g. motionless).
The location is recorded and transmitted in the background, i.e. especially when the InnaMoRuhr app is not actively used. However, it can be switched off completely at any time via the settings screen of the app.
The processing of your location data is the primary purpose of the InnaMoRuhr app and takes place with your consent on the basis of GDPR §6 (a).
- Data that you give us: In addition to automatically recording your device location, the app also allows you to enter and transmit other data manually. With the help of the settings page you can, for example, tell us about your work at the university and you can use the feedback form for individual routes to send us further information, e.g. about the means of transport used on the respective route. The transmission of this data enables us to carry out additional analyzes and is carried out with your consent on the basis of GDPR §6 (a).
Where is the data stored and processed?
The data is currently stored and processed exclusively on servers in Germany at the University of Duisburg-Essen.
Who will the data be passed on to?
- Scientists from the University Bochum, the technical University Dortmund and the University Duisburg-Essen: We pass on the data recorded by the InnaMoRuhr app to scientists at the University Bochum, the technical University Dortmund and the University Duisburg-Essen who are involved in the InnaMoRuhr research project.
- Authorized bodies: If we are legally obliged (e.g. by a valid court order) to surrender data to an authorized body, we will pass on your data to such a body.
How long will the data be stored?
The storage period depends on the type and use of the data. Data on the use of the service are usually overwritten after a few days through regular rotation. This time can increase in individual cases (e.g. when analyzing past attacks). We keep the recorded device and location data as well as the data that you give us, e.g. by filling out feedback forms, until the final conclusion of all evaluations of the InnaMoRuhr project.
Regardless of the type of data, we try to keep the storage period short. However, we strive to operate the service in a way that protects the data of all users from system failures and willful damage by third parties. That is why we use regular backups and delay irrevocable deletion processes for a certain period of time (usually a few days). Due to these measures, it may happen that unused data or data that has been released for deletion is not immediately deleted from our computer and security systems.
Which rights can be asserted?
Your rights are described in detail in Chapter 3 of the GDPR and the rights to which you are entitled are not affected by this data protection declaration. Your rights include, among other things:
- Right to confirmation and information (DSGVO §15), right to correction (DSGVO §16) and right to erasure (DSGVO §17): You have the right to free information about your stored personal data, origin, at any time within the framework of the applicable legal provisions the data, their recipients and the purpose of the data processing and, if necessary, a right to correct, block or delete this data. In this regard, please contact the person responsible mentioned above.
- Right to restriction of processing (GDPR §18), right to object to processing (GDPR §21) and right to revoke consent under data protection law (GDPR §7): Some data processing operations are only possible with your express consent. A revocation of the already given consent is possible at any time. An informal notification by email is sufficient for the revocation. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.
- Right to data portability (GDPR §20): You have the right to have data that we process automatically handed over to you or to third parties. It is provided in a machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done if this is technically feasible.
- Right to lodge a complaint with a supervisory authority (GDPR §77): As a data subject, you have the right to lodge a complaint with the responsible supervisory authority in the event of a breach of data protection law. The competent supervisory authority with regard to data protection issues is the state data protection officer of the state of North Rhine-Westphalia. You can find the contact details of the data protection officer here.
If you have any questions, concerns or requests for information, please contact the person responsible mentioned above.
Information on online dispute resolution
According to Art. 14 Para. 1 ODR-VO (EU Regulation No. 524/2013), the EU Commission provides an internet platform for the online settlement of disputes (so-called „OS platform“). The OS platform serves as a point of contact for out-of-court settlement of disputes. You can reach the OS platform via this link.