Privacy Policy for App User

Contact details of the responsible persons:

CLI TRI Solutions

Anne-Frank-Straße 32

90459 Nuremberg, Germany

Chief Executive:

Selver Halici

Anne-Frank-Straße 32

90459 Nuremberg, Germany

Mail: info@cli-tri.com

Tel.: +49 (0) 173 56 16 477

General information on the purpose and legal basis of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or performance of a contract or for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 (1) lit. b GDPR.

16.01 Google Play Store

Purpose:

Data categories:

Our app is offered in the Google Play Store. When it is downloaded by a Google Play Store customer, the data required for the download is transferred to the store. The username, the e-mail address, the customer number at the Google Play Store, and the individual device ID are recorded. Without the transmission of this data, the download of the app in the Google Play Store is not possible. The data processing is carried out exclusively by the Google Play Store and is not within our sphere of influence. Therefore, no processing of personal data by us takes place in this context.

Deletion period:

Groups of persons:

06.05.2022 1 / 5

Data Origin: Raised from affected parties
Legal basis: 2. contract performance (Art. 6 para. 1 lit. b) GDPR
Recipient categories: APP Store
Cloud Provider
16.02 App Store
Our app is offered in the App Store. When a customer downloads
it, the data required for the download is transferred to the store.
This data includes the user name, the e-mail address, the App
Purpose: Store customer number, and the individual device ID. Without the
transmission of this data, the download of the app in the App Store
is not possible. The data processing is carried out exclusively by
the App Store and is not within our sphere of influence. Therefore,
no processing of personal data by us takes place in this context.
Data categories: No personal data
Deletion period: • No further data processing, therefore no deletion
required
Groups of persons: APP User
Data origin: • Raised from affected parties
Legal basis: • 2. contract performance (Art. 6 para. 1 lit. b) GDPR

06.05.2022 2 / 5

Recipient categories:

16.03 User registration

We receive the personal data (name, telephone number and email
address) of the users in advance from their employer. The users are
Purpose: created via Graph CMS. The app users receive the access data for the
app by mail. The users then log in to the app and change their access
data.
Data categories: Personal identification data
Deletion period: In accordance with the statutory retention requirements
Groups of persons: APP User
Data origin: Transmission by the employer
Legal basis: 2. contract performance (Art. 6 para. 1 lit. b) GDPR
Recipient categories: APP User
Cloud Provider

16.04 Viewing data in the app

App users have the ability to view the names, phone numbers, and email addresses of other individuals who are involved in the study.

Purpose: Users can only view data in their assigned studies. All other data is non-personal. The data is stored at Amazon Web Services and Graph CMS. The servers for both companies are located in Frankfurt, Germany.

06.05.2022 3 / 5

Data categories: Personal identification data
Deletion period: In accordance with the statutory retention requirements
Groups of persons: APP User
Data origin: Raised from affected parties
Legal basis: 2. contract performance (Art. 6 para. 1 lit. b) DSGVO
Recipient categories: APP User
Cloud Provider

Transfer to third country

A transfer to a third country is not intended.

Duration of data retention

As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This also includes, among other things, the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed there for storage or documentation are two to ten years.

Finally, the storage period also depends on the statutory periods of limitation, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

Your Rights

Every data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to notification under Art. 19 GDPR and the right to data portability under Art. 20 GDPR.

06.05.2022 4 / 5

In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements.

To protect your rights, you can contact us using the contact details provided.

Right of objection

Insofar as the processing of your personal data is carried out for the protection of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights and freedoms, or the processing must serve the assertion, exercise or defense of legal claims..

In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to processing for the purpose of such advertising. This also applies to profiling, insofar as it is related to this direct advertising. If you object to processing for the purpose of direct advertising, we will no longer process your personal data for these purposes.

Necessity of the provision of personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make a decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Automated decision making

For the establishment, fulfillment or implementation of the business relationship as well as for pre-contractual measures, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you separately or obtain your consent, if this is required by law.

06.05.2022 5 / 5