Data protection regulations

These are the data protection provisions of CAS Software AG (hereinafter referred to as we or us) for the mobile app "We.Network" (hereinafter referred to as the app) and the communication platform accessible at https://www.we.network/ (hereinafter referred to collectively as the platform).

With this privacy policy, we would like to inform you about what personal data we collect from you and how we process it when you visit and use the platform.

By agreeing to these data protection provisions as required for registration on the platform, you consent to the collection, processing and use of your personal data as described below, which takes place in the context of the establishment, execution and handling of your user relationship with regard to the platform.

According to the General Data Protection Regulation (GDPR), "personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified by reference to an identifier (for example, name, telephone number, e-mail address). For the sake of simplicity and to make it easier to understand, we also refer to "your data" in these data protection provisions when referring to personal data about you.

The protection of your data is important to us. And this protection can only be ensured if you know what happens to your data on the platform. We would therefore ask you to take the time to read this privacy policy carefully. We strictly adhere to the applicable data protection regulations and we use technical and organizational measures to protect your data.

1. Data processing when downloading the app

When you download the mobile app, certain required information is transmitted to the app store you have selected (for example, Google Play or Apple App Store); in particular, the user name, email address, customer number, time of download and individual device identification number may be processed. This data is processed exclusively by the respective app store and is beyond our control.

 

2. Data processing during registration and use of the platform

(1) Data to be provided by you when registering

When registering on the platform, you must first enter a telephone number. An access code will be sent by SMS to verify the telephone number provided, which must be entered on the platform for confirmation. Your telephone number cannot be viewed by other people and we will not pass it on to third parties.

When registering, the following data must be entered as mandatory fields:

  • User name
  • E-mail address

This data is required so that you can use the services of the platform. The collection and processing of this data is therefore based on Art. 6 para. 1 lit. b) GDPR. We also use your e-mail address to be able to contact you.

Passive use of the platform is possible at any time, even without registration.

This data is stored for the period for which you have an account with the platform. As soon as you delete your account, your data will be deleted.

 (2) Other data that you can provide voluntarily

When registering - but also later - you can voluntarily provide additional information or upload documents (hereinafter referred to as voluntary information). This can be, for example, your hobbies or individual topics that interest you. You can also upload a profile photo of yourself.

You can change or delete your voluntary information at any time.

The legal basis for the processing of your voluntarily provided data is your consent Art. 6 para. 1 lit. a) GDPR.

(3) Your profile page

You consent to a profile page being created for you under your user name upon completion of your registration, on which any voluntary information you may have provided is also listed and any profile picture you may have uploaded is displayed.

You also agree that you can be found by the platform via the search function and that your profile page can be viewed by other people in accordance with the privacy settings you have specified for your account (hereinafter "privacy settings") using the name or telephone number you provided when registering. The initial default setting after completing your registration is that your profile page is not visible to anyone except for contacts confirmed by you on the platform. You can change your privacy settings, for example, so that your profile page can be viewed by all other users of the platform, or so that your profile page can also be viewed by anyone outside the user group of the platform and can also be found via search engines on the Internet.

The legal basis for the collection and processing of your personal data in connection with the profile page is your consent (Section 26 (1) BDSG for employees of the platform operator or Art. 6 (1) (a) GDPR for other users).

(4) Use of channels and add-ins

The platform operator or third parties offer their own content on the platform via channels or add-ins.

The channels are information channels set up by third parties within the platform through which they can publish their own content on and via the platform.

The add-ins are websites that are already available on the Internet and can only be displayed via the platform (similar to an Internet browser).

The respective provider is solely responsible for the content of the channels and add-ins and the processing of personal data within the add-ins.

(5) Your content and comments

After completing the registration process, you can post or publish your own content (for example texts and images) on the platform. The content you post will be displayed on the platform to other users of the service and/or published on the Internet, depending on the settings of the respective service.

You consent to the content you post on the platform being visible to the groups of people selected in the respective privacy settings. You also agree that the content you publish on our platform or third-party platforms can be viewed publicly via the Internet.

You can also publish comments on the platform or on other users' content (for example, in the channels), which will then be displayed there under your user name. The date and time of your comment will also be displayed here.

You consent to comments that you publish on profile pages or on the content of other users being publicly viewable there via the Internet under your user name in accordance with the privacy settings selected by us or the respective other users on our platform or third-party platforms.

You can delete the content you have published on the platform and your comments on profile pages or on the content of other users at any time. The legal basis for the collection and processing of your personal data in connection with content and comments is your consent (Section 26 (1) BDSG for employees of the platform operator or Art. 6 (1) (a) GDPR for other users).

(6) Use of the chat function

The following inventory data is processed when using the chat function:

  • User name
  • Operating system
  • Phone number

When exchanging messages, only the following information is passed on to the respective addressed user or user group:

  • User name
  • Content of the message
  • Date and time of the message

We encrypt all messages using a highly secure end-to-end encryption process. Encrypted messages and media (images, videos, files, etc.) are completely deleted from the servers after successful delivery. If the messages and media are not retrieved or not retrieved in full, they are automatically and irretrievably deleted from the server after two weeks.

(7) Geodata

You can allow the app to access your location (hereinafter referred to as geodata) via the settings in the operating system of your mobile device. This geodata is stored in the app in order to offer and display location-based services.

By allowing access to the app in the respective operating system, you consent to your geodata being processed in order to offer and display location-based services.

(8) Further privacy settings

You can make further settings in your privacy settings. For example, you can determine whether - and if so, for whom - you can see which other users have confirmed you as a contact.

You agree that your data can generally be viewed by other persons in accordance with the privacy settings you have selected.

(9) Log files (log file)

Each time you access the platform, your browser automatically sends certain information to the server, which then stores it in a so-called log file. This includes, for example, information about:

  • the type and version of the browser you are using,
  • the operating system you are using,
  • the website from which you came to the current page,
  • the host name (IP address) of your computer and
  • the time at which the call was made.

Subject to any statutory retention obligations, we will delete or anonymize your IP address after you leave the platform.

We also use the information transmitted by your browser to our servers in anonymized form - that is, without it being possible to draw any conclusions from it about you - to analyse and improve our services. In this way, we can, for example, detect possible errors or determine on which days and at which times the platform is particularly heavily used. Anonymized data is no longer personal data.

The legal basis for the collection and processing of the information stored in a log file is Art. 6 (1) (b) GDPR.

(10) Cookies

Cookies are small text files used by websites and mobile apps that your browser stores on your end device. So-called "session cookies" are temporarily stored in the working memory and automatically deleted when the browser is closed. So-called "permanent cookies" are stored on the hard disk for a specified longer period of time; they are automatically deleted after the specified period of time has expired.

(11) Push messages via Firebase

The app uses parts of the Google Firebase technology from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the European region, the company Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter Google) is responsible for all Google services.

The app uses Firebase Cloud Messaging ("FCM") to transmit push messages that are only displayed within the app so that we can communicate certain relevant messages to you. A pseudonymized push reference is assigned to the user's mobile device, which serves as the destination for the push messages. Further information on these Google Firebase services can be found on the Google website.

We have concluded a contract processing agreement with Google regarding the personal data processed in this context. If and insofar as Google processes personal data in a third country (for example, USA), Google uses the so-called standard contractual clauses within the meaning of Art. 46 (2) and (3) GDPR. Standard Contractual Clauses (SCCs) are contractual templates provided by the EU Commission to ensure that your data is processed in accordance with European data protection standards even if it is transferred to or processed in third countries. On the basis of these clauses, Google undertakes to comply with the European level of data protection for the respective data processing. Further information on Google's data processing and other settings can be found at https://policies.google.com/privacy?hl=en.

 

3. Transfer or disclosure of your data to third parties

We do not transfer your data to third parties without your consent.

However, technical disclosure may take place if and insofar as this is necessary for the operation of the platform or for other reasons for the establishment, implementation or processing of your user relationship with us. This may be the case, for example, if the platform is hosted by an external service provider or is technically operated for us by this service provider. In this case, we have concluded an order processing contract with the service provider in accordance with Art. 28 GDPR.

In addition, we may be legally obliged to disclose data in individual cases by order of a competent authority if and to the extent that this is necessary for the purposes of criminal prosecution, to avert danger by the police authorities of the federal states, to fulfill statutory duties or to enforce intellectual property rights.

 

4. Protection of your data

In order to protect your data from manipulation, loss and unauthorized access by third parties, for example, we use technical and organizational measures to ensure an appropriate level of protection for your personal data. These measures include the use of firewalls and antivirus programs as well as manual security precautions. We continuously review and improve our security measures in line with the current state of the art.

 

5. Current version and amendment of this privacy policy

This is version 1.0 of the platform's privacy policy.

We are constantly developing the platform in order to provide you with an ever-improving service. We will always keep these data protection provisions up to date and adapt them accordingly if and insofar as this should become necessary.

We will of course inform you of any changes to these data protection provisions. We will do this both by sending an e-mail to the e-mail address you have provided to us and by automatically notifying you when you first log on to the platform after these data protection provisions have been updated. If further consent is required from you regarding our handling of your data, we will of course obtain this from you before the corresponding changes take effect.

You can access the current version of the platform's privacy policy at any time on the Internet at https://www.we.network/en/data-protection-regulations/. Any older versions of these data protection provisions are also available for you at this address.

 

6. Your rights

You can first request information from us as to whether personal data relating to you is being processed. If this is the case, you have a right to information about this personal data and further information. This information includes the processing purposes, the categories of personal data, the recipients or categories of recipients, if possible, the planned duration of the processing or otherwise at least the criteria for determining this duration. In addition, you have the right to know that you have the right to rectification, erasure of personal data concerning you, restriction of processing, objection to data processing and the right to lodge a complaint with a supervisory authority.

If we do not collect personal information directly from you, you have a right to all available information about the origin of the data.

We will be happy to provide you with a copy of your personal data that we process free of charge. If you request further copies, a reasonable fee in the amount of the administrative costs will be charged for each additional copy.

Consent to the collection, processing and use of your personal data, which you have given us by agreeing to these data protection provisions, can be revoked in whole or in part with effect for the future. The same applies to any subsequent, more extensive consent to the collection, processing or use of your personal data. The consequence of such a revocation may be that you can no longer use the platform or can only use it to a limited extent.

You can also request the rectification of inaccurate data at any time, which also includes the completion of incomplete data, taking into account the purposes of processing. In addition, you can also assert your right to erasure or request the restriction of processing. You can also delete your data yourself at any time by deleting your account on the platform: To do this, please go to your account, click on the "Delete profile" link and follow the instructions there. In this case, your account - i.e. your profile page and the data we have about you - will be deleted automatically. You can also delete your content and comments manually at any time.

Furthermore, you have a right to data portability. This means that, upon request, you will receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller without hindrance from us.

You have the right to object to data processing and the right to lodge a complaint with a supervisory authority.

You can contact us, for example, by e-mail at info@we.network or by post at CAS Software AG, CAS-Weg 1-5, 76131 Karlsruhe, Germany. We may require proof of your identity before we can process your request. This serves to protect your data from manipulation or deletion by third parties.

However, if and insofar as statutory retention rights or obligations exist, we will block the corresponding data for further use.

If you have commented on other users' content, we will remove your user name from these comments when your account is deleted. The comments as such will not be deleted. However, you have the option of manually deleting your comments yourself at any time before your account is deleted.

 

7. Responsible body, data protection officer and contact

The "controller" in the sense of data protection law is CAS Software AG, CAS-Weg 1 - 5, 76131 Karlsruhe, Germany.

If you have any questions about this Privacy Policy or about the collection, processing or use of your data by us, please contact us by e-mail at info@we.network or by post at CAS Software AG, CAS-Weg 1 - 5, 76131 Karlsruhe, Germany.