Providers and responsible body within the meaning of the General Data Protection Regulation

Infralytic GmbH
Dr. Thomas Huth-Fehre
Alter Kirchhainer Weg 22
35039 Marburg
Deutschland/Germany

Tel:+49 (0) 6421 167764
E-Mail: info@infralytic.de

Link to privacy-policy

Link to site info

If you want to assert your legal rights or in general have questions, please contact info@infralytic.de or our company data protection officer.

You can also get the Infralytic NG app directly from us; write to us at service@infralytic.de.

Scope of application

Users of the Android app “Infralytic NG” receive with this privacy policy information about the nature, scope and purpose of the collection, processing and use of their data in and through the app, which is collected and used by the responsible provider. The data used may only be provided in part by the user as part of the normal use of the app.

The legal framework for data protection is provided by Regulation (EU) 2016/679 (General Data Protection Regulation/DSGVO/GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). In addition, we are subject to the recording and record-keeping obligations of the German Fiscal Code (AO) and other mandatory regulations; the legal basis under data protection law for the processing of data is Article 6 Paragraph 1 Letter b (necessary for the performance of the contract) of the GDPR, unless another legal basis, usually consent of the user to this under Article 6 Paragraph 1 Letter a of the GDPR, is mentioned in individual cases.

In the following, we would like to inform you in detail about which data we collect, process and use for which purpose and how you can prevent and/or object to this data processing. In the event of technical prevention by the user, the user is responsible for the resulting disruption and/or prevention of the fulfillment of the contract by the app.

Collection of general information

Every time you access this website, information is automatically collected by us or your mobile phone provider. This information represents personal data that is worth protecting.

Among other things, the mobile network operator collects: IMEI, operating system, Android version, date, time and, if you use a browser to read this privacy policy online, the name of the website, data volume, web browser and web browser version, the domain name of your Internet provider, the so-called referrer URL (the page from which you accessed our offer) and your IP address. Infralytic GmbH does not collect this data in its app.

You can use our app offline, which means using it with switched off WLAN and mobile connections, in order not to disclose the above information to your provider. The Infralytic app does not need such information, does not collect it.

By using the app, a user enters into a contract with Infralytic GmbH in the form that Infralytic GmbH allows or enables the user to establish a data connection to a measuring device built by Infralytic, to read out measurement data and to add notes.

Our app collects the Bluetooth address of your Infralytic measuring device to be paired or already paired, as well as date and time; as well as the measured values collected during contractual use, self-deposited photos and notes on the measurements; on the part of our app, an authorization for the Bluetooth function is required, depending on the Android version thereby also indirectly for the location. No further authorizations are required. If photos are to be stored, the current camera app of your device is called up, and you are asked for permission the first time you call it up. Measurement data, photos and notes can be exported; your permission will be requested in the Data export function the first time you use this function, and you will be asked for the storage location. When forwarding results using “Share”, the corresponding operating system function is called, suitable app is displayed.

Without this data, it would not be technically possible in part to deliver and display the contents of the app. In this respect, the collection of the data is mandatory in accordance with the contract.

This data constitutes personal data. The more sensitive the measurement data, which is predominantly read in by the measuring instruments, is considered to be, the more we recommend using a separate device for these purposes and not the device that is also or otherwise used for communication, web browsing, etc. Nevertheless, compared to other apps, the inference to the person of the user or the user group is lower, because in particular we do not collect the usual personal data such as name, address, date of birth, bank details or access data. A maintained Bluetooth list, which only stores the unique serial numbers of the previously paired Infralytic measuring devices and not their Bluetooth addresses, only allows possible conclusions to be drawn about the user or the circle of users with considerable effort and further data, which our app only provides when using its own user photos and user notes together with the measurement data. From these alone, no identification of the user or the user group is generally evident.

Personal data is stored exclusively on the user’s device and processed or stored in a restricted manner, i.e. after approval at the storage location specified by the user. Alle von der App abgelegten Dateien sind unverschlüsselt. All files stored by the app are unencrypted. The measurement data are stored in text files, the photos are stored in separate files. We collect only the necessary data sparingly and minimizing.

The data processing is based on the legal provisions of Article 6 Paragraph 1 Letter a (your consent) and/or b (for the fulfillment of contractual provisions) of the GDPR.

In detail, the legal bases for the processing of personal data:

• Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 Paragraph 1 Letter a of the GDPR serves as the legal basis.

• When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 Paragraph 1 Letter b of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

• If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c of the GDPR serves as the legal basis.

• If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 Paragraph 1 Letter f of the GDPR serves as the legal basis for the processing.

Any use beyond this will only take place with the express consent of the customer. In detail, data is collected and processed as follows.

Brief functional description of the Infralytic NG app

In order to provide an idea of the type of personal data collected, how it is stored and how it is processed, an overview of how the Infralytic NG app works is given below. The app is used to record measurement data from Infralytic measuring devices, provide them with additional information such as photos and notes by the user, and technical data on measurement series. Photos can be taken beyond our app using a photo app, notes can be inserted directly into a text field. The settings used (metadata), a screenshot of the measurement screen of the app when ending the measurement series as well as the measurement data itself can be stored in a location chosen by the user. These files are unencrypted text files except for photos. It is also possible to forward this composed data using the operating system function “Share via”.

For recording measurements, the app pairs with the Infralytic measuring devices via Bluetooth. In the future, it will recognize already paired measuring devices, otherwise it will offer pairing.

Installing the app

The app is available via distribution platforms operated by third parties, so-called app stores (Google Play Store). Your download may require prior registration with the respective app store and installation of the app store software. Infralytic GmbH has no influence on the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and the app store software. The responsible party in this respect is solely the operator of the respective app store. If necessary, please obtain information directly from the respective app store provider.

You can also get the Infralytic NG app directly from us; write to us at service@infralytic.de.

Note on the use of third-party keyboards and input methods

The use of a keyboard or input method other than those provided by the operating system can cause security vulnerabilities. Input can be recorded unnoticed and sent to untrusted third parties. We recommend using the native keyboard.

Necessary permissions

In order for the app to function properly, it is necessary to grant access to certain operating system functions of the device (smartphone or tablet) and personal data that is and/or will be stored on the device. For this purpose, you will be prompted once at the beginning or only when using the respective function to grant the corresponding access authorization.

Permission in the operating system through app	Explanation
Bluetooth	Necessary to establish a connection to a measuring device and to hold the connection and re-establish it after initial connection. It does not necessarily appear as a single item in the app permissions of the operating system.  A Bluetooth connection list is maintained, which contains the serial numbers of previously paired Infralytic meters instead of a sequence of Bluetooth addresses. The connection establishment as well as the connection itself can be technically prevented if the Bluetooth function is disabled in the Android settings. The connection establishment is implemented programmatically by means of the API “ACCESS_COARSE_LOCATION”.
Location	On devices with Android up to version 11, the app requires access to Bluetooth and the location. In fact, the location is not collected; access to the location is a purely technical requirement from the operating system. Since a location can often be determined from the list of Bluetooth devices present in the environment, the Location permission must be present for Android to allow Bluetooth access. However, the app only reads the Bluetooth list of actually connected devices and only to display them to the user in a list. Determining the location from this list is generally not possible without further information. Location appears in the app’s permissions, the permission can remain permanently set to inactive; the app does not activate this permission on its own. On devices with Android version 12 or higher, the permission system is more differentiated. Here, the app only needs access to Bluetooth devices that are already connected or are to be paired. This eliminates the possibility to determine the location and thus the need to have a location permission. Although the Bluetooth list of connected devices is also read out here, it is generally not possible to determine a location from it since no location information has been stored.
Nutzerinitiierte Funktionen, erteilte Genehmigungen in der App	Explanation
Storage and data export	The user can create photos and notes on the measured values, export these composed data. For this purpose, he can freely choose the data storage location. When using the data export for the first time, he will be asked for his permission and the storage location. The use of the “Share via” function requires a data export or existing data storage. Likewise, creating a Bluetooth list of already paired devices requires access to the app memory of the device. The app saves the measurement data during the survey, supplemented by photos and notes if necessary, in an area that can only be written and read by the app and has no access to other data on the smartphone ot tablet. On rooted Android devices, the app store is no longer encapsulated and protected. Therefore, we do not recommend using rooted devices.
Photos and camera	Even though the app does not allow you to take photos yourself, it forwards the request for a photo to the photo app set in the operating system. The Infralytic app can link the photos created with another app to the measurement data. If this is desired, access to photos/camera is required and permission is obtained. We don’t have it in our hands if the photo app used uncharacteristically creates a duplicate of the photo capture. The photos are either in the protected app memory or after data export in the selected data memory, in each case linked with the associated measured values and notes.
Share via	Measurement data including photos and notes can be transferred to other apps via share. No measurement data is forwarded on its own; it does not leave the device without the user’s prompting. The shared data contains technical data about the measurement series, the settings used, a screenshot of the app’s measurement screen when the measurement series is ended, and any photos and notes taken by the user. The Infralytic app does not know whether or, if so, which app has received the data through sharing.

Insight into the granted accesses and technical revocation of the permissions

In the settings of the Android operating system, you can view, activate or deactivate the permissions granted in the settings of the Infralytic NG app under Permissions. To do this, call up the settings of the Android operating system and access the list of installed apps via the item “Application manager” or “Apps” or similar. In this list, you will find the Infralytic NG app, which you can open to view or change the permissions granted.

In the settings of the Infralytic app, which can be selected via the three dots in the upper right corner after starting the app, you can delete all data in a separate menu item. It is also possible to deactivate the data export via the “Settings” menu item there using a slide switch. It is also possible to delete individual files in the data storage location using a file manager.

Data economy and data minimization

In accordance with the principles of data avoidance, data economy and data minimization, we collect and store personal data only for as long as necessary and/or as required by law (statutory storage period) and/or as long as the user himself provides this data. If the purpose of the information collected no longer applies or the storage period ends, we block or delete the data.

Since the app Infralytic NG does not externalize any data without the user’s express instigation and/or permission, no data is forwarded to external servers or addresses by programming in pure offline operation recommended by us (without further external connections such as WiFi/WLAN, mobile telephony and similar), nor does any data matching or deduction take place by Infralytic GmbH. In this respect, our data collection is zero. In the event that the user sends us measurement data via the app for testing purposes or to obtain an assessment, we will adhere to the above principles beyond the app. Otherwise, the explanations given about the data processed and/or stored in the app apply.

Your rights to information, rectification, restriction of processing, erasure and objection

In principle, you have the rights listed below. Since the Infralytic NG app does not forward data programmatically either with activated WLAN/WiFi/mobile radio or in the recommended offline mode, these rights are of a theoretical nature. In the event that the user sends us measurement data via the app for testing purposes or to obtain an assessment, we will comply with their above rights upon separate request. In the event that the user does not use offline operation, addressees other than Infralytic GmbH may have access to data, even if our app does not send any data undocumented by itself without prompting by the user; your rights in this regard must be asserted there. This could be relevant, for example, if a user forwards the data to an unencrypted e-mail by means of sharing, the open e-mail could be read by third parties during transport.

You have the right, upon request and free of charge, to request information about the personal data stored by us and/or to request its rectification, restriction or erasure. As an exception, you may not request erasure if it concerns the prescribed data storage for business transactions or if the data is subject to the legal obligation to store.

For this purpose, please contact our data protection officer (contact details: at the beginning of this data protection declaration).

To be able to consider a data lock at any time, it is necessary to keep the data in a lock file for control purposes. If there is no legal archiving obligation, you can also request the erasure of the data. Otherwise we block the data if you wish.

If personal data is processed from you, you are affected in the sense of the GDPR and you have the following rights against the data controller:

1. Right to information
   
   You can request confirmation from the data controller as to whether personal data concerning you will be processed by us. In the event of such processing, you may require the data controller to provide the following information:
   a. the purposes for which the personal data are processed;
   b. the categories of personal data being processed;
   c. the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
   d. the planned duration of the storage of the personal data concerning you or, if specific information in this regard is not possible, criteria for determining the storage period;
   e. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of the processing by the data controller or a right of objection to such processing;
   f. the existence of a right of appeal to a supervisory authority;
   g. all available information on the origin of the data if the personal data are not collected from the data subject;
   h. the existence of automated decision-making, including profiling in accordance with Article 22 paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
   You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.
   
   
2. Right of rectification:
   
   You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The data controller shall make the correction without delay.
   
   
3. Right to restrict processing:
   
   You may request the restriction of the processing of personal data concerning you under the following conditions:
   a. if you dispute the accuracy of the personal data concerning you for a period which enables the data controller to verify the accuracy of the personal data;
   b. if the processing is illegitimate and you refuse to erase the personal data and instead request the restriction of the use of the personal data;
   c. the data controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
   d. if you have lodged an objection to the processing pursuant to Article 21 paragraph 1 GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh your reasons.
   If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
   If the processing restriction has been restricted according to the above conditions, you will be informed by the data controller before the restriction is repealed.
   
   
4. Right of cancellation:
   
   You may require the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
   a. The personal data concerning you are no longer necessary for the purposes for which they were collected or processed in any other way.
   b. You revoke your consent, on which the processing was based pursuant to Article 6 paragraph 1 letter a or Article 9 paragraph 2 letter a GDPR, and there is no other legal basis for the processing.
   c. You object to the processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or
   which you object to the processing pursuant to Article 21 paragraph 2 GDPR.
   d. The personal data concerning you was processed unlawfully.
   e. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
   f. The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 paragraph 1 GDPR.
   If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Article 17 paragraph 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.The right to erasure does not exist insofar as the processing is necessary
   a. for the exercise of the right to freedom of expression and information;
   b. for the fulfilment of a legal obligation which processing requires under the law of the Union or of the Member States to which the data controller is subject, or for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller;
   c. for reasons of public interest in the field of public health pursuant to Article 9 paragraphs 2 letters h and i and Article 9 paragraph 3 GDPR;
   d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph 1 GDPR, insofar as the right mentioned in paragraph 1 is likely to make the achievement of the objectives of this processing impossible or seriously impaired, or
   e. for the assertion, exercise or defence of legal claims.
   
   
5. Right to information:
   
   If you have exercised your right of rectification, erasure or restriction of processing against the data controller, the data controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have a right to be informed from the data controller about these recipients.
   
   
6. Right to data portability:
   
   You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another person responsible without obstruction by the responsible person to whom the personal data was provided, if
   a. the processing is based on a consent according to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract according to Article 6 paragraph 1 letter b GDPR and
   b. the processing is carried out using automated procedures.
   In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
   The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
   
   
7. Right of objection:
   
   You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on the basis of Article 6 paragraph 1 letter e or f GDPR; this also applies to profiling based on these provisions.
   The data controller no longer processes the personal data concerning you, unless he can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
   If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
   You have the option, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, of exercising your right of objection through automated procedures that use technical specifications.
   
   
8. Right to revoke the data protection declaration of consent:
   
   You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
   Automated decision in individual cases including profiling: You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which has legal effect against it or significantly impairs it in a similar manner. This shall not apply where the decision
   a. is necessary for the conclusion or performance of a contract between you and the responsible person,
   b. is admissible by law of the Union or of the Member States to which the responsible person is subject and where such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or
   c. is taken with your express consent.
   However, these decisions may not be based on special categories of personal data pursuant to Article 9 paragraph 1 GDPR, unless Article 9 paragraph 2 lit. a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests. With regard to the cases mentioned in a. and c., the responsible person takes appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the responsible person, to state his own position and to contest the decision.
   
   
9. Right of appeal to a supervisory authority:
   
   Without prejudice to any otheradministrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
   
   
10. Information, objection, rectification and erasure options:
    
    You have the possibility at any time to revoke your consent to the processing of personal data with effect for the future and to have your personal data deleted or altered. If the data is required to fulfil the contract or to carry out pre-contractual measures, premature erasure of the data is only possible insofar as there are no contractual or statutory obligations in contradiction to erasure. Requests for information, rectification and erasure as well as the revocation or objection regarding the further use of the data of any consents given to us can be explained informally to our data protection officer (contact data: at the beginning of the data protection declaration).

Requests for information, rectification and erasure as well as the revocation or objection regarding the further use of the data of any consents given to us can be explained informally to our data protection officer (contact data: at the beginning of the data protection declaration).

Changes of our privacy statement

In order to ensure that our privacy statement always complies with current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy statement has to be adapted due to new or revised benefits, for example new services. The new privacy statement will then take effect the next time you visit our offer.