1. General Information

The controller responsible for data processing of the IDealWALLET app is:

KAPRION Technologies GmbH
Gostritzer Straße 61
01217 Dresden

Legal representative: Dipl.-Inf. André Röder
Phone: +49 351 8547 8390
E-mail: info (at) kaprion.de

For questions regarding data processing, please contact us either via our postal address or by using the telephone number or e-mail address given above.

2. Purposes and Legal Bases of Data Processing

We process your personal data for the following purposes:

• Identity management: Storage and management of digital identities.
• Authorization verification: Proof and verification of authorizations via digital identities.
• Backup function: Transfer of identities between different devices for data backup.
• Certificate management: Management and issuance of certificates for authorization verification.
• Process history: Documentation of authorization checks and verifications for traceability.

Use of the app is voluntary. Data processing is required for the fulfilment of the usage contract (Art. 6 para. 1 lit. b GDPR). Our general terms and conditions apply.

3. Categories of Personal Data

Within the scope of the defined purposes, we process, among others, the following categories of data:

• Personal master data
• Identity credentials
• Authorization credentials and certificates
• Log data on authorization processes, app usage and errors
• Timestamps and metadata related to processes

Depending on the app configuration, this data is stored either exclusively locally on your device or in the associated secure storage (e.g. hardware token, secure chip, etc.).

4. Recipients or Categories of Recipients of Personal Data

• Other authorised devices in the context of identity transfer
• Certificate issuers in the context of authorization management
• Authorised examination entities for verification of certificates and authorizations

5. Origin of the Data

Personal data is provided by the contracting partner themselves or transmitted by credential-issuing entities (e.g. authorities).

6. Data Transfer to Third Countries

No transfer of your personal data to countries outside the EU or EEA takes place.

7. Retention Period of Data

Your data is stored locally on your device and in the secure storage module as long as you use the app and wish to manage your digital identities. Log data for authorization processes are retained according to legal requirements for a duration of [specific time period]. After deletion of your account, all related data will be deleted immediately, unless there are legal retention obligations.

8. Technical Security Measures

To ensure the security of your data, the use of a secure storage module (hardware token or secure chip) is mandatory. This ensures encrypted and tamper-proof storage of your sensitive data. Without such a secure storage module, the app cannot be used.

9. Rights of Data Subjects

Access
You have the right to request information on whether and which personal data relating to you is processed by us. This information is generally provided free of charge. Prior to providing access, it is necessary to verify your identity.

Rectification
You have the right to have inaccurate personal data relating to you corrected. This also includes the completion of incomplete data concerning you.

Erasure
Under certain conditions, you have the right to request immediate deletion of personal data relating to you.

Restriction
Under certain circumstances, you have the right to request restriction of processing of your data, especially if you contest the accuracy of the data, if the processing is unlawful, if the data is no longer needed for processing, or if you have objected to data processing.

Objection
You have the right to object at any time to the processing of personal data relating to you.

Data Portability
You generally have the right to receive personal data relating to you in a structured, common, machine-readable format.

10. Right to Lodge a Complaint with a Supervisory Authority

For complaints arising from the processing of personal data within the described purposes, you may contact the responsible data protection supervisory authority at any time.

11. Necessity of Providing Data

The provision of your personal data is required for contract fulfilment. Optional data is always marked accordingly at the time of collection.

12. Automated Decision-Making and Profiling

The app uses automated procedures for the verification of authorizations and certificates. These checks are based on predefined rules and are used exclusively to verify authorization credentials. No profiling takes place.

Last updated: 01.06.2024