The online platform Sawayo (hereinafter Sawayo) is a digital administration service in the area of compliance and contract management for entrepreneurs. Within this framework, Sawayo offers companies an app that can be used by employees/app users (hereinafter users) for various administrative tasks, e.g. recording working hours or digital document management.
A contractual relationship exists exclusively with the respective company (the user's employer), not with the user himself. The company activates the user for app use and can block this access at any time without stating reasons. The user has no right to use the app. Insofar as the user wishes to assert claims for information regarding the data managed in the app, he must direct these to the company.
The data protection declaration for the use of the Sawayo software by the company can be found informatively here.
The user must set a password to access his user account. The user account may only be used by him personally. He may not pass on the access data to third parties and must ensure that third parties do not gain unauthorized access to his user account by using insecure passwords (less than 8 characters and without numbers and special characters) or by storing or otherwise securing them. He is responsible for all activities related to his user account.
It is prohibited to use mechanisms, software or other scripts in connection with the use of the platform that impair the functionality or accessibility of the platform or to modify, delete or overwrite content created and managed by the provider.
The user is responsible for the content that he uploads to the platform. Sawayo does not take any notice of the contents of the users and does not check the contents used with the software as a matter of principle.
The user undertakes not to post any content and data that is punishable by law or otherwise illegal in absolute terms or in relation to individual third parties and not to use any programs containing viruses or other malware in connection with the software. In particular, he undertakes not to use the software to offer illegal services or goods.
The availability of the website depends on different technical equipment of the users. In order to be able to use the website to its full extent and to access the platform, suitable technical equipment (PC, tablet, cell phone and, crucially, Internet access) is required.For technical reasons, uninterrupted availability of the digital content cannot be guaranteed. Availability may be impaired, for example, by regularly necessary maintenance and security work, but also by unforeseen events that are beyond the control of the Provider.
Privacy policy of the Sawayo App
We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (DSGVO). We collect and process your personal data in order to offer you our services. In accordance with Art. 13 DSGVO, we describe in this declaration which data is used by us in what way and for what purpose and to what extent, and what choices and rights you have in connection with the use of your personal data.
1. Responsible entity
Sawayo GmbH, Richard-Wagner-Straße 1 a c/o Basislager Coworking GmbH, 18055 Rostock, is responsible for compliance with data protection on our website. We have not appointed a data protection officer. We will be happy to answer any data protection queries you may have. You have the following contact options: Email: kontakt@sawayo.de
2. Data collection in the app
a) App log files
When you call up our app, information from your end device is automatically transmitted to our app. This information is only stored for a short time in so-called log files. These are automatically deleted after a short time. This includes the following data:
- your IP address,
- device ID,
- date and time of the call,
- information about the operating system you are using,
- name of your access provider.
This data is used for the purpose of ensuring a smooth connection setup and comfortable use of our website, as well as for evaluating system security and stability. The legal basis for data processing results from Art. 6 para. 1 p. 1 lit. f DSGVO, as we have a legitimate interest in collecting data for the aforementioned purposes. In addition, a legal basis also arises from Art. 6 para. 1 lit. b DSGVO for the processing of data for the performance of a contract or pre-contractual measures. The data will not be used to draw conclusions about your person.
b) Login via third-party providers
aa) Google Sign-In
For registration purposes, we also offer you the option of using the Google Sign-In service, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This replaces the registration procedure. To register, you will be redirected to the Google page, where you can log in with your usage data. This links your Google profile and our service. The use of Google Sign-In is based on your consent pursuant to Art. 6 (1) DSGVO. This consent can be revoked by you at any time. Through the use of Google Sign-In, the name you provide to Google and your contact details are automatically transmitted to us. This information is mandatory for the conclusion of the contract in order to identify you. Further information on data protection in connection with Google can be found here: https://policies.google.com/privacy?hl=de&gl=de Google complies with European data protection law and is certified under the Privacy Shield agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
bb) Apple Sign-In
For registration purposes, we also offer you the option of using the Apple Sign-In service, operated by Apple Inc. (www.apple.com). This replaces the registration procedure. To register, you will be redirected to the Apple site, where you can log in with your usage data. This links your Apple profile and our service. The use of Apple Sign-In is based on your consent pursuant to Art. 6 (1) DSGVO. This consent can be revoked by you at any time. Through the use of Apple Sign-In, the name you have deposited with Google and your contact details are automatically transmitted to us. This information is mandatory for the conclusion of the contract in order to identify you. Further information on data protection in connection with Google can be found here: https://www.apple.com/de/legal/privacy/de-ww/
c) Health data
If you voluntarily enter your Corona test result in our app, we ask for your consent to store the result locally on your device for 24 hours. There is no transfer of this data to other devices or services. After 24 hours, the result is automatically deleted. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. The consent can be revoked at any time with effect for the future.
3. Input data
In the app you will find input options for data related to your employment relationship. Your employer is responsible for data processing. You can obtain information about your employer directly from the employer. Data entry in the app is based on legal requirements pursuant to Art. 6 (1) lit. c DSGVO or for contract processing pursuant to Art. 6 (1) lit. b DSGVO. The data storage is carried out by us for your employer on the basis of an order processing contract. The data will be deleted by us when the contractual relationship between us and your employer ends or according to the legal regulations when you leave your employer.
The privacy policy for the use of the Sawayo software by the company can be found informatively here.
Photos/ Media/ Files/ Camera
You have the option of uploading photos/ media/ files via our app to make them available to your employer. In this case, the app accesses your photos/ media/ files or camera. This data is then stored permanently with your employer. The app only accesses this data if you confirm this. The app does not access the data automatically. The legal basis for the data processing results from Art. 6 para. 1 p. 1 lit. b DSGVO for the purpose of executing the contract.
4. disclosure of data
In principle, your personal data will not be transmitted to third parties. However, data may be transferred by way of exception for the following reasons:Insofar as you have given your express consent, Art. 6 (1) sentence 1 lit. a DSGVO,Insofar as the transfer is necessary according to Art. 6 (1) sentence 1 lit. f DSGVO and there is no overriding interest worthy of protection in not transferring your data,Insofar as we are legally obliged to transfer the data, Art. 6 para. 1 p. 1 lit. c DSGVOinsofar as disclosure is permissible and necessary in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.Insofar as processing of your data is carried out by third parties commissioned by us, this is done on the basis of Art. 28 DSGVO by means of an order processing agreement.
5. Data subject rights
Right of access Art. 15 DSGVO
You have the right to request confirmation from us as to whether we are processing personal data about you. If this is the case, you can request information about this personal data and about the following information:
- the purposes of the processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to rectify or erase the personal data concerning you or to restrict processing or to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from you, any available information about the origin of the data;
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Right of rectification Art. 16 DSGVOYou can immediately request the correction of inaccurate or completion of your personal data stored by us.
Right to erasure (right to be forgotten) of your data, Art. 17 DSGVO
You can request the deletion of your data stored by us, insofar as
- the personal data are not necessary for the purposes for which they were collected or otherwise processed, or are no longer necessary;
- you withdraw your consent on which the processing is based pursuant to Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO and there is subsequently no other legal basis for the processing;
- you object to the processing pursuant to Article 21(1) DSGVO and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) DSGVO;
- the personal data have been processed unlawfully;
- erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which you are subject;
- the personal data have been collected in relation to information society services offered pursuant to Article 8(1) DSGVO.
We are obligated to delete upon presentation of the requirements, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
Right to restriction of processing, Art. 17 DSGVO
You have the right to demand that we restrict processing insofar as
- the accuracy of the personal data is disputed by you, but only for the period that allows us to verify the accuracy of the data;
- the processing is unlawful and you do not want the erasure of your personal data immediately, but instead request the restriction of the use of the personal data;
- we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims; or
- you have objected to the processing pursuant to Article 21(1) DSGVO, as long as it is not yet clear whether the legitimate grounds on our part override yours.To the extent that processing is restricted, we may process your personal data - apart from storing them - only with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.Before the restriction is lifted, you will be informed again.
Right to data portability Art. 20 DSGVO
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
Right of objection Art. 21 DSGVOYou have the right, pursuant to Art. 21 DSGVO, to object to the processing of your personal data if it is processed on the basis of legitimate interest pursuant to Art. 6 (1) p. 1 lit. f DSGVO. However, this only applies if there are reasons arising from your particular situation or if the objection is directed against direct advertising.
Right of revocation Art. 7 para. 3 DSGVOYou have the right to revoke your consent granted pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO to us at any time. This revocation applies exclusively to future use.
Right to complain to supervisory authorities
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or our registered office, if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.
To the extent that you wish to exercise your data protection rights, you may also submit this by e-mail to info@inregia.de.
6 Data security
This app uses encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us. If encryption is activated, the data you transmit to us cannot be read by third parties.
In addition, we have taken precautions in the form of technical and organizational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties.
7. Up-to-dateness and amendment of this data protection declaration
This privacy policy is currently valid and has the status May 2021. To ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services. The new data protection statement will then apply the next time you visit our website.
.png)
