Data protection information - privacyIDEA Authenticator App
Responsible for data processing:
NetKnights GmbH
Ludwig-Erhard-Straße 12
D-34131 Kassel
Phone: +49 561 3166797
Fax: +49 561 3166798
Email: info@netknights.it
Managing Director: Cornelius Kölbel
For further information on the processing of your personal data in the context of
use of our products and your rights as a data subject (Art. 12 to 21 GDPR), you can also contact our company data protection officer:
- by telephone on +49 561830 99 165,
- by post with the address suffix "Data Protection Officer"
- or by email at datenschutz@netknights.it.
The general data protection information for our customers and business partners, with
further information, can be found at: https://netknights.it/en/data-protection-information-for-customers-and-business-partners/
What data does the app process and transfer?
This data protection notice applies to the privacyIDEA Authenticator and to apps derived apps, in particular the OCAS Authenticator.
The Authenticator app stores information about the rolled-out token, which is transmitted in the QR code during the rollout. Depending on how your own administrator has configured the privacyIDEA system, this may be the user name, email address, first name and/or surname. The app does not transmit this data to any other parties.
Push Token and internet connection
The app requires internet access. This is used by the app for the push token to communicate with the Firebase cloud messaging service and is therefore also used to send cross-platform messages/information. Google Firebase is a platform for developers of apps for mobile devices and websites. Google Firebase offers various functions for testing apps, monitoring their functionality and improving them (you can find out more at: https://firebase.google.com/products). The functions include, for example, the storage of apps including personal data of app users, such as information regarding their interaction with the apps (so-called "cloud computing"). Google Firebase also offers interfaces that allow interaction between app users and other services, e.g. authentication via services. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 I lit. a); Contract fulfilment within the scope of the user agreement for the APP and our main services to you (Art. 6 I lit. b) GDPR); Legitimate interests (Art. 6 I lit. f)). GDPR); Website: https://firebase.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for transfer to third countries: EU-US Data Privacy Framework (DPF).
For the push functionality, the app registers with the Firebase Cloud Messaging (FCM) service with a non-assignable unique identifier (UID) when it is first started. This UID is generated by the Firebase Cloud Messaging service. No other data is transmitted to the Firebase service. The app also communicates with FCM on subsequent launches to keep the UID valid.
The unique identifier is also sent to the privacyIDEA server where the push token is registered. No data is transmitted to other third parties – in particular to us as the manufacturer of this app. For the manufacturer of the app, the unique identifiers in the Firebase Cloud Messaging service are neither visible nor can they be assigned to a specific user/device.
The generation of the unique identifier and the associated data processing is technically necessary and required for the use of the app and to ensure the smooth operation of the app’s technical functions.
When using a push token, the Google Firebase Service or additionally the Apple Notification Service is used (depending on which operating system the user is using). During an authentication process, the server sends a random, non-assignable character string (cryptographic challenge) and the serial number of the token via the services (Firebase Cloud Messaging, Apple Notification Service) in addition to the unique identifier.
The token serial number can be regarded as personal data.
This is technically necessary for the authentication process. If you do not agree with this, please do not use a push token, but only HOTP or TOTP.
Camera
The camera is used by the app to scan QR codes. The app does not save any images that the camera sees during the scan and is only used for instant capture.
Crash Reports
We are constantly working to improve our app. For this reason, we give you the option of sending information to us as the manufacturer (NetKnights) in the event of a crash of the app. Sending this information is voluntary, based on your consent and is done using the standard mail client on your smartphone.
A crash report may therefore contain the following data, depending on your settings, e.g. footer.
Surname, first name, email address, smartphone model, software version.
Depending on the footer, it may also include Address and telephone numbers.
By actively sending a crash report, you consent to the use of this data.
How do we use this data?
The crash reports are sent to the development team at NetKnights.
We use the model and version information to fix bugs in the app and the email address to contact you as a user in the event of a crash.
We have no use for names, addresses and telephone numbers and therefore recommend removing these from the email when sending a crash report.
Storage and deletion of data
App-crashes (email address app-crash@netknights.it) is excluded from the general email archiving. After processing each crash report, the mail or the corresponding data will be deleted.
What rights do you have?
With regard to the processing of your personal data, you have a variety of rights, in particular the right to information about the personal data stored by us (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection to processing (Art. 21 GDPR), especially in the case of direct marketing. With regard to the right to information and the right to rectification, the restrictions of Sections 34 and 35 BDSG must be observed.
Furthermore, there is the right of appeal to the competent data protection supervisory authority (Art. 77 GDPR), to which we expressly refer. You can reach the supervisory authority responsible for our company under the following contact details:
The Hessian Commissioner for Data Protection and Freedom of Information.
P.O. Box: 3163
65021 Wiesbaden
Contact/E-mail: https://datenschutz.hessen.de/print_panel?nid=6