1. Scope

This page describes privacy information for apps and solutions provided by PROZESSA. It covers both (a) cloud-hosted web solutions operated (in whole or in part) on Google Cloud Platform (GCP) services and (b) native iOS apps that primarily run locally on the user's device.

2. Processing for iOS apps (local processing)

Where our iOS apps process or store data locally on your device, the processing generally takes place on the device itself. Data is only transmitted to our servers if an app feature requires it (e.g. synchronization, team/project features, support) or if you actively submit data.

As of now, our iOS apps do not synchronize data with a backend.

3. Hosting & processing on Google Cloud

Depending on the solution, technical components may run on Google Cloud Platform (e.g. compute/hosting, databases, object storage, monitoring/logging). Where Google is used as a processor, the processing is carried out under the respective data processing agreements.

Purpose of processing:
Recording and managing working hours and orders within the scope of your employment relationship.
Provision of the technical infrastructure for the app, database hosting and secure storage of working time and order data.

Legal basis:
Art. 6(1)(b) GDPR (performance of the employment contract).

Use of Google Cloud:
The data is stored exclusively in data centers within the European Union (region “Europe West”).
Google acts solely as a technical service provider and processes the data only within the scope of the contractual agreements for providing the infrastructure. Access occurs only if required to ensure operations and under strict security and data protection requirements.

Service provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

International transfers:
There is no active transfer to third countries by the controller. Google may have access as a subservice provider; appropriate safeguards apply (Standard Contractual Clauses pursuant to Art. 46 GDPR).

Further information on Google Cloud privacy can be found at: https://cloud.google.com/terms/cloud-privacy-notice

Your data stored on Google Cloud is encrypted by default, both in transit and at rest, providing robust security. Google acts as a data processor, adhering to strict confidentiality and security measures as outlined in the Google Cloud Privacy Notice. You maintain ownership of your data, and we process it solely to provide the services you request.

Google Cloud Privacy Notice: https://cloud.google.com/terms/cloud-privacy-notice
Google Cloud Security & Compliance: https://cloud.google.com/privacy/gdpr
Google's General Privacy Policy: https://policies.google.com/privacy
Privacy and Security in Firebase: https://firebase.google.com/support/privacy
Google APIs Terms of Service: https://developers.google.com/terms

4. Apple-specific information (iOS)

If you obtain our iOS apps via the App Store or TestFlight, Apple may process certain data in connection with the operation of the store (e.g. downloads, billing, fraud prevention). This processing is typically carried out under Apple's own responsibility.

Note: Downloading apps from the App Store typically requires an Apple ID. This does not necessarily mean the app itself uses "Sign in with Apple" as an in-app login method.

As of now, our iOS apps do not use Apple services such as push notifications (APNs), iCloud/CloudKit synchronization, or any in-app analytics/crash reporting SDKs.

5. Categories of data

Depending on the app and its use, the following categories of data may be processed:

• Account and master data (e.g. name, email address, user role)
• Usage and log data (e.g. logins, timestamps, actions performed in the app)
• Content data (e.g. project entries, documentation, uploaded files/photos)
• Device/technical data (e.g. IP address, user agent, app/browser information)

6. Purposes of processing

• Provision, operation and maintenance of the app/platform
• User management, authentication and authorization
• Backups, troubleshooting, IT security and abuse prevention
• Support, communication and handling of requests

7. Legal bases

Where applicable, processing is based in particular on Art. 6(1)(b) GDPR (contract / pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in operating secure and reliable systems). Where consent is required, processing is based on Art. 6(1)(a) GDPR.

8. Retention period

Personal data is generally stored only as long as necessary for the purposes stated or as required by statutory retention obligations.

9. Recipients / subprocessors

Depending on the solution, recipients may include hosting and infrastructure providers (in particular Google) and other commissioned service providers where necessary for operation, support or security.

10. International transfers

If processing takes place in third countries, it will be carried out in accordance with applicable legal requirements (e.g. appropriate safeguards / standard contractual clauses).

11. Your rights

Subject to applicable law, you have rights to access, rectification, erasure, restriction of processing, objection and data portability. Please contact the address given in the legal notice.

12. Controller

The controller responsible for the processing is the entity stated in the legal notice.

13. Contact

For privacy-related questions, contact us at info@prozessa.com.