Book a Demo Contact
Combined Shape Icons/Fonctionnal/Close/L

X-Assist Privacy Policy

1.    Controller for the data processing 

For the purposes of the General Data Protection Regulation, the controller will be the employer.

2.    Contact data of the protection officer

You can reach our data protection officer under Crisis24 GmbH c/o data protection officer, Byk-Gulden-Str. 24, 78467 Konstanz, or under the email address [email protected].

To contact your employer’s data protection officer, please use the data your employer has provided for this purpose, or directly contact the controller named under item 1 (your employer). 

3.    Data processing information

We will process your personal data only within the framework of statutory permission and while observing the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and additional pertinent laws for processing personal data and data protection.

4.    Processing the data of travelling employees of our business partners

Data subject category:

Employees (expatriates / travellers / user) 

Data categories:

Key data (e.g., user name, first name, last name, form of address, nationality, etc.), professional contact and organisational data (e.g., address, email addresses, telephone numbers, work area, department, competencies, functions, etc) IT protocol data and IT usage data (e.g. user ID, roles, authorisations, login times, IP address, technically required cookies, e.g. for language selection and load distribution as well as cookie identifiers etc.), professional travel data (e.g., travel destinations, travel routes, means of travel, travel times, Passenger Name Record (PNR), etc.), private contact and communication data (email address, telephone numbers, etc.), status data (e.g., alerts, special alerts, status requests, etc.), location information and geo-localisation data (GPS location data actively transmitted once or continuously by the person concerned)..

Purpose of the processing:    

The purpose of the processing is to provide safety assistance for the expatriates or employees of the customer on business trips as part of crisis preparedness and emergency plans, as well as to inform the expatriates or travellers about safety-relevant events (including a counselling and emergency hotline, risk and safety counselling for business travellers, the organisation of relevant supportive services in the event of emergency, up-to-date country information, worldwide incident reports, individual warning notifications and safety analyses). 

Legal basis:    

Art. 6(1)(a) for cases in which you have given your consent to the processing of personal data concerning you, Art. 6(1)(b) GDPR for processing personal data to fulfil a contract with your employer or for the realisation of pre-contractual measures, Art. 6(1)(f) GDPR to protect our legitimate interests, and Art. 6(1)(c) GDPR in instances in which the processing is necessary to fulfil a legal obligation. 

Legitimate interest:    

Our legitimate interest lies in implementing the business relationship with our customer (your employer) and maintaining personal contact with our customer’s employees (expatriates / travellers / user). 

If necessary, we process your data to protect our legitimate interests (e.g. analysis of user behaviour for the purpose of continuous improvement and further development of our security services), to assert legal claims, and for defence in the event of legal disputes.  

Categories of recipients:
    
Within our company, offices will receive your data if they need those data to fulfil our contractual or statutory obligations. 

In addition, we may forward your data to service providers and vicarious agents (such as IT service providers, medical service providers, and travel service providers) who support us during contract execution and fulfilment of statutory obligations.

Data sources:    

We process personal data which we receive as part of our business relationship with our business partner (your employer) or directly from you as an expatriate or traveller or user. If necessary for the rendering of our contractual or statutory obligations, we will also process personal data that we have permissibly received from other companies (such as travel agencies on behalf of your employer) or from government agencies or which we have permissibly gained from publicly accessible sources (such as the press, the media and the internet).

Transmission to third countries:    

Your data will be transmitted to countries outside the EU or the EEA only if this is necessary to fulfil the contractual relationship with our business partner (your employer) or as part of commissioned data processing. In these cases, transmission is permissible only if the European Commission for the third country affected has established an adequate level of data protection, or if suitable guarantees are provided for and the data subject is entitled to enforceable rights and effective legal remedy.

In addition, our service providers and vicarious agents sometimes use service providers as well (such as computer centres) which are domiciled in a third country. In these cases as well, transmission is permitted only under the above statutory requirements. 

Obligation to provide:    

As a general principle, we process data only as prescribed by law or a contract, or as necessary at contract conclusion, before a contract’s preparation, or during its subsequent execution. Without these data, we would be periodically unable to offer you the services named in the purpose of the processing, including security assistance. 

Unless prescribed or necessary under the law or a contract, you are not obligated to provide us with personal data. You will not suffer any negative consequences by not voluntarily providing us with data. However, not providing such data in individual cases might delay or impede communication with you, or delay, impede or prevent the rendering of certain services such as our security assistance. 

Storage period:    

Professional travel data and status data: Your travel data and status data will be deleted between 45 days and 2 years after the end of the trip respectively after its origin. The storage period is determined by the Controller. To obtain the exact storage period, please contact your employer.

IT log data and IT usage data: IT protocol data and IT usage data will be deleted at the latest 6 months after deletion of the corresponding user, technically required cookies will be deleted at the end of each session.

All other data will be erased without undue delay after the business relationship with our business partner (your employer) ends, or after the pre-contractual measures have been fulfilled, unless legal obligations oppose such erasure. In these cases, your personal data will be erased after the legal obligation and any ensuing deadlines for asserting claims have expired.

5.    Your rights as the data subject

If one of the grounds named in the GDPR applies, you may demand that the controller named under number 1 (1) provide access to information about your personal data that is being stored (Art. 15 GDPR), (2) correct any incorrect data (Art. 16 GDPR), or (3) erase the data (Art. 17 GDPR) or restrict their processing (Art. 18 GDPR). You have the right to data portability (Art. 20 GDPR) and to not be subject to a decision based exclusively on automated processing—including profiling—which legally affects or otherwise significantly impairs you (Art. 22 GDPR). If you believe data concerning you is being processed contrary to data protection regulations, you may appeal to a supervisory authority (Art. 77 GDPR).

Notice of withdrawal of consent

You have the right to revoke your consent at any time without this affecting the legality of the processing carried out to date (Art. 7 para. 3 sentence 1 GDPR). If you revoke your consent, we will stop the corresponding data processing.

Notice of right to object 

If data is collected based on Art. 6(1)(f) GDPR (data processing to protect legitimate interests), you may object to that processing at any time, for reasons arising from your particular situation. That processing must then be discontinued unless we can verify compulsory legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is done to assert, exercise or defend against legal claims.

Consent to the one-time or continuous GPS-supported Geo-localisation 

X-ASSIST offers you as an expatriate / traveller / user the possibility to transmit your current location to X-ASSIST once or continuously in case of location changes. You always have full control to activate / deactivate this function. 

In addition to the above "Information on the processing of personal data in connection with the use of X-ASSIST", with this information we provide you with the relevant details for obtaining your consent to a single or continuous GPS-supported location integration in X-ASSIST.

Consent to the Processing

The use of GPS location transmission is only possible with your prior explicit consent. In order to use this function, you must actively enable it in X-ASSIST for single or continuous execution. 

By activating this function, you declare your consent to the GPS-supported geolocation in the relevant area. 

Purpose of the Data Processing 

The extended "Location Data Integration" serves to enable a more precise monitoring of the location by means of active location transmission by the user in X-ASSIST in order to be able to provide our services even more precisely at your respective location. 

If you agree to the one-time use feature, your location will be transmitted each time you actively execute it. The transmission does not continue in the background and there is no permanent monitoring. An uncontrolled location check or transmission is impossible.

If you agree to continuous transmission, GPS-supported geo-location data will be transmitted whenever your location changes. In this case, too, an uncontrolled location check is excluded.

Voluntariness of Geo-Location

Your consent is voluntary. You can refuse it without giving reasons. If you do not wish to give your consent, you cannot use the GPS-supported location localisation. Alternatively, you can enter your locations manually in X-ASSIST.  

Categories of Processed Data

Geo-localisation data (GPS coordinates of the location), IT usage data (IP address of the transmitting device, time stamp of transmission and time stamp of the first use of Location Data Integration by means of GPS-supported location transmission as proof of your consent), business travel data (e.g. travel destinations, travel routes).

Legal Basis of the Data Processing

The use of GPS-supported geo-location localisation and the processing of your personal data in this context will only take place if you have given us your consent by actively enabling it. The legal basis for the processing is article 6 paragraph 1 sentence 1 lit. a GDPR. 

Withdrawal of your consent

You have the right to withdraw your consent at any time without giving reasons and without affecting the legality of the processing carried out so far. If you withdraw your consent, we will stop processing your data.

To withdraw your consent, deactivate the function in your X-ASSIST application or directly on your mobile device in the case of continuous GPS-supported location localisation. If you need any help in doing so, our support team will be happy to assist you at any time.