Data protection information - privacyIDEA Authenticator App
Responsible for data processing:
Phone: +49 561 3166797
Fax: +49 561 3166798
Managing Director: Cornelius Kölbel
For further information on the processing of your personal data in the context of
use of our products and your rights as a data subject (Art. 12 to 21 GDPR), you can also contact our company data protection officer:
- by telephone on +49 561830 99 165,
- by post with the address suffix "Data Protection Officer"
- or by email at firstname.lastname@example.org.
The general data protection information for our customers and business partners, with
further information, can be found at: https://netknights.it/en/data-protection-information-for-customers-and-business-partners/
What data does the app process and transfer?
This data protection notice applies to the privacyIDEA Authenticator and to apps derived apps, in particular the OCAS Authenticator.
The Authenticator app stores information about the rolled-out token, which is transmitted in the QR code during the rollout. Depending on how your own administrator has configured the privacyIDEA system, this may be the user name, email address, first name and/or surname. The app does not transmit this data to any other parties.
Push Token and internet connection
For the push functionality, the app registers with the Firebase Cloud Messaging (FCM) service with a non-assignable unique identifier (UID) when it is first started. This UID is generated by the Firebase Cloud Messaging service. No other data is transmitted to the Firebase service. The app also communicates with FCM on subsequent launches to keep the UID valid.
The unique identifier is also sent to the privacyIDEA server where the push token is registered. No data is transmitted to other third parties – in particular to us as the manufacturer of this app. For the manufacturer of the app, the unique identifiers in the Firebase Cloud Messaging service are neither visible nor can they be assigned to a specific user/device.
The generation of the unique identifier and the associated data processing is technically necessary and required for the use of the app and to ensure the smooth operation of the app’s technical functions.
When using a push token, the Google Firebase Service or additionally the Apple Notification Service is used (depending on which operating system the user is using). During an authentication process, the server sends a random, non-assignable character string (cryptographic challenge) and the serial number of the token via the services (Firebase Cloud Messaging, Apple Notification Service) in addition to the unique identifier.
The token serial number can be regarded as personal data.
The camera is used by the app to scan QR codes. The app does not save any images that the camera sees during the scan and is only used for instant capture.
We are constantly working to improve our app. For this reason, we give you the option of sending information to us as the manufacturer (NetKnights) in the event of a crash of the app. Sending this information is voluntary, based on your consent and is done using the standard mail client on your smartphone.
A crash report may therefore contain the following data, depending on your settings, e.g. footer.
Surname, first name, email address, smartphone model, software version.
Depending on the footer, it may also include Address and telephone numbers.
By actively sending a crash report, you consent to the use of this data.
How do we use this data?
The crash reports are sent to the development team at NetKnights.
We use the model and version information to fix bugs in the app and the email address to contact you as a user in the event of a crash.
We have no use for names, addresses and telephone numbers and therefore recommend removing these from the email when sending a crash report.
Storage and deletion of data
What rights do you have?
With regard to the processing of your personal data, you have a variety of rights, in particular the right to information about the personal data stored by us (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection to processing (Art. 21 GDPR), especially in the case of direct marketing. With regard to the right to information and the right to rectification, the restrictions of Sections 34 and 35 BDSG must be observed.
Furthermore, there is the right of appeal to the competent data protection supervisory authority (Art. 77 GDPR), to which we expressly refer. You can reach the supervisory authority responsible for our company under the following contact details:
The Hessian Commissioner for Data Protection and Freedom of Information.
P.O. Box: 3163