In accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 (“GDPR“), this Personal Data Processing Policy provides all relevant information on the processing of personal data pertaining to you, the data subject, in connection with the Locus GIS application and related services, including the web platform (jointly referred to as “Application“). This Personal Data Processing Policy does not apply to the Locus GIS Helpdesk platforms, offered as separate services.
Who is responsible for processing your personal data?
The controller of personal data is Asamm Software, s.r.o., Business ID: 24225321, a company with registered office at Krhanická 719/25, 142 00 Prague 4 – Kamýk, Czech Republic (“Controller” or “We“).
For what purposes do We process your personal data?
The purpose of processing your personal data is to allow you to use the Application and related services, to carry out the maintenance and improvement of the functions of the Application, and to communicate with you, given that you are the Controller’s customer.
Your personal data are necessary for creating your user account through which you will be able to use certain functions of the Application.
Profiling takes place only in the framework of the use of the Locus Store function (improvement of commercial offers based on your Locus Store purchase history).
What personal data do we process?
When you use the Application, we collect and process some or all of the following data, which you provide during registration, which are generated while you use the Application, or which you enter into the Application.
The mandatory data needed for the registration of your account in the Application include first name, last name, and e-mail address. The same applies to logging into the Application through third-party services and social networks, such as Facebook.
Since the Application has a nature of map and navigation software, it uses location data from your mobile device to determine your position.
If you use the Application’s relevant functions, we collect data on your history of purchases made via the Application, ways in which you use the Application, location data, and search history. If you use the Application’s web platform, we also retain the IP address for the purpose of communicating with your device.
Optional data you provide during registration include your profile photograph and designation of your end-user device. If you use the relevant functions, you can also upload multimedia content into the Application, such as your photographs in specific locations.
In addition, the Application can optionally process your biometric data. For the purposes of calculating other parameters of recorded movement, you can enter into the Application such data as age, sex, height, and weight. Using the measuring capabilities of a suitable end-user device, the Application can also monitor and process such data as heart rate, heart rate bands, lactate threshold, cadence, and temperature. The scope of the foregoing data may change depending on the development of the Application’s functions.
The Application uses Firebase Analytics, analytical software provided by Google that analyses certain data on devices and ways in which the Application is used by the user. Such data are used exclusively for analytical purposes.
If you use the Application’s web platform, we store cookies on your device. Cookies contain technical information necessary for communication, login into your user account, and, where applicable, analytical data.
App collects location data for polygon/line recording and guidance on a target or along a line, even when the app is running in the background.
To use certain functions, such as functions related to the Cloud storage service, you will be asked to log into third-party services. Login takes place directly within the third-party system, in which case we process through the Application only the verification identifier obtained from the login process or your user name and profile photograph from a given third-party service for the purpose of displaying them in the Application.
For the purpose of providing personalized advertising in the Application through the Google AdSense platform, some of your personal data may be provided to third parties acting as independent controllers of such data. For additional information on the Google AdSense service, visit https://policies.google.com/technologies/ads.
If you share your itinerary from your library through the Website, you will be able to choose, prior to sharing, whether or not the itinerary will be shared in conjunction with your basic identification data (first name, last name, e-mail address, and, where applicable, uploaded photograph). This function is available only to registered users.
What is the legal basis for processing your personal data?
Processing some of your personal data is necessary for the performance of the license agreement you have entered into with Us (“License Agreement“), particularly for allowing your use of the Application’s applicable functions. Such processing is compliant with Article 6(1)(b) GDPR.
Some of your personal data pertaining to analytical outputs are further processed in accordance with Article 6(1)(f) GDPR, based on the Controller’s legitimate interest in improving and maintaining the Application or, where applicable, for protecting property rights after the performance of the Licensing Agreement and for monetizing the Application through advertising.
Based on the Controller’s aforestated legitimate interest, the Controller will occasionally send you a newsletter to inform you about news concerning the Application.
How long do we keep personal data?
Data the processing of which is required for the purposes performing the License Agreement are processed for no longer than the term of the License Agreement, unless otherwise specified below. Basic identification data are processed during three years after the termination of the License Agreement, a period that coincides with the limitation period pertaining to property rights arising from the License Agreement.
You can change your optional data at any time, for example by deleting an uploaded photograph from the Application. In such a case, the Controller will terminate the processing of such data no later than as of the time at which regular backup data are deleted.
Any and all personal data processed for analytical purposes are processed only until the compilation of statistical data; afterward, data are automatically deleted. The Controller subsequently analyzes only anonymized summary data.
Cookies are kept for a period of 30 days after being stored on your device.
Other data that are not listed above are processed no longer than until the time at which your user account will be deleted.
To whom do we provide your personal data?
Where the Controller transmits your personal data to third parties, the Controller does so for the purpose of fulfilling one of the purposes listed above. Typically, personal data are provided to personal data processors or to other controllers. In the further processing of your personal data, the Controller uses third-party services inside and outside the European Union, such as Host Europe GmbH, DigitalOcean Inc., Google Inc., and Google Ireland Limited, that is entities providing services necessary for the operation of the Application, server hosting, and, where applicable, analytical services. Necessary personal data are provided to the foregoing entities exclusively for the foregoing purpose.
After logging into your user account in the Application and on the Controller’s website at http://www.locusgis.com (“Website“), the Controller uses Firebase Authentication services provided by Google Ireland Limited. These services rely on a unique identifier (ID token) for your identification across a variety of the Controller’s and third-party services. The ID token contains your basic identification data, particularly first name, last name, e-mail address, IP address, and, where applicable, profile photograph. For this purpose, we store your IP address for several weeks after login and the other data listed above until the time at which your user account used in the Application is fully closed. Subsequently, your data are stored for 180 days in the framework of the procedures for backing up data on our servers.
In case that you activate the Application’s incident reporting function, your location data and, if applicable, biometric data are transmitted to the contact persons you specify in the Application.
Moreover, your personal data are also transmitted based on your consent and instruction you give us by using the applicable function that allows sharing selected data with third parties. Explicit information to the foregoing effect is provided to you through the Application. The Controller bears no liability for any processing carried out by the recipient of such data selected by you, owing to the absence of a decision on appropriate protection and adequate guarantees within the meaning of the GDPR, such transmission entails risk and may not provide sufficient protection for your personal data. If you choose to export your personal data to a recipient from a third country outside the European Economic Area, you will be asked for express consent prior to such transmission.
What are your rights?
You have the following rights under the GDPR:
- the right to request the Controller to provide access to personal data in accordance with Article 15 GDPR
- the right to request correction of personal data in accordance with Article 16 GDPR
- the right to request the erasure of unlawfully processed personal data in accordance with Article 17 GDPR
- the right to request restriction of personal data processing subject to the conditions laid down in Article 18 GDPR
- the right to portability of personal data in accordance with Article 20 GDPR
- the right to object the unlawful processing of personal data in accordance with Article 21 GDPR
The Controller hereby informs you that no automated decisions will be made based on the aforestated personal data within the meaning of the GDPR.
You also have the right to object the processing of personal data at any time, including, where applicable, profiling, due to reasons pertaining to your specific situation. You can exercise the right to raise objection at any time due to reasons pertaining to your specific situation in case that your personal data are processed for direct marketing purposes, including, where applicable, thereto related profiling.
If the processing of your personal data violates any provision of the GDPR, you can contact the Controller to rectify the violation. In addition, you can submit the matter to the oversight body, specifically the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic.
The Controller may update this Personal Data Processing Policy from time to time as necessary. Kindly pay attention to the current version of this Personal Data Processing Policy, which is available HERE. We will inform you of updates of the Personal Data Processing Policy by sending a message to the e-mail address you provide during the registration of your user account through the Application or by means of notifications sent through the Application itself.