Privacy statement for the Human Firewall application for mobile devices
We take you and the protection of your personal data very seriously. Your privacy is very important to us. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below. The aim of this application is to increase the interaction between the Cyber Security awareness modules of the E.ON group and push forward further improvement of the information flow between Information Security and the E.ON employees to raise the awareness for information security. The usage of this application is completely voluntary.
Responsible organisation and contact details
This application is operated by the Cyber Security of E.ON SE.
E.ON SE, Brüsseler Platz 1, 45131 Essen, email firstname.lastname@example.org is responsible for the processing of your personal data. Please use this email if you have any questions, notes, need of adjustments, insights or additions to your collected data or to this privacy statement.
Purposes for which your data are collected and processed
Due to the offer of this application is limited to E.ON employees an E.ON email-address is required for a successful registration for which a registration-token is sent.
We also use your email to send you notifications regarding updates (technical updates, new features). Furthermore, your email is used by us in the context of competitions and lotteries within the Human Firewall app. The email-address is processed to investigate the winner or the winners are notified about their prizes by using their email-addresses.
In addition, the following data will be saved to your account: user-ID, access-token, accumulated points, number of log-ins as well as the date of the first log-in and the last update of your record. The data is used to guarantee technical security, as well as visualization of accumulated points and badges for the user and for an anonymized reporting regarding the usage of the app for the Cyber Security.
If further purposes for data usage arise, in addition to the existing proposes, we check whether these further purposes are compatible with the original purposes of collection and in accordance with them. If this is not the case E.ON SE will inform you about the change in purpose. If there is no other legal basis for further data usage E.ON SE won’t use your personal data without your consent.
Legal basis for the processing of the above mentioned personal data is your consent in processing by installing the app on your device and registration.
Service providers and data transfer in third countries
Engaged service providers become obligated to the requirements of E.ON SE regarding data protection and technical security. E.ON SE allows some individual services, after having them carefully checked, to be executed by providers outside of the European Economic Area (‘third country’), such as IT-services. In such cases a transfer in a third country takes place. As far as legally necessary, to achieve an appropriate level of protection, E.ON makes use of legislative requirements such as guarantees to achieve an adequate level of data privacy protection, including inter alia EU-standard contracts. You have the possibility to request further information at any time as well as receive copies of relevant arrangements.
Planned data deletion
If you have not used the application for more than 12 months we consider it unnecessary to keep your personal data stored. Your user account will be deleted by us, you accumulated points and badged get lost. A new usage of the application is just possible after a new registration. Local data (email address) will be deleted, if you uninstall the app.
At any time you can demand the deletion of your personal data via email at email@example.com and at the same time you can revoke your consent for processing your data, your data will be deleted and the application will no longer be useable.
Data privacy contact and your rights
Please address further questions regarding the processing of your personal data to the data protection officer of E.ON SE at firstname.lastname@example.org.
We are pleased to provide information if and what personal data from you are stored by us and to whom we may have passed this data. According to legal provisions you can assert the following additional rights: correction, erasure, limiting the processing (blocking for certain purposes), data portability.
If you have any questions or complaints, you have the right to contact a regulatory authority, in particular the Member State of your habitual residence, of your job, or the location of the alleged violation. The regulatory authority responsible for us is the State Officer for Data Protection and Freedom of Information of the German state North Rhine-Westphalia (www.ldi.nrw.de).