AngelBook your demo!

Privacy Notice for ANGEL

With this Privacy Notice we would like to inform you about the processing of your personal data in the course of using ANGEL, more precisely the ANGEL application as well as the ANGEL web services, and the rights you are entitled to under data protection law. In addition, we will give you insight into how anonymized usage data can help make your work environment a little safer.

Your personal data will be processed in accordance with the applicable data protection laws of the European Data Protection Regulation (GDPR) and any other applicable local data protection regulations.

At ADRESYS, we do our best to handle customer and user data transparently and carefully — we therefore only store the data that are necessary to provide targeted assistance in an emergency. Herewith, we give you a comprehensive overview of how ANGEL processes your data.

Your rights

Based on the applicable data protection regulations, you have the right to information, correction, deletion, restriction of data processing, data portability and objection at any time. You can revoke any consent provided for the future.

If you wish to exercise any of these rights, please contact ADRESYS as indicated in this document. In addition, you have the right to file a complaint with the competent supervisory authority — for ADRESYS in Austria, the responsible authority is the “Oesterreichische Datenschutzbehoerde” (Barichgasse 40-42, 1030 Vienna).

Data Controller is:
ADRESYS – Adaptive Regelsysteme Gesellschaft m.b.H.
Oberndorfer Straße 35, Eingang C, 5020 Salzburg, Austria

If you have any questions about data protection, please do not hesitate to contact us — we can be reached on the hotline +43 59495 6969 and by e-mail at angelreact@adresys.com.

Data Processing at a Glance

In general, ANGEL customers buy ANGEL for their employees (ANGEL users). ANGEL users wear a smart-textile shirt, on which the central control unit — the Genius — is mounted. This unit senses electrical voltages and changes in motion.

The Genius connects to the ANGEL application installed on the smartphone (the ANGEL App) using Bluetooth® technology. After a successful connection, the ANGEL App communicates with the ANGEL server, the central data hub. The ANGEL server is connected to the ANGEL database, an anonymized long-term memory of all event-related ANGEL activities, as well as a technically necessary short-term memory for processing important emergency information.

Via the ANGEL Server, the personal data of the users are transferred to the ADRESYS customer database, which is kept strictly separate from the rest of the databases. Only in an individual emergency scenario is the emergency call center (if this additional option has been selected) provided with all the user’s information required to provide assistance, which enables help to be provided on the spot.

Q & A

  • What is the ANGEL server?

    The ANGEL server is the data center, which on the one hand forwards event-related ANGEL activity data to the ANGEL database or the technically necessary short-term memory, and on the other hand places data from users in the ADRESYS customer database. In an emergency, the ANGEL server also takes over the central communication with the emergency call center (if the additional option is selected). If functions of the ANGEL server fail, the ANGEL App can also transmit information directly to the emergency contact or the emergency call center.

  • What is the ADRESYS customer database?

    The ADRESYS customer database is located on servers of the OMICRON Group in Klaus, Austria (OMICRON electronics GmbH, Oberes Ried 1, 6833 Klaus, Austria). In addition to local storage in the ANGEL App on your smartphone, identification data of users are stored exclusively here and provided with an internal ANGEL ID (regarding the ANGEL ID, see page 07). Otherwise, data are only marked with the ANGEL ID, such as in the ANGEL database where the activity data of your ANGEL product are stored. An assignment between ANGEL ID and user only takes place if it is absolutely necessary (when ANGEL starts the emergency call chain).

  • What is the ANGEL database?

    The ANGEL database is a cloud-based storage location in data centers within the European Union. The service companies currently used to provide the ANGEL database service are
    – mongoDB Inc. (Data Privacy for mongoDB Inc.)

  • Which emergency call center is contacted in an emergency?

    The use of the emergency call center services is optional and will be charged separately. The processing of personal data by the emergency call center takes place under its responsibility. The emergency call centers currently in use are
    – WISAG Dienstleistungsholding GmbH (Data Privacy for WISAG GmbH)

  • What help do you receive through ANGEL?

    In case of an alarm, the stored emergency contact is informed by text message. If the emergency call center is activated in the additional options, it will be notified at the same time and will first try to reach either the accident victim or the stored emergency contact by phone. If the situation cannot be fully clarified by telephone or if medical assistance is required, the local rescue service is alerted directly (if the additional option is selected).

Purchase & registration

Processed Data

  • Data from customers
    (employer or purchasing company — name, contact information, bank details)
  • User data (first and last name, telephone number, e-mail address, password)
  • ANGEL ID
  • Contract data (start, duration)
  • Selected additional options (emergency call center)
  • Emergency contact information (first and last name, phone number)
  • Genius serial number

Processing Purpose

All collected data are necessary for the correct processing of the service provided. All processed data of users are necessary for assistance in case of emergency — otherwise assistance at the scene of an accident will be delayed, if, for example, names of accident victims are not known. Contract data and data on customers are mandatory for the correct processing and billing of the service. The legal basis for the processing is Section 6 para. 1 lit. b GDPR.

Data Origin

All personal data are provided directly by the customer at the time of purchase or by the user at the time of registration. As a rule, customers buy ANGEL for their employees. During the purchase process, the Genius serial number is assigned to the customer (usually the employer) by ADRESYS. Users then register independently via the ANGEL App and establish a connection between the Genius and the ANGEL App. If the emergency call center is selected as an additional option, users receive an activation code from their employer that can be activated directly in the ANGEL App.

Data Recipients

All personal data are stored in the ADRESYS customer database. ADRESYS uses the IT services of OMICRON electronics GmbH (Oberes Ried 1, 6833 Klaus, Austria) for this purpose. In the event of an alarm, the data required for the specific assistance and the individual case are transmitted to the emergency contact or the emergency call center. Transfer to third parties — except for assistance in an emergency — does not take place.

Retention Periods

After users have informed ADRESYS that ANGEL is no longer in use, all registration data will be deleted after one year at the latest, provided that statutory periods for storage or defense of legal claims do not require or justify longer retention periods.

Special Security Measures

User data (e-mail address, password) are already protected during registration in the ANGEL web portal, so that ADRESYS can only validate these data, but not read it in plain text. In the ANGEL database, users are assigned unique but randomly selected ANGEL IDs. These are defined during registration. The assignment between ANGEL ID and the user is only possible locally in the ANGEL App and in the ADRESYS customer database.

Q & A

  • Do you have to provide personal data?

    In order for ANGEL to function properly, we need the personal data listed in this Privacy Notice. If personal data are not provided or only partially provided, this will significantly restrict the use of ANGEL or make it impossible to use.

  • Why does ANGEL need your name and information about your employer?

    Every piece of information that enables you to be identified more quickly in an emergency protects your life — providing incorrect information can cost unnecessary time in the rescue chain.

  • What does ANGEL process your phone number for?

    ADRESYS or the emergency call center must be able to reach you in the event of an emergency — otherwise an emergency vehicle could sometimes be dispatched even though nothing has happened to you. In case of an alarm, the ANGEL App will request your currently used phone number directly from your smartphone. In the ADRESYS customer database, only the telephone number provided by the user during registration is stored.

  • Who can you specify as an emergency contact?

    Your emergency contact is user-defined — this can be other colleagues at work, company headquarters, internal first aiders or private contacts. All you need to know is that the emergency contact will be notified of all recorded emergencies. It should therefore be a person who can actually help in an emergency — purely private contacts are unlikely to be able to do this. Employers, however, do not receive any information from ADRESYS about who has been saved as an emergency contact.

  • Why is information about your employer already included in the registration?

    The Genius serial number is clearly assigned to a customer via the ADRESYS customer database. Since your employer has usually purchased ANGEL for you, this information is already available to ADRESYS. Through your registration via the ANGEL App, additional information provided by you is mapped to the Genius serial number in the ADRESYS customer database.

  • What is the ANGEL ID, and what is its purpose?

    ADRESYS only stores clear user data in the ADRESYS customer database and in the ANGEL App. At these points, users receive a unique identification number (ANGEL ID). In this way, the ANGEL ID can be used to establish a unique link between the ANGEL system and the user without having to use clearly identifiable information from users in the other ANGEL system components. If the ANGEL ID is deleted from the ADRESYS Customer database, it is no longer possible to make a direct link between the user and the use of ANGEL.

Active operation

Processed Data

ANGEL Status

  • Time of activation of ANGEL
  • Measured value of the electrode resistance
  • Time of termination of ANGEL
  • Activation/deactivation of the task timer

Emergency Relevant Information

  • User data (first and last name, telephone number)
  • Employer or customer of ANGEL (if different from user)
  • Emergency contact (first and last name, phone number)
  • Location data (e.g., GPS position)
  • Electrical Accident Detection (voltage in the body)
  • Fall and No-Motion Detection (data from acceleration and position sensors)
  • Task Timer function status

Processing Purpose

All data processing in active operation is required for specific assistance in the event of an emergency. The legal basis for the processing is Section 6 para. 1 lit. b GDPR and, with regard to the processing of incident data (electrical accidents, falls, no-motion, etc.), the express consent of the users pursuant to Section 6 para. 1 lit. a GDPR, Section 9 para. 2 lit. a GDPR.

Data Origin

All processed data come directly from the users or their smartphones and are processed by the ANGEL App. The ANGEL App constantly forwards location data in the background (even when the app is closed or not in use) — this is necessary to send help to the current location of the user.

Data Recipients

The ANGEL status is transferred to the ANGEL database at regular intervals (see also data recipients on page 06). Emergency-related events are also stored in the ANGEL database. In a specific emergency scenario, all emergency relevant information (and other data entered by the user in the ANGEL App) as well as additional helpful information from the ANGEL server is transmitted to the emergency call center (if the additional option is selected).

Retention Periods

The data are stored in the ANGEL database during the contract and usage period. Subsequently, the personal data of users are deleted as already described and the ANGEL ID is anonymized. Technically necessary short-term memories are continuously overwritten with current data or deleted, unless there are legally permissible reasons that justify or require storage. The respective emergency call center stores all emergency call-related information (including the telephone calls made) and processes it on its responsibility in accordance with the statutory provisions for emergency call centers. After expiration of the legal retention periods, these data are deleted.

Special Security Measures

When transferring the ANGEL status to the ANGEL database, assignments to users are only possible via the ANGEL ID — as soon as the ANGEL ID is deleted from the ANGEL database, assignment to individual users is no longer possible. If possible, emergency relevant Information is transmitted to the emergency call center by text message as well as via data connections. After receiving the emergency call message, the emergency call center verifies the authenticity of the emergency call message with the ANGEL server.

Q & A

  • What does ANGEL do with your data during normal use?

    Once the Genius is connected to the ANGEL App, the ANGEL status and emergency relevant information are continuously transmitted to the ANGEL server until the workday is over and users properly log out of the system via the ANGEL App. Therefore, ANGEL only transmits data if the users have started ANGEL manually. Data from the sensors (e.g., acceleration and position sensors) are not permanently transferred to the ANGEL database, but only when ANGEL suspects an incident.

  • What happens to your data in the event of an alarm?

    In case of a potential emergency, alarms (incl. emergency relevant information) are sent by text message and data connection (depending on availability) directly to the emergency contact or the emergency call center (if the additional option is selected) as well as to the ANGEL server. Through the ANGEL server, alarms are verified and additional information (e.g., information about employers for faster identification at the emergency scene) is provided to the emergency call center. In addition, the incident data are also stored in the ANGEL database. However, telephone numbers and location data are made anonymous by shortening them to such an extent that it is not possible to draw conclusions about the individual person.

  • What does the “electrical accident detection” function include?

    Electrodes integrated into the two sleeves of the smart-textile shirt are used to detect changes in current voltage in the user’s body. If ANGEL suspects an electrical accident, the rescue chain is started.

  • What do the “fall and No-Motion detection” functions include?

    Due to the acceleration and position sensors of the Genius, falls or motionlessness are suspected when various parameters are exceeded (e.g., free fall from a height of at least one meter, impact on the ground and motionlessness for at least 30 seconds) and the rescue chain is started.

  • What is the Task Timer?

    When working in locations with poor cellular, data and/or location data connections, as well as potentially hazardous activities, it is possible to manually set the Task Timer. If the timer is not acknowledged by the user after expiration, the rescue chain is started.

  • Can ANGEL create a movement profile of you?

    No, all location data in technically necessary short-term memories are regularly overwritten with new data. Therefore, only the last location is known.

  • Will your personal data be retained in backup copies?

    In the ANGEL database, personal data are assigned only by the ANGEL ID. Plain text data such as names and contact details are not stored there, nor are they therefore stored as backup copies.

Evaluataion & statistics

Processed Data

  • ANGEL status
  • Event-related information
    • Voltage characteristic and/or acceleration data
    • Anonymized communication history between ANGEL server and emergency call center (without names, phone numbers are shortened to the area code, no communication content, such as the wording, is processed).
    • Anonymized location data (rounded to whole degrees, therefore deviations of up to 100 km are possible)
    • Technical usage data
  • Feedback information after incidents (electrical accidents, falls, no-motion, etc.)

Processing Purpose

Data on electrical accidents collected by ANGEL are not only intended to help the users themselves, but also to contribute to greater safety in the company for all other ANGEL customers by making statistics on electrical accidents available in anonymized form as part of the ANGEL service provision. In addition, these anonymized data will contribute to further scientific knowledge in the field of electrical accidents. The processing of event-related information for evaluation and statistical purposes is carried out to fulfill contractual obligations. With regard to the processing of specific incident data, this is based on the consent of the user and with regard to the technical usage data, it is based on the legitimate interest of ADRESYS to further technically optimize ANGEL and to make the knowledge gained available to scientific research in anonymized form. The legal basis for the processing is Section 6 para. 1 lit. b GDPR and, with regard to the processing of incident data, the express consent of the users pursuant to Section 6 para. 1 lit. a GDPR, Section 9 para. 2 lit. a GDPR.

Data Origin

All data used are provided directly by the users when using ANGEL. If appropriate, users are asked on a voluntary basis after an incident (electrical accident, fall, no-motion, etc.) to provide feedback to ADRESYS on the facts and consequences.

Data Recipients

All event-related information, which forms the basis for evaluations and statistics, is stored in the ANGEL database. Employers receive anonymous evaluations of ANGEL use in the company. ADRESYS reserves the right to pass on collected event-related information to research institutes in anonymized form.

Retention Periods

The data are stored in the ANGEL database during the contract and usage period. Subsequently, the personal data of users are deleted as described above, and the ANGEL ID is anonymized.

Special Security Measures

Contact data and location data are anonymized with special care as part of the statistical evaluation. In the case of telephone numbers, for example, only the first four digits of the area code (for geographic assignment) are processed, and geographic location data are displayed artificially enlarged (only accurate to whole degrees, without decimal places, so that only an approximate region is recorded) — this makes it almost impossible to draw conclusions about individual persons.

Fragen & Antworten

  • Do employers receive evaluations on ANGEL usage?

    ANGEL is intended to contribute to safety in everyday working life, which is why a key idea of ANGEL is to make evaluation data available not only to the users themselves, but also to employers. However, to avoid drawing conclusions about individual employees (in this case, users), evaluations are only issued for the entire company or larger parts of the company and these are compared over time or with other companies in similar industries. To ensure confidentiality, no reports will be generated with data from less than five users.

  • Can employers get emergency information via log files from the ANGEL App or Genius?

    No, the ANGEL App and the Genius store information in log files, but these remain on the personal devices of the users. ADRESYS does not provide customers with tools for analyzing log files. In addition, no location data are passed on outside an emergency, and there is no real-time monitoring of whereabouts. Thus, these data are not visible to employers. In addition, no input from users within the ANGEL App is transmitted to employers.

  • What else does ANGEL (or ADRESYS) do with your data?

    User data will only be used as described in this Privacy Notice. Apart from the scenarios described above, data are only passed on to third parties if ADRESYS is legally obliged to do so in individual cases, for example to the authorities. Event-related information on incidents (electrical accidents, falls, no-motion, etc.) is used in anonymized form (i.e., without any inference to users, their employer, exact location, etc.) for statistics and evaluations. The information obtained through ANGEL on such incidents provides an insightful database for universities and other research institutes to contribute to greater safety in the workplace.

Contact
phone
location

ADRESYS
Adaptive Regelsysteme Gesellschaft m.b.H.

Oberndorferstraße 35/C
5020 Salzburg
Austria

+43 59495 6900
office@adresys.com