(1) Apleona processes the data entered by registered and authorised users to fulfil its contractual obligations arising from its FM service contracts with its customers. The processing of the data entered in the FM portal or in the mobile Workplaces App is exclusively carried out within the scope of the FM contract that the employer of the user of the portal/app has concluded with Apleona GmbH or one of its subsidiaries and is subject to the corresponding agreement for order processing.
(2) The person responsible, in terms of the GDPR, is the natural or legal person (hereinafter referred to as the Client) who has commissioned Apleona to provide FM services for the Client and to instruct them via the portal or the mobile app (e.g., by recording fault reports).
Our contact details are:
(3) We collect your data as part of your employer's FM contract with Apleona GmbH or one of its subsidiaries.
(4) If you send us incident reports via the portal/app, your details from the enquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the incident report and in the event of follow-up questions. We only pass on this data within the framework of the data protection regulations agreed with your employer (as our client).
For the recording of incident reports we essentially record:
For posting building/site information in the portal to show these in the app:
For the request to book an asset in the app:
For feedback on services or app features in the app:
For the posting of wishes or ideas in the app:
For posting news in the portal to show these in the app:
The data entered will be processed exclusively within the scope of the FM contract that your employer has concluded with Apleona GmbH or one of its subsidiaries and is subject to the associated agreement on order processing.
The data you enter in the portal/app will remain with us until the purpose for which the data is stored ceases to apply or the contract and the resulting retention periods with your employer end. Mandatory legal requirements - especially retention periods - remain unaffected.
The collection of these data is based upon the consent of the user according to art. 6 para. 1 lit. a GDPR, to use this portal or mobile app and a legitimate interest of the client according to art. 6 para. 1 lit. f GDPR and for Apleona based on a contractual obligation according to art. 6 para. 1 lit. b GDPR.
(5) As the operator of these pages/applications, Apleona automatically collects and stores information in so-called server log files, which your browser/app automatically transmits to us.
For the Portal, those are:
For the App, those are:
This data is not merged with other data sources. These data is recorded on the basis of Art. 6 para. 1 lit. f GDPR. The portal operator has a legitimate interest in the technically error-free display and backup of the data in the system - for this purpose the server log files must be recorded.
(6) For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, the portal uses SSL or TLS encryption. On a browser, you can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
On the mobile app, all communications between the mobile app and the Apleona servers uses SSL or TLS.
With SSL or TLS encryption, the data you transmit to us cannot be read by third parties.
(7) The data entered by you in the portal or mobile app will remain with us until the purpose for which the data is stored ceases to apply or the contract and the resulting retention periods with your employer end. Mandatory legal provisions - in particular retention periods - remain unaffected.
(8) When using the portal for the first time, you will be asked whether you agree that the system may store three cookies on your system.
These are needed for the following purposes:
The use of these cookies is mandatory for the functioning of the portal and is based on your consent (within the meaning of art. 6 para. 1 lit. a GDPR) that these functional cookies may be stored, as well as on a legitimate interest of Apleona (within the meaning of art. 6 para. 1 lit. f GDPR).
The use of these cookies is absolutely necessary for the functioning of the portal and serves to process the data within the framework of the contractual obligations (in the sense of Art. 6 Para. 1 lit. b GDPR) with our customers (your employer). The use is also based on your consent (in terms of art. 6 para. 1 lit. a GDPR) that these functional cookies may be stored, as well as on a legitimate interest of Apleona (in terms of art. 6 para. 1 lit. f GDPR).
If you do not agree to the storage of cookies, you will not be able to use the portal.
(9) Apleona's clients will not have direct access to the data stored at Apleona.
(10) Parts of the application are hosted in a Microsoft Ireland Operations Ltd. data centre in Germany and the Netherlands. The data centers are operated by Microsoft Ireland Operations Ltd., Carmenhall Road, Sandyford, Dublin 18, Ireland. This serves to fulfil the contract of Apleona within the meaning of Art. 6 para. 1 lit. b GDPR and also constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. More information about the handling of user data by Microsoft can be found in the privacy policy of Microsoft: https://privacy.microsoft.com/de-de/privacystatement.
(11) Parts of the application are hosted in an IBM data centre in Germany. The data centers are operated by IBM Deutschland GmbH, 71137 Ehningen. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information on how IBM handles user data, please refer to the IBM privacy policy: https://www.ibm.com/privacy/de/de/.
(12) This Portal/App offers employees of our corporate clients an opportunity to log in with their corporate account. For this purpose, this app is connected to our partner Microsoft Ireland Operations Ltd, Carmenhall Road, Sandyford, Dublin 18, Ireland, which operates the user management infrastructure of Apleona. This app serves to fulfill the contract of Apleona in the sense of Art. 6 para. 1 lit. b GDPR and also represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. More information about the handling of user data by Microsoft can be found in the privacy policy of Microsoft: https://privacy.microsoft.com/de-de/privacystatement.
(13) This Portal&/App uses the weather service of the Norwegian Meteorological Institute via an API. The provider and operator of the service is The Norwegian Meteorological Institute, Postboks 43 Blindern, 0371 OSLO, Norway. In order to use the functions of the Norwegian Meteorological Institute's services, it is necessary to communicate your office's position. This will be done anonymously and without disclosing your other personal data. The pure position data is then transmitted to a server of the Norwegian Meteorological Institute in Norway and stored there. The provider of this app has no further influence on this data transfer. The weather service of the Norwegian Meteorological Institute is used in the interest of an attractive presentation of our online offers and to provide information about the current weather at your location. This constitutes a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. For more information on the Norwegian Meteorological Institute's handling of user data, please refer to the Norwegian Meteorological Institute's Privacy Policy: https://www.met.no/en/Aboutus/privacy.
(14) You have the right to demand information about the processing of your data by us. To do so, you can contact us at any time at the address given in "(2)". As a processor, we will then immediately forward your request to our client. In doing so, please inform us which company you are employed by.
(15) You have the right to demand that we delete your data. To do so, you can contact us at any time at the address given in "(2)". As a processor, we will then immediately forward your request for deletion to our client. In doing so, please inform us which company you are employed by.
(16) You have the right to request that the processing of your personal data be restricted. To do so, you may contact us at any time at the address indicated in "(2)". As a processor, we will then immediately forward your request to our client. In doing so, please inform us which company you are employed by.
The right to restrict processing exists in the following cases:
If you have restricted the processing of your personal data, these data - apart from their storage - may only be processed with your consent or for the purpose of asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
(17) Many data processing operations are only possible with your express consent. You may revoke any consent you have already given at any time. To do so, you can contact us at any time at the address given in "(2)". As a processor, we will then immediately forward your inquiry to our client. In doing so, please inform us which company you are employed by. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation. However, if you do not give or withdraw your consent to this privacy policy, you will no longer be able to use this app.
(18) They have a right of objection to data collection in special cases and to direct advertising (Art. 21 GDPR).
If data processing is carried out on the basis of Article 6 paragraph 1 letter e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, including profiling based on these provisions. You will find the respective legal basis on which processing is based in this data protection declaration. If you object, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection, which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 para. 1 GDPR). However, if you do not give or revoke your consent to this Privacy Policy, you will no longer be able to use this App. For this purpose, you can contact us at any time at the address given in "(2)". As an order processor we will then immediately forward your request to our client. Please let us know which company you are employed by.
(19) You have the right to have data which we process automatically based on your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible. For this purpose, you can contact us at any time at the address given in "(2)". As the processor of the order, we will then immediately forward your request to our client. Please let us know which company you work for. (20) In the event of infringements of the GDPR, the persons concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place where the suspected infringement is committed. This right of appeal is without prejudice to other administrative or judicial remedies.
(21) Apleona has appointed a data protection officer, whom you can also contact if you have any questions or to assert your rights.
