MY NKG FIS|Data Privacy Policy

Neumann Gruppe GmbH
30.08.2022

Data Privacy Policy myNKG FIS

Privacy Policy for the Mobile App myNKG FIS

Thank you for using our app. The following information serves to inform you about the extent to which personal data relating to you is processed through the use of the myNKG FIS app, for what purposes and on what legal basis this is done, and what rights and claims you may be entitled to.

1. Name and Contact Details of the Person Responsible

Responsible for the data processing presented below is:
Neumann Gruppe GmbH
Coffee Plaza, Am Sandtorpark 4, 20457 Hamburg, Germany
Phone: +49 (0)40 - 36123-0 - E-mail: dataprotection@nkg.coffee

2. Data Processing

2.1 Within the Scope of Downloading the App

When you download our app from the app store or Google Play store, required information such as username, email address and customer number of your app account, time of download and the individual device identification number are transferred to the respective app store. This transfer takes place within the framework of your user relationship with the respective app store, over which we have no influence. You can find more information on this in the data protection information of the respective app store.

2.2 Within the Scope of Using the App

2.2.1 Functionality Data

By accessing the myNKG FIS app, so-called usage data is automatically processed (even without registration), which is required for the provision of the app. This is, for example, the following data:

Version of the app you are using
Version of the operating system of your end device
Type of your device (smartphone, tablet, manufacturer, device ID)
The date and time of the query
The amount of data transferred
The network status

Furthermore, we do not store IP addresses.

The data processing described above takes place in order to ensure the functionality of our app and to be able to optimize our offer.

The legal basis for this processing is Art. 6 (1) p. 1 lit. f) GDPR; data processing for the purpose of ensuring app functionality and optimizing offers represents a legitimate interest of Neumann Gruppe GmbH.

2.2.2 Other Functions

You cannot use the app without registering a user account. The myNKG FIS app is a tool necessary for the fulfillment of the user’s daily tasks and fulfilment of their contractual duties. The subjects of this registration are always employees or subcontractors of a company of Neumann Kaffee Gruppe. When using the app, the following personal data is processed: full name, phone number, email address, user location (GPS) and additional data such as user credentials (username, passwords, assigned zone and user role) are generated to relate the user within the system. The data mentioned above is processed within the scope of the functionalities described below:

Location detection function to locate coffee farms and document farm visits (only when app is used)
Communication function to facilitate communication among app users
User credentials filter function to manage data visibility of users within the app
Documentation function to document consulting activities in the field

The legal basis for this processing is Art. 6 (1) p. 1 lit. f) GDPR; data processing for the purpose of ensuring the implementation of NKG supply chain programs, projects and verification schemes. In certain cases, the legal basis for the processing of myNKG FIS users is the fulfillment of a service contract with the app users pursuant to Art. 6 (1) lit. (b) GDPR. In the case of the fulfillment of obligations arising from an employment contract, the legal basis for data processing is the applicable law regulating data processing in the employment context in the country of employment of the app user in conjunction with. Art. 88 para. I GDPR.

3. Deletion Deadlines

Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and there is no legal obligation to retain them.

4. Recipients of the data

For the purpose of hosting the myNKG FIS app, we use an external server from Amazon Web Services (AWS). The service provider acts strictly in accordance with instructions as a processor with whom we have concluded a corresponding contract pursuant to Art. 28 GDPR. Where possible, data processing is limited to within the European Union (EU) or the European Economic Area (EEA), e.g. by selecting storage locations at appropriate data centers in the European Union. In the event that your data is also processed outside the EU or the EEA or transferred to third-country service providers, we have entered into the standard contractual clauses of the EU Commission with the service provider to ensure an adequate level of data protection.

5. Data Security

In order to protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. For this purpose, we use a secure encryption process. Your data is transferred from your terminal device to our server and vice versa via the Internet using SSL encryption.

6. Your data subject rights

As a user of our app, you have the possibility to assert the following rights if the respective requirements are met:

Right of access (Art. 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and the information listed in Article 15 of the GDPR.

Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to request that inaccurate personal data relating to you be corrected without undue delay and, where applicable, that incomplete personal data be completed. You also have the right to request that personal data concerning you be deleted without undue delay, provided that one of the reasons listed in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued.

Right to restriction of processing (Art. 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing pursuant to Art. 21 GDPR or for the duration of any review as to whether our legitimate interests override your interests as a data subject.

Right to data portability (Art. 20 GDPR):

In certain cases, detailed in Article 20 of the GDPR, you have the right to obtain the personal data concerning you in a structured, commonly used and machine-readable format or to request the transfer of such data to a third party.

Right to object (Art. 21 GDPR):

If data is collected on the basis of Art. 6 (1) sentence 1 lit. f GDPR (data processing for the protection of legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to complain to a supervisory authority:

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. The right of complaint can be asserted in particular before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement.

7. Contact Details of the Data protection Officer:

Contact details: dataprotection@nkg.coffee

Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection.