Privacy Notice: Cloudya App

Welcome to our app's privacy notice! Find out how we use and protect your personal data here.

Introduction

You can download our Cloudya App from both the Google Play Store (Android) and the Apple App Store (iOS). In this context, we would like to inform you in detail about what data we collect during your use of the Cloudya App and how it is processed.

This privacy policy applies in addition to our general privacy policy.

1. Responsible party (Controller) and Data Protection Officer

Responsible for the processing of personal data is: 
NFON AG
Zielstattstraße 36
81379 Munich
(hereinafter also "NFON", "we", "us").

For questions regarding the processing of your personal data in connection with the Cloudya App, you can contact our data protection officer Claudia Standke at any time at the above postal address (Attn: Data Protection Officer) as well as by email at the following address: 
datenschutz@nfon.com

 

2. Specific processing activities

Below we explain in detail when the app collects data about you, for what purposes and on what legal basis.


2.1 Downloading the app

For the purpose of providing the app or downloading it to your mobile device, the necessary information is transferred to the respective App store, in particular:

  • email address  
  • time of the download
  • individual device identification number
  • IP address

We have no control over this data collection. The respective App Store operator is responsible for this.


2.2 Login area

If you log in to the app with your email address and password, we process the data to identify and authenticate you as a user. In addition, we store the date and time of the login. The data processing is based on Art. 6 para. 1 lit. b GDPR for the fulfilment of the contract.


2.3 Use of the app

In the context of using the app, the following processes are affected in detail:

  • telephony
  • video telephony
  • personal settings for call forwarding
  • call history, automatic deletion after 40 days
  • function keys
  • user status
  • PBX phone book
  • device settings
  • In-app rating (Android), rating of the app, participation is optional
  • language, the language settings are stored directly in the app
  • synchronized phonebook from mobile device (optional), the app only accesses the internal phonebook stored on the mobile device. We do not store this data on our servers at any time.

The following data are processed:

  • name, surname
  • extension number
  • inbound extension
  • email address
  • call number
  • call duration
  • telephone ID
  • IP address
  • presence status - Line status (in call or not)
  • presence status - User status (available, busy, offline), optionally adjustable
  • mobile phone number (optional): You can register your mobile phone number in the app to make incoming or outgoing calls via the mobile phone network when no internet connection is or can be established. For this purpose, the mobile phone number you enter is transmitted to our server via a secure connection (SSL- start.cloudya.com) and stored there only for the above-mentioned purpose.
  • iOS: For the purpose of registration, a confirmation code is sent to your mobile phone number via SMS, which we use to authenticate your phone number once. You can deactivate this function at any time by deleting your registered mobile phone number in the "GSM settings". Your mobile phone number stored on our server will then be completely deleted from our server.
  • Face ID or Touch ID (optional) (iOS): If login with Face or Touch ID is activated, the facial data or fingerprint will be stored on your mobile device and will not be transferred to our servers at any time.
  • In-App Rating (Android): Operating system, product name, unique ID (not traceable to the user), number of stars awarded, points rating, app version, stability of the app, call quality, range of functions.

The data processing is based on the contractual relationship according to Art. 6 para. 1 lit. b GDPR. The processing of the data, which you can optionally have processed by us, is based on your consent according to Art. 6 Para. 1 lit. a GDPR.


2.4 Permissions

For full use of the app on your device, the app must be able to access various functions and data on your mobile device. To do this, you must grant specific permissions, meaning your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can revoke the authorizations in the settings of your mobile device or in the settings of the app → "App permissions”. Please note that if you revoke permissions, you will no longer be able to use various functions of the app.

The following describes the scope of the individual permissions.

Contacts:
The app requires access to the contacts and address book, for the use of your address book contacts.

Microphone:
The app requires access to the microphone for making phone calls and/or video calls via an internet connection or the mobile phone network. This permission is mandatory for the operation of the app. If this permission is not given, the app will not run.

Camera:
The app requires access to the camera for conducting video telephony.

Mobile data/ WiFi:
The app requires access to mobile data or WLAN for making and managing Cloud PBX calls, managing app settings, accessing company address book, managing presence status, call history.

Voice assistance (iOS):
You can also start calls using the voice assistant (e.g. Siri). Please note here that when using such an assistant, your data will be processed by the respective provider of the service and according to its regulations. We have no control over the functionality and do not provide any guarantee or liability for the legally compliant processing of the data at the provider. 

Notifications/ messages:
You can activate the "Notifications/ Messages" function to receive so-called push notifications from the app on your mobile device. These are notifications that are displayed on your mobile device with priority, e.g. missed calls. The processing is then based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time in the app settings à "Notifications/ Messages".


2.5 Cookies and other technologies

Friendly Captcha

Im Login-Bereich verwenden wir das Tool „FriendlyCaptcha“ der Friendly Captcha GmbH, Am Anger 3-5,82237 Woerthsee, Deutschland zum Schutz vor Missbrauch. Dieses Tool dient der Unterscheidung, ob die Eingabe der Logdaten durch eine natürliche Person oder missbräuchlich durch eine In the login area we use the tool "FriendlyCaptcha" of Friendly Captcha GmbH, Am Anger 3-5,82237 Woerthsee, Germany to protect against misuse. This tool is used to distinguish if the log data is entered by a natural person or misused by a machine and automated processing. FriendlyCaptcha is a proof-of-work-based CAPTCHA, which does not require cookies and anonymizes the IP addresses of users. Further information about FriendlyCaptcha can be found here.

The use of FriendlyCaptcha is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting access to the app from misuse.

 

3. Place of storage

The data processed in the app is processed exclusively on our servers in Germany, unless another storage location, such as mobile device or app, is specified.

 

4. Storage period

We delete your personal data as soon as they are no longer required for the above-mentioned purposes in compliance with the retention periods under tax and commercial law. Your data will only be stored further if you have consented to the further use of your data or if we reserve the right to use data in addition to this, which is permitted by law and about which information is provided in this privacy policy.

 

5. Rights

You can assert your rights as a data subject against NFON AG at any time. Under the respective legal conditions, you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 of the GDPR) and data portability (Art. 20 GDPR). You also have the right to lodge a complaint with a supervisory authority responsible for data protection (Art. 77 GDPR). 

Right of objection
If we process your data on the basis of a balancing of legitimate interests, you are entitled to object to the processing. If you object, your data will no longer be processed unless we can prove compelling legitimate reasons for the processing which override your interests, rights or freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims. 

Right of withdrawal
You can withdraw your consent at any time, effective for the future, by writing to NFON AG (Attn: Data Protection Officer) or by email to the contact details given above. In the event of a withdrawal, the data will be deleted, anonymized, or blocked. The lawfulness of the processing based on your consent before withdrawal is not affected by the withdrawal.

 

6. Update of the privacy policy

Due to further developments of our app (e.g., implementation of new functions) and / or legal requirements, we will update and adjust this privacy policy from time to time. We will publish corresponding updates of the privacy policy on this page.