EN
EN DE

Privacy Policy addHelix Mobile App  

Privacy Policy addHelix Mobile App

1.1 Introduction

The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG, DSG). In this privacy policy, we inform you about the most important aspects of data processing in connection with the use of the addHelix mobile app.  

Responsible party and role explanation

addHelix Mobile is a B2B application from Axians ICT Austria GmbH. The responsible party within the meaning of the GDPR is generally the respective customer who uses the app to carry out their transport processes. Axians ICT Austria GmbH processes personal data exclusively as a processor in accordance with Art. 28 GDPR.

1.2 Data Protection Officer

Mlynar Vladimir - Data Protection Officer, Axians ICT Austria GmbH

1.3 Data collection

When you use the addHelix mobile app, various personal data is collected and stored in the database.
This includes:

  • Location data
    • GPS
    • Tour positions
    • Time stamp
  • Tour data & operational process data
    • Tour start and end
    • Stop times
    • Status messages
  • Content data
    • Photos
    • Electronic signatures of drivers and recipients

1.4 Purpose and legal basis of processing

We use the collected data to display tours in full, plan them, and process them properly. The GPS data enables us to track the route traveled and display the current driver position.

When installing the app, users are informed that GPS recording will take place and that the necessary permissions are required for this. GPS recording starts automatically at the beginning of the tour and runs in the background. From this point on, the user receives a notification in the notification center; on iOS devices, an additional display appears in Dynamic Island. GPS recording stops automatically when the tour ends. Location processing does not take place outside of active tours.

Photos, documents, and signatures are used to document pickups, deliveries, and any damage. Status messages help to map transport processes completely and comprehensibly.

To provide offline capability for the app, collected information is stored in the local store until a connection to the backend is established.

Overview of processed personal data, purposes, and legal bases
Type of dataIntended useLegal basis
Location data (GPS, tour positions, last position, timestamp) Display of tour route, real time, location, pickup and delivery receipts Art. 6 Abs. 1 lit. b DSGVO (Vertragserfüllung), Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse: effiziente Tourenplanung) 
Tour dates (tour start/end, stop times) Handling of transport processes, evidence, documentationArt. 6 Sec. 1 point b GDPR, Art. 6 Sec. 1 point c GDPR (statutory retention obligations) 
Photos & documents (damage photos, delivery/collection documents) Damage documentation,
proof of delivery, archiving		Art. 6 Sec. 1 point b GDPR, Art. 6 Sec. 1 point c GDPR (statutory retention obligations) 
Signatures of drivers and customersCreation of delivery/collection receipts, legally compliant documentation Art. 6 Sec. 1 point b GDPR (performance of a contract), Art. 6 Sec. 1 point f GDPR (legitimate interest: clear assignment of processes) 
Status messages (names, comments, timestamps) Documentation of delivery and pickup processesArt. 6 Sec. 1 point b GDPR (performance of a contract) 

1.5 Legal basis

Processing is carried out on the following legal bases:

  • Art. 6 Abs. 1 lit. b DSGVO (Vertragserfüllung)
  • Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) 
  • Art. 6 Abs. 1 lit. c DSGVO (rechtliche Verpflichtung) 
  • Art. 6 Abs. 1 lit. f DSGVO (berechtigtes Interesse) 

1.6 Disclosure to third parties

The data collected will only be passed on to third parties if this is necessary for the processing of logistical processes. In these cases, the following information will be transmitted to third parties in order to verify pickups, deliveries, and documentation: Actual delivery and pickup locations (GPS data), signature, name, and photos taken. Data processing is carried out exclusively in accordance with the customer's data processing agreement.

No data is transferred to third countries.

1.7 Storage location and duration

Server-side storage

The servers are operated in the Axians ICT Austria GmbH data center in Vienna. 

The data collected in the addHelix Mobile App is stored in accordance with the statutory retention periods and the customer's contractually agreed deletion or archiving concept. This applies in particular to tour, documentation, and verification data that is relevant for tax or commercial law retention obligations.
In general, the following periods may be relevant:

  • Tax retention obligation pursuant to Section 132 of the Austrian federal tax code (BAO): 7 years
  • Austrian commercial law retention obligation: 7 years
  • Special provisions: In certain cases (e.g., ongoing official proceedings, tax audits, or in connection with claims for damages), the retention period may be extended accordingly until the respective proceedings have been concluded.

After the applicable periods have expired, the data will be deleted in accordance with the customer's deletion policy so that personal information is not stored longer than necessary.

Local storage on the end device

To ensure the offline functionality of the addHelix mobile app, certain data (e.g., tour data (GPS coordinates), photos, status messages) may be temporarily stored locally on the device until it has been successfully transferred to the server.

After use has ended (end of trip) or after successful synchronization, all locally stored data is automatically deleted.
No further local storage of personal data takes place.

1.8 Technical and organizational measures

Appropriate technical and organizational measures are implemented to ensure a level of protection commensurate with the risk. These include, in particular, measures for access control, encryption, ensuring availability, and regular review of our security mechanisms.

A detailed description of these measures is included in the respective data processing agreement with our customers.

1.9 User rights (information, deletion, objection)

You have the following rights:

  • Access (Art. 15 GDPR) 
  • Rectification (Art. 16 GDPR) 
  • Erasure (Art. 17 GDPR) 
  • Restriction of processing (Art. 18 GDPR) 
  • Data portability (Art. 20 GDPR) 
  • Objection (Art. 21 GDPR) 
  • Withdrawal of consent (Art. 7 Sec. 3 GDPR)
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You can exercise these rights at any time by contacting us using the contact details provided below.
Automated decision-making or profiling within the meaning of Article 22 GDPR does not take place.

1.10 Notes on data usage

Please note that location data (so-called metadata such as GPS information) may be stored in the photos you send. To ensure the protection of your personal data, we recommend that you only take photos of the respective shipment without recognizable persons or sensitive information and check that location data has been removed before sending.

1.11 Rights of data subjects & contacting us

Requests from data subjects must always be addressed to the respective controller (customer). Axians supports the controller in fulfilling these data subject rights within the scope of order processing.

You have the right to contact the respective controller or the data protection officer, Mr. Vladimir Mlynar at datenschutz@axians.at at any time to assert your rights. In addition, you have the right to lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at) if you believe that the processing of your personal data violates the GDPR.