The Controller for data processing related to Mobile Apps is:     

Abacus Research AG

Abacus-Platz 1
9300 Wittenbach - St. Gallen
Switzerland
T +41 71 292 25 25
F +41 71 292 25 00
[email protected]

We have appointed a Data Protection Officer. She can be reached at [email protected]

To the extent that the processing of personal data by Abacus Research AG is subject to the General Data Protection Regulation (“GDPR”), we have appointed as our representative in the EU:

Abacus Business Solutions GmbH

Mies-van-der-Rohe-Strasse 6
Tower 1 – 10th floor
80807 Munich
[email protected]

If you have any questions about data protection, you may contact us at any time.

Our Mobile Apps are primarily used for data exchange and/or user authentication. The Mobile Apps are used either as stand-alone solutions or in combination with Abacus Software that is installed on the premises of a customer (Abacus installation). It is therefore possible for a Mobile App to be downloaded and data collected via the Mobile App without requiring any synchronization with an Abacus installation. In this case, the data collected by you via the Mobile App does not leave your device; the same applies to the use of the Mobile Apps in “offline mode”. The recorded data will remain locally in the Mobile App on your device so long as it is not switched to the "online mode". 

As a general rule, our Mobile Apps are either downloaded and used by you on a mobile device, or your employer (or its service provider), as an Abacus licensee, will provide you with a Mobile App to use. Such use for data exchange with an Abacus installation will then take place under an existing contractual relationship with your employer.

You are under no obligation to make your data available but if you fail to do so certain functions of the Mobile App or Abacus Installation may not be accessible at all or only to a limited extent.

Certain Mobile Apps will be configured and set up by your employer or its service provider, or you yourself will process data from third parties using a Mobile App. In such cases, the relevant processor, e.g. your employer or yourself, will be the person responsible for such data processing. Such responsible persons are likewise required to comply with the statutory provisions; moreover, the Mobile Apps and the associated Abacus Software should be used only for the intended purposes.

When Mobile Apps are used, various data may be collected, transmitted to the corresponding Abacus installation linked to the Mobile App and processed by it. This is done using synchronization. This is done using synchronization based on the individual settings of your Mobile App and the Abacus installation settings. Your employer supplying the Abacus installation is responsible for the lawfulness of such data processing and synchronization with an Abacus installation. If you have any questions about such data processing and its lawfulness, storage period or data security, please contact your employer.

Some Mobile Apps require enabling synchronization with the corresponding Abacus installation. A check for possible Abacus subscriptions is performed to that purpose. User information such as the AMID (Abacus ID to connect to the Abacus installation, including the client number) will be sent to Abacus Research AG and compared with existing subscriptions.

When certain Abacus Mobile Apps are used, data and information are sent to an infrastructure provided by Abacus Research AG in order to prepare such information for subsequent synchronization (such as the preparation of expense vouchers). The specific data processing carried out depends on the Mobile App and is therefore explained with the Mobile App in question.

When a Mobile App is downloaded, the data required for that purpose will additionally be transmitted to the relevant app store (e.g. user name, e-mail address, customer number, time of download, along with any payment information and the individual device number). We have no control over such data processing and are not responsible for it. This data is only processed by means of the Mobile App because it is required in order to download the app onto your device. Further information can be found in the privacy policy of the app store in question.

When a Mobile App is used, the following information and data may be processed in order to enable functional, technically secure and stable uses of the Mobile Apps:

• Personal master data (e.g., name, company name, address)
• Communication data (e.g., telephone, e-mail address)
• Identification data (e.g., user ID, AMID)
• Contract master data (contract title, product or contract interest)
• Time and performance data, expense vouchers and related information 
• Customer history
• Contract invoicing or payment data
• Financial information
• Planning and control data
• Project data
• Multimedia data (photos, videos and voice recordings)
• Location data
• Any data that the user records and sends with the Mobile App
• Diagnosis and analysis data (e.g., product interaction, usage data)
   

The Data may concern the following categories of data subjects:

• Employees
• General customers, end customers and business customers
• Prospective customers
• Subscribers
• Applicants
• Freelancers
• Suppliers
• Commercial agents
• Contact persons (employees of a business partner/customer)

In general, data recorded by means of a Mobile App is synchronized directly between the Mobile App and the Abacus installation of the Abacus licensee. This includes data attributable to the individual configuration of the Abacus installation.

In a case of support, the user may send an error report to Abacus Research AG in the event of malfunctions. The settings determine whether only crash logs are sent (without personal data) or logs with anonymized records (without personal data) or logs including the databank, with the exception of attachments and login information. In such a case, Abacus Research AG receives the released diagnostic data.

Data and information that are processed by Research AG for preparatory purposes are located on servers in Switzerland. When third-party services are involved, they may be located in cloud solutions for which commissioned service providers are deployed to process the data and information solely for the purposes described under the relevant App. They are carefully selected and commissioned, bound by instructions and are regularly monitored.

Diagnostic data is information that is generated during the use of the Mobile Apps and is used for analysis and improvement of the apps. Diagnostic data does not generally include any personal data, which is included only in exceptional cases, for example to resolve a case of support. To collect technical diagnostic data, we use various tools from US companies. This means that information may be sent to their servers in the USA during use or in cases of support.

If data and information are processed in a Third Country that lacks an adequate level of data protection, Abacus Research AG provides suitable safeguards, such as entering into standard data protection clauses (possibly, with adjustments of necessary contractual and technical measures), to ensure lawful data transmission to foreign countries. We resort to legally permissible exceptions only in isolated cases, such as allowing data transmission to a Third Country that lacks an adequate level of data protection based on express consent by the data subject.

Abacus Research AG has no knowledge of where or how the data of the Abacus licensee’s Abacus installation is processed. That lies within the responsibility of the Abacus licensee. For further information on this subject, please contact your employer directly.

AbaClik 2 is used to record working hours, expenses and services as well as further information such as addresses. An Abacus installation may be synchronized with the Mobile App and then specific services such as Travel or Projects may be accessed via a mobile device.

Synchronization with Abacus installation

If the Mobile App is linked with an Abacus installation, data and information will be synchronized with it. In some cases, scans, photos or other documents made available by the user are sent to Abacus Research AG in order to prepare them for possible synchronization.

Which data is processed when AbaClik 2 is used?

When vouchers are recorded, information and documents such as recorded invoices, payment vouchers or expense vouchers are temporarily stored by Abacus Research AG before they are synchronized. To that purpose, they are converted to PDF format for further processing in the Abacus installation. A Globally Unique Identifier (GUID) and the relevant documents are sent from the Mobile App to Abacus Research AG.

In the terminal device settings, you can consent to the collection of location data by Google Maps (Android) or Foursquare Places (iOS and iPadOS) while using the Mobile App. That makes it possible to identify address information and coordinates and display them on a map when scanning vouchers, recording services and using the In & Out function. The location data may also be displayed in the Abacus installation. You can revoke your consent to future collection of location data at any time by deactivating it in the Mobile App settings. Abacus Research AG has no access to such information. To find out how Google LLC and Foursquare Inc. handle such information, see their respective privacy policies.

What diagnostic data is sent to Abacus Research AG?

In the privacy settings, you can choose between the required or the complete diagnostic data. We advise you to activate collection of complete diagnostic data (logs including databank) to enable optimal resolution of malfunctions during use of the Mobile App.

Required diagnostic data

For malfunction diagnosis, information about crashes of the Mobile App is collected as required diagnostic data by Firebase Crashlytics (Android) or Microsoft AppCenter (iOS and iPadOS), to which Abacus Research AG has access. Such data contains no personal data unless it is contained in the device name, which is up to the users themselves.

Complete diagnostic data

In addition to required diagnostic data, complete diagnostic data includes anonymous analytical data that is collected by Firebase Crashlytics (Android) or Microsoft AppCenter (iOS and iPadOS) and to which Abacus Research AG has access. This includes information about how the Mobile App and its functions are used.

To find out how Firebase Inc. and Microsoft handle such information, see their respective privacy policies.

Crash Logs

Crash logs can be sent manually to Abacus Research AG by selecting “Send error report” under "Help", which may be useful in cases of support. They are not sent automatically.

How long is the data stored?

The information and documents stored by Abacus Research AG for processing is stored immediately after synchronization with the Abacus installation but automatically deleted within 30 days thereafter. Diagnostic data is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

Information and documents for preparation are processed by Abacus Research AG in order to perform the functions provided by the Mobile App. Diagnostic data is intended to enable secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG collects and processes the information with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

AbaClik 3 is used to record working hours, expenses and services. Abacus installations and 21.AbaNinja or DeepBox accounts can be synchronized with the Mobile App and then accessed via a mobile device. AbaClik 3 also contains an integrated messaging function that can be used to contact employees directly, as well as an address function which can be used to directly access addresses saved in Abacus.

Synchronization with Abacus installation, 21.AbaNinja or DeepBox account

If the Mobile App is linked with an Abacus installation, 21.AbaNinja or DeepBox account, data and information will be synchronized with that Installation or account. In some cases, scans, photos or other documents made available by the user are sent to Abacus Research AG in order to prepare them for possible synchronization.

Credit or bank cards that have been recorded so that they can be used for expense reimbursements to the user are synchronized with the Mobile App using the last four digits of the card number. No credit or bank information is sent to Abacus Research AG Instead, there is merely an exchange between the user’s Mobile App and the relevant Abacus/21.AbaNinja/DeepBox Installation.

Which data is processed when AbaClik 3 is used?

When vouchers are recorded, information and documents such as recorded invoices, payment vouchers or expense vouchers are temporarily stored by Abacus Research AG before being synchronized with the relevant installation. They are therefore converted to PDF format and interpreted through Artificial Intelligence (AI), which enhances the output with further necessary information for automatic registration in the Abacus installation. To that purpose, the required ID, the URL of the respective installation, the licensee’s business name as well as the documents from the Mobile App are sent to Abacus Research AG.

When you first open the Mobile App, you can consent to the collection of approximate or precise location data by Google Maps (Android) and Apple Maps (iOS and iPadOS). That makes it possible to identify address information and coordinates and display them on a map when scanning vouchers, recording services and using the In & Out function. That information will be forwarded directly to the appropriate service. The location data may also be displayed in the relevant installation. You can revoke your consent to future collection of location data at any time by deactivating it in the Mobile App settings. Abacus Re-search AG has no access to such information. 

The address function contains a preview of the address on a map. To provide this service, Google Maps (Android) respectively Apple Maps (iOS and iPadOS) are embedded in the app. The address can also be clicked, opening it directly in the default navigation app chosen by the user on his device. This enables the user to e.g. plan a route to the displayed address. This address data is forwarded directly to the appropriate service. The location data as well as the address data may also be displayed in the respective service. You can revoke your consent to the future collection of location data at any time by deactivating it in the Mobile App settings. Abacus Research AG has no access to this information.

To find out how Google LLC and Foursquare Inc. use such data, see their respective privacy policies.

In order to use the integration of third-party services such as DeepPay from DeepCloud AG or from payment service providers such as YAPEAL AG, the last four digits and a Globally Unique Identifier (GUID) of the credit or bank card used are sent by the third-party providers to the Mobile App for validation and compared with the information it contains. Abacus Research AG has no access to such information. To find out how such services use the data, see their respective privacy policies.

All other data recorded using the Mobile App is synchronized directly between the Mobile App and the relevant Installation, without such information being accessible to Abacus Research AG This includes, for example, employee data, services performed, absences or information based on the individual configuration of the relevant Installation (such as location data in the case of time recording).

What diagnostic data is sent to Abacus Research AG?

In the privacy settings, you can choose between the required diagnostic data or the complete diagnostic data. We advise you to activate collection of complete diagnostic data to enable optimal resolution of malfunc-tions during use of the Mobile App.

Required diagnostic data

For malfunction diagnosis, information about crashes of the Mobile App is collected as required diagnostic data by Firebase Crashlytics (Android) or Microsoft AppCenter (iOS and iPadOS), to which Abacus Research AG has access. Such data contains no personal data unless it is contained in the device name, which is up to the users themselves.

Complete diagnostic data

In addition to the required diagnostic data, the complete diagnostic data contains anonymous analytical data that is processed by Firebase Crashlytics (Android) and stored by Abacus Research AG (iOS and iPadOS). This includes information about how the Mobile App and its functions are used.

To find out how Firebase Inc. and Microsoft handle such information, see their respective privacy policies.

Crash Logs

Crash logs can be sent manually to Abacus Research AG by selecting “Send error report” under "Help", which may be useful in cases of support. They are not sent automatically.

How long is the data stored?

The information and documents stored by Abacus Research AG for processing are stored immediately after synchronization with the relevant installation but automatically deleted within 30 days thereafter. Diagnostic data is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

Information and documents for preparation are processed by Abacus Research AG in order to perform the functions provided by the Mobile App. Diagnostic data is intended to enable secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

AbaClock 2 enables time recording by means of badges as well as the retrieval of the current holiday balance, the current target time, working time and flextime. The badge is scanned by a reader compatible with the Mobile App. If the Mobile App is linked with an Abacus installation or a 21.AbaNinja account, automatic synchronization takes place.

Which data is processed when AbaClock 2 is used?

If the Mobile App is linked with an Abacus installation or 21.AbaNinja account, certain items of information such as working hours and device names are sent to an infrastructure provided by Abacus Research AG in order to cache them for synchronization.

What diagnostic data is sent to Abacus Research AG?

When you first open the Mobile App, you can determine whether to send the required diagnostic data or the complete diagnostic data to Abacus Research AG. We advise you to opt for transmission of complete diagnostic data to enable optimal resolution of malfunctions during use of the Mobile App. This setting can be adjusted at any time by the Administrator in the "Data & Privacy" settings.

Required diagnostic data

For malfunction diagnosis, crash logs are collected as required diagnostic data by Apple and sent to Abacus Research AG Such data contains no personal data unless it is contained in the device name, which is up to the users themselves.

Complete diagnostic data

The complete diagnostic data is paid information and, in addition to the required diagnostic data, contains a monitoring service of a service provider commissioned by Abacus Research AG and anonymous analytical data, which is collected by Apple and sent to Abacus Research AG This includes information about how the Mobile App and its functions are used.

To find out how Apple Inc. handles such information, see its privacy policy.

Replication monitoring

In a case of support, the Administrator can activate replication monitoring in the "Data & Privacy" settings. After that, information on the Mobile App’s replication status will be sent to Abacus Research AG

How long is the data stored?

The information cached by Abacus Research AG for synchronization with an Abacus installation or an AbaNinja account is deleted from the infrastructure used by Abacus Research AG after 30 days. It will be deleted at the latest after the end of the AbaClock User Agreement and upon expiry of the existing backup periods.

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is processed by Abacus Research AG in order to perform the functions provided by the Mobile App, to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

AbaClock 3 enables time recording by means of badges or face recognition, direct recording of absences, retrieval of the current holiday balance, as well as the current target time, working time and flextime. The badge is scanned by a reader compatible with the Mobile App. In addition, the Mobile App can be synchronized with an Abacus installation or 21.AbaNinja account.

Which data is processed when AbaClock 3 is used?

If the Mobile App is linked with the relevant Installation, the information recorded by the user, such as working hours, will be directly synchronized with it. Abacus Research AG has no access to such information (with the exception of the released, complete diagnostic data, see below).

When you first open the Mobile App, you can consent to access to the iPad camera in order to activate use of face recognition. The data used for face recognition – i.e. the user’s physical facial features processed for login – is sent to the linked Installation so that face recognition will work on all iPads with AbaClock 3 that are linked with the Installation. If the user is not recognized, users can authenticate themselves by entering their date of birth. The data recorded during face recognition is synchronized directly between the Mobile App AbaClock 3 and your employer’s Installation and stored in both the Mobile App and the Installation. Abacus Research AG has no access to such data. The employer who activates the face recognition is responsible for ensuring the lawfulness of the data processing related to that functionality. If you have any questions about the related data processing and its lawfulness, storage period or data security, please contact your employer.

What diagnostic data is sent to Abacus Research AG?

When you first open the Mobile App, you can determine whether to send the required diagnostic data or the complete diagnostic data to Abacus Research AG. We advise you to opt for transmission of complete diagnostic data to enable optimal resolution of malfunctions during use of the Mobile App. This setting can be adjusted at any time by the Administrator in the "Data & Privacy" settings.

Required diagnostic data

For malfunction diagnosis, crash logs are collected as required diagnostic data by Apple and sent to Abacus Research AG. Such data contains no personal data unless it is contained in the device name, which is up to the users themselves.

Complete diagnostic data

The complete diagnostic data is paid information and contains, in addition to the required diagnostic data, a monitoring service and anonymous analytical data that is collected by Apple and sent to Abacus Research AG for statistical analyses to improve the Mobile App. It also includes information about how the Mobile App and its functions are used. To find out how Apple Inc. handles such information, see its privacy policy.  Moreover, the complete diagnostic data may contain information about the users (such as their name, language, and date of birth) and their time recording including their physical facial features for face recognition. Such data may also be shared with the relevant sales partner at the request of the Abacus licensee, e.g. in a case of support.

Replication monitoring

In a case of support, the Administrator can activate replication monitoring in the "Data & Privacy" settings. After that, information on the Mobile App’s replication status will be sent to Abacus Research AG.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

The information is collected by Abacus Research AG in order to perform the functions provided by the Mobile App, to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

Abacus Access enables Multi-Factor Authentication (MFA) when logging into an Abacus installation, from Abacus Software, the Abacus website and other Abacus Mobile Apps.

Which data is processed when Abacus Access is used?

To enable using the Multi-Factor Authentication from Abacus Access, information such as the User ID and login activity is sent to the linked Installation, website or Mobile App.

The first time you open the Mobile App, you can consent to the display of push-messages on the terminal device so that logins will be displayed immediately. Firebase Cloud Messaging is used to that purpose. Firebase Inc. does not have access to personal information in the Mobile App.

What diagnostic data is sent to Abacus Research AG?

Abacus Research AG contains diagnostic and analytical data that is collected by Firebase Crashlytics so that support services can be provided in case of malfunctions.

The diagnostic data contains information about crashes of the Mobile App, such as crash logs. The analytical data also includes information about how the Mobile App and its functions are used. Such data records contain no personal data unless it is contained in the device name, which is up to the users themselves.

To find out how Firebase Inc. handles such information, see its privacy policy.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

Such information is processed by Abacus Research AG to be able to perform the functionalities provided by the Mobile App and to ensure secure use of the Mobile App.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App’s functionalities.

Abacus Work report is used to record information such as employee hours, use of materials and detailed planning of projects on the iPad. The Mobile App can be synchronized with an Abacus installation.

Which data is processed when Abacus Work report is used?

If the Mobile App is linked with an Abacus installation, the information recorded with the Mobile App during synchronization is sent directly to the Abacus installation. Abacus Research AG has no access to such information.

When you first open the Mobile App, you can consent to access to the iPad camera and photo album. That enables attaching photos to the Work Reports. The photos are synchronized directly with the Abacus installation that was linked with the Mobile App. Abacus Research AG has no access to them.

What diagnostic data is sent to Abacus Research AG?

When you first open the Mobile App, you can determine whether to send the required diagnostic data or the complete diagnostic data to Abacus Research AG. This setting can be adjusted in the "Privacy Settings" at any time. We advise you to opt for transmission of complete diagnostic data to enable optimal resolution of malfunctions during use of the Mobile App.

Required diagnostic data

For malfunction diagnosis, crash logs are collected as required diagnostic data by Firebase Crashlytics from Firebase Inc. and sent to Abacus Research AG These do not contain any personal data.

Complete diagnostic data

In addition to the required diagnostic data, the complete diagnostic data contains anonymous analytical data that is sent by Google Analytics to Abacus Research AG This includes information about how the Mobile App and its functions are used.

How Firebase Inc. and Google LLC handle this information can be found in their respective privacy policies.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is processed by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

Abacus Daily report has the function of a mobile site report and is used to record information such as employee hours, machine hours, use of materials and multimedia data such as photos, voice or video recordings on the iPad. The Mobile App can be synchronized with an Abacus installation.

Which data is processed when Abacus Daily report is used?

If the Mobile App is linked with an Abacus installation, the information and multimedia data recorded with the Mobile App during synchronization is sent directly to the Abacus installation. Abacus Research AG has no access to such information and multimedia data.

When you first open the Mobile App, access can be granted to the iPad camera and photo album, as well as to the location of the iPad. That allows attaching the Daily Report photos and videos and displaying the local weather. That information is synchronized directly with the Abacus installation that was linked with the Mobile App. Abacus Research AG has no access to them. For display of the local weather, the iPad’s geolocation data is sent to the linked weather service.

What diagnostic data is sent to Abacus Research AG?

When you first open the Mobile App, you can determine whether to send the required diagnostic data or the complete diagnostic data to Abacus Research AG. This setting can be adjusted in the "Privacy Settings" at any time. We advise you to opt for transmission of complete diagnostic data to enable optimal resolution of malfunctions during use of the Mobile App.

Required diagnostic data

For malfunction diagnosis, crash logs are sent as required diagnostic data by Firebase Crashlytics from Firebase Inc. to ABACUS Research AG These do not contain any personal data.

Complete diagnostic data

In addition to the required diagnostic data, the complete diagnostic data contains anonymous analytical data that is stored by Abacus Research AG by means of Google Analytics. This includes information about how the Mobile App and its functions are used.

How Firebase Inc. and Google LLC handle this information can be found in their respective privacy policies.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is processed by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

The Mobile App AbaImmo and AbaCheck is used for the purpose of property inspection with integrated property plans. It enables generating an inspection report supplemented by photos and text, signed on the iPad and sent directly by e-mail. AbaImmo/AbaCheck is also used for taking stock via scanning codes. The Mobile App can be linked and synchronized with an Abacus AbaImmo/AbaCheck Installation.

Which data is processed when AbaImmo/AbaCheck is used?

For purposes of synchronization with an Abacus AbaImmo/AbaCheck Installation, inspection reports with attachments recorded by the user are sent directly from the iPad to the Abacus AbaImmo/AbaCheck Installation. This may involve information such as the condition of the property, costs, new address and contact data of the tenant. Abacus Research AG has no access to such information.

When you first open the Mobile App, you can consent to access to the iPad camera and photo album. That enables attaching photos to the inspection reports. The photos are synchronized directly with the Abacus installation that was linked with the Mobile App. For taking stock, codes are scanned with AbaImmo/AbaCheck. Therefore, to use the stock-taking function of the app, permission to access the iPad camera is needed. Abacus Research AG has no access to them.

When you first open the Mobile App, you can consent to the collection of approximate or precise location data by Google Maps or Apple Maps. This enables locating the rented property, calculating the route and displaying it on a map. That information is encrypted and forwarded directly to the appropriate service without being cached. To find out how Google Inc. or Apple Inc. handle such information, see their respective privacy policies.

What diagnostic data is sent to Abacus Research AG?

When you first open the Mobile App, you can determine whether to send the required diagnostic data or the complete diagnostic data to Abacus Research AG. We advise you to opt for transmission of complete diagnostic data to enable optimal resolution of malfunctions during use of the Mobile App. This setting can be adjusted in the "Privacy Settings" at any time.

Required diagnostic data

For malfunction diagnosis, crash logs are collected as required diagnostic data by Firebase Crashlytics and sent to Abacus Research AG Such data contains no personal data unless it is contained in the device name, which is up to the users themselves. To find out how Firebase Inc. handles such information, see its privacy policy.

Complete diagnostic data

In addition to the required diagnostic data, the complete diagnostic data contains anonymous analytical data that is stored by Abacus Research AG by means of Google Analytics. This includes information about how the Mobile App and its functions are used. To find out how Google Inc. handles such information, see its privacy policy.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is collected by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

The Mobile App AbaPoint is used for efficient automated recording of working hours and registration of services on certain projects. In addition, the Mobile App enables logging into and out of AbaPoint POIs, which allows location tracking during operation. The Mobile App can be synchronized with an Abacus installation.

The AbaPoint Manager app is included in this app since version 3.0. AbaPoint now includes all of the functions included in the Manager app as well as many improvements and added features.

Which data is processed when AbaPoint is used?

For purposes of synchronization with an Abacus installation, working hours and services recorded by the user are exchanged directly between the Mobile App and the Abacus installation linked with the Mobile App. Abacus Research AG has no access to such information.

When you first open the Mobile App, you can consent to the collection of approximate or precise location data by Google Maps (Android) or Apple Maps (iOS and iPadOS). This is necessary for communications between the Mobile App and the AbaPoint POIs. That information is forwarded directly to the appropriate service without being cached. To find out how Google LLC and Foursquare Inc. use such data, see their respective privacy policies.

What diagnostic data is sent to Abacus Research AG?

When you first open the Mobile App, you can determine whether to send the required diagnostic data or the complete diagnostic data to Abacus Research AG. We advise you to opt for transmission of complete diagnostic data to enable optimal resolution of malfunctions during use of the Mobile App. This setting can be adjusted in the "Privacy Settings" at any time.

Required diagnostic data

For malfunction diagnosis, crash logs are collected as required diagnostic data by Matomo Analytics (Android) or by Apple (iOS and iPadOS) and sent to Abacus Research AG Such information contains no personal data unless such data except for the IP Address and if there is personal data contained in the device name, which is up to the users themselves. Matomo Analytics is hosted on the servers of Abacus Research AG, so that no third parties have access to the data collected with it. To find out how Apple Inc. handles the information, see its privacy policy.

Complete diagnostic data

In addition to the required diagnostic data, complete diagnostic data includes anonymous analytical data that is collected by Matomo Analytics (Android) or by Apple (iOS and iPadOS) and sent to Abacus Research AG. This includes information about how the Mobile App and its functions are used. Matomo Analytics is hosted on the servers of Abacus Research AG, so that no third parties have access to the data collected with it. To find out how Apple Inc. handles the information, see its privacy policy.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is collected by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

The mobile app AbaPoint Manager makes it possible to configure AbaPoint POIs, which can be used with the mobile app AbaPoint.

AbaPoint Manager will be removed from the App Store on January 1^st 2024. . The AbaPoint Manager app is included in the AbaPoint app since its version 3.0. AbaPoint now includes all of the functions included in the Manager app as well as many improvements and added features.

If you already have installed the Manager app on any of your devices, we recommend you download the newest version of AbaPoint from the App Store or Play Store. The AbaPoint Manager app can then be deleted, since its features can be used without further action in the new AbaPoint app.

Which data is processed when AbaPoint Manager is used?

For purposes of synchronization with an Abacus installation, information about AbaPoint POIs configured by the User is exchanged directly between the Mobile App and the Abacus installation linked with the Mobile App. Abacus Research AG has no access to such information.

When you first open the Mobile App, you can consent to the collection of approximate or precise location data by Apple Maps. This is necessary for communications between the Mobile App and the AbaPoint POIs. That information is forwarded directly to the appropriate service without being cached. To find out how Apple Inc. uses such data, see its privacy policy.

What diagnostic data is sent to Abacus Research AG?

When you first open the Mobile App, you can determine whether to send the required diagnostic data or the complete diagnostic data to Abacus Research AG. We advise you to opt for transmission of complete diagnostic data to enable optimal resolution of malfunctions during use of the Mobile App. This setting can be adjusted in the "Privacy Settings" at any time.

Required diagnostic data

For malfunction diagnosis, crash logs are collected as required diagnostic data by Apple and sent to Abacus Research AG. Such information contains no personal data unless such data is contained in the device name, which is up to the users themselves. To find out how Apple Inc. handles such information, see its privacy policy.

Complete diagnostic data

In addition to the required diagnostic data, the complete diagnostic data contains anonymous analytical data that is collected by Apple and stored by Abacus Research AG This includes information about how the Mobile App and its functions are used. To find out how Apple Inc. handles such information, see its privacy policy.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is collected by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

AbaSmart allows service technicians to record projects, services and service orders, which can be supplemented by multimedia files such as photos, videos or audio recordings. The Mobile App can be linked with an Abacus installation. In addition, it has an integrated messaging service.

Which data is processed when AbaSmart is used?

If the Mobile App is linked with an Abacus installation, the information and multimedia data recorded with the Mobile App during synchronization is sent directly to the Abacus installation. Similarly, information already contained in the Abacus installation such as calendar entries or services can be sent from this Mobile App. Abacus Research AG has no access to such information.

The first time you open the app, you can consent to the display of push-messages on the terminal device so that logins will be displayed immediately. Firebase Cloud Messaging is used to that purpose. Firebase Inc. does not have access to personal information in the Mobile App.

Moreover, when you first open the Mobile App, you can consent to the collection of approximate or precise location data by Apple Maps. This allows location data to be added to the recorded and synced with the linked Abacus installation. To find out how Apple Inc. handles such information, see its privacy policy.

What diagnostic data is sent to Abacus Research AG?

For fault malfunction, Apple collects information about crashes of the Mobile App and crash logs, which are accessible to Abacus Research AG Such data contains no personal data unless it is contained in the device name, which is up to the users themselves. To find out how Apple Inc. handles such information, see its privacy policy.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is collected by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

AbaSmart 2 is used to record service orders, which may be supplemented by documents and photos. The Mobile App can be linked and synchronized with an Abacus Installation.

Which data is processed when AbaSmart 2 is used?

For purposes of synchronization with an Abacus installation, information such as service orders with attached photos or documents is exchanged directly between the Mobile App and the Abacus installation linked with the Mobile App. Abacus Research AG has no access to such information.

The first time you open the app, you can consent to the display of push-messages on the terminal device so that logins will be displayed immediately. Firebase Cloud Messaging is used to that purpose. Firebase Inc. does not have access to personal information in the Mobile App.

What diagnostic data is sent to Abacus Research AG?

For fault malfunction, Apple collects information about crashes of the Mobile App and crash logs, which are accessible to Abacus Research AG. Such data contains no personal data unless it is contained in the device name, which is up to the users themselves. To find out how Apple Inc. handles such information, see its privacy policy.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is collected by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG collects and processes the information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

AbaSquare is an internal communications platform for businesses that is seamlessly integrated into the MyAbacus employee portal. It enables access to Company Feed and Company News via mobile terminal devices. Company News allows the company to communicate with its employees, whereas Company Feed lets employees communicate with one another via open or closed channels, at their option.

Which data is processed when AbaSquare is used?

When you first open the Mobile App, you have to enter the AMID, which will open the company login process. To enable the AbaSquare app to be synced with MyAbacus of the Abacus installation, the following accesses are also required:

• access to the Abacus clients
• retrieval of the user name in MyAbacus
• access to the Abacus installation

That information is transferred between the Mobile App and MyAbacus of the Abacus installation.

After the accesses have been successfully unblocked, the display of messages on the terminal device can be enabled so that contributions to AbaSquare can be displayed on the mobile terminal device. Firebase Cloud Messaging is used to that purpose. Firebase Inc. does not have access to personal information in the Mobile App.

“My Feed” lets you view, like, store, comment on, create, edit and delete contributions in Company Feed. Users can use the Mobile App to manage their channels and to favorite people in Company Feed. In the "News" tab, you can view, like and store contributions from Company News.

Contributions appear under the author’s name and photo. The user and the Administrators at the Abacus licensee that create the content in Company Feed and Company News decide whether to include further personal data in such content and, if so, which data. Under "Privacy" in the user’s profile, it is possible to select whether other employees are permitted to read and/or comment on one’s own contributions.

Photos and videos can be taken and posted directly in the application. Authorisation is requested the first time the camera function is used. You can change or revoke access to the camera of your device at any time in the settings of your device.

Contributions can also be supplemented by photos and videos. To do so, a connection to a DeepBox of the Abacus licensee at DeepCloud AG is required, where the videos can be cached for simplified display. In such cases, the privacy policy of the third-party provider shall be applicable.

The employee directory from MyAbacus is displayed in the AbaSquare application via the "Employees" navigation point. The user can search for other employees by name. There are various filter options, for example by department or by function. If a person is clicked on, a detailed view of the person appears together with personal data such as e-mail address or internal telephone number.The company defines in Abacus ERP which content is displayed in the directory and whether the employee directory should be displayed at all.

Users can change the language of the Mobile App under “Language” in their profile. It is also possible to activate automated or individual translation of content there. To do so, a connection to a DeepBox of the Abacus licensee entity at DeepCloud AG is required, where the content for translation and the translations can be cached for simplified editing. The Abacus licensee itself selects the corresponding translation service. In this case, the privacy policy of the third-party provider shall be applicable.

What diagnostic data is sent to Abacus Research AG?

Abacus Research AG contains diagnostic and analytical data that is collected by Firebase Crashlytics so that support services can be provided in case of malfunctions.

The diagnostic data contains information about crashes of the Mobile App, such as crash logs. The analytical data also includes information about how the Mobile App and its functions are used. Such data records contain no personal data unless it is contained in the device name, which is up to the users themselves.

To find out how Firebase Inc. handles such information, see its privacy policy.

How long is the data stored?

The diagnostic data stored by Abacus Research AG is deleted as soon as it is no longer needed for its purpose.

What is the purpose of the data processing?

That information is collected by Abacus Research AG in order to ensure secure use of the Mobile App and to help improve it.

What are the legal bases/justifications for data processing?

Abacus Research AG processes such information either with your prior consent or based on our legitimate interests in enabling secure and trouble-free use of the Mobile App.

If you use areas that require you to register or to log in, you should store the login data and make sure it is not accessible to third parties. If you log in by means of a terminal device that is used by more than one person, please do not forget to log off properly after each session and close the Mobile App used.

We take data security very seriously and treat your data confidentially and in accordance with the statutory provisions. We have taken various technical and organizational measures to achieve a level of protection commensurate with the risk.

Such measures may include:

• the pseudonymization and encryption of data;
• security precautions related to confidentiality, integrity, availability and resilience of the systems;
• the ability to restore the availability and access to data in a timely manner in the event of a physical or technical incident;
• periodic review, assessment and evaluation of the effectiveness of the technical and organizational measures, including by means of penetration tests in the case of Mobile Apps;
• monitoring third-party dependencies of the Mobile Apps.

That way, we provide your data with state-of-the-art protection against loss, misuse, change, destruction and unauthorized access. Our standard of security is constantly upgraded to the latest technological developments. Our employees and commissioned service providers are bound by confidentiality and act in accordance with our instructions.

Bear in mind that online security gaps can never be ruled out completely. 100% security of all systems cannot be guaranteed. We assume no liability for wrongful actions by authorized third parties.

Our Mobile Apps use HTTP protocol with SSL/TLS protocol for encryption.

As a business, we use various tools from US companies, such as Google LLC, Firebase Inc. or Apple Inc. We endeavour, whenever possible, to contractually agree with those companies to store data in locations in Switzerland or the EU. Nevertheless, data may be sent to their servers in the USA during use or in cases of support. Both the EU and Switzerland issued positive adequacy decisions concerning the USA after entering into the corresponding Swiss/EU-US Data Privacy Frameworks, so that a data transfer to the USA is lawful following certification of such companies.

For data processed in a Third Country that lacks an adequate level of data protection, we provide suitable safeguards, such as entering into standard data protection clauses (with adjustment of the necessary contractual and technical measures), to ensure lawful data transmission to foreign countries. We resort to legally permissible exceptions only in isolated cases, such as allowing data transmission to a Third Country that lacks an adequate level of data protection based on express consent by the data subject.

Abacus Research AG is an innovative company and constantly develops new Mobile Apps. Accordingly, this Privacy Policy may be changed at any time without prior notice, subject to complying with the applicable data protection provisions.

The general information in this Privacy Policy is already applicable to new Mobile Apps before any adaptations are made and before the new Mobile Apps are expressly mentioned.