GDPR

How we process your data

I. Introduction

This document describes the processing of personal data of users of the Maják mobile application. The processing is governed by legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation or „GDPR Regulation“ and Act No. 110/2019 Coll., on the processing of personal data, as amended.

II. Personal data controller

The operator of the Maják Application system (hereinafter referred to as the „Application“) and the personal data controller is the non-profit organization Maják Application, registered office at Revoluční 762/13, 110 00 Prague 1, ID: 22449485. (hereinafter referred to as the „controller“)

III. Personal data processed and purpose of processing

The operator processes the personal data of the Application Users that the User entered when verifying the phone number and further in the „My Profile“ section in the application. User verification involves entering the phone number, first name and last name. In addition to the data entered by the user into the application, the application collects and processes data obtained based on the following permissions: Read Contacts permission; Camera permission; Call phone permission; Coarse location permission, Fine location permission; Background location permission, Write external settings permission. The user also has the option of filling in and editing additional health and personal information in the „My Profile“ section. This information includes: contacts of close people (phone numbers). The user also has the option to create an event in the „hike book“ application, where the following information can be entered:

  • Place and time of the activity start
  • Place and times of the waypoints
  • Place and time of the activity end
  • Contacts of close people: Names + phone numbers
  • Contacts of group members: Names + phone numbers

All entered data remains stored only in the Maják mobile application on the user’s device and is not passed on to a third party or administrator (except for data required for verification – phone number, name, surname). Data is only transferred when the user consciously presses the emergency button in the „Alarm“ module. By pressing it and confirming the „Call for help“ option, a so-called emergency message is sent. It contains all the data that the user has filled in in the „My Profile“ module. The emergency message always contains the user’s location at the time the emergency button is pressed, the phone’s language settings, battery status, signal and internet connection status, and application version. The Beacon application allows sending the device’s location to the Integrated Rescue System components. This function is activated by pressing the emergency button in the „ALARM“ module. After pressing, an emergency message is sent, via data or SMS. The message is sent to the rescue
service and is used only for the purposes of the rescue operation. If the user disables the application from using location data, only the emergency line 158 is dialed after pressing the emergency button. All transmitted data can only be used within the framework of a rescue operation. The Administrator is not responsible for the accuracy of the personal data entered by the user processed by the Application. If the Administrator demonstrably learns of the incorrectness or incompleteness of the processed data provided by the user, he is obliged to correct, supplement or delete it in the prescribed manner.

IV. Using the application’s location and using the location in the background

The Beacon application allows sending the device’s location to the Integrated Rescue System components. This function is activated by pressing the emergency button in the „ALARM“ module. After pressing, an emergency message is sent, either by data or via SMS. The message is sent to the IRS and is used only for the purposes of the rescue operation. If the user disables the application from using location data, only the emergency line 158 is dialed after pressing the emergency button. The Beacon application can regularly update the user’s location in the background after pressing the emergency button in an emergency, even if the application is closed. This function allows for more precise location and better guidance of rescuers to the scene of the incident. In such a case, an emergency message containing location information is sent to the rescue components at regular intervals, provided that the user has more than 20% battery and is connected to the Internet. Updating the location
message is important for better navigation of emergency services to the scene of an incident. The use of the background location update function must be enabled by the user after installing the application in the setup wizard or in the application settings. Without the user’s permission and consent, the location localization is not used in the background after pressing the emergency button.

V. Permissions that the application uses to access the user’s personal data

Depending on the specifics of a particular device, the application may require specific permissions to access the user’s data. These permissions must be granted by the user before the mobile application can use this data. Once the permission has been granted, the user can revoke it at any time. The permission can be revoked in the application settings. The user can also contact the application operator for assistance. The specific procedure for granting access to permissions may differ on different types of devices and depends on the specific software. The user must keep in mind that not allowing or denying a specific permission may limit the functionality of the application. By allowing the permissions described below, the user acknowledges that the application may modify, access or delete this data.

  • Read Contacts Permission
    – Used to access the contact list. The application can load a contact directly into the user’s user profile without the need for manual entry.
  • Camera Permission
    – It is used to make a video call with the emergency line and rescuers.
  • Call Phone Permission
    – It is used to directly dial the national emergency number after activating the emergency button.
  • Coarse location permission and fine location permissions
    – It is used to obtain the user’s location. This application may use to collect and share the user’s location in order to provide location-based services. Location services are used to send the user’s location to the emergency service. This function is activated by pressing the emergency button in the „ALARM“ module. After pressing, an emergency message is sent, either by data or by SMS. The message is sent to the IRS and is used only for the purposes of the rescue operation. If the user disables the application from using location data, only the emergency line 158 is dialed after pressing the emergency button. Location services are also used in other modules of the application to provide services based on the user’s specific location.
  • Using location in the background
    – The application The Lighthouse application can regularly update the user’s location in the background after pressing the emergency button in an emergency, even when the application is closed. This function allows for more precise location and better guidance of rescuers to the scene of the incident. In such a case, an emergency message containing location information is sent to the rescue services at regular intervals, provided that the user has more than 20% battery and is connected to the Internet. Updating the location message is important for better navigation of the rescue services to the scene of the incident. The user must enable the use of the background location update function after installing the application in the settings wizard, or in the application settings. Without the user’s permission and consent, location localization is not used after pressing the emergency button in the background.
  • Write external settings permission
    – It is used to control the user’s device settings. For example, the screen brightness during an emergency with a resuscitation metronome.
  • Send SMS permission
    – This permission is strictly used to send an SMS message to emergency services, including your exact location and battery status, to ensure a quick and accurate response to your emergency.

VI. Legal grounds for processing

The Administrator processes personal data based on the user’s acceptance of the terms of use when installing the Application – consent to the processing of personal data. The Administrator processes a special category of personal data (primarily health data) only when entered by the user – consent to the processing of personal data.

VII. Processing time

Data from the Maják Application is stored for a maximum of two years. This only concerns the data of those users that were transferred to the IZS, i.e. those users who used the Application to call for help.

VIII. Personal data security

The administrator has adopted appropriate technical and organizational measures with regard to the state of the art, economic costs, nature and purpose of the processing. The administrator has ensured an adequate level of security for personal data transferred as part of an emergency call to the IRS. The risks of accidental or unlawful destruction, loss, alteration, unauthorized access, or other forms of unauthorized data processing have been taken into account. The administrator undertakes to comply with the above measures also with regard to the development of new technologies and to eliminate possible future threats of system attacks. The administrator’s employees and other persons who process personal data on the basis of a contract with the processor, and other persons who come into contact with personal data in the performance of their authorizations and duties, are obliged to maintain confidentiality of personal data and security measures, the disclosure of which would
jeopardize the security of personal data. The obligation to maintain confidentiality does not apply to the information obligation under special laws.

IX. Processing methods

Personal data are processed exclusively in electronic form and automatically.

X. Recipients of personal data

Recipients of personal data include the operational centers of other components of the Integrated Rescue System participating in the rescue operation (Police, Water Rescue Service, Mountain Rescue Service, etc.)

XI. Rights of subjects

You have the right to request from the administrator access to personal data concerning you as a data subject, you have the right to correct them; You may have the right to restrict processing in the following cases:

  • if you contest the accuracy of the personal data, for a period of time necessary to enable the controller to verify the accuracy of the personal data
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims
  • if you have already objected to processing where the processing is carried out in the legitimate interests of the controller or of a third party, until it has been verified whether the legitimate grounds of the controller override those of the data subject.

You have the right to object to processing where:

  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, or
  • the processing is carried out in the legitimate interests of the controller or a third party, as well as the right to data portability.

The right to erasure of personal data, including where the obligation to process them under a legal regulation no longer applies or where other exceptions under legal regulations do not apply;

XII. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data infringes the GDPR. You can lodge a complaint with the supervisory authority:

  • at your place of habitual residence,
  • at your place of employment, or
  • at the place where the alleged infringement occurred

XIII. Contact the Data Protection Officer

The Data Protection Officer can be contacted at:
gdpr@majak.app