this privacy policy applies to the software products GEJOScan (PC version), GEJOScan mobile (Android/iOS) and GEJOScan PELI of GJS Inspektionssysteme GmbH. Below we explain what personal data is processed when you use these software products, for what purposes and on what legal basis the processing takes place. We also inform you about your rights regarding your personal data.

Data Controller

The entity responsible for data processing in connection with the above-mentioned software products (the “Data Controller”) within the meaning of the EU General Data Protection Regulation (GDPR) is:

GJS Inspektionssysteme GmbH
Technikstraße 3
91166 Georgensgmünd, Germany
Phone: +49 9172 9999 201
Email: privacy@kanalkamera.de

Data Protection Officer

We have appointed a Data Protection Officer (DPO). You can reach our DPO by sending a letter to the above postal address (please add “Attn. Data Protection Officer”) or by emailing privacy@kanalkamera.de.

Legal Bases for Processing

Where we ask for and obtain your consent, we process your personal data on the basis of Art. 6(1)(a) GDPR (and, if special categories of data are involved, Art. 9(2)(a) GDPR). If you explicitly consent to a transfer of personal data to countries outside the EU, processing is additionally based on Art. 49(1)(a) GDPR. If we request consent to store information on or access information from your device (for example, accessing a device identifier in accordance with Section 25(1) of the German TTDSG), this processing is also based on that consent. You may withdraw any given consent at any time with future effect.

If data processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request, it is based on Art. 6(1)(b) GDPR. If processing is necessary for us to comply with a legal obligation, the legal basis is Art. 6(1)(c) GDPR. In all other cases, processing may be based on our legitimate interests (Art. 6(1)(f) GDPR). In this privacy policy, we indicate the relevant legal basis for each specific processing activity where appropriate.

Recipients and Processors

We may employ external service providers (acting as processors or independent controllers) to assist in our operations (for example, IT infrastructure or analytics services). Personal data will only be disclosed to third parties when permitted by law. Such circumstances include, for instance, where it is necessary for the performance of a contract (Art. 6(1)(b) GDPR), where we are legally obliged to do so (Art. 6(1)(c) GDPR), or where we have a legitimate interest in disclosing the data (Art. 6(1)(f) GDPR). When we engage external companies to process data on our behalf as processors (Auftragsverarbeiter), we conclude appropriate Data Processing Agreements (DPAs) in accordance with Art. 28 GDPR to ensure your data is handled in compliance with GDPR. In cases of joint processing with other controllers, we enter into joint-controller agreements pursuant to Art. 26 GDPR.

Note on Data Transfers to the USA and Other Countries

Our software products use, among other things, services provided by companies based outside the European Union (notably in the United States). We wish to inform you that personal data processed in the USA or other non-EU countries may not be subject to the same level of data protection as within the EU. In particular, US companies may be obliged to hand over personal data to US authorities for national security or law enforcement purposes, and you may not have effective legal recourse against such actions. It is thus possible that US authorities could access, analyze, and store your data indefinitely. We have no control over these government activities. Where we transfer personal data to service providers outside the EU, we strive to implement appropriate safeguards (such as EU Standard Contractual Clauses and additional technical measures) to ensure an adequate level of data protection.

Storage Period

Unless a more specific retention period is stated in this policy, your personal data will be stored only as long as necessary to fulfill the purposes described here, after which it will be deleted or anonymized in accordance with legal requirements. If you request deletion or revoke a previously given consent, we will erase the relevant data provided that we have no legal basis or obligation to retain it (for example, retention obligations under tax or commercial laws). In the latter case, we delete the data once the applicable retention period expires.

Data Processing When Using Our Software

When you use our software products, various types of personal data may be processed depending on the features you use. Below we outline the key data processing activities:

Crash Reports and Error Diagnostics (Bugsnag)

For improving the stability and reliability of our software, we utilize the service Bugsnag provided by Bugsnag Inc., 939 Harrison St, San Francisco, CA 94107, USA. Bugsnag allows us to quickly identify and debug errors or crashes in the applications. If an error or crash occurs while using the software, information about the incident is transmitted to Bugsnag’s servers. This information may include technical details such as the time the error occurred, the device type and operating system version, the app version in use, and what part of the program was running at the time of the error. The report also includes the IP address from which the error report is sent (potentially used for technical routing and diagnostic purposes). We do not include any directly identifying personal data (like your name or contact information) in these crash reports — they are intended purely for technical diagnosis.

Bugsnag processes the transmitted information on our behalf to generate error reports, helping our development team to pinpoint the cause of the issue and fix it in future updates. This process is essential for maintaining the quality and security of our products. The data sent to Bugsnag is generally technical in nature and does not by itself identify you personally. It is used exclusively to improve our software’s performance and stability.

The legal basis for using Bugsnag is our legitimate interest in providing a functional and error-free product (Art. 6(1)(f) GDPR). In cases where you may be asked for consent for sending diagnostic data, processing will occur on the basis of Art. 6(1)(a) GDPR; you can withdraw such consent at any time for the future.

Bugsnag’s servers are located in the United States. We have entered into a Data Processing Agreement with Bugsnag that includes the EU Standard Contractual Clauses to ensure an adequate level of protection for your data. For more information on how Bugsnag handles personal data, please refer to Bugsnag’s Privacy Policy.

Retention: Error logs and crash reports sent via Bugsnag are retained only for as long as necessary to analyze and fix the underlying issues. Generally, once an issue is resolved, the related crash data is deleted or archived in an anonymized form. In any case, crash report data will not be kept longer than 12 months in identifiable form.

Usage Analytics (Firebase Analytics)

We use the analytics service Firebase Analytics by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to understand how our apps are used and to improve the user experience. Firebase Analytics collects and processes pseudonymous usage data from our apps. This data can include information such as which app features or screens are accessed and how often, usage duration, interactions within the app, and technical details about your device (e.g., device model, OS version, language, and app version). These analytics data are associated with a randomly generated user identifier (a Firebase installation ID) rather than your real identity. We do not receive or store any data that directly identifies you through Firebase Analytics.

Google processes the analytics information on our behalf to compile reports on aggregate app usage and trends. These reports help us understand, for example, how many users we have, which features are most popular, and where improvements might be needed. Firebase Analytics may also use your device’s IP address to derive general location information (country or region); however, Google’s systems typically anonymize IP addresses before storage, and we do not have access to any raw IP data.

The use of Firebase Analytics is based on our legitimate interest (Art. 6(1)(f) GDPR) in improving our products and fixing issues proactively. If required by applicable law, we will seek your consent before enabling analytics tracking (in such case, the processing would be based on Art. 6(1)(a) GDPR and — in Germany — § 25(1) TTDSG). Any given consent can be withdrawn at any time by, for example, disabling analytics in the app settings or contacting us. Note that refusal or withdrawal of consent for analytics will not affect your ability to use the app, though it will limit our insight into its usage.

Data collected via Firebase Analytics may be stored on Google servers in the United States or other countries outside the EU. We have a Data Processing Agreement in place with Google that incorporates the EU’s Standard Contractual Clauses to safeguard your information. For further details on Google’s handling of user data, you can review the Firebase Privacy Information and Google’s general Privacy Policy.

Retention: We have configured our Firebase Analytics settings to limit the retention of user-level data. Analytics data associated with unique identifiers is automatically deleted or anonymized after a maximum of 14 months. Aggregate data (which no longer contains personal identifiers) may be retained for a longer period to allow long-term performance analysis.

Additional Features and Voluntary Data

If you voluntarily provide personal data through the app (for example, by sending a support request via an in-app form or by registering an account within the app, if such functionality exists), we will use that data solely for the purpose for which you provide it. For instance, if you contact us for support through the app, we will process the contact information and details of your request to respond to you (legal basis: usually your consent, Art. 6(1)(a) GDPR, or our legitimate interest in customer support, Art. 6(1)(f) GDPR). Similarly, if the app allows account creation, any personal data you submit (such as a username or email) will be used to manage your account and provide the associated services (legal basis: performance of contract, Art. 6(1)(b) GDPR). In all such cases, we will inform you within the app what data is being collected and why. We will not use voluntarily provided data for any other purpose without your permission. Personal data provided in this context will be deleted in accordance with our retention policy once it is no longer needed for the respective purpose, unless we are legally obliged to retain it longer.

Your Rights under GDPR

As a data subject, you have the following rights regarding your personal data. You can exercise these rights at any time by contacting us using the contact information provided above. There is no charge for exercising your rights.

Right to Withdraw Consent

If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. To do so, you can contact us through any of the channels provided. The withdrawal of consent will not affect the lawfulness of any processing we carried out before your withdrawal.

Right to Object (Art. 21 GDPR)

Right to object to processing on grounds relating to your particular situation: In cases where we process your data on the basis of Art. 6(1)(e) (public interest) or Art. 6(1)(f) (legitimate interests) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. This also applies to any profiling based on those provisions. If you file an objection, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

Right to object to direct marketing: If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, including any related profiling. If you object to processing for direct marketing, we will stop processing your personal data for those purposes.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You may file a complaint with the data protection authority in your country of residence, your place of work, or the place of the alleged infringement. For example, if you reside in Norway, you can contact the Norwegian Data Protection Authority (Datatilsynet); if in Denmark, the Danish Data Protection Authority (Datatilsynet). You also have the option to seek a judicial remedy. This right to complain is without prejudice to any other administrative or judicial remedies.

Right of Access, Rectification, Erasure

You have the right to obtain confirmation as to whether or not we process personal data concerning you, and, if so, to request information about those personal data (Art. 15 GDPR). This includes information about the categories of data, the purposes of processing, the recipients or categories of recipients to whom the data have been or will be disclosed, and (if possible) the envisaged period for which the data will be stored. You also have the right to have inaccurate personal data corrected (Art. 16 GDPR) and incomplete data completed, as well as the right to request the deletion of your personal data under the conditions of Art. 17 GDPR (“right to be forgotten”). For example, you can ask us to erase data if it is no longer needed for its intended purpose or if you have withdrawn your consent and there is no other legal basis for processing.

Right to Restriction of Processing

In certain circumstances, you have the right to request the restriction of processing of your personal data (Art. 18 GDPR). This means that we would mark the stored data to limit its processing in the future. You can demand restriction of processing in the following situations:

• If you contest the accuracy of your personal data, you may request restriction while we verify the accuracy of the data.
• If the processing is unlawful but you do not want the data to be deleted, you can request the use of the personal data be restricted instead.
• If we no longer need your personal data for the purposes of processing, but you require the data to establish, exercise or defend legal claims, you have the right to request restriction instead of deletion.
• If you have objected to processing pursuant to Art. 21(1) GDPR, a balancing of interests is pending. You may request that processing of your data be restricted for the period during which it is not yet determined whose interests prevail.

When processing is restricted, such data will—apart from being stored—only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another person or for reasons of important public interest. We will inform you before any restriction is lifted.

Right to Data Portability

You have the right to receive personal data that you have provided to us and which we process by automated means on the basis of your consent or in performance of a contract, in a commonly used, machine-readable format (Art. 20 GDPR). Where technically feasible, you can also request that we transmit this data directly to another controller.