Principles of data processing in the context of use of the

AFI Xpense App from AFI Solutions GmbH

Data Privacy Statement

1. Party responsible for data processing

Responsible in terms of data protection law is

AFI Solutions GmbH
Sigmaringer Straße 109
70567 Stuttgart
Germany

For further information about our company, information about persons authorized to represent and additional contact options, please visit the legal notice of our website: legal notice

2. Which of your Data will be processed by us?

The IP address of the device from which the data is sent to servers of AFI Solutions GmbH.

Identification data in the form of a unique, cryptographic key with which the app authenticates itself to the infrastructure.

In addition:

Document data or images of documents entered by you are processed by AFI Solutions GmbH on behalf of your employer. Your employer is responsible for this under data protection law. If you have any questions about the processing of this data, please contact the relevant departments within your organization.

3. For which purposes is data processing performed?

• The IP address of your mobile device is collected for logging purposes to ensure secure and functional operation.
• Processing of your cryptographic key is intended for secure authentication of your terminal device towards the infrastructure of AFI Solutions GmbH and towards the systems of your employer.
• All other data is processed for the purpose of recording expenses and travel costs in the form of receipts and transferring them to the target system at your employer.

4. What is the legal basis for data processing?

AFI Solutions GmbH processes your data on the basis of the contract concluded upon the purchase of the app pursuant to Art. 6 para. 1 lit. B GDPR. The above-mentioned data transfer to your employer also takes place on the basis of Art. 6 para. 1 lit. B GDPR. Appropriate contracts have been concluded between your employer and AFI Solutions GmbH for this purpose.

5. Objection

If personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future. For this purpose, please contact us at the contact address indicated below.

6. Where is the data processed?

AFI Solutions GmbH processes your personal data exclusively in data centers in Germany.

7. To whom is the data passed?

Your data will be transmitted to your employer after processing by AFI Solutions GmbH. Your data will not be transmitted to third parties.

8. For how long will the data be stored?

• Your authentication key is stored in an encrypted memory on your phone (keychain) until you select »Reset App« in the app or delete your Apple ID on your smartphone on iOS.
  When uninstalling the AFI Xpense app on Apple smartphones, this data will not be deleted (because on iOS, data from the Apple KeyChain is not deleted when application data is deleted). If you wish to remove the data from the KeyChain, you must first execute the »Reset App« function (Menu → Settings → Reset App) before uninstalling the app.
  On Android, this data is deleted upon uninstallation.
• The IP address of your terminal device or the logs in which it is stored are deleted after 30 days.
• All other data is stored in your employer's SAP system. You can obtain information about the deletion periods within this system from your employer.

9. Your Rights as Data Subject

• In pursuance of Art. 7 (3) GDPR, you shall have the right to withdraw granted consent with effect for the future. You do so directly within the app on your mobile device.
• In pursuance of Art. 15 GDPR, you shall have the right to obtain confirmation as to whether data in question is being processed and to obtain information about this data and any further information as well as a copy of the data.
• In pursuance of Art. 16 GDPR, you shall have the right to request that data concerning you be completed or that inaccurate data concerning you be rectified.
• In pursuance of Art. 17 GDPR, you shall have the right to request that the data in question be erased without undue delay, or alternatively, in pursuance of Art. 18 GDPR, to request restriction of processing of the data.
• In pursuance of Art. 20 GDPR, you shall have the right to receive the data concerning you that you have provided to us and to request that it be transmitted to other controllers.
• In pursuance of Art. 21 GDPR, you shall have the right to object to the future processing of data concerning you at any time. The objection can be made in particular against the processing for direct marketing purposes.
• In pursuance of Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority.

10. Our Data Protection Official

We have appointed a data protection official in our company who can be reached as follows: AFI Solutions GmbH
– Data Protection Official –
Sigmaringer Straße 109
70567 Stuttgart
E-Mail: datenschutz@afi-solutions.com

Last Update 07/2021