App Name: VarroaCounter
Contact information: varroa_counter_info@toplab.at
TopLab - Toplak Laboratory e.U.
Effective date: 09.03.2023
TopLab – Toplak Laboratory e.U. ("us", "we", or "our") operates the VarroaCounter mobile application (hereinafter referred to as the "Service").
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
Camera: We use the camera feature to take photographs of bee hive trays. We do not collect or store any images or videos taken using the camera, except the images which are used to fulfill the service.
Coarse Location: We may collect your location information to provide you with relevant local services and features. We will not share your location information with third parties.
Billing Information: We use Google API services for billing purposes.
Google's billing service uses a variety of user data to process payments for purchases made on Google's platform, such as in-app purchases, subscriptions, and purchases made on the Google Play Store. Some of the user data that Google's billing service may use include:
Payment information: Google's billing service will store and use payment information such as credit card numbers, billing addresses, and other payment details to process payments for purchases.
Purchase history: Google's billing service will keep track of the user's purchase history, including the products or services purchased, the date of purchase, and the payment method used.
User account information: Google's billing service will use the user's account information, including their name, email address, and other contact information, to process payments and communicate with the user regarding their purchases.
Device information: Google's billing service may collect information about the user's device, such as the device type and operating system, to ensure that the payment process is optimized for the user's device.
Location data: Google's billing service may use location data to help verify the user's identity and to comply with regional payment regulations.
It's important to note that Google takes user privacy seriously and has strict policies in place to protect user data. Users can also manage their payment and purchase history through their Google account settings.
We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your device's Type, Android Version, camera configuration paramters, camera type, time and date of your visit.
Secure data handling procedures, retention and deletion
To ensure secure data handling procedures for email communication containing insect photographs, even if they are not sensitive, user privacy is prioritized and complies with data protection regulations. Here's a concise outline of the procedures:
Encryption: All email communications, including attachments, are encrypted during transmission and storage. Utilize secure protocols such as Transport Layer Security (TLS) for emails to protect against unauthorized access during transit.
Access Control and User Authentication: Only authorized personnel with a legitimate need has access to email files.
Storage Guidelines: emails and their attachments will be stored as long as the research for an improved AI update takes time. In course of that metainformation and image data will be stored in a research related data storage. This storage has restricted access and is on premise. The storage is regularly audited and and permissions align to organizational roles.
Data Classification: Even though the attached photographs may not contain sensitive personal information, classify the data appropriately. Maintain a record of the data classification to ensure that the level of protection corresponds to the perceived risk.
Data Retention and Deletion: If users decide to share a foto of a hive tray, they can do so by enabling the checkbox for QA email when the count estimation result is presented. After then they can decide their email client to use, which is addressed via an intent. A draft email is presented to them, showing some meta information about the image and device as well as a the raw foto as attachment. Emails are stored within the TopLabs email system. After fotos and emails have been sighted and prepared for the quality assurance process by an authorized human, they are deleted.
Training and Awareness: We know about the importance of data security, and develop specific handling procedures for emails and attachments. The organization aims at a culture of security awareness.
Incident Response Plan: Develop a robust incident response plan that outlines the steps to be taken in the event of a security breach. This plan should include procedures for notifying affected parties and regulatory bodies if required.