Versions Compared

Old Version 6

changes.mady.by.user Saurav Bhattarai

Saved on

compared with

New Version 7

changes.mady.by.user Saurav Bhattarai

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This Privacy Policy applies to the processing of personal data by the openIMIS software as well as the openIMIS initiative. The copyright for the openIMIS software is held by the Swiss Agency for Development and Cooperation (SDC), and is licensed as open-source software using the AGPL3 licence. Details on the license can be found in: openIMIS Software License. The openIMIS initiative, to promote and streamline the further development of the software, is currently financed by the German Federal Ministry for Economic Cooperation and Development (BMZ) and the Swiss Agency for Development and Cooperation (SDC) and is managed by Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ).

...

openIMIS will collect and process the following data from you:Information that you provide us with.

  • Last Name, Other Names,

  • Address

  • Date Of Birth

  • ID number,

  • Phone, Fax, Email

  • Geo Location

  • Photo

We highly recommend and expect that the data entered in the openIMIS demo server is not the real personal data, but is fictional.

You are asked to provide us with information when you:

...

5. Recipient of your personal data

65.1 In order to provide and maintain the services, the data recipient are is the insurance scheme owner. Please check their privacy statement to know if your information is shared with third parties. The demo data of (s) who is managing the openIMIS server the mobile app is configured to connect to. By default, the mobile apps are configured to connect to the openIMIS demo server: https://demo.openimis.org are not shared and are . The data in this demo server is available to anyone accessing it, however, all data is erased every week.

6. How long we store your personal data

openIMSI will retain the above information for as long as is necessary to provide the Services to you or to resolve specific problems that may arise or as otherwise required by law or regulatory authorities. Certain retention periods for the processing activities concerned are set out above under 3.

If your personal information is used for two different purposes, openIMIS will retain this information until the purpose with the longer retention period no longer exists, but will not use it for the purpose with the shorter retention period once that period has expired.

openIMIS limits access to your personal information to those persons who need it for the relevant purpose(s).

openIMIS will retain any, including personal data, entered into the openIMIS demo server for a maximum period of one week.

7. Your rights

According to the basic data protection regulation (EU) 2016/679, you have various rights with regard to your personal data.

...

Verification: To verify your request, we will take reasonable steps, such as asking you to send us confirmation from the email address associated with your account so that we can verify that you are the owner of that email account. If no email address is associated with your account, we may ask you for a copy of your ID.
-Right to withdraw consent: You have the right to withdraw your consent at any time by notifying us by email to dpo@adacontact@openimis.comorg . A revocation of your consent does not affect the legality of the processing based on your consent up to the time of revocation.
-Right of objection: You have a right of objection under the conditions of Article 21 DSGVO. You will find more detailed information on this below:

  • Right of objection in case of processing based on legitimate interests: As a data subject, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you carried out pursuant to Article 6 (1) (e) or (f) FADP, including profiling based on these provisions. In the event of an objection for reasons arising from your particular situation, we shall no longer process the personal data concerned unless we can demonstrate compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing is for the purpose of asserting, exercising or defending legal claims.

  • Right to object to processing for statistical purposes: If we process your personal data for statistical purposes pursuant to Art. 9 (2)(j) GDPR, § 27 (1) BDSG, you have the right to object to such processing for reasons arising from your particular situation. In the event of such objection, we will no longer process the personal data concerned for this purpose, unless the processing is necessary for the performance of a task carried out in the public interest or if the discontinuation of the processing is likely to make the achievement of the statistical purposes impossible or seriously prejudice them and the continuation of the processing is necessary for the fulfilment of the statistical purposes.

  • Right to object to direct marketing: Where personal data are processed for the purpose of carrying out direct marketing activities, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing activities, including profiling, insofar as it relates to such direct marketing activities. In the event of an objection to processing for the purposes of direct marketing, we shall no longer process the personal data concerned for those purposes.
    To exercise your right of objection, you can contact us at any time by e-mail at dpo@adacontact@openimis.com.org
    -Right of access: As a data subject, you have a right of access under the conditions of Article 15 GDPR. This means in particular that you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you also have a right of access to this personal data and to the information listed in Article 15 (1) GDPR. This includes, for example, information about the purposes of the processing, the categories of personal data processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
    -Right to delete/"right to be forgotten": As a data subject, you have a right of deletion ("right to be forgotten") under the conditions laid down in Article 17 GDPR. This means that you are in principle entitled to demand that we delete personal data relating to you without delay and we are obliged to delete personal data without delay if one of the reasons listed in Article 17 (1) GDPR applies. You can do this at any time, for example, by deleting your account. If we have made the personal data public and we are obliged to delete them, we are also obliged, taking into account the available technology and the implementation costs, to take reasonable measures, including technical measures, to inform other data controllers who process the personal data that a data subject has requested that all links to these personal data or copies or replications of these personal data be deleted (Article 17 (2) GDPR). The right to erasure ("right to be forgotten") does not apply by way of exception if the processing is necessary for the reasons listed in Article 17 (3) FADP. This may be the case, for example, if the processing is necessary for the fulfilment of a legal obligation or for the assertion, exercise or defence of legal claims (Article 17 (3) (a) and (e) FADP).
    -Right to restrict processing: As a data subject, you have a right to restrict processing under the conditions of Article 18 GDPR. This means that you have the right to demand that we restrict processing if one of the conditions listed in Article 18 (1) GDPR is met. This may be the case, for example, if you dispute the accuracy of the personal data. In this case, the processing will be limited for a period of time that allows us to verify the accuracy of the personal data (Article 18 (1) (a) FADP). Restriction means the marking of stored personal data with the aim of restricting their future processing (Article 4 (3) GDPR).
    -Right to data transferability: As a data subject, you have a right to data transferability under the conditions laid down in Article 20 GDPR. This means that, in principle, you have the right to receive the personal data relating to you which you have provided us with in a structured, common and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and the processing is carried out by means of automated procedures (Article 20 (1) GDPR). In exercising your right to data transferability, you also have the right to request that personal data be transferred directly from us to another responsible party, insofar as this is technically feasible (Article 20 (2) FADP).
    -Right of rectification: As a data subject, you have a right of rectification under the conditions of Article 16 of the GDPR. This means in particular that you have the right to demand that we correct incorrect personal data relating to you without delay and complete incomplete personal data.
    -Right of appeal: As a data subject, you have the right to appeal to a supervisory authority under the conditions of Article 77 of the GDPR. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Friedrichstr. 219, 10969 Berlin, telephone: 030 13889-0; e-mail: mailbox@datenschutz-berlin.de).

...