Safecity
https://safecity.eu
Privacy
1 – Have users given permission to process data and know that it is necessary for the purpose for which the app is used?
Yes
2 – Which categories of personal data do you process?
Only common data
3 – Do you use content data for further processing?
No
4 – Do you provide information to your users about how all data is processed by you?
No
5 – Do you provide information to your users about any other purposes of data processing than for the original purposes?
No
6 – Can the user easily view his / her data?
Yes, and can customize and remove the data
7 – Have you appointed a DPO (Data Protection Officer)?
Yes, altough we don’t meet the conditions under art. 37
8 – Have you duly authorised your employees to process personal data?
Yes
9 – Have you duly regulated your relation with data processors through a Data Processing Agreement, a Data Pro Code, or a Data Pro Statement?
We do not work with (external) data processors
10 – Please select which data subject rights mentioned below you are able to comply with. ?
Right of access
11 – How do you inform end-users when making changes to privacy policy, or to how collect, use or disclose personal information.
We inform users in advance about updates to your app’s privacy policy., We give users reasonable time to provide feedback before we implement changes., We tell users exactly what rules we are changing so they don’t have to compare the new and old policies to understand what’s happening.
12 – Do you have procedures in place to take action on requests or complaints from users about damage or influence that violate their rights (eg Helpdesk, dedicated email boxes)?
Yes
13 – Can the user withdraw consent in the same way that it was given?
Yes
14 – What different personal aspects do you use for the functioning of your App in the data processing of your users?
We do not process users’ personal data
15 – Do you use user data to analyze, evaluate, predict and / or profile personal aspects with automated decision-making techniques?
Yes, this is necessary for the functioning of the app, within the national legal frameworks and only if the user has given permission for this.
16 – What steps do you take to ensure that the data is processed lawfully, fairly and in a transparent manner in relation to the data subject?
We set the privacy settings as the most protective by default., We notified your users of the default privacy settings and how to change them., We use a plain and clear language in privacy settings, they are easy to find, and user-friendly.
17 – Have you carried out any DPIA (Privacy Impact Assessments (PIAs) & Data Protection Impact Assessments (DPIAs)?
No, it was not necessary
18 – Are appropriate technical and organizational measures taken to ensure and demonstrate that the processing is in accordance with the GDPR?
Yes, annualy
Rating Privacy
72
Data processing
1 – Do you process personal data on a large scale? (more then 5000 persons)
Yes, GDPR Compliant
2 – How long do you retain user’s personal data, after last use?
Max. 3 months
3 – What do you do with the data once it is no longer needed for the purpose for which it was obtained or after the retention period has expired?
We pseudonymise the data so that it is no longer identifiable
4 – When deleting data of a user, is the metadata also removed?
Yes
5 – Is your organization responsible for the processing, management and storage of the data?
No, we have engaged another organisation
6 – If you transfer the personal data to third parties, are the transfers within EU or outside EU?
Outside EU adopting one of the measures set forth by Chapter V GDPR
7 – Is any personal data disclosed to or accessible by any third parties outside your entity?
Yes without processing agreement (DPIA)
8 – Is the user’s personal information visible to other users of the app?
No
9 – Are the user’s messages / posts visible to other users?
Only for people the user has selected
10 – Are the user’s mWhere is the user’s data stored?
User’s Device
11 – At Cloud Storage. What type of service do you offer?
Software as a Service (SAAS)
12 – In what format do you store the data?
Ciphertext
13 – Do you use scramble techniques for encrypting?
Yes, we use SHA-3
14 – How often has a data breach occurred in your organization in the past 5 years?
Never, we have a prevention framework for data breaches.
15 – Is your app certified for ISO/IEC-25000?
Yes
16 – What security measures have you taken regarding data processing?
Technical and organisational measures
17 – What categories of geolocation data do you store?
Traffic Data +Location Data
18 – What steps have you taken to ensure that the data is accurate and up-to-date?
The accuracy and quality of the data is periodically checked.
Rating Data processing:
79
Technology
1 – How often per year do you test the security of your app and make adjustments if necessary?
We regularly perform security tests.
2 – Does your developmentteam use a password policy?
Yes, otherwise
3 – Which of the following principles applies to how privacy by design is implemented in your organization?
Prevention is better than cure, Privacy is the standard, Integrating data protection and security in the design, Visibility and transparency and respect for the privacy of the data subject
4 – Are the algorithms used by you on your App developed in a predictable and verifiable manner?
Yes, we explain the rules behind the algorithm
5 – Are you asking the user for permission to use sensors on the user’s smartphone?
Yes, only for those sensors that are necessary for the app to function.
6 – Do you (automatically) analyze server (security) logs?
Yes, with scripts
7 – Do you install cookies on user’s devices?
Yes, First Party Cookies
8 – Which protocol do you use between the app and the server?
http
9 – Does your application use logs with changes and updates on the device the app is running on?
Yes
10 – How do you protect against data caching?
{t10:104}
11 – Do you use third party tracking tools like FB pixels, Google analytics and others?
Yes
12 – Can you provide 99,97% uptime and service guarantee?
Yes
13 – Has your application been tested and functional on low bandwidth? (2G)
No, available from 3G
14 – Has a bug hunting ever been conducted to see if your data can be hacked? If yes how long ago
Yes, less then 1 year ago
15 – How frequently is your app updated?
We provide continious improvement
16 – How do you prevent reverse engineering?
We use obfusication
17 – Have third party components, that use external communication been used in your software?
Yes, we use Software Composition Analysis (SCA) tools while selecting the components.
18 – Which tests did you perform to guarantee the security of the app during development?
We perform Static Application Security Testing (SAST) during development, We automated Interactive Application Security Testing (IAST) as a search engine for vulnerabilities
Rating Technology
65
Functionality
1 – Do users have to identify themselves when logging in and where is the authentication stored?
No, they don’t have to identify themselves
2 – Do you validate inputs of the users?
Yes, we work with fixed fields.
3 – Do you use any advertising agency plugin on your application/website to deliver tailor made advertisements to your users?
Yes, but not without the user’s permission
4 – Are you able to measure users abandonment rate per month?
Yes
5 – Do yDoes your App look and function similarly across multiple platforms like iOS, android and windows?
Yes
6 – How do you describe the navigation in your App?
Easy, with conventional buttons
7 – What data do you use for the functionality and ethetics of your app?
We use the data of the user supplemented by data available on the smartphone.
8 – In which languages is your app available?
All international languages
9 – Is a supportdesk/helpdesk available?
Yes, accessible on working days
10 – How can a user send issues with your App?
Text, Pictures, Video, Speach
11 – How long is your App in use?
More then 1 year
12 – How many active users does your App have?
More then 100.000
13 – Have end-users had a say in the design of this app?
No
14 – How does the process go when a user reports an incident?
An operational center verifies the report before passing it on or off.
15 – Is the GPS location data shared with local government / law enforcement agencies?
Yes
16 – Can other users see the notification of a user?
Yes
17 – Does the user receive a message that his report has arrived correctly?
Yes
18 – Does the user receive a message that his report has been processed?
Yes
Rating Functionality
73
Ethical
1 – Can users enter an emotional dimension in a report or message?
Yes
2 – Does your app deal with vulnerable population or sensitive topics?
Yes, we secure store this data
3 – Does your app monitor and record the behaviour of the user?
No
4 – Can users give their opinion in the app about certain topics or about other users?
No
5 – Is the personal data used for profiling individuals or to score them on a scale?
Only to score on a scale
6 – Will the processing activity include a systematic and extensive evaluation of personal aspects based on automated decision-making?
Yes
7 – Is your App linked (automatically) to a news site or social media?
Yes, that is known to the users
8 – Do you do financial business with the data?
Yes, we sell data for research, marketers, product owners or other third parties
9 – What steps are you taking to ensure that the data is processed in a transparent manner? Indicate all that apply.
We use a clear and plain language in the information you provide to our users., We notify our users about who is using/collecting their data., We provide our users with the ability to report concerns or problems.
10 – How often do you conduct a satisfaction survey among your users?
Yearly
11 – What privacy matters do you have contact with the user when using the app?
How long we will keep the personal information that the app collects
12 – What do you do after a breach of privacy?
We will restore security as soon as possible
13 – Have you developed your App using the “Hooked” method?
Yes
14 – How many times do you review whether the data if it still relevant as your product progresses?
Never, not needed we have a minimum of data
Rating Ethical
55
Integrity
1 – How can you describe your organisation related to the app / IOT device?
Developer
2 – What kind of organisation are you:
Governmental
3 – How many employees has your organisation?
More then 100
4 – Do you use integrity tests for pre-employment screening?
Yes
5 – Is your work environments free from unlawful discrimination, harassment or violence?
We respect the human rights of your employees and others in your business operations and your activities
6 – Has your organisation developed and marketed multiple apps?
Yes
7 – What is the app’s revenue model?
In-app advertising
8 – How does this app / IOT device contribute to your turnover?
More then 50%
9 – Is the source code of your app placed with a neutral authority to ensure that if something happens to your company, the app can be used further?
Yes
10 – Does your organization have this ISO certification?
ISO-9001, ISO-9001, ISO-27001
11 – What actions do you take to prevent corruption?
An audit is performed by a third party every year., An audit is performed by a third party every year., All decisions and adjustments are made by more than one person., We have a training programme for all employees and directors, All external organisations (agents, suppliers) have to apply our anti-corruption code., Accepting gifts and facilitating travel or events are prohibited.
12 – Does your organization follow the guidelines and take the right actions to the United Nations Human Rights Program? (no slavery, no child labor)
Yes
13 – Do you have policies to reduce and/or offset CO2 emissions?
Yes
14 – How does your organisation indicate good employership / citizenschip?
We have written our own moral code.
Rating Integrity:
72