CGI Privacy Information Notice for Door James

The protection of data is very important to us. We would like to inform you below about the collection of your personal data by CGI. This translation is for your courtesy. In case of any deviations, the German text is prevailing.:

Who is responsible for data processing and how to reach out to the Data Protection Officer?

Responsible for the data processing is

CGI Deutschland B.V. & Co. KG („CGI“, „us“, „we“)
Leinfelder Straße 60
70771 Leinfelden-Echterdingen
Germany

T +49 711 72846-0 | F +49 711 72846-846.

Details of the data protection

CGI Deutschland B.V. & Co. KG
Data Protection Officer
Leinfelder Straße 60
70771 Leinfelden-Echterdingen
Germany

E-Mail: datenschutz.de@cgi.com

Which personal data is collected?

When using Door James, we process the following personal data: 

• Master data, such as your first and last name 
• Contact details, such as your e-mail address 
• Profile picture
• The table or room identifier of your reservations 
• Other details as part of the reservations, such as your booking times and check-in and check-out timestamps 
• GPS location data derived from your mobile device, which triggers automated check-in/check-out process without storing the GPS location in the app or transferring your location data with any third party
• Other details as part of the complaints process, such as user generated images
• IP addresses

For what purposes and on what legal basis are data processed?

Door James enables reservation and check-in to bookable resources by employees to introduce a hybrid work culture at sites. In addition, Door James offers a digital process for inviting and registering visitors as well as event participants. Users have the ability to enable automatic check-in and check-out features triggered by GPS location data from their mobile devices.

Users have the ability to upload images as part of the complaints process within Door James. These images are used specifically to document issues in office locations, enabling efficient and targeted facility management processes. 

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and in accordance with our Privacy Policy. 

• Employees: Door James enables reservation and check-in to bookable resources by employees to introduce a hybrid work culture at sites. The authorization to process personal employee data results from § 26 para. 1 BDSG or rather section 6 para. 1 sentence 1 lit. f) GDPR ("Legitimate Interest of the Controller") as well as the concluded general and local Works Councils Agreements. 
• Visitors: Door James manages access to the locations and only grants authorized visitors and event participants to access to the office and logs timestamps, when entering or leaving the location. CGI has a legitimate interest to collect and process the personal data of visitors pursuant to Art. 6 (1) sentence 1 lit. f GDPR. 

If we as the controller intend to process your personal data for a purpose other than that for which the personal data was collected, we will provide you with information about that other purpose and any 
other relevant information prior to such further processing.

How long will your data be retained? 

• Employees: All personal data of employees will be automatically anonymized after up to two days. For recurring appointments, the respective last check-in at CGI is considered the start of the two-day retention period. 
• Visitors: All personal data is automatically deleted one year after it has been recorded at CGI.

Who gets access to your data? 

Within our group of companies, only authorized persons have access to your personal data, for example to monitor compliance with the specified office occupancy policy (location managers, reception) or to administrate the application (administrators). Outside our company, personal data is processed by our service providers Mongodb Limited (Dublin, Ireland) for the provision of the database, Twilio Inc. (San Francisco, USA) for e-mail delivery, and Google Commerce Limited (Dublin, Ireland) for hosting. As a result, some of your personal data may also be processed outside the EU. The data transfer takes place on the basis of the concluded Data Processing Agreements according to Art. 28 GDPR as well as further suitable guarantees Art. 44 ff  GDPR and is flanked by additional contractual security measures in order to consider the requirements of the ruling of the European Court of Justice from July 2020 (Schrems II). Further information, in particular on supplementary measures to achieve a level of data protection that complies with the GDPR, can be found on the pages of the processors: https://cloud.google.com/privacy/gdpr; https://www.twilio.com/legal/data-protection-addendum; https://www.mongodb.com/cloud/trust/compliance/gdpr.

Nevertheless, it cannot be ruled out in individual cases that the transmitted data may be viewed and processed by local U.S. authorities in exceptional cases due to official orders - possibly even without  your and/or our knowledge. Should we become aware of such processing, we will inform you immediately, insofar as we are permitted to do so.

What rights can you exercise as a data subject? 

As a data subject, you have the right to obtain information about the personal data concerning you, as well as the right to have inaccurate data corrected or to have it deleted, provided that one of the reasons stated in Art. 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued. There is also the right to restriction of processing if one of the conditions specified in Art. 18 GDPR is present and in the cases of Art. 20 GDPR the right to data portability. 

To execute your data subject’s rights, you can contact us by e-mail to: datenschutz.de@cgi.com or in writing to: CGI Deutschland B.V. & Co. KG, Leinfelder Straße 60, 70771 Leinfelden-Echterdingen, Germany. 

You have the right to lodge a complaint with a data protection supervisory authority against the processing of your personal data if you feel that your rights under the GDPR have been violated. The competent supervisory authority for CGI is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).

Stand: 9.4.2024

CGI Datenschutzhinweis für Door James