The MoWeSta web application, the mobile applications and the associated service collect and process your data in order to perform their functions. In addition to general usage data, this also includes personal data, such as your name and email address, which you use for your account or the location of your device if you want to collect data to improve the weather forecast.
Version and change history
Version 1 – Released March 15, 2020
Responsible and contact
Responsible within the meaning of the General Data Protection Regulation (GDPR) §4 (7) is Dr. Marcus Handte. If you have any questions or comments about this statement, please contact us at:
University of Duisburg-Essen
Networked Embedded Systems
Dr. Marcus Handte
What data is collected and for what purpose?
- Data that you give us: To use all functions of the MoWeSta applications, you can open an account. For this we ask you for your name, your email address, an account name and a secret password. We use the email address and your name to contact you and to offer you automatic functions such as resetting your password via your email account. We use your account name and password to authorize access to your account. To avoid unauthorized access, you must keep your password secret.
In addition, the MoWeSta applications allow you to manage your favorite places. If you use this function, we will save the list of your favorite places you have created and link it to your account.
The processing of the data is necessary for the implementation of the respective functions of the service and is carried out on the basis of GDPR §6 (a) with your consent.
- Data on the use of the service: Both the web application and the mobile application communicate with the service via the HTTPS protocol. With every interaction we save the connection and request data such as the time of the request, the current IP address of the requesting party, the retrieved URL and the parameters contained in the request as well as the duration and results of the request. The purpose of this recording is the (possibly subsequent) detection, analysis and fight against attacks by automatic mechanisms as well as the correction of program errors and the improvement of the function and performance of the service and the applications. Accordingly, the data is recorded in accordance with GDPR §6 (f) .
- Data on your mobile device: If you are using the mobile application on your mobile device for the first time, we ask you to register the device. When registering, we collect and save device-specific data, such as the manufacturer and the device model. We will display this data in the web application if you link your mobile device to an account. The aim of the acquisition is to correct device-specific errors and to improve the function and performance of the service and the applications. Accordingly, the data is recorded in accordance with GDPR §6 (f) .
In order to be able to clearly identify your mobile device at a later point in time, we assign a random but unique number for each device when registering. From now on, this number will be sent to the service every time the device requests it. This prevents another device from changing your data. This identification is necessary for the implementation of the service and is based on GDPR §6 (a) .
In addition, as part of some inquiries, we provide the version of the mobile application that you have installed on your device. The purpose of this recording is to correct errors in the mobile applications and within the service implementation as well as the statistical analysis of the versions of the mobile applications used. For this reason, the recording is based on GDPR §6 (f) .
- Data about your location and device status: With the help of MoWeSta we would like to realize a comprehensive recording of weather data by mobile devices. The aim of this recording is to improve the weather forecasts of the Deutsche Wetterdienst. To achieve this goal, the mobile MoWeSta applications enable you to automatically collect data about your location and your current device status.
If you activate the automatic data collection in a mobile application, the application determines your location and other data about the status of your mobile device at regular intervals. The data collected depends on the type of device, as not all data can be recorded by all devices.
If possible, the mobile application for iOS records the air pressure in addition to your location. The mobile application for Android also records, if possible, the ambient temperature, the battery temperature, the processor temperature, the clock frequency of the processor, the status of the screen (off or on) and whether the battery is currently being charged. With the help of the recorded data, we try to estimate the outside temperature and the air pressure at your location. If you link your device to an account, you can view and delete the recorded and calculated data via the web application.
If you do not activate the collection, this data will not be recorded either. Accordingly, the processing of your location data takes place only with your consent and on the basis of GDPR §6 (a) .
What are the alternatives and how do they work?
- Use with and without an account: You can use the mobile MoWeSta applications and the web application with and without an account. If you use the applications without an account, you cannot save your favorite places. You can also take part in the data collection and call up weather information without an account. However, you will then not be able to access your data, as we cannot identify and authorize you without an account.
- Use with and without data acquisition: The mobile MoWeSta applications enable you to automatically collect data about your location and the condition of your mobile device. With this data, we want to record the outside temperature and air pressure across the board in order to ultimately improve the weather forecasts of the Deutsche Wetterdienst. You can turn data acquisition on and off in the mobile applications at any time. If you link your device to your account, you can view and delete the data collected.
Where is the data stored and processed?
The data is currently stored and processed exclusively on servers in Germany at the University of Duisburg-Essen.
Who will the data be passed on to?
- Employees of the Deutsche Wetterdienst: We pass on the data collected from your devices to the Deutsche Wetterdienst in anonymized form. The aim here is the statistical evaluation of the data and the improvement of the weather forecasts through large-scale measurements of the air pressure and the outside temperature.
- Scientists from the University of Duisburg-Essen: We also pass on the data you collect in anonymized form to scientists from the University of Duisburg-Essen. The aim here is the static evaluation of the data and the improvement of the calculation models for deriving outside temperatures based on the device status.
- Authorized bodies: If we are legally obliged (e.g. by a valid court order) to hand over data to an authorized body, we will pass on your data to such a body and inform you (if this is legally and technically possible) about the handover.
How long will the data be saved?
The storage period depends on the type and use of the data. Data on the use of the service is usually overwritten by regular rotation after a few days. This time can increase in individual cases (e.g. when analyzing past attacks). We keep data about your account, your favorite places and your recorded weather data until you delete them.
Regardless of the type of data, we try to keep the storage time short. However, we strive to operate the service in a way that protects the data of all users from system failures and willful damage by third parties. That is why we use regular backups and delay irrevocable deletion processes for a certain period of time (usually a few days). Due to these measures, unused data or data released for deletion may not be deleted immediately by our computer and security systems.
What rights can be asserted?
Your rights are described in detail in Chapter 3 of the GDPR and your rights are not affected by this data protection declaration. Your rights include the
- Right to confirmation and information (GDPR §15), right to correction (GDPR §16) and right to deletion (GDPR §17): You have the right to free information about your stored personal data, origin at any time within the scope of the applicable legal provisions the data, its recipients and the purpose of the data processing and, if necessary, a right to correct, block or delete this data. In this regard, please contact the person responsible mentioned above.
- Right to restriction of processing (GDPR §18), right to object to processing (GDPR §21) and right to revoke data protection consent (GDPR §7): Some data processing operations are only possible with your express consent. A revocation of the consent already given is possible at any time. An informal notification by email is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
- Right to data transferability (GDPR §20): You have the right to have data that we process automatically handed over to you or to third parties. It is provided in a machine-readable format. Also note that you can export your data in CSV format yourself at any time via the web application. If you request the direct transfer of the data to another person responsible, this will only take place if this is technically feasible.
- Right to lodge a complaint with a supervisory authority (GDPR §77): As the person concerned, you have the right to lodge a complaint with the responsible supervisory authority in the event of a data protection violation. The responsible supervisory authority for data protection issues is the state data protection officer of the state of North Rhine-Westphalia. You can find the contact details of the data protection officer here .
If you have any questions, concerns or requests for information, please contact the person responsible mentioned above.
Information on online dispute resolution
According to Art. 14 Para. 1 ODR-VO (EU Regulation No. 524/2013), the EU Commission provides an internet platform for the online settlement of disputes (so-called „OS platform“). The OS platform serves as a point of contact for extrajudicial settlement of disputes. You can reach the OS platform via this link .