Last updated: May 20, 2026  |  Policy version: 2.0  |  App version: 6.3

In connection with your use of FFSO Mobile ("the App"), Falck A/S ("Falck") collects and processes certain personal data about you as data controller. In this Privacy Policy we describe our processing, use and disclosure of your personal data.

The App is an internal tool made available exclusively to Falck employees. It supports field employees in registering maintenance and prevention tasks and documenting on-site conditions during their assigned shifts. FFSO Mobile connects to the FFS-Operations web application as its back-end platform.

Please note: this Privacy Policy applies to the FFSO Mobile application only.

Company contact details can be found in section 9.

1. Why is Falck processing your personal data in connection with use of the App?

In order to provide you with access to the App and to support your operational activities as a Falck employee, Falck processes personal data about you for the following reasons:

  1. Authentication and personal account management
  2. Device registration and access control
  3. Assignment of shift context and task lists
  4. Task tracking and time registration
  5. Photo and barcode/QR registration as part of task documentation
  6. Location determination (on-demand, user-initiated)
  7. Technical support, application monitoring, and quality assurance
  8. Where relevant, in order to comply with legal obligations, such as:
    1. To secure the quality and IT security of Falck's processes and applications
    2. To comply with our obligations and your rights under data protection law, including the GDPR
    3. To defend or establish a legal claim
    4. To comply with applicable employment and occupational health and safety legislation
Read more about the purposes for which Falck uses your personal data

We collect and process personal data for the following specific purposes:

  1. To verify your identity and assign the correct shift context, so the App presents you with the task list relevant to your current shift
  2. To register and manage device bindings, ensuring that only authorised devices can access the App on behalf of an employee. A device must be activated using a time-limited activation code issued by a manager or authorised system before it can access the App.
  3. To register who is working on a given task, and to track start and end times for time registration purposes
  4. To record task completions, photos, and barcode/QR scan results as operational and compliance documentation
  5. To determine your location on demand where you initiate a location-related feature within the App
  6. To support fault diagnosis, technical maintenance, and improvement of the App through application logs and telemetry data
  7. To generate anonymised statistics and reports for the ongoing quality assurance and optimisation of operational processes
  8. To comply with any law, rule, regulation, legally binding provision, decision or directive from a supervisory authority, including but not limited to:
    1. Documentation requirements
    2. Compliance with basic principles for the processing of personal data and legal basis for processing
    3. Implementation and maintenance of technical and organisational security measures, including prevention of unauthorised access to systems and data, prevention of malicious code distribution, and mitigation of denial-of-service attacks
    4. Investigation of suspected or known security breaches and reporting of such breaches to individuals and authorities
    5. Processing and responding to requests and complaints from data subjects
    6. Handling of inspections and requests from supervisory authorities
    7. Management of disputes with data subjects and third parties

Your personal data will not be sold to third parties or used for advertising or marketing purposes.

When we collect personal data from you, it is necessary in order for Falck to provide you with access to the App and to support your operational activities. You are not obligated to provide personal data to us. If you do not provide personal data necessary for authentication and core use of the App, you will not be able to use the App. If you do not grant optional permissions such as location, camera, or gallery access, the App can still be used, but the related features will not function.


2. Which personal data does Falck process about you?

Falck exclusively processes personal data about you that is necessary to fulfil the purposes described in section 1. These personal data may, to the extent relevant, include the following categories:

  1. Name and employee ID
  2. Email address and username
  3. Device binding data (device name, platform, OS version, app version, activation code references, binding and revocation timestamps, IP address at activation)
  4. Authentication security data (failed authentication attempts, lockout status, last authenticated timestamp, device activation audit logs)
  5. Shift assignment and shift context
  6. Task records (assigned tasks, task status, start and completion times, participant presence)
  7. Time registration entries
  8. Photos and barcode/QR scan results captured during task execution
  9. Location data (precise GPS coordinates and approximate location, collected on demand via device sensors when you initiate a location feature)
  10. Device information (device model, operating system version, app version, network status — captured at device binding time)
  11. Technical and log data (error logs, action timestamps, application telemetry via Microsoft Application Insights, frontend diagnostic logs)
Read more about which personal data Falck processes about you

Device permissions used by the App

The App requests the following device permissions, each used solely for the purposes stated:

Permission Purpose
CAMERA Taking photos of on-site situations and scanning barcodes/QR codes as part of task documentation
READ_EXTERNAL_STORAGE Accessing photos from the device gallery when attaching them to task records (Android versions below API 33)
WRITE_EXTERNAL_STORAGE Saving photos locally to the device before upload (Android versions below API 33)
READ_MEDIA_IMAGES Accessing photos from the device gallery (Android API 33 and above)
ACCESS_FINE_LOCATION Precise GPS location for on-demand location features
ACCESS_COARSE_LOCATION Approximate location as a fallback where precise GPS is unavailable
INTERNET Synchronising data with FFSO Mobile services
ACCESS_NETWORK_STATE Detecting network connectivity to manage offline caching behaviour

On newer Android versions (API 33+), photo and media access is handled through READ_MEDIA_IMAGES instead of READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE. The App requests only the permissions necessary for your device's Android version.

You can manage camera and location permissions at any time through your device's settings. Denying these permissions will limit certain App features but will not prevent you from using the App.

Location data and location permissions

The App can determine your location (precise GPS and approximate) when you initiate a location-related feature (e.g., viewing your position on a map). Location is collected on demand only — the App does not continuously track your location in the background. The App can be used without location permission, but location-dependent features will not function. Location data is not used for employee tracking, advertising, or marketing.

Device information

Basic device information (device model, operating system version, app version, platform) is captured at the time of device binding (activation). This data is stored as part of your device registration record. Additional device telemetry (OS version, app version, device type) may also be captured by Microsoft Application Insights as part of automatic telemetry during app usage for the purposes of technical support and performance monitoring.

Authentication and security audit logs

To protect your account and ensure system security, the App records authentication events including: successful and failed login attempts, device activation and revocation events, lockout events, and the IP address used during device activation. These logs are used for security monitoring and are not used for employee tracking or performance evaluation.

Local data storage on your device

The App stores a local encrypted database (SQLite) on your device to support offline functionality. This cache contains shift and task data relevant to your current session. Images stored locally are encrypted using AES-GCM encryption, with encryption keys managed through the Android Keystore. The local cache is cleared upon session expiry, logout, or uninstallation of the App.

Categories of ordinary personal data:

  • Name and employee ID
  • Email address and username
  • Device binding data (device name, platform, activation codes, binding/revocation history, IP address)
  • Authentication security logs (events, timestamps, lockout data)
  • Shift assignment and task records
  • Time registration entries
  • Photos and scan results
  • Location data (on-demand precise and approximate GPS)
  • Device information and application log data

Categories of special types of personal data ("sensitive personal data"):

The App does not intentionally collect sensitive personal data. However, photos taken during task execution may in specific circumstances incidentally capture information relating to health and safety conditions or other sensitive matters on site. Such photos are processed exclusively for operational documentation purposes.


3. Data security

Falck prioritises the security of your personal data and implements appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure.

Local security on your device

  • The local SQLite database is encrypted using a 256-bit encryption key
  • Images are encrypted using AES-GCM encryption with unique initialisation vectors
  • Encryption keys are stored securely using the Android Keystore system
  • User authentication credentials (PIN-derived keys) are protected with PBKDF2 key derivation

Transmission security

  • All data transmitted between the App and Falck's back-end systems is encrypted using HTTPS/TLS
  • No cleartext (unencrypted HTTP) communication is permitted in production
  • Access to back-end systems is restricted to authorised personnel only

Cloud and server security

  • Photos and files are stored in Microsoft Azure Storage, which applies encryption at rest in accordance with Microsoft's security standards
  • Application logs and telemetry are processed in Microsoft Azure (Log Analytics and Application Insights)
  • The primary back-end database (SQL Server) is hosted on a secured, privately managed server

Device binding and access control

To use the App, your device must first be activated using a time-limited activation code provided by your manager or an authorised system. This activation code serves as the approval mechanism for device access. Each employee may have up to 5 active device bindings simultaneously. If a sixth device is activated, the least-recently-used binding is automatically revoked to maintain the limit.

Lost or stolen device

If your device is lost or stolen, report it immediately to your manager and IT support. Falck will revoke the device binding, preventing further access to App data from that device. If you have a second registered device, you may also revoke access to the lost device yourself through the App. All data stored locally on the lost device remains protected by encryption (AES-GCM with Android Keystore) and cannot be accessed without proper authentication.

Employment termination

When your employment with Falck ends, your App account is deactivated, preventing further login or access to the App. Local data on your device remains encrypted and will be cleared upon the next login attempt or uninstallation. Server-side data (task records, photos, device binding history) is retained in accordance with the retention periods described in section 4.

Data breach

In the event of a personal data breach affecting your data, Falck will notify the relevant supervisory authority within 72 hours where required by law. If the breach is likely to result in a high risk to your rights and freedoms, Falck will inform you without undue delay, describing the nature of the breach, likely consequences, and measures taken or proposed to address it.


4. On what basis and for how long is Falck allowed to process your personal data?

Before Falck is permitted to process your personal data for the purposes described in section 1, Falck must identify the legal basis for doing so, and define for how long your personal data will be stored.

In accordance with the GDPR, Falck uses the following legal bases to process your personal data:

  1. Performance of a contract (employment contract), art. 6(1)(b)
  2. Legal obligation, art. 6(1)(c)
  3. Legitimate interest, art. 6(1)(f)

The national legislation relied upon by Falck for the processing and storage of personal data includes:

  1. The Bookkeeping Act (Bogføringsloven)
  2. The Data Protection Act (Databeskyttelsesloven)
  3. The Limitation Act (Forældelsesloven)
  4. Applicable occupational health and safety legislation

Falck processes your personal data for as long as you are employed by Falck and for a period of up to 5 full calendar years thereafter, unless a shorter period applies as described below.

Read more about the basis and duration of Falck's processing of your personal data
  1. Compliance with legal obligations in specific cases — such as transfer of personal data to public authorities (including police) or other third parties in cases involving substantial public interest. Should such cases arise, you will be informed unless this is prohibited by law.
    • Retention and deletion criteria: Defined on the basis of the specific legislation applicable in the relevant case.
    • Legal basis: Varies depending on the specific case and circumstances.
  2. Legal documentation — such as documentation of the handling of a request from you, storage of data in connection with ongoing or anticipated legal proceedings, or investigation of a data breach.
    • Retention and deletion criteria: Retained only for as long as necessary to comply with the relevant obligation or to establish or defend a legal claim. As a general rule, 3 years.
    • Legal basis:
      • Ordinary personal data: Legal obligation, GDPR art. 6(1)(c).
      • Potential sensitive personal data: Legal claims, GDPR art. 9(2)(f).
  3. Authentication, shift and task management — account data, device binding records, shift context, task records, time registration entries, photos, and scan results.
    • Retention and deletion criteria: Task and operational data, including account data, device binding records (device name, activation code references, binding/revocation timestamps), shift context, task records, time registration entries, photos, and scan results are retained for the duration of employment and up to 5 full calendar years thereafter. Device binding history (including revoked bindings) is retained for the same period for security audit purposes. Photos stored in Azure Storage are property of the employer and retained for operational purposes. Local device data (SQLite cache and locally stored images) is retained until session expiry, logout, or uninstallation of the App.
    • Legal basis:
      • Ordinary personal data: Performance of the employment contract, GDPR art. 6(1)(b), and legitimate interest, GDPR art. 6(1)(f).
      • Falck's legitimate interest is based on its need to maintain accurate operational records, support compliance, and enable audit and quality assurance.
  4. Application logs and telemetry — log files on the application server, Azure Log Analytics, and Application Insights data.
    • Retention and deletion criteria: Retained for 180 days for troubleshooting and operational monitoring purposes, after which they are deleted or anonymised.
    • Legal basis: Legitimate interest, GDPR art. 6(1)(f). Falck's legitimate interest is based on its need to ensure the technical reliability and security of the App.
  5. Device information and authentication security logs — device model, OS version, app version, activation event logs, IP addresses at activation, authentication events.
    • Retention and deletion criteria: Retained for the duration of employment and up to 5 full calendar years thereafter.
    • Legal basis: Legitimate interest, GDPR art. 6(1)(f).
  6. Compliance with legal obligations relating to employment, health and safety, or operational record-keeping.
    • Retention and deletion criteria: For as long as required by applicable legislation.
    • Legal basis: Legal obligation, GDPR art. 6(1)(c).

Deletion requests

You may request deletion of your personal data by contacting krystian.gadomski@falck.com or dpo@falck.com. Deletion requests are processed within 30 days. Some data may be retained where required by law, employment obligations, or where the data constitutes employer-owned operational documentation (e.g., task photos).


5. Automated, individual decision-making

Your personal data is not used for automated, individual decision-making or profiling.


6. Who is Falck sharing your personal data with?

Falck will, to the extent necessary, share personal data about you with other recipients in order to operate the App and fulfil the purposes described in section 1.

We do not sell your personal data to third parties. Your data is not used for advertising or marketing purposes.

Falck shares your personal data with suppliers ("data processors") who process your personal data on the basis of instructions from Falck and under strict data processing agreements. These data processors are primarily located within the EU/EEA, but transfers to countries outside the EU/EEA may occur, as Falck uses Microsoft Azure cloud services with infrastructure and support functions that may be located outside the EU/EEA, including in the USA. In such cases, transfers are governed by EU Standard Contractual Clauses.

Read more about Falck's sharing of your personal data

Independent data controllers in specific cases

(e.g. public authorities including police, other individuals in exceptional circumstances)

  • Country: Varies depending on the specific case and circumstances
  • Purpose: Compliance with legal obligations where Falck is required by law to transfer data to public authorities or other controllers
  • Reference to relevant processing in section 4: items 1 and 2

Data processors — IT suppliers and cloud service providers

Supplier Service Location Purpose Transfer basis
Microsoft Azure Storage EU / USA Cloud storage for photos and files uploaded through the App EU Standard Contractual Clauses (a)
Microsoft Azure Log Analytics EU / USA Centralised aggregation of application log data EU Standard Contractual Clauses (a)
Microsoft Application Insights EU / USA Application telemetry and performance monitoring EU Standard Contractual Clauses (a)
Google Google Maps Platform EU / USA Map rendering and location display within the App EU Standard Contractual Clauses (a)
Falck / HCL On-premises VM (IIS, SQL Server) EU Hosts the Mobile API, Login App, and primary database N/A (on-premises within EU)

A full list of Microsoft's sub-processors and their locations is available at:
https://servicetrust.microsoft.com/ViewPage/TrustDocumentsV3

Legal basis for transfers to third countries:


7. Your rights

In connection with Falck's processing of your personal data, you have certain rights which you may exercise if you wish. You have, amongst other things, the right to:

  • Insight into and a copy of the personal data Falck processes about you
  • Within the limitations of the law, request that Falck deletes the personal data Falck processes about you
  • Correction of incorrect or incomplete personal data about you
  • Within the limitations of the law, restrict Falck's processing of personal data about you
  • Data portability
  • Object to Falck's processing of your personal data

Requests relating to your rights will be responded to within 30 days. You may exercise your rights by contacting krystian.gadomski@falck.com or dpo@falck.com.

In addition to the above, you have the right to lodge a complaint about Falck's processing of your personal data with the relevant national supervisory authority:

  • In Denmark: Datatilsynet — https://www.datatilsynet.dk/
  • For employees in other countries, you may also contact your local data protection supervisory authority.
Read more about your rights

Right of access

You have the right to receive a copy of all personal data Falck processes about you, free of charge and in a commonly used format.

Right to rectification

You have the right to have incorrect or incomplete personal data about you corrected or completed.

Right to erasure

You may request deletion by emailing krystian.gadomski@falck.com or dpo@falck.com. Deletion requests will be processed within 30 days. This right may be limited where Falck has a legal basis justifying continued processing, including employment obligations, legal claims, audit requirements, or where data constitutes employer-owned operational documentation. Deletion of your active App account is managed through Falck's employment and IT systems.

Right to restriction of processing

In certain circumstances you have the right to restrict Falck's processing of your personal data, meaning that Falck may only store — but not otherwise process — your data. This right may apply if the accuracy of the data is disputed, if you object to deletion, or if you object to processing.

Right to data portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format.

Right to object

You have the right to object to Falck's processing of your personal data. Falck may only continue processing if it can demonstrate a compelling legitimate basis, for example where processing is necessary to establish or defend a legal claim.


8. Children's privacy

The App is intended for use by Falck employees only and is not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If you believe that personal data relating to a child under 16 has been collected through the App, please contact us immediately at krystian.gadomski@falck.com or dpo@falck.com so that we can take appropriate action.


9. Contact details

If you have questions about the processing of your personal data, or if you wish to exercise your rights as described in section 7, please contact:

Krystian Gadomski
App Product Owner / Developer Contact
Falck Digital Technology Poland sp. z o.o. (on behalf of Falck A/S)
Email: krystian.gadomski@falck.com

We aim to respond to all enquiries within 30 days.

You may also contact Falck's Data Protection Officer at: dpo@falck.com

Falck A/S
Sydhavnsgade 18, 2450 København SV, Denmark
CVR: 16271241


10. Notifications of changes to this Privacy Policy

This Privacy Policy is updated from time to time to reflect changes in our practices, applicable legislation, or the technical setup of the App. The "last updated" date at the top of this document reflects the most recent revision.

Updates will be communicated via the App's Google Play Store listing.

Employees will be notified of material changes via the Google Play Store listing. If you have questions or concerns about an updated Privacy Policy, please contact the Data Protection Officer at dpo@falck.com.


11. Google Play Data Safety Summary

Data collected:

  • Location (precise and approximate, on-demand only) — Location display within the App
  • Photos — User-initiated task documentation and barcode/QR scanning
  • Personal info (name, email, employee ID) — Authentication and task assignment
  • Device binding data (device name, activation status) — Access control and security
  • App activity (task records, time registration) — Core functionality
  • App info and performance (crash logs, diagnostics) — App improvement
  • Device info (model, OS version, app version) — Technical support

Security:

  • Data encrypted in transit (HTTPS/TLS)
  • Data encrypted at rest (AES-GCM, encrypted SQLite)
  • Users can request data deletion (some data may be retained where required by law)
  • Data is not sold to third parties
  • Data is not used for advertising or marketing

Data sharing:

  • Microsoft Azure services are used as data processors under contract for cloud storage, logging, and analytics
  • Google Maps Platform is used for map rendering (location queries processed by Google)
  • Data may be transferred to the USA under EU Standard Contractual Clauses
  • No data is shared for advertising, marketing, or profiling purposes

Deletion:

  • Contact krystian.gadomski@falck.com or dpo@falck.com to request data access or deletion
  • Requests are processed within 30 days
  • Some data may be retained where required by law or operational obligations

12. Planned features (not yet active)

The following capabilities are planned for future versions of the App. This Privacy Policy will be updated (version 3.0) before these features are released:

  • Checklist completion and response storage — The App will support completing operational checklists as part of task execution, with responses stored on Falck's servers.

  • Background location collection during active shifts — The App may collect location data while running in the background during an active shift, for operational documentation purposes. This will require the ACCESS_BACKGROUND_LOCATION permission and a visible foreground notification.

  • Location data linked to task records — Location coordinates may be stored as part of task records on the server for operational documentation.

These features are not currently implemented and no data is currently collected for these purposes. The Google Play Data Safety declaration reflects only currently-active data collection.


13. Version history
Version Date App version Changes
1.0 May 20, 2026 Privacy Policy finalized and published.
2.0 May 20, 2026 6.3 Updated to reflect current implementation only. Added: authentication security logs, IP address at activation, Google Maps as sub-processor, READ_MEDIA_IMAGES permission (API 33+), participant presence data. Clarified: location is on-demand only (not background), device info captured at binding time, activation code serves as device approval mechanism, employment termination prevents login (automatic revocation of bindings pending implementation). Removed active claims for: checklist responses, background location, location linked to tasks (moved to Planned Features section 12).
3.0 TBD 6.4+ Will incorporate planned features from Section 12 once implemented. Reference: FFS_Operations_Privacy_Policy_FINAL.md