Privacy policy for the SOLID app

1. Responsible party

SOLID S.A. (hereinafter “we”) is the controller within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data in connection with the use of the SOLID app.

2. Purpose and scope

This privacy policy provides information about the nature, scope, and purpose of the processing of personal data when using our mobile application “SOLID app.” The app is intended exclusively for internal employees and serves to provide digital support for internal processes, in particular the “Daily Reports (Construction)” and “Intranet” modules.

3. Provision and use of the app

The app is publicly available via the Apple App Store and the Google Play Store. Once installed, it can only be used by registered employees who have a corresponding login. Authentication is performed via an internal single sign-on server (Keycloak) hosted by SOLID S.A.

4. Personal data processed

When using the app, the following personal data may be processed:

• Name
• Private email address (transmitted technically, but not displayed)
• User profile picture
• Target working hours per weekday
• Device ID (for the use of push notifications)
• IP address of the device (for each server request)
• Timestamp (e.g., creation and modification times of daily reports)

This data is used exclusively for the provision of app functions. It is not evaluated for analysis or advertising purposes.

5. App functions and permissions

The app only uses certain functions and permissions of the device if they are necessary for the respective purpose:

• Camera: for taking profile pictures and scanning QR codes for system configuration.
• Photos/media library: for uploading an existing profile picture.
• Location (optional): for retrieving weather data via the OpenWeatherMap service (only if location sharing is enabled).
• Push notifications: for information about new content in the intranet module.

The microphone, contacts, or other device data are not used.

6. Data sources and interfaces

The app receives project and employee data (including data from subcontractors) from the internal systems HIT-Office (FICOS) and Pay-In (Intecsoft). No data is transferred to other systems.

7. Recipients and data transfer

Personal data is not transferred to third parties.

Exceptions:

• Apple APNS (Apple Push Notification Service) and Google Firebase for the delivery of push notifications. These do not contain any personal data.
• OpenWeatherMap (https://openweathermap.org) when the location function is activated – only location coordinates are transmitted.

Data from internal clients (“SOLID S.A. Development,” “SOLID S.A. Production”) remains exclusively within SOLID S.A. The separate client “DEMO Production” contains only test data and is used for technical verification by Apple and Google.

8. Storage and deletion of data

The data is stored on the servers of SOLID S.A. in Luxembourg. Data is not stored in external cloud services.

Automatic deletion or anonymization is not currently implemented. When an employee leaves the company, the user is deactivated; their entries (e.g., in daily reports) are retained to ensure the traceability of work processes.

9. Security of processing

All data transfers between the app and servers are encrypted (SSL/TLS). Access to the system is only possible via valid user accounts. Optionally, two-factor authentication (2FA) can be set up via Google Authenticator.

The initial system configuration is done via an individual system name and an associated key.

10. Logging and analysis

The app stores technical log files locally on the device and on the servers to ensure operation. No analysis is carried out via third-party providers (e.g., Google Analytics).

11. Legal basis for processing

Personal data is processed on the basis of Art. 6 (1) lit. b GDPR (fulfillment of a contractual relationship or employment contract obligations) and Art. 6 (1) lit. f GDPR (legitimate interest in efficient, digital process handling within the company).

12. Rights of data subjects

As a user of the app, you have the following rights under the GDPR:

• Right to information about the data processed (Article 15 GDPR)
• Right to rectification of inaccurate data (Article 16 GDPR)
• Right to erasure (“right to be forgotten”) (Article 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)

To exercise these rights, simply send an informal message to info@solid.lu.

13. Changes to this privacy policy

We reserve the right to update this privacy policy in the event of changes to the app or legal requirements. The current version is available within the app and on our website.

14. Status

October 2025