1) Scope and Roles
This policy explains the principles for the processing of personnel data within the scope of the Momento PDKS Mobile app.
Momento PDKS Mobile is a self-service mobile app that enables authorized users to view, on mobile devices, the data stored in the institution’s database and made available to personnel by the institution.
In this service, the relevant institution is the data controller. Veridizayn acts as the service provider on behalf of the institution.
Data may be processed and stored in the relevant institution’s systems or in infrastructures operated on behalf of the institution.
2) Account Management and Authentication
- There is no in-app account creation. Accounts are created and managed by the institution.
- Sign-in is performed using the user credentials defined by the institution.
For security purposes, user identity and session activities may be written to technical logs.
If the user chooses, login credentials can be stored on the device.
3) Types of Data Collected / Processed
Within the scope of the app, data stored in the relevant institution’s database and made accessible to personnel by the institution may be processed.
The categories of processed data may vary depending on the institution’s usage scenario and the personnel data made available through the app.
Such data may include identity, profile, contact, leave, payroll, department, announcement and similar institutional data related to personnel processes.
Location data is not processed. Camera, gallery, contacts and push notification permissions are not used.
- Identity and profile data
- Contact data
- Leave and personnel-process-related data
- Payroll and similar employment-related records
- Announcements and informational content published by the institution
- Technical data: app version, device and operating system information, IP address or device identifiers
4) Purpose of Use
Processed data is used for displaying, presenting and, where technically necessary, transferring the personnel data stored in the institution’s database and made accessible by the institution on mobile devices.
Data may also be processed for authentication, session management, access authorization, security logging, troubleshooting, support and ensuring the secure and continuous operation of the app.
In its first version, the app mainly provides viewing and tracking functions.
5) Payroll and File Processing
Payroll documents are displayed in the app as PDFs.
Payroll files are made available for viewing without being downloaded by the app into the device’s general file storage.
6) Data Sharing and Processors
Personal data displayed through the app is primarily made available by the relevant institution. Within the scope of service delivery, data may be processed by Veridizayn and by infrastructure, hosting, maintenance or support providers acting on behalf of the institution or Veridizayn, only to the extent necessary for operating, securing and supporting the service.
Such processing is carried out within the limits of the contractual relationship, applicable legislation and the institution’s instructions. Data is not made publicly available through the app.
7) Retention and Deletion
Personnel data made available through the app is retained in line with the relevant institution’s retention rules, operational needs and applicable legal obligations.
Technical logs and security records may be retained for a limited period for security, audit, troubleshooting and support purposes, unless a longer retention period is required by law or by the institution’s documented retention policy.
When the relevant retention period expires or the processing purpose ends, data is deleted, destroyed, anonymized or otherwise handled in accordance with the applicable process defined by the institution and relevant legislation.
8) Security Measures
Appropriate technical and organizational measures may be used to protect data processed within the app, including access controls, authentication controls, authorization checks, logging, secure communication layers and operational safeguards appropriate to the service.
Despite reasonable measures, no internet-based service can guarantee absolute security. For this reason, users should protect their devices, keep their credentials confidential and notify their institution if they suspect unauthorized access.
9) Data Subject Requests and Contact
Because the relevant institution acts as the data controller for personnel data made available through the app, requests relating to access, correction, deletion, restriction, objection or similar rights should primarily be directed to the relevant institution through its authorized internal channels.
For technical issues related to the app, users may use the support and contact channels published on the relevant product pages.
10) Policy Updates
This policy may be updated in line with changes in legal requirements, the service model or technical features of the app. The current version is published on this page with its latest update date.