Product-related privacy policy

With the SecureLogin - CAS & SmartWe app we provide you with a digitally sovereign app for 2-factor authentication (2FA). Protect your account from unwanted access by adding an extra level of security.

After your CRM manager enables 2-factor authentication (2FA), you can also add your mobile device to 2-factor authentication (2FA).  During the registration process, the app and the CRM system exchange a shared secret. From this point on, every logon is secured using the app.  

SecureLogin - CAS & SmartWe stands for digital sovereignty - only the most necessary data is collected and stored exclusively in encrypted form in the secure area of your app.  The app never accesses your contacts or location.  And most importantly, your data is not uploaded anywhere.

 

A note on different hosting options

SecureLogin - CAS & SmartWe can currently be used for the following two CRM systems. However, these differ in terms of the storage and processing of data related to the logon process:

  1. CAS genesisWorld - As the customer, you decide where the hosting takes place. Regardless of whether you host the system on your premises or with a third party, the data is processed exclusively there. As the manufacturer, we do not have direct access to these servers, but merely provide the software.
  2. SmartWe - SmartWe is hosted by SmartWe World AG on digitally sovereign servers. There, the storage and processing of the data takes place according to the digitally sovereign standard that we founded and to which we are committed.

For further simplification, we use the term "CRM system" in the following to refer to the two systems mentioned above.  Should there be further differences beyond those mentioned in the following section of this document, these will be explained as and when necessary. 

 

Manufacturer of the app:

CAS Software AG

CAS-Weg 1-5

76131 Karlsruhe

represented by CEO Martin Hubschneider.

 

Installing the app

When downloading the app, the information necessary for downloading is transmitted to the app store you have selected. You can learn which information is transmitted in the terms of use of the respective Apple, Google, and Microsoft app stores. We do not control and are not responsible for this data collection.

We do not further process or save the data that is collected.

 

Required permissions

If in use, the app requires the following permissions solely for the following purposes:

  • Network connection
    To use the service, SecureLogin - CAS & SmartWe requires access to the Authentication Server via the network connection.
  • Device ID
    The device ID is used in the app stores for anonymous statistics

Optionally, the app requires the following permissions:

  • Photo camera
    The camera is used to scan the QR code for system registration.

If you decline the optional permissions, you will not be able to use the app for the first registration of your account. The camera is used exclusively for the purposes of registration.You can grant or decline the permissions in the settings later on. If you allow access to this data and functionality, SecureLogin - CAS & SmartWe will only access it, if it is required to ensure that the functionality is provided.

 

Required data for using the app

No registration data is required to use SecureLogin - CAS & SmartWe.

During registration, the following data is exchanged between the SecureLogin - CAS & SmartWe and the CRM system in encrypted form.

  • Information on the user (Use name, User ID and Tenant or Server)
  • CRM system
  • Shared secret
  • Information on algorithms used
  • Address of the Authentication Server
  • Device ID generated by the Authentication Server
  • Device type and operating system

During your logon the following data is exchanged in encrypted form.

  • User information (User ID and Tenant or Server)
  • Operating system
  • Time of logon
  • A one-time password with restricted validity

 

Personal data

After the registration between the SecureLogin - CAS & SmartWe and the CRM system is complete, a shared secret is saved to the secure area of the SecureLogin - CAS & SmartWe.

During the registration between the SecureLogin - CAS & SmartWe and the CRM system the following data is processed.

  • Information on the user (Use name, User ID and Tenant or Server)

 

Data transmission to third parties

The data stored in the SecureLogin - CAS & SmartWe remain in the secure area of the app and are not transferred to third parties.

 

Feedback functions

Log files and crash reports are not saved or used.   

 

Communication channels

If you wish to contact CAS Software AG, send an e-mail to info@cas.de.

 

Contact data: data protection officer

Thomas Heimhalt (External data protection officer)

DATENSCHUTZ perfect e. K.

E-Mail: E-Mail: datenschutz@cas.de

 

Changes or adjustments to the privacy statement

The privacy statement is currently valid and dated 22.06.2023.

Due to legal changes, or the further development of our app, or the implementation of new technology, it might be necessary to adjust this privacy statement to current circumstances. Only the privacy statement which can be accessed at the time of your visit is valid.