The relevant sections:
Qualcomm Location periodically sends us a unique software ID, the location of your device (longitude, latitude and altitude, and its uncertainty) and nearby cellular towers and Wi-Fi hotspots, signal strength, and time (collectively, “Location Data”). As with any Internet communication, we also receive the IP address your device uses. We use Location Data, software IDs and IP addresses, and the other data we collect to help us protect, evaluate, and improve the performance of our systems.
…
To enhance system performance your software ID and IP address are associated with your Location Data for thirty days from receipt after which time it is permanently deleted. After removing IP addresses and software IDs, we aggregate the Location Data to create an anonymous database regarding the locations of cellular towers and WiFi access points.
So in short, Qualcomm tracks where every single Fairphone user (Or other user with Qualcomm hardware) has been in the last 30 days. They also record the location of all Wifi networks and Cellphone towers encountered within radio range to make a detailed map. And they log all IP addresses one had during that timespan.
Although Qualcomm does not “identify” these users, identification would be trivial for any 3rd party who either knows
- Who owned any of the involved IP address during any moment in the last 30 days that has been logged
- The location of the involved person during a sufficient subset of the location history to profile and statistically match (for example both home and work location, both of which might be public)
Assuming I do not agree to this data collection and storage, who do I need to send a DSGVO letter? I don’t remember agreeing to Qualcomm’s privacy policy directly. I think the phone only showed me Google’s privacy policy on first boot/setup.
Where’s the mandatory opt-in / opt-out? The Quallcomm page only mentiones opt-in/out for the QTR Statistics, not Location.