Privacy Policy for Apps
A. Preface
We, KEUCO GmbH & Co. KG, (hereinafter jointly referred to as “the company”, “we” or “us”) take the protection of your personal data seriously and would like to inform you about data protection in our company.
As part of our data protection responsibility, the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) has imposed additional obligations on us to ensure the protection of the personal data of the data subject (we also refer to you as a data subject as “customer”, “user”, “you”, “your” or “data subject” in the following).
Insofar as we decide on the purposes and means of data processing either alone or together with others, this includes in particular the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and Art. 14 GDPR). With this declaration (hereinafter: “Data Protection Notice”), we inform you about how we process your personal data.
B. General information
1. Definitions
Following the example of Art. 4 GDPR, these data protection notices are based on the following definitions:
– “Personal data” (Art. 4(1) GDPR) is all information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, an online identifier, location data or using information on their physical, physiological, genetic, psychological, economic, cultural or social identity characteristics. Identifiability may also be provided by means of a link between such information or other additional knowledge. It does not matter how the information is produced, in what form or in what form (photos, videos or sound recordings may also contain personal data).
– “Processing” (Art. 4 (2) GDPR) is any process in which personal data is handled, whether with or without the help of automated (i.e. technically assisted) processes. This includes in particular the collection (i.e. procurement), recording, organisation, ordering, Saving, adapting or changing, reading out, querying, the use, disclosure by transmission, dissemination or other provision, reconciliation, the linking, restriction, deletion or destruction of personal data as well as the modification of a purpose or purpose on which data processing was originally based.
– “Controller” (Article 4(7) GDPR) is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of the processing of personal data.
– “Third party” (Art. 4(10) GDPR) means any natural or legal person, authority, institution or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor; this includes other legal persons belonging to the group.
– “Processor” (Art. 4 (8) GDPR) means a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with its instructions (e.g. IT service provider). In particular, a processor is not a third party in the sense of data protection law.
– “Consent” (Article 4(11) GDPR) of the data subject means any voluntary, informed and unambiguous declaration of intent in the form of a declaration or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of the personal data concerning him or her.
2. Amendment of the privacy policy
(1) As part of the further development of data protection law as well as technological or organisational changes, our data protection notices are regularly reviewed for the need to adapt or supplement them. You will be notified of any changes.
(2) This data protection notice is valid as of January 2022.
3. No obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you first providing us with personal data. As a customer, there is generally no legal or contractual obligation for you to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent or not at all if you do not provide the data required for this. If this should exceptionally be the case in the context of the products presented below that we offer, you will be informed of this separately.
C. Information about the processing of your data
1. The collection of personal data about you
(1) When you use our app, we collect personal data about you.
(2) Personal data is any data relating to you (see above under General). For example, your name, location data, IP address, device identifier, the SIM card number, your address and e-mail address for personal data, your fingerprint, pictures, Films, audio recordings, but also your user behaviour fall into this category.
2. Legal basis for data processing
(1) By law, in principle, any processing of personal data is prohibited and only permitted if the data processing falls under one of the following justifications:
– Art. 6 para. 1 p. 1 lit. a GDPR ("Consent"): If the data subject has voluntarily, informedly and unambiguously indicated by a declaration or other unambiguous affirmative act that he or she consents to the processing of the personal data concerning him or her for one or more specific purposes;
– Art. 6 para. 1 S. 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures carried out at the request of the data subject;
– Art. 6 para. 1 S. 1 lit. c GDPR: If the processing is necessary to fulfil a legal obligation to which the controller is subject (e.g. a statutory retention obligation);
– Art. 6 para. 1 S. 1 lit. d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
– Art. 6 para. 1 S. 1 lit. e GDPR: If the processing is necessary for the performance of a task in the public interest or in the exercise of public authority entrusted to the controller, or
– Art. 6 para. 1 p. 1 lit. f GDPR ("Legitimate Interests"): If the processing is necessary for the protection of the legitimate interests (in particular legal or economic) of the controller or a third party, unless the conflicting interests or rights of the data subject override (in particular if the data subject is a minor).
(2) We specify the applicable legal basis for the processing operations we carry out below. Processing may also be based on several legal bases.
3. The data collected during the download
(1) When you download this app, certain data required for this purpose about you will be transmitted to the corresponding app store (e.g. Apple App Store or Google Play).
(2) In particular, the email address, user name, customer number of the downloading account, the individual device code, payment information and the time of the download are transmitted to the App Store.
(3) We have no influence on the collection and processing of this data; it is carried out exclusively by the App Store you have selected. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store.
4. Data collected during use
(1) We can only necessarily provide you with the benefits of our app if certain personal data required for the operation of the app is collected when you use us.
(2) We only collect this data if this is necessary for the performance of the contract between you and us (Art. 6 para. 1 lit. b GDPR). We also collect this data if this is necessary for the functionality of the app and your interest in the protection of your personal data does not override (Art. 6 para. 1 lit. f GDPR).
(3) We collect and process the following data from you:
– Device information: Access data includes the IP address, device ID, device type, device-specific settings and app settings as well as app properties, the date and time of the retrieval, the time zone of the transferred data volume and the message whether the data exchange was complete, app crash, Browser and operating system. These access data are processed to enable the technical operation of the app.
– Information with your consent: We process other information if you allow us to do so. The user must authorise the use of Bluetooth and location data. In addition, the BLE (Bluetooth Low Energy) data is processed for communication with the sensor. Without your consent, the use of the app may be restricted.
5. Data retention period
(1) We delete your personal data as soon as it is no longer necessary for the purposes for which we collected or used it. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app. Your data is generally only stored on our servers in Germany, subject to any transfer in accordance with the provisions in F. 1., and 2..
(2) However, storage may take place beyond the specified period in the event of a (threatening) legal dispute with you or other legal proceedings.
(3) Third parties engaged by us (see F. 1.) will store your data on their systems for as long as necessary in connection with the provision of the service for us in accordance with the respective order.
(4) Legal requirements for the storage and deletion of personal data remain unaffected by the above (e.g. Section 257 HGB or Section 147 AO). If the retention period prescribed by the legal regulations expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.
6. Data security
(1) We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties, taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including their probability and effects) for the data subject. Our security measures are continually improved in line with technological developments.
(2) For more information, please contact us. Please contact our data protection officer.
7. No automated decision-making (including profiling)
We do not intend to use personal data collected from you for automated decision-making (including profiling).
8. Change of purpose
(1) Your personal data will only be processed for purposes other than those described insofar as this is permitted by law or you have consented to the changed purpose of data processing.
(2) In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before further processing and provide you with any other relevant information.
D. Responsibility for your data and contacts
1. Responsible person and contact details
(1) We are the controller for the processing of your personal data within the meaning of Article 4(7) GDPR
KEUCO GmbH & Co. KG
Oesestr. 36
58675 Hemer
Telephone: +49 2372,904 0
E-Mail: info@keuco.de
(2) Our company data protection officer is available at any time to answer any questions you may have and to act as a contact person for us on the subject of data protection. Their contact details are:
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
When contacting the data protection officer, please state the company to which your request relates. Please refrain from attaching sensitive information such as a copy of your ID to your request.
(3) In particular, you should contact this contact point if you wish to assert the rights to which you are entitled as explained in Section G.
(4) If you have any further questions or comments about the collection and processing of your personal data, please also contact the aforementioned contacts.
2. Data collection when making contact
(1) If you contact us by e-mail or via a contact form, we will store your e-mail address, name and any other personal data that you have provided in the course of contacting us so that we can contact you to answer the question.
(2) We delete this data as soon as it is no longer required to be stored. If there are legal retention periods, the data will remain stored, but we will restrict the processing.
F. Processing of data by third parties
1. Recipient
(1) It is possible that commissioned service providers are used for individual functions of our app. As with any larger company, we also use external domestic and foreign service providers to handle our business (e.g. for IT, logistics, telecommunications, sales and marketing). These are only acting in accordance with our instructions and have been contractually obliged to comply with the data protection provisions pursuant to Art. 28 GDPR.
(2) The following categories of recipients, who are usually processors, may have access to your personal data:
– Service providers for the operation of our app and the processing of data stored or transmitted by the systems (e.g. IT security). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f GDPR, insofar as they are not processors;
– Government bodies/authorities, insofar as this is necessary to fulfil a legal obligation. The legal basis for this is Art. 6 para. 1 S. 1 lit. c GDPR.
– Persons employed to conduct our business operations (e.g. auditors, banks, insurance companies, legal advisers, supervisory authorities, parties involved in corporate acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f GDPR.
(3) In addition, we will only pass on your personal data to third parties if, pursuant to Art. 6 para. 1 p. 1 lit. a GDPR have given your express consent to this.
(4) If personal data is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this takes place on the basis of existing order processing relationships.
2. Legal obligation to transmit certain data
Under certain circumstances, we may be subject to a special legal or legal obligation to provide the lawfully processed personal data to third parties, in particular public authorities (Art. 6 para. 1 p. 1 lit. c GDPR).
G. Your Rights
1. Right of access
(1) You have the right to obtain information about your personal data within the scope of Art. 15 GDPR.
(2) This requires a request from you, which must be sent either by e-mail or by post to the addresses specified above.
2. Right to object to data processing and withdraw consent
(1) Pursuant to Article 21 GDPR, you have the right to object to the processing of personal data concerning you at any time. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims (objection pursuant to Art. 21 para. 1 GDPR).
(2) Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your consent given once (also before the GDPR came into force, i.e. before 25 May 2018) - i.e. your voluntary, informed and unambiguous will made clear by a declaration or other clear affirmative action that you consent to the processing of the personal data in question for one or more specific purposes - at any time, if you have given such consent. As a result, we may no longer continue the data processing based on this consent in the future.
(3) In this regard, please contact the contact point specified above.
Information, rectification and deletion
(1) Insofar as personal data concerning you is incorrect, you have the right to demand that we rectify it without delay in accordance with Article 16 GDPR. If you have a request in this regard, please contact the contact point specified above.
(2) Under the conditions set out in Article 17 GDPR, you have the right to request the erasure of personal data concerning you. If you have a request in this regard, please contact the contact point specified above. In particular, you have the right to erasure if the data in question is no longer necessary for the purposes of collection or processing, if the data retention period has expired, if there is an objection or if there is unlawful processing.
Right to restriction of processing
(1) For the duration of the examination, you have the right to request the restriction of the processing of your personal data.
(2) If you have a request in this regard, please contact the contact point specified above.
(3) In particular, you have the right to restrict processing if the accuracy of the personal data is disputed between you and us; in this case, you have the right for a period of time required to verify the accuracy. The same applies if the successful exercise of a right to object is still disputed between you and us. You are also entitled to this right in particular if you are entitled to erasure and request restricted processing instead of erasure.
5. Right to data portability
(1) Pursuant to Art. 20 GDPR, you have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format as required.
(2) If you have a request in this regard, please contact the contact point specified above.
6. Right to lodge a complaint with the supervisory authority
(1) Pursuant to Article 77 GDPR, you have the right to lodge a complaint about the collection and processing of your personal data with the competent supervisory authority.
(2) You can contact the competent supervisory authority at the following contact details: State Officer for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, Germany, e-mail: poststelle@ldi.nrw.de.