Privacy Policy

Privacy Policy for Apps

A. Preface

We, KEUCO GmbH & Co. KG, (hereinafter jointly: "the Company", "we" or "us") are serious about protecting your personal data and, in the following, we wish to provide you with information about how we protect data in our Company.

As part of our data protection responsibility, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") aimed at the protection of the personal data of data subjects whose data is processed (in the following, we shall refer to you as the data subject also using terms such as as "customer", "user” or "you").

Insofar as we determine the purposes and means of data processing, either alone or jointly with others, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration and legal basis for the processing (see Articles 13 and 14 of the GDPR). By publishing this statement (hereinafter: "Privacy Policy"), we wish to inform you about how we process your personal data.

B. General information

1. Definitions

This Privacy Policy uses the following terms based on the definitions set out in Article 4 of the GDPR:

– “Personal data” (Article 4 No. 1 of the GDPR) means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or to information about their physical, physiological, genetic, mental, economic, cultural or social identity. The natural person may also be identified through combining such information or based on additional knowledge. The origin of the information, as well as its form or embodiment is irrelevant (photos, video or sound recordings can also contain personal data).

– "Processing" (Article 4 No. 2 of the GDPR) means any process in which personal data is handled, whether or not by automated (i.e. technology-assisted) means. In particular, this includes collection (i.e. acquisition), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data as well as changing the objective or purpose of processing on which the processing of such data was originally based.

– "Controller” (Article 4 No. 7 of the GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

– "Third party” (Article 4 No. 10 of the GDPR) means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; this shall also include other corporate legal entities.

– "Processor” (Article 4 No. 8 of the GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with their instructions (e.g. IT service providers). In accordance with data protection law, a processor shall not be understood to be a third party.

– “Consent” (Article 4 No. 11 of the GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;

2. Changes to the Privacy Policy

(1) As part of the further development of data protection law and following technological or organisational changes, our Privacy Policy is regularly checked and adjusted or supplemented as required. You will be informed of any changes.

(2) This Privacy Policy is dated January 2022.

3. No obligation to provide personal data

We do not make the conclusion of contracts with us conditional on you providing us with personal data beforehand. In principle, there is no legal or contractual obligation for you as a customer to provide us with your personal data; however, we may not be able to provide certain offers, or our provision of such offers may be limited, if you do not provide the required data. If this should exceptionally be the case in respect of the products offered by us and presented below, you will be informed of this separately.

C. Information about the processing of your data

1. The collection of your personal data

(1) When you use our app, we collect personal data about you.

(2) Personal data shall be understood as all data that relates to your person (see above under “General information”). For example, your name, location data, IP address, the device ID, SIM card number, address and e-mail address are personal data, as are your fingerprints, pictures, films, audio recordings, and also your user behaviour.

2. Legal basis for data processing

(1) In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following categories:

– Article 6 para. 1 (a) of the GDPR (“Consent”): Where the data subject has given free, informed and unambiguous indication of their wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them for one or more specific purposes;

– Article 6 para. 1 (b) of the GDPR: Where the processing is necessary for the performance of a contract to which the data subject is party or is required for the implementation of pre-contractual measures taken at the request of the data subject;

– Article 6 para. 1 (c) of the GDPR: Where the processing is necessary for the purposes of compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);

– Article 6 para. 1 (d) of the GDPR: Where the processing is necessary in order to protect the vital interests of the data subject or of another natural person;

– Article 6 para. 1 (e) of the GDPR: Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

– Article 6 para. 1 (f) of the GDPR (“Legitimate interests”): Where the processing is necessary to safeguard the legitimate (in particular legal or economic) interests of the controller or a third party, provided that these are not overridden by conflicting interests or rights of the data subject (especially where the data subject is a minor).

(2) In the following, we state the legal basis for the processing operations we undertake. Processing can also be based on several legal foundations.

3. Data collected during download

(1) When you download this app, certain required data about your identity will be transmitted to the relevant app store (e.g. Apple App Store or Google Play).

(2) In particular, your e-mail address, user name, customer number of the downloading account, the individual device code, payment information and the time of the download will be transmitted to the app store when you download the app.

(3) We have no influence on the collection and processing of this data; this is done exclusively by the app store you have selected. Accordingly, we are not responsible for this collection and processing; the respective app store itself shall be solely responsible for such collection and processing.

4. Data collected during use

(1) We can only make the advantages of our app available to you if we collect certain data about you that is necessary for the operation of the app during your use.

(2) We only collect such data if it is necessary for the performance of the contract concluded between you and us (Article 6 para. 1 (b) of the GDPR). Furthermore, we collect such data if it is necessary for ensuring the functionality of the app, unless this is overridden by your interest in the protection of your personal data (Article 6 para. 1 (f) of the GDPR).

(3) We collect and process the following data from you:

– Device information: The access data includes the IP address, device ID, device type, device-specific settings and app settings as well as app properties, the date and time of retrieval, time zone, the amount of data transferred and notification on whether the data exchange was complete, instances of app crashes, browser type and operating system. This access data is processed in order to technically enable the operation of the app.

– Information based on your consent: We will only process other information if you allow us to do so. The user must authorise the use of Bluetooth and location data. In addition, the BLE data (Bluetooth Low Energy) is processed for communication with the sensor. If consent is not granted, the usability of the app may be limited.

5. Data retention period

(1) We erase your personal data as soon as it is no longer required for the purposes for which we collected or used it. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app. In principle, your data is only stored on our servers in Germany, subject to a possible transfer according to the regulations set out in F.1. and 2.

(2) However, data may continue to be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings.

(3) Third parties used by us (see F.1.) will store your data on their systems for as long as it is necessary in connection with the provision of the service on our behalf in accordance with the respective contract.

(4) Legal requirements regarding the storage and erasure of personal data shall remain unaffected by the above (e.g. Article 257 of the German Commercial Code or Article 147 of the German Tax Code). Upon expiry of the storage period prescribed by the statutory provisions, the personal data will be blocked or erased, unless further storage by us is necessary and we have a legal basis for doing so.

6. Data security

(1) We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties, taking into account the state of the art, the implementation costs and the nature and scope, the context and the purpose of the processing as well as the existing risks of a data breach (including its probability and effects) for the data subject. Our security measures are continuously improved in line with technological developments.

(2) Upon request, we will be happy to provide you with more detailed information on this. To obtain such information, please contact our Data Protection Officer.

7. No automated decision-making (including profiling)

We do not intend to use any personal information collected from you in any automated decision-making (including profiling).

8. Change of purpose

(1) Your personal data will only be processed for purposes other than those described, where this is permitted by law or if you have given your consent for the changed purpose of the data processing.

(2) In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before undertaking further processing and provide you with all other relevant information.

D. Responsibility for your data, contact details

1. Controller and contact details

(1) We are the controller of the processing of your personal data as defined in Article 4 No. 7 of the GDPR. Our details are as follows:

KEUCO GmbH & Co. KG

Oesestr. 36

58675 Hemer

Tel: +49 2372 904 0

E-mail: info@keuco.de

(2) Our company Data Protection Officer is available at any time to answer all questions you may have and to serve as a contact person on the subject of data protection in our Company. Their contact details are as follows:

Aulinger Datenschutz & Consulting GmbH

Dr Ralf Heine

Frankenstraße 348

45133 Essen

Tel: +49 (0) 201 9598662

E-mail: info@aulinger-dc.eu

(3) Please contact our Data Protection Officer if you wish to assert the rights to which you are entitled and which are explained in Chapter G against us.

(4) You are also encouraged to get in touch with the aforementioned contacts if you have any further questions or comments about the collection and processing of your personal data.

2. Data collected when you contact us

(1) If you contact us by e-mail or via a contact form, your e-mail address, name and all other personal data that you provide when contacting us will be stored by us to enable us to contact you and answer your query.

(2) We erase this data as soon as its storage is no longer necessary. Where statutory retention periods apply, the data will remain stored, but we will restrict its processing.

F. Data processing by third parties

1. Recipients

(1) We may commission service providers to perform individual functions of our app. Just like any other larger company, we also use external domestic and foreign service providers to handle our business transactions (e.g. for the areas of IT, logistics, telecommunications, sales and marketing). These only act according to our instructions and have been contractually obliged to comply with the data protection regulations in accordance with Article 28 of the GDPR.

(2) The following categories of recipients, who are usually processors, may have access to your personal data:

– Service providers for the operation of our app and the processing of the data stored or transmitted by the systems (e.g. IT security). In this case, the legal basis for the transfer is Article 6 para. 1 (b) or (f) of the GDPR, unless the service provider is a processor;

– State bodies/authorities, insofar as this is necessary to comply with a legal obligation. In this case, the legal basis for the transfer is Article 6 para. 1 (c) of the GDPR.

– Individuals used to conduct our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). In this case, the legal basis for the transfer is Article 6 para. 1 (b) or (f) of the GDPR.

(3) In all other cases, we will only transfer your personal data to third parties if you have given your express consent to this in accordance with Article 6 para. 1 (a) of the GDPR.

(4) Where we transfer your personal data to our subsidiaries or where such data is transferred to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing contracts.

2. Legal obligation to transmit certain data

Under certain circumstances, we may be subject to a special statutory or legal obligation to make lawfully processed personal data available to third parties, in particular public bodies (Article 6 para. 1 (c) of the GDPR).

G. Your rights

1. Right to information

(1) Within the scope of Article 15 of the GDPR, you have the right to receive information about your personal data.

(2) This requires a request, which must be sent either by e-mail or by post to the addresses stated above.

2. Right to object to data processing, withdrawal of consent

(1) In accordance with Article 21 of the GDPR, you have the right to object at any time to the processing of your personal data. We will no longer process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

(2) In accordance with Article 7 para. 3 of the GDPR, you have the right to withdraw your previously granted consent (where such consent has been granted, even if granted prior to the GDPR coming into effect, i.e. before 25 May 2018), where consent shall be understood as your freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you for one or more specific purposes. As a result, in future, we will no longer be allowed to continue the data processing based on this consent.

(3) For this purpose, please contact the contact person indicated above.

3. Right to rectification and erasure

(1) Insofar as any personal data concerning you is inaccurate, you have the right to demand that we immediately rectify such data in accordance with Article 16 of the GDPR. (3) To request rectification, please contact the contact person indicated above.

(2) Subject to the conditions set out in Article 17 of the GDPR, you have the right to request the erasure of personal data concerning you. (3) To request erasure, please contact the contact person indicated above. In particular, you have the right to erasure if the data in question is no longer necessary for the purposes for which it was collected or processed, if the data storage period has expired, if there is an objection, or if the processing is unlawful.

4. Right to restriction of processing

(1) In accordance with Article 18 of the GDPR, you have the right to demand that we restrict the processing of your personal data.

(2) To request restriction of processing, please contact the contact person indicated above.

(3) You have the right to restriction of processing in particular if the accuracy of the personal data is disputed between you and us; in this case, you shall have the right to restriction of procession for a period of time that is required to verify the accuracy of the data concerned. The same shall apply if there is a dispute between you and us as to whether a right to objection was exercised successfully. You shall also be entitled to this right, in particular, where you are entitled to erasure and, instead of erasure, you request restriction of processing.

5. Right to data portability

(1) In accordance with Article 20 of the GDPR, you have the right to receive from us the personal data that you have provided to us in a structured, common, machine-readable format as required.

(2) To request this, please contact the contact person indicated above.

6. Right to lodge a complaint with a supervisory authority

(1) In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a competent supervisory authority in respect of the collection and processing of your personal data.

(2) You can reach the competent supervisory authority by using the following contact details: The North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information, Kavalleriestr. 2-4, 40213 Düsseldorf, E-mail: poststelle@ldi.nrw.de.