Preamble

This service (referred to as “app” below) is provided by

MELTEM WÄRMERÜCKGEWINNUNG GMBH & CO. KG
Am Hartholz 4
D-82239 Alling

Managing Director: Armin Reynartz
Tel.: +49 8141 36900
Email: info@meltem.com

(referred to as “we” or “us” below) as the controller as defined in the applicable data protection law.

Within the app we allow you to call up and display the following information:

control of heat recovery units and reporting on the status and ongoing operation of the heat recovery units. In particular, the app can be used to control the following settings: supply air temperature, extract air temperature, exhaust air temperature, outdoor air temperature, extract air humidity, supply air humidity, extract air CO2 level, volumetric flow rate of supply air, volumetric flow rate of extract air, time remaining until next filter change, unit operating period, unit error message, filter change required.

When you use the app, we process personal data about you. By personal data, we mean all information that relates to an identified or identifiable natural person. We believe it is important to protect your privacy when you use the app, so the following details are intended to inform you about which personal data we process when you use the app, and what we do with this data. We will also tell you about the legal basis for processing your data where such processing is required in order to protect our legitimate interests, and about our legitimate interests.

You can call up this privacy policy at any time by selecting the "Privacy policy" menu entry from the app.

Certain information is processed automatically whenever you use the app. We have set out below exactly which personal data is processed:

1.1     Information that is collected during download

When you download the app, certain essential information is sent to the App Store you used (e.g. Google Play or Apple App Store). In particular your user name, email address, the customer number of your account, the download time, payment details and the individual device ID may be processed. This data is processed exclusively by the App Store and is outside our sphere of influence.

1.2     Information that is collected automatically

When you use the app, we automatically collect certain data that is necessary for you to use the app. This includes: IP address.

This data is automatically sent to us, but is not stored, (1) so that we can make the service and the associated functions available to you; (2) so that we can improve the functions and performance features of the app and (3) to prevent and eliminate abuse and errors. This data processing is legitimate because (1) the processing is necessary so we can fulfil the contract between you as the data subject and us as defined in Art. 6 Para. 1 point b) GDPR concerning use of the app, or (2) we have a legitimate interest in guaranteeing the functionality and error-free operation of the app and providing a service that meets the needs of the market and interests which overrides your rights and interests concerning the protection of your personal data within the meaning of Art. 6 Para. 1 point f) GDPR.

1.3     Creation of a user account (registration) and logging in

When you create or log into a user account, we use your access data (user name, email address and password) to allow you to access and manage your user account (“mandatory information”). The mandatory information associated with registration is identified with an asterisk and you must enter it in order to conclude the usage agreement. You will not be able to create a user account if you do not provide this data.

All other details are optional.

We use the mandatory information to authenticate you when you log in and to respond to requests to reset your password. We process and use the data you enter during registration or login (1) to verify whether you are entitled to manage the user account; (2) to enforce the terms of service of the app and all associated rights and obligations, and (3) to make contact with you so that we can send you technical or legal notices, updates, security messages and other messages that may concern the management of your user account.

This data processing is legitimate because (1) the processing is necessary so we can fulfil the contract between you as the data subject and us as defined in Art. 6 Para. 1 point b) GDPR concerning use of the app, or (2) we have a legitimate interest in guaranteeing the functionality and error-free operation of the app which overrides your rights and interests concerning the protection of your personal data within the meaning of Art. 6 Para. 1 point f) GDPR.

1.4     Use of the app

You can enter, manage or edit various information, tasks or activities in the course of using the app. This information includes, in particular, data about the supply air temperature, extract air temperature, exhaust air temperature, outdoor air temperature, extract air humidity, supply air humidity, extract air CO2 level, volumetric flow rate of supply air, volumetric flow rate of extract air, time remaining until next filter change, unit operating period, unit error message, filter change required.

The app also requires the following permissions:

– Internet access: This is needed in order to save your input on our servers.

– Camera access: This is needed to allow you to scan QR codes.

Usage data is only processed and used in order to provide the service. This data processing is legitimate because the processing is necessary so we can fulfil the contract between you as the data subject and us as defined in Art. 6 Para. 1 point b) GDPR concerning use of the app.

Your personal data will not be passed on without your express prior consent, apart from the cases explicitly stated in this privacy policy, unless it is legally permitted or required. This may be the case if, for example, the processing is required in order to protect vital interests of the user or another natural person.

2.1     Personal data will be passed on to the law enforcement agencies or other authorities or to aggrieved third parties or their legal advisors, if appropriate, if it is necessary to clarify an unlawful or improper use of the app or for a prosecution. However, this will only be done if there are indications of unlawful or improper conduct. Data may also be passed on if it is necessary in order to enforce terms of service or other legal claims. We are also required by law to provide information to certain public bodies upon request. These are law enforcement agencies, agencies that pursue fine defaulters and the tax authorities.

Such passing on of personal data is legitimate because (1) the processing is necessary so we can fulfil a legal obligation to which we are subject under Art. 6 Para. 1 point c) GDPR concerning national statutory requirements to pass on data to law enforcement agencies, or (2) we have a legitimate interest in passing on the data to the specified third parties if there are indications of improper conduct or to enforce our terms of service, other conditions or legal claims which do not override your rights and interests concerning the protection of your personal data within the meaning of Art. 6 Para. 1 point f) GDPR.

2.2.    We are dependent on third party companies and external service providers in order to provide our service:

• Hosting service provider
• Cloud service provider

Any passing on of personal data is only legitimate if we have carefully selected and regularly checked our third party companies and external service providers as processors in association with Art. 28 Para. 1 GDPR and have contractually obliged them to process all personal data exclusively in accordance with our instructions.

We do not process any data in states outside the European Economic Area (“EEA”).

The security of your data is important to us, so your personal data is transferred using a secure SSL or TLS encryption/connection. TLS (Transport Layer Security) or the previous version SSL (Secure Socket Layer) is a protocol for encrypting data transfers on the Internet.

We also secure our systems using technical and organisational measures to prevent loss, destruction, access, modification or dissemination of your data by unauthorized persons. However, total protection against all risks is not possible, despite regular checks.

Your personal data will only be processed for purposes other than the described purpose if this is permitted by a statutory provision or you have consented to the change to the purpose of the data processing. If we need to further process your data for purposes other than the purpose for which the data was originally collected, we will inform you of these other purposes and make all the relevant information available to you before we further process the data.

We will delete or anonymise your personal delete as soon as it is no longer needed for the purposes for which we collected or used it in accordance with the above paragraphs. We will generally store your personal data for the duration of the usage or contractual relationship concerning the app, provided that this data is no longer needed for law enforcement or to secure, assert or enforce legal claims.

This shall not affect specific details in this privacy policy or statutory requirements concerning the retention and deletion of personal data, particularly data that we must retain for tax reasons.

7.1     Right to information

You have the right to obtain from us at any time upon request information about the personal data concerning you and processed by us to the extent defined in Art. 15 GDPR. You may send your request by post or email to the address shown below.

7.2     Right to rectification of incorrect data

You have the right to request that we immediately rectify any personal data concerning you if such data is incorrect. Please contact us using the contact addresses shown below.

7.3     Right to erasure

Subject to the conditions described in Art. 17 GDPR, you have the right to request that we erase the personal data concerning you. In particular, these conditions provide for a right to erasure if the personal data is no longer needed for the purposes for which it was collected or otherwise processed and in cases of unlawful processing, if there is an objection or if there is an obligation to erase in Union or Member State law to which we are subject. See Paragraph 5 of this privacy policy for more details about the data retention period. Please contact us using the contact addresses shown below to assert your right to erasure.

7.4     Right to restriction of processing

You have the right to request that we restrict the processing in accordance with Art. 18 GDPR. This right exists, in particular, if the accuracy of the personal data is contested between the user and us, for the period needed to verify the accuracy of the personal data, and in the event that the user has a right to erasure but requests that, rather than erasing the data, we restrict the processing instead; it also applies if the data is no longer required for the purposes of the processing, but the user requires it to assert, exercise or defend legal claims and if the successful exercise of an objection between us and the user is still disputed. Please contact us using the contact addresses shown below to assert your right to restriction of processing.

7.5     Right to data portability

You have the right to receive from us the personal data concerning you that you provided to us in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. Please contact us using the contact addresses shown below to assert your right to data portability.

You have the right to object in accordance with Art. 21 GDPR, for reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 Para. 1 point e) or f) GDPR. We will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is used to assert, exercise or defend legal claims.

You also have the right to take complaints to the competent supervisory authority. These are the Federal State Data Protection Officers; you will find your local contact at the following URL, for example: datenschutz.saarland.de/datenschutz/zustaendigkeiten/.

Please contact us if you have any questions or comments concerning the way we handle your personal data or would like to exercise the rights as a data subject specified in paragraphs 7 and 8 (see our contact details in the Preamble above) or use the following email address: dsgvo@meltem.com.

The appointed external company data protection officer is Mr Klaus Hintermayr, Pähler Str. 5a, 82399 Raisting, www.munker.info. You can contact our data protection officer at the above address or by email: ds@meltem.com.

We keep this privacy policy updated at all times. We therefore reserve the right to change it from time to time and to incorporate changes into the collection, processing or use of your data. You can call up the current version of the privacy policy at any time under “Privacy policy” in the app.

Version dated: 20.02.2020