This service (referred to as “app” below) is provided by
MELTEM WÄRMERÜCKGEWINNUNG GMBH & CO. KG
Am Hartholz 4
Managing Director: Armin Reynartz
Tel.: +49 8141 36900
(referred to as “we” or “us” below) as the controller as defined in the applicable data protection law.
Within the app we allow you to call up and display the following information:
control of heat recovery units and reporting on the status and ongoing operation of the heat recovery units. In particular, the app can be used to control the following settings: supply air temperature, extract air temperature, exhaust air temperature, outdoor air temperature, extract air humidity, supply air humidity, extract air CO2 level, volumetric flow rate of supply air, volumetric flow rate of extract air, time remaining until next filter change, unit operating period, unit error message, filter change required.
When you use the app, we process personal data about you. By personal data, we mean all information that relates to an identified or identifiable natural person. We believe it is important to protect your privacy when you use the app, so the following details are intended to inform you about which personal data we process when you use the app, and what we do with this data. We will also tell you about the legal basis for processing your data where such processing is required in order to protect our legitimate interests, and about our legitimate interests.
1. Information about the processing of your data
Certain information is processed automatically whenever you use the app. We have set out below exactly which personal data is processed:
1.1 Information that is collected during download
When you download the app, certain essential information is sent to the App Store you used (e.g. Google Play or Apple App Store). In particular your user name, email address, the customer number of your account, the download time, payment details and the individual device ID may be processed. This data is processed exclusively by the App Store and is outside our sphere of influence.
1.2 Information that is collected automatically
When you use the app, we automatically collect certain data that is necessary for you to use the app. This includes: IP address.
This data is automatically sent to us, but is not stored, (1) so that we can make the service and the associated functions available to you; (2) so that we can improve the functions and performance features of the app and (3) to prevent and eliminate abuse and errors. This data processing is legitimate because (1) the processing is necessary so we can fulfil the contract between you as the data subject and us as defined in Art. 6 Para. 1 point b) GDPR concerning use of the app, or (2) we have a legitimate interest in guaranteeing the functionality and error-free operation of the app and providing a service that meets the needs of the market and interests which overrides your rights and interests concerning the protection of your personal data within the meaning of Art. 6 Para. 1 point f) GDPR.
1.3 Creation of a user account (registration) and logging in
When you create or log into a user account, we use your access data (user name, email address and password) to allow you to access and manage your user account (“mandatory information”). The mandatory information associated with registration is identified with an asterisk and you must enter it in order to conclude the usage agreement. You will not be able to create a user account if you do not provide this data.
All other details are optional.
We use the mandatory information to authenticate you when you log in and to respond to requests to reset your password. We process and use the data you enter during registration or login (1) to verify whether you are entitled to manage the user account; (2) to enforce the terms of service of the app and all associated rights and obligations, and (3) to make contact with you so that we can send you technical or legal notices, updates, security messages and other messages that may concern the management of your user account.
This data processing is legitimate because (1) the processing is necessary so we can fulfil the contract between you as the data subject and us as defined in Art. 6 Para. 1 point b) GDPR concerning use of the app, or (2) we have a legitimate interest in guaranteeing the functionality and error-free operation of the app which overrides your rights and interests concerning the protection of your personal data within the meaning of Art. 6 Para. 1 point f) GDPR.
1.4 Use of the app
You can enter, manage or edit various information, tasks or activities in the course of using the app. This information includes, in particular, data about the supply air temperature, extract air temperature, exhaust air temperature, outdoor air temperature, extract air humidity, supply air humidity, extract air CO2 level, volumetric flow rate of supply air, volumetric flow rate of extract air, time remaining until next filter change, unit operating period, unit error message, filter change required.
The app also requires the following permissions:
– Internet access: This is needed in order to save your input on our servers.
– Camera access: This is needed to allow you to scan QR codes.
Usage data is only processed and used in order to provide the service. This data processing is legitimate because the processing is necessary so we can fulfil the contract between you as the data subject and us as defined in Art. 6 Para. 1 point b) GDPR concerning use of the app.
2. Passing on and transfer of data
2.1 Personal data will be passed on to the law enforcement agencies or other authorities or to aggrieved third parties or their legal advisors, if appropriate, if it is necessary to clarify an unlawful or improper use of the app or for a prosecution. However, this will only be done if there are indications of unlawful or improper conduct. Data may also be passed on if it is necessary in order to enforce terms of service or other legal claims. We are also required by law to provide information to certain public bodies upon request. These are law enforcement agencies, agencies that pursue fine defaulters and the tax authorities.
Such passing on of personal data is legitimate because (1) the processing is necessary so we can fulfil a legal obligation to which we are subject under Art. 6 Para. 1 point c) GDPR concerning national statutory requirements to pass on data to law enforcement agencies, or (2) we have a legitimate interest in passing on the data to the specified third parties if there are indications of improper conduct or to enforce our terms of service, other conditions or legal claims which do not override your rights and interests concerning the protection of your personal data within the meaning of Art. 6 Para. 1 point f) GDPR.
2.2. We are dependent on third party companies and external service providers in order to provide our service:
- Hosting service provider
- Cloud service provider
Any passing on of personal data is only legitimate if we have carefully selected and regularly checked our third party companies and external service providers as processors in association with Art. 28 Para. 1 GDPR and have contractually obliged them to process all personal data exclusively in accordance with our instructions.
3. Data transfers to third countries
We do not process any data in states outside the European Economic Area (“EEA”).
4. Data security
The security of your data is important to us, so your personal data is transferred using a secure SSL or TLS encryption/connection. TLS (Transport Layer Security) or the previous version SSL (Secure Socket Layer) is a protocol for encrypting data transfers on the Internet.
We also secure our systems using technical and organisational measures to prevent loss, destruction, access, modification or dissemination of your data by unauthorized persons. However, total protection against all risks is not possible, despite regular checks.
5. Changes of purpose
Your personal data will only be processed for purposes other than the described purpose if this is permitted by a statutory provision or you have consented to the change to the purpose of the data processing. If we need to further process your data for purposes other than the purpose for which the data was originally collected, we will inform you of these other purposes and make all the relevant information available to you before we further process the data.
6. Data retention period
We will delete or anonymise your personal delete as soon as it is no longer needed for the purposes for which we collected or used it in accordance with the above paragraphs. We will generally store your personal data for the duration of the usage or contractual relationship concerning the app, provided that this data is no longer needed for law enforcement or to secure, assert or enforce legal claims.
7. Your rights as the data subject
7.1 Right to information
You have the right to obtain from us at any time upon request information about the personal data concerning you and processed by us to the extent defined in Art. 15 GDPR. You may send your request by post or email to the address shown below.
7.2 Right to rectification of incorrect data
You have the right to request that we immediately rectify any personal data concerning you if such data is incorrect. Please contact us using the contact addresses shown below.
7.3 Right to erasure
7.4 Right to restriction of processing
You have the right to request that we restrict the processing in accordance with Art. 18 GDPR. This right exists, in particular, if the accuracy of the personal data is contested between the user and us, for the period needed to verify the accuracy of the personal data, and in the event that the user has a right to erasure but requests that, rather than erasing the data, we restrict the processing instead; it also applies if the data is no longer required for the purposes of the processing, but the user requires it to assert, exercise or defend legal claims and if the successful exercise of an objection between us and the user is still disputed. Please contact us using the contact addresses shown below to assert your right to restriction of processing.
7.5 Right to data portability
You have the right to receive from us the personal data concerning you that you provided to us in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. Please contact us using the contact addresses shown below to assert your right to data portability.
8. Right to object
You have the right to object in accordance with Art. 21 GDPR, for reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 Para. 1 point e) or f) GDPR. We will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is used to assert, exercise or defend legal claims.
9. Right of appeal
You also have the right to take complaints to the competent supervisory authority. These are the Federal State Data Protection Officers; you will find your local contact at the following URL, for example: datenschutz.saarland.de/datenschutz/zustaendigkeiten/.
Please contact us if you have any questions or comments concerning the way we handle your personal data or would like to exercise the rights as a data subject specified in paragraphs 7 and 8 (see our contact details in the Preamble above) or use the following email address: firstname.lastname@example.org.
The appointed external company data protection officer is Mr Klaus Hintermayr, Pähler Str. 5a, 82399 Raisting, www.munker.info. You can contact our data protection officer at the above address or by email: email@example.com.
Version dated: 20.02.2020