Data Protection Notice for Einhell Connect

The entity responsible for processing your data is Einhell Germany AG. Exceptions in this regard are described in this data protection notice.

Our contact information is as follows:

Einhell Germany AG
Wiesenweg 22
94405 Landau/Isar, Deutschland
E-Mail: [email protected]

Contact information for the Data Protection Office is available under No. 20 below.

Personal data is specific information relating to the personal or factual circumstances of an identifiable person. This includes information such as IP address and browser settings, your form of address, your correct name, your address, your email address, your phone number, your date of birth, and information about your Einhell products, for example. Personal information that cannot be directly associated with your true identity – such as your favourite websites or the number of users on a site, for example – is not considered personal information.

To use the Einhell Connect app it is necessary to create an account. Personal details such as your form of address, your name, your address, your company if applicable, your date of birth, phone number, email address, and information about your Einhell products are recorded as part of this registration.

The Company uses the personal data you provide for the purpose of the technical administration of the app, in providing services, for customer management only to the extent required for each respective purpose.

The legal basis for the processing of your personal data depends on the purpose underlying the processing.

5.1 Services

The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b GDPR. We provide our services as part of fulfilling contractual obligations. We are unable to fulfil or perform the contract with you if we are unable to process personal data.

5.2 Einhell Connect app

The following data is collected or stored for the Einhell Connect app.

• Date: Required for operation
• Email address: This is required for registration and authentication.
• Password: This is required for registration and authentication.
• Country and language: This information is required for the language settings in the app and for marketing purposes.
• Newsletter subscription: This information is used to determine whether the newsletter is to be sent to the account holder or not.
• Device serial number: The device serial number is required for device registration and to identify the device in the app.
• Location: This information is required by the system but will not be stored or transmitted.
• Bluetooth ID: The Bluetooth ID is required for device registration and to identify the device in the app.
• Time and date of last synchronisation: This information is required by our customer services department so that they can check that the available information is up-to-date in the event of servicing.
• Set schedules (days and times): This information is required for the "Schedules" function.
• Set mowing areas (start point and frequency): This information is required for the "Zones" function.
• Working time: This information is required for the "Statistics" function.
• Mowing time: This information is required for the "Statistics" function.
• Distance travelled: This information is required for the "Statistics" function.
• Mower status: This information is required for the "Status indication" function.
• Error messages: This information is required for the "Error messages" function.
• Rain sensor setting: This information is required for the "Rain sensor setting" function.
• Edge mowing setting: This information is required for the "Edge mowing setting" function.
• FAQs: This information is required for the "FAQs" function.
• Email addresses of other users: The email addresses are saved to enable other users to use a registered device.
• Device name: The device name is stored for personalisation by the user.
• Firmware version: The firmware version is required by our customer services department so that they can check that the firmware is up-to-date in the event of servicing. The information is also required for the "Firmware update" function.
• Battery charge status: This information is saved so that it can be displayed in the app. It is also required by our customer services department that they can provide technical support to the customer in the event of servicing.
• Item number: This is not actively transmitted but is determined on the basis of the serial number and is required to register the device.
• Version number: This is not actively transmitted but is determined on the basis of the serial number and is required to register the device.
• MAC address: This is not actively transmitted by the app, but is part of the Bluetooth protocol and is provided to us by Android to identify the device.

Permissions

The following permissions are required on the operating system for use of all functionalities of the app:

Camera: Capturing images and videos

Memory: Changing or deleting SD card content Reading SD card content 

You have the option to register your device in the app. To do this, you can either enter the serial number of the device or scan it using your camera. To do this, you will be asked for access to your camera. The use of the memory on your SD card is only required temporarily for registration. When registering a lawn mower via the camera, the app uses it exclusively as a scanner. Photographs are taken. However, these are only used temporarily to scan the serial number and are therefore not stored permanently.

Location: Accessing exact location (GPS and network-based)

Accessing the approximate location (network-based)

Other: Accessing Bluetooth settings

Accessing additional location provider commands

Bluetooth is used to connect your mobile end device and your lawn mower. This use requires location sharing as specified by the operating system. Without this, Bluetooth use is not possible.

We do not have access to the location ourselves at any time. This is not relevant for us, but is only required to pair the mobile device and the lawn mower via Bluetooth.

Accessing all networks

Retrieving network connections

Retrieving WLAN connections

Accessing internet data

These are used for the user's communication with the server, e.g. during the login process.

Deactivating the phone's sleep mode

This access is required if you activate push notifications, with which the app displays information on the lock screen, for example. Here, too, no data transmission takes place. It is also required for firmware updates for the robot lawn mower. New firmware is installed on the robot lawn mower via the app or the phone. As this update process can take a few minutes, we deactivate the sleep mode during this time so that the update process is not interrupted.

Reading the service configuration

This access is required when you submit a crash report

Your personal data is not transferred to third parties, unless required for the purpose of concluding a contract or you have explicitly given your consent. When providing services, it may, for example, be necessary for us to forward your address and order information to your wholesale partner, service partner. If we use external service providers, they are carefully selected and are obligated to comply with all data protection provisions in accordance with Art. 28 GDPR (see No. 5).

When you contact us by email or contact form, the information you provide is stored for the purpose of processing your query as well as for potential follow-up questions.

Use of the Single Sign-On function from Facebook

For the app we use the Single Sign-On function (formerly Facebook Connect) from Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Facebook").

Facebook Ireland and we are jointly responsible for the collection of your data and the transmission of this data to Facebook when the service is integrated. The legal basis for this is an agreement between us and Facebook Ireland on the joint processing of personal data, in which the respective responsibilities are set out. The agreement can be viewed atwww.facebook.com/legal/controller_addendum. Thereafter, we are in particular responsible for complying with the information obligations pursuant to Arts. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations pursuant to Arts. 33, 34 GDPR to the extent that a personal data breach affects our obligations under the joint processing agreement. Facebook Ireland has the responsibility to enable data subject rights under Arts. 15 – 20 GDPR, to comply with the security requirements of Art. 32 GDPR with respect to the security of the Service, and to comply with the obligations under Arts. 33, 34 GDPR to the extent that a personal data breach affects Facebook Ireland's obligations under the Joint Processing Agreement.

This function allows the user to register to the app using their existing Facebook account. Data is processed for the purpose of verification during registration, personalisation, as well as interest-based targeted advertising.

To provide this function on the website a connection to the Facebook server is established. Cookies are used for this purpose. The following information, among other information, may be collected and transmitted to Facebook: IP address, browser information, referrer URL (website via which you accessed our website), location data. This is applicable regardless of whether or not you are registered on or logged in to the social network. A connection is also made for users not registered or logged in. If you are connected to one or more of your social network accounts at the same time, the information collected may also be associated with your respective profiles. You can prevent this association by logging out of your social media accounts before visiting our website and before pressing the buttons. Your data may be transferred to the USA.

When using the Single Sign-On function, the website visitor's Facebook profile is linked to a customer account for this website. In doing so, we receive personal data of the user through Facebook, as specified in the login process. This may include, but is not limited to, the following information: Name, address, public profile information (e.g. name, profile picture, age, gender), email address, friend list, "likes" details.

Use of cookies or comparable technologies takes place on the legal basis of Section 15(3) sentence 1 of the German Telemedia Act (TMG). Your personal data is processed on the legal basis of Art. 6(1) lit. f GDPR due to our overriding legitimate interest in the needs-based and targeted design of the website. You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation.

For more information on the collection and use of data by Facebook, your rights in this regard, and ways to protect your privacy, please refer to Facebook's data policy at www.facebook.com/about/privacy/.

Transmitting a crash report

To improve the app and fix bugs, we use a feature of the Microsoft Appcenter to submit a crash report. To do this, the app sends a crash report to the address in.appcenter.ms, which contains the following data:

• App version
• Our email address
• Device ID
• Error message or error code

The transmission is not made to Microsoft, but to us, and is used solely to check for functional errors in the app.

If you choose to receive the newsletter offered in the app, we require an email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in procedure). In order to personalise the newsletter, we store personal data, such as IP address, form of address, first name, last name and email address. We then use this data in sending the requested information and to document your consent. The consent granted to store data, email address and to use it in sending the newsletter may be withdrawn with future effect at any time, either via the link in the newsletter or by submitting it in writing to Einhell Germany AG, Wiesenweg 22, 94405 Landau an der Isar, Germany, [email protected]. We use CleverReach GmbH & Co. KG (Muehlenstr. 43 – 26180 Rastede – Germany) to manage and send our newsletter. In order to be able to send the data properly, the above-mentioned personal data is transmitted to CleverReach.

Our employees and service providers we employ are obligated to maintain confidentiality and to abide by the provisions of applicable data privacy law. The Company undertakes appropriate technical and organisational security measures to protect your personal data from loss, alteration, destruction and against access by unauthorised persons and unauthorised dissemination. Our security measures are updated in accordance with technical advancements.

To protect the security of your data during transmission, we use current state-of-the-art encryption processes.

We generally retain your data for as long as it is needed to provide for use of our offering and the services associated with it or for as long as we have a legitimate interest in its continued retention (e.g. following fulfilment of contract, we may still have a legitimate interest in marketing by post). Deletion of data occurs following expiry of statutory or contractual retention periods (e.g. retention periods specified by tax and commercial law). Data not subject to retention periods are deleted once they are no longer needed to fulfil the specified purpose.

Device/user inactivity

The account, the connection to the device and the device data are deleted after 18 months of inactivity, i.e. the serial numbers are released again for registration. You will receive a reminder email about this after 16 months. You can of course re-register the device at any time.

As a user of our app, you are entitled to certain rights. To exercise your rights, please refer to the information in the section on contacts. Please make sure, however, that we are able to clearly identify who you are.

Pursuant to the General Data Protection Regulation, you may at any time upon request and at no cost receive written information on which data we have stored about you (e.g. name, address). Furthermore, you have the right to correct or delete this data, if statutory requirements have been met. Exempt from this right to deletion are, for example, data on business processes that are subject to statutory retention periods.

You have the right to restrict the processing of your personal data.

In addition, you have the right to object to the processing of data by us. We will then cease processing your data, except where – pursuant to statutory provisions – we can demonstrate compelling legitimate grounds for continued processing that outweigh your rights.

Furthermore, upon request we pledge to provide for the transferability of personal data you provide by making this data available in a commonplace and machine-readable data format.

You may at any time and with future effect withdraw consent to the processing of personal data that you granted us for one or more specific purposes. This does not affect the lawfulness of processing that occurred prior to your withdrawal of consent.

Processing of your personal data solely by automated means occurs only if necessary for concluding or fulfilling a contract and if it does not involve any legal or like effect on you.

We retain the right to periodically modify this data protection notice so that it meets current legal requirements or in order to implement changes to our services in the data protection notice (e.g. when introducing new services). This data protection notice will then apply to any subsequent visit to the website.

You have the right to direct any complaints about the processing of your personal data to the relevant regulatory authority. You may contact either the data protection authority with jurisdiction at your place of residence or your federal state, or the data protection authority with jurisdiction over us. This is the:

Landesamt für Datenschutzaufsicht (State Office for Data Protection Monitoring)
Promenade 27
91522 Ansbach
Email: [email protected]
Website: https://www.lda.bayern.de

If you have any complaints, you can contact our Data Protection Officer. We recommend you only send confidential information via postal mail.

Einhell Germany AG Data Protection Officer
Einhell Germany AG
Wiesenweg 22
94405 Landau/Isar
Germany
Email: [email protected]
Phone: +49 9951 942 - 0