Version: 2022-05-23
Description
This service (hereinafter 'App') is provided by Günther Spelsberg GmbH + Co. KG (hereinafter 'We' or 'Us') as the person responsible within the meaning of the applicable data protection law.
Through the App, we allow you to retrieve, configure and display the following information for a Spelsberg Wallbox: necessary parameters, connection to networks and systems of third-party providers, status of charging processes, management of access permissions by means of RFID/NFC technology, error messages, and statistics.
When the App is used, we will process personal data relating to you. Personal data shall mean all information relating to an identified or identifiable person. Protecting your privacy while using the App is a priority for us. So, we are providing you with the following information on what personal data we process when you use the App, and how we handle this data. We are also advising you of the legal basis on which we process your data and, where the processing is necessary to protect our legitimate interests, what our legitimate interests are.
You can retrieve this privacy statement at any time via the 'Data protection' item in the Settings menu of the App.
Name and contact details of the Data Controller
Günther Spelsberg GmbH + Co. KG
General partner: Spelsberg Verwaltungs GmbH
CEOs: Thorsten Schwippert
Im Gewerbepark 1
58579 Schalksmühle
Germany
Tel.: +49(0)2355/892-0
e-mail: info@spelsberg.de
Website: http://www.spelsberg.de
Name and address of the Data Protection Officer
The Data Protection Officer of the Data Controller is: Markus Kowall, IT Südwestfalen AG, Kalver Straße 23, 58515 Lüdenscheid, Germany, +49(0)2351 / 672573-00 datenschutz@spelsberg.de, http://it-swf.de .
1. Information on the processing of your data
Certain information is automatically processed as soon as you use the App. We have set out for you below the precise personal information that is processed:
1.1 Data that are gathered during download
When you download the App, certain necessary information is sent to your selected app store (e.g. Google Play or Apple App Store). In particular your user name, e-mail address, customer number of your account, the time of the download, payment details, and the individual device ID, may be processed. The processing of these data is performed exclusively by the respective app store and is outside of our control. Accordingly, we are not responsible for this collection and processing; the app store is solely responsible for this.
1.2 Data that are gathered automatically
When you use the App, we automatically gather certain information that is necessary for using the App. This includes: device type, version of your operating system, and the time of access. General, non-personal data are automatically sent to us, but not retained, (1) to provide you with the service and thus the associated functions; (2) to improve the functions and performance characteristics of the App, and (3) to prevent and eliminate abuse and malfunctions. This data processing is justified because (1) the processing is necessary to fulfill the contract between you as the Data Subject and Us in accordance with Article 6(1)b) GDPR for use of the App, or (2) We have a legitimate interest in ensuring the functionality and error-free operation of a competitive App that serves the interests of users, which here outweighs your personal data protection rights and interests in accordance with Article 6(1)f) GDPR.
1.3 Data gathering upon use of the App
When the App is used various information, tasks and activities may be entered, managed, and processed. This information comprises in particular data on the private Spelsberg Wallbox. The App also requires Internet access permission: This is needed in order to perform settings of the Spelsberg Wallbox via the network. Usage data are processed and employed for the provision of the service. We gather and process the following data from you:
– Device information: Access data includes the IP address, device ID, device type, device-specific settings, and App settings and App characteristics, the data and time of the retrieval, time zone, quantity of data transferred and a message on whether the data exchange was completed, if the App crashed, the type of browser and the operating system. The access data is processed in order to allow technical operation of the App.
– Data that you provide Us with: To use the App, you must create a profile, according to whether you are an installer or operator. To do so, enter at least your profile name.
– Information with your consent: Other information (e.g. GPS location data) is processed by Us if you consent to this.
– Contact form data: When contact forms are used, the data thereby submitted (e.g. gender, family name and first name, address, company name, e-mail address and the time of submission) are processed.
This data processing is justified because the processing is necessary to fulfill the contract between you as the Data Subject and Us, in accordance with Article 6(1)b) GDPR, for use of the App. We also collect such data if this is necessary for the functionality of the App and does not outweigh your interest in protection of your personal data (Article 6 (1)f) DSGVO.
2. Disclosure and transfer of data
Other than in the cases expressly mentioned in this privacy statement, in the absence of your prior express consent your personal data will only be disclosed if this is legally permitted or necessary.
3. Data transmission to third countries
If We process data in a third country (e.g. outside of the European Union (EU) or the European Economic Area (EEA)) or if this takes place through the use of third-party services, or the disclosure or transmission of data to third parties, this shall only happen if it is to meet our (pre)contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual authorisations. We shall process your data or have it processed in a third country only where the special conditions of Articles 44 et seq. GDPR is met. This means that the processing takes place, for example, subject to special guarantees, such as the officially recognised assessment of a data protection level equivalent to that of the EU or officially recognised special contractual conditions ('Standard contractual clauses').
4. Changes of purpose
Your personal data will only be used for purposes other than described if allowed by a legal provision or you have consented to the change of purpose of the data processing. In the event of further processing for purposes other than those for which the data were originally gathered, we shall advise you prior to the further processing of these other purposes and provide you with all relevant information.
5. Data retention period
We shall delete or anonymise your personal data as soon as they are no longer required, for the purposes for which we gathered or used them in accordance with the above sections. We normally retain your personal data for the duration of the usage or contractual relationship via the App plus a period of 30 days, during which we will keep backup copies following deletion, provided these data are no longer needed in criminal proceedings or to safeguard, assert or enforce legal claims. Specific information in this privacy statement or legal requirements on the retention and deletion of personal data, in particular that which we have to retain for the purposes of tax law, remain unaffected.
6 Your rights as a Data Subject
6.1 Right of access
You have the right at any time and on request, to obtain access to the personal data on you that We process within the scope of Article 15 GDPR. You may request this by post or e-mail to the address given below.
6.2 Right to rectification of incorrect data
You have the right to require us to immediately rectify your personal data if these are incorrect. To do so, please contact us at the addresses given below.
6.3 Right to erasure
Under the conditions described in Article 17 GDPR, you have the right to require Us to erase your personal data. These conditions provide in particular for a right of erasure if the personal data are no longer necessary for the purposes for which they were gathered, and in cases of unlawful processing, where there is an objection, or the existence of an erasure obligation under European Union law or the law of the Member State to which we are subject. For the data retention period see also section 5 of this privacy statement. To assert your right to erasure, please contact us at the addresses given below.
6.4 Right to restriction of processing
You have the right to require that we restrict processing in accordance with Article 18 GDPR. This right exists, in particular if the accuracy of the personal data is disputed between the user and us, for the time required to verify the accuracy, and in the event that the user, where there is an existing right to erasure, instead of erasure requires a restriction of processing; and in addition, in the event that the data is no longer required by us for the purposes intended by us, but the user needs them for asserting, enforcing or defending legal claims, if the successful exercising of an objection is still disputed between Us and the user. To assert your right to restriction of processing, please contact Us at the addresses given below.
6.5 Right to data portability
You have the right to receive from us the personal data you have provided us with, in a structured, common, machine-readable format in accordance with Article 20 GDPR. To assert your right to data portability, please contact us at the addresses given below.
7. Right of objection
You have the right at any time, for reasons due to your personal circumstances, in accordance with Article 21 GDPR, to object to the processing of your personal data, taking place inter alia in accordance with Article 6(1) e) or f) GDPR. We will cease processing of your personal data, unless we are able to demonstrate urgent grounds worthy of protection, which outweigh your interests, rights and freedoms, or if the processing serves for the assertion, enforcement, or defence of legal claims.
8. Right of appeal
Under Article 77 GDPR you have the right to appeal to the supervisory authority, if you believe that your personal data is being processed unlawfully. The address of the relevant supervisory authority for our company is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2-4, 40213 Düsseldorf, e-mail: poststelle@ldi.nrw.de. You also have the right to apply to the supervisory authority at your normal place of residence (domicile).