This privacy policy is addressed to all users of the Alpha Smart App (“App”). We, Möhlenhoff GmbH, Museumstraße 54a in 38229 Salzgitter, are the controllers for the processing of personal data when using the App in accordance with the General Data Protection Regulation (“GDPR”).
“Personal data” is any information relating to an identified or identifiable natural person. This includes, for example, your name, your email, but also your usage behaviour, among other things. “Processing” or “process” means any operation or set of operations, which is performed upon personal data, whether or not by automatic means, such as collection or storage of personal data. In addition, we refer to the definitions in Art. 4 GDPR.
1. Processing of personal data in connection with the use of the App
1.1 Download of the App
If you download our App via the Apple App Store or Google Play (each an “App Store”), the necessary data (including personal data) is transferred to the respective App Store. This personal data regularly includes your email, your user name, your customer number at the respective App Store, the individual device identification number of your mobile device and the time of the download from the App Store. However, we have no influence on this data processing, which is carried out exclusively by the App Store operator selected by you. In this respect, the data protection provisions of the respective App Store apply exclusively. In this context, personal data may also be transferred to providers in countries outside the European Economic Area which, from the perspective of the European Union (“EU”), do not ensure an “adequate level of protection” for the processing of personal data in accordance with EU standards.
1.2 Creating an account in the App
In order to use the App, you must create a User Account (“Account”) in the App, for which we process the personal data described below.
Type of personal data
Creating an account
Mandatory information
• email
• password
Optional information
• name
• profile picture
Purpose of processing and legal basis
You must create an Account to use the App and the associated App functions. This allows to track which devices/products are registered and controlled via which Account.
The processing of this data is carried out with regard to all mandatory information for the execution of the contract in accordance with Art. 6 (1) (b) GDPR, for the optional information due to our legitimate interest in accordance with Art. 6 (1) (f) GDPR, in order to enable you to use the App in an individualized manner.
We collect the personal data described in this section directly from you by you providing the personal data yourself. Without a processing of the personal data (with the exception of the optional information) a use of the App is not possible.
1.3 Technically required data / authorizations for certain functions
If you wish to use our App, we process certain personal data that is technically necessary to provide you with the functions of our App and to ensure the stability and security of its use.
In order for the App to function as intended after downloading, it is also necessary that you grant us access to the network functions (WLAN or mobile internet / mobile data), as well as optionally the location function, the camera function / photo media function or the Bluetooth function of your mobile device, and in accordance with this that certain personal data is processed by us.
Type of personal data:
Technically necessary
• IP address
• time of Account creation
• time of the last change of Account information
• date and time of login
• operating system version
• App version
• ID provided by Apple or Google, the operating system and the name of the device you are using
Authorizations
Network access
• access authorization in connection with the data on this
Location access
• location information
Camera access/photo media access
• scanning QR and barcodes
• photos selected as Account picture
Bluetooth access
• local connection of the App to smart home applications
Purposes of processing and legal basis:
This data is processed for the technical provision of the App.
Only if the required permissions are granted can certain functions or the App as a whole be used.
The processing of such data is carried out in accordance with Art. 6 (1) (b) GDPR and, where necessary, on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR to maintain data security.
Automatically collected technically necessary data is deleted after the purpose of the processing has been fulfilled, usually seven days after collection, unless longer storage is necessary in individual cases for reasons of data and system security, for error identification and correction or for the operation of the App. The technically necessary data is automatically collected by our IT systems when the App is used. Without the processing of personal data, the App may not function or function optimally.
We collect the personal data in connection with the granting of authorisations directly from you by you providing the personal data yourself. The granting of authorizations remains until you revoke them via the settings of your smartphone.
Without the processing of the personal data mentioned above, the App may not be used to its full extent or in accordance with its Terms of Use.
1.4 Registration and control of compatible products
Insofar as you register and subsequently control App products that have been designated by us as compatible with this App, we automatically process the personal data described below.
Type of personal data:
• identifier (serial number or similar) and device group of the compatible products (thermostat, lamp, socket, etc.)
• configuration of the compatible products (status data, temperature, brightness, on/off, etc.)
• new set temperature, time programs, and parameterization of the compatible products
• date and time of requests with the App, respectively the voice integration
• content of requests (status information, query, commands, changes, etc.)
• type of your device (smartphone, tablet)
• IP address of the devices operated by the App
Purposes of processing and legal basis:
The processing is carried out for the technical provision and use of the functions of the App. The temporary storage of the IP address is mandatory during processing to enable the use of the App, in particular to control the products provided for this purpose.
The processing of this data is carried out in accordance with Art. 6 (1) (b) GDPR or pursuant to Art. 6 (1) (f) GDPR based on our legitimate interest to continuously improve the functionality of the App.
Without the processing of personal data, the App may not be displayed/used optimally or at all.
1.5 Contacting us
If you contact us in connection with the use of the App, we may process the personal data you provide to us in this context.
Type of personal data:
• name, if applicable
• email, if applicable
• telephone number, if applicable
• social media identities, if applicable
• date of request
• specific matter requested
Purposes of processing and legal basis:
We only process personal data that you have provided and whose processing is necessary to be able to process with your request, for example to answer specific questions or to provide general information about the App.
If you are a user of the App, the processing is carried out according to Art. 6 (1) (b) GDPR. If you are not a user of the app, the processing is carried out according to Art. 6 (1) (f) GDPR due to our legitimate interest in being able to process your request.
The provision of your personal data is voluntary. If you do not provide us with any or the required personal data, depending on your request, we may not be able to process your request fully or at all.
1.6 Use of the support function
Should you use the support function of the App, we process the automatically transmitted technical data to assign your request to your Account, the content of the request and, if applicable, the device-specific data of your compatible products stored in our cloud.
Type of personal data:
• IP address
• Email address
• Date of the request
• Content of the request
• The personal data listed under section 1.4
• Status of access authorisation
Purpose of processing and legal basis:
The processing is carried out in order to resolve the support request submitted by means of the support function. The temporary storage of the personal data listed here is absolutely necessary during processing in order to process and solve the support request.
The processing of this data is carried out in accordance with Art. 6 (1) (b) GDPR.
The provision of your personal data is voluntary. If you do not provide us with the required personal data or grant us access to it, we will not be able to process your support request.
2. Recipients of the personal data
2.1 We generally share your personal data with the following recipients:
(a) We use processors to process personal data for the aforementioned purposes, who process the personal data on our behalf. We retain control over the respective personal data and remain the controller for the processing.
(b) We transfer personal data in individual cases to courts, law enforcement agencies, supervisory authorities, other authorities, tax advisors and lawyers if this is legally permissible and necessary.
2.2 Within the framework of a processing on behalf of us, the following service providers have access to your personal data:
• the operator of the cloud system for the control of products via the App
3. Transfer of personal data to third countries
The processing of personal data by us takes place exclusively in the EU. If processing has to take place in a third country, we will ensure compliance with the requirements of Art. 44 et seq. GDPR.
4. Principles governing the duration of processing
Unless set out more specifically in the context of the individual processings described above, we will delete your personal data as soon as the purpose for which we collected and processed the data no longer applies.
To the extent that we are required by applicable law to retain certain personal data for legally defined periods of time (such as in connection with business transactions), we will continue to store certain personal data for as long as we are legally required to do so. In this case, the legal basis for the processing of personal data is Art. 6 (1) (c) GDPR.
Your personal data will be deleted immediately if it is no longer required for the fulfilment of legal obligations. Insofar as deletion is not possible in individual cases, the relevant personal data will be marked with the aim of restricting its future processing.
5. Security
We have implemented technical and organizational measures to protect the data we process from manipulation, loss, destruction and access by unauthorized persons. We continuously improve these measures in line with technological developments.
6. Automated decisions
We will not use your personal data to make automated decisions (including profiling) about you that have legal effect or similarly significantly affect you.
7. Your rights
7.1 In accordance with the law, you have the following rights with regard to personal data concerning you:
• the right of access (Art. 15 GDPR),
• the right to rectification (Art. 16 GDPR),
• the right to erasure of your personal data (“right to be forgotten”) (Art. 17 GDPR),
• the right to restrict processing (Art. 18 GDPR),
• the right to data portability (Art. 20 GDPR),
• the right to object (Art. 21 GDPR).
7.2 If you have given us your consent for the processing of your personal data, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal (Art. 7 (3) GDPR).
7.3 You can enforce the rights set out in section 7.1 and/or 7.2 against us by contacting one of the offices listed in section 8 by mail or email.
7.4 You have the right to complain to a competent supervisory authority at any time.
8. Contact, data protection officer
8.1 The Controller for processing of your personal data within the meaning of Art. 4 No. 7 GDPR is:
Möhlenhoff GmbH
Museumstraße 54a
38229 Salzgitter, Germany
+49 5341 8475-0
kontakt@moehlenhoff.de
www.moehlenhoff.com
8.2 Our data protection officer is available at all times to answer any questions you may have and to act as contact person on the subject of data protection at our company. His contact details are:
Dirk Lippelt
Museumstraße 54a
38229 Salzgitter, Germany
datenschutz@moehlenhoff.de