STIEBEL ELTRON GmbH & Co. KG, Dr. Stiebel-Straße 33, 37603 Holzminden, Germany
- hereinafter referred to as STIEBEL ELTRON -
The following explanations are intended to give you an overview of how we ensure data protection in the Servicewelt app and Servicewelt at https://servicewelt.stiebel-eltron.de/ - hereinafter referred to collectively as SERVICEWELT - and the STIEBEL ELTRON customer account, what data we process for what purpose and on what legal basis the collection and processing of data takes place.
STIEBEL ELTRON GmbH & Co KG, Holzminden ("STIEBEL ELTRON"), as the operator of the website, is responsible for processing the personal data of users of the software. The contact details of STIEBEL ELTRON can be found in the legal notice; the contact persons for questions regarding the processing of personal data are named directly in this privacy policy.
STIEBEL ELTRON takes the protection of users' privacy and private data very seriously. STIEBEL ELTRON collects, stores and uses users' personal data only in accordance with the content of this privacy policy and the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the national data protection regulations.
With this privacy policy, STIEBEL ELTRON informs you to what extent and for what purposes personal data is processed in connection with the use of the app.
Personal data is information relating to an identified or identifiable natural person. This includes all identity information such as name, email address or postal address. However, information that cannot be linked to the identity of the user (such as statistical data, e.g. the number of users of the app) is not considered personal data.
Some functions of the app can only be used if a customer account already exists or a new customer account is created directly in the app. It is not possible to use the service to its full extent without disclosing the user's identity and without providing personal data. Personal data is only processed by STIEBEL ELTRON for the purposes of using this app, in particular to provide the desired information or functions. When collecting personal data, only the data that is absolutely necessary, for example to fulfil a contract, must be provided. It may be possible to provide further information, in which case this is voluntary. STIEBEL ELTRON will indicate in each case whether the fields are mandatory or voluntary. STIEBEL ELTRON will then provide information on the specific details in the relevant section of this privacy policy.
Automated decision-making based on personal data does not take place in connection with the use of the app.
The personal data is stored by STIEBEL ELTRON on specially protected servers within the European Union. These are protected by technical and organisational measures against loss, destruction, access, modification or dissemination of the data by unauthorised persons. Access to user data is only possible for a few authorised persons. These persons are responsible for the technical, commercial or editorial support of the servers. Despite regular checks, however, complete protection against all risks is not possible.
Personal data is transmitted over the Internet in encrypted form. STIEBEL ELTRON uses TLS / SSL encryption (Transport Layer Security / Secure Socket Layer) for data transmission.
STIEBEL ELTRON only uses the personal information of users to provide the requested services. If external service providers are used by STIEBEL ELTRON to provide services, their access to the data is also exclusively for the purpose of providing the service. STIEBEL ELTRON takes technical and organisational measures to ensure compliance with data protection regulations and obliges its external service providers to do the same.
Furthermore, STIEBEL ELTRON does not pass on personal data to third parties without express consent, in particular not for advertising purposes. Personal data will only be passed on if the user himself has consented to the data being passed on or if STIEBEL ELTRON is authorised or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
Insofar as STIEBEL ELTRON transfers personal data itself or through service providers to countries outside the European Union, STIEBEL ELTRON complies with the special provisions of Art. 44 et seq. GDPR and also obliges its service providers to comply with these regulations. STIEBEL ELTRON will therefore only transfer personal data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is guaranteed in particular by an adequacy decision of the EU Commission or by suitable guarantees in accordance with Art. 46 GDPR.
Insofar as STIEBEL ELTRON obtains consent for the processing of users' personal data, Art. 6 para. 1 lit. a) GDPR is the legal basis for data processing.
Insofar as STIEBEL ELTRON processes personal data because this is necessary for the fulfilment of a contract or in the context of a contract-like relationship with the user, Art. 6 para. 1 lit. b) GDPR constitutes the legal basis for data processing.
Insofar as STIEBEL ELTRON processes personal data to fulfil a legal obligation, Art. 6 para. 1 lit. c) GDPR is the legal basis for data processing.
The legal basis for data processing is also Art. 6 (1) (f) GDPR if the processing of personal data is necessary to safeguard a legitimate interest of STIEBEL ELTRON or a third party and the interests, fundamental rights and freedoms of the user do not require the protection of personal data.
In this privacy policy, STIEBEL ELTRON always indicates the legal basis on which STIEBEL ELTRON bases the processing of personal data.
STIEBEL ELTRON always deletes or blocks the user's personal data when the purpose of storage no longer applies. However, data may be stored beyond this point if this is provided for by legal requirements to which STIEBEL ELTRON is subject, for example with regard to statutory retention and documentation obligations. In such a case, STIEBEL ELTRON deletes or blocks the personal data after the end of the corresponding requirements.
Each time the app is accessed, STIEBEL ELTRON collects the following information about the end device used, regardless of registration: the IP address, the browser request and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. STIEBEL ELTRON also collects product and version information about the browser used and the computer's operating system. The IP address of the end device is only stored for the time the app is used and then deleted or anonymised by shortening it. The other data is stored for a limited period of time. STIEBEL ELTRON uses this data to provide the app and the content that can be accessed via the app. These purposes also constitute STIEBEL ELTRON's legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.
It is necessary to have and use a customer account in order to use the app to its full extent. To do this, you must log in to the app with the access data of the customer account, which is transmitted to STIEBEL ELTRON for synchronisation. Special data protection provisions apply to data processing in connection with the customer account. In addition to the information already stored in the customer account, it may be possible to add further information. This information serves the purpose of customising the functions of the app or the functions that can be called up via the app as specifically as possible to the needs of the user. The information requested as a mandatory field during registration is required to fulfil or initiate a contract with STIEBEL ELTRON for certain services.
The legal basis for the processing of data for registration is Art. 6 para. 1 lit. a) GDPR in the case of consent. Insofar as the registration takes place for the fulfilment or initiation of a contract, the legal basis for the processing of the data is additionally Art. 6 para. 1 lit. b) GDPR.
When registering for the app, the user is given the opportunity to create a new customer account. If a customer account already exists, this can be used to register for the app. No further registration is required in this case
STIEBEL ELTRON uses third-party services for some functions in the app. The corresponding services are mainly optional functions that must be explicitly selected or used by the user. STIEBEL ELTRON has concluded contractual agreements with the respective providers for the provision or integration of their services and is committed to ensuring, as far as possible, that the third-party providers also provide transparent information about the scope of the processing of personal data and comply with data protection regulations.
STIEBEL ELTRON uses Google Firebase in connection with the operation of the app. Google Firebase is a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This service includes various functions that enable STIEBEL ELTRON to analyse in-app behaviour. In this way, STIEBEL ELTRON can, for example, analyse screen views, button clicks and/or the effectiveness of advertising measures. STIEBEL ELTRON can also determine which functions within the app are used frequently or rarely. For these purposes, Google Firebase stores, among other things, the number and duration of sessions, operating systems, device models, region and a range of other data. An overview of the data collected by Google Firebase can be found at: https://support.google.com/firebase/answer/6318039?hl=de. In connection with the use of the service, it cannot be ruled out that users' personal data will be transferred to the USA. To protect the personal data of users, STIEBEL ELTRON has concluded an order processing agreement with Google, taking into account the standard contractual clauses.
Google Firebase is used to optimise the app. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.
Further information on Google Firebase can be found online at https://firebase.google.com/ and https://www.firebase.com/terms/privacy-policy.html.
STIEBEL ELTRON uses the app to send messages and users can also contact STIEBEL ELTRON via the app.
If consent to the transmission has been given and the technical requirements are met, STIEBEL ELTRON will send push notifications, in particular to inform you about relevant events and additional offers. It is possible to revoke consent given in this respect at any time, in particular by adjusting the user settings in the end device accordingly. Users can revoke their consent to receive push notifications via the operating system of the end device as follows:
iOS/Settings/<app>/Messages
Android/Settings/Applications/Application manager/<app>/Notifications
The legal basis for the processing of personal data is the consent of the user in accordance with Art. 6 para. 1 lit. a) GDPR.
STIEBEL ELTRON uses the Google service "Firebase Cloud Messaging" to send push messages. This service creates a so-called "Firebase Cloud Messaging Registration Token", which uniquely identifies the app installation on the device and is used to recognise the message addressee. Further information on Google Firebase Cloud Messaging can be found at https://firebase.google.com/products/cloud-messaging/ and in Google's privacy policy at http://www.google.de/intl/de/policies/privacy. The settings for which topics messages are transmitted are saved in connection with the anonymised token and stored by STIEBEL ELTRON until revoked.
STIEBEL ELTRON attaches great importance to explaining the processing of personal data as transparently as possible and also to informing data subjects of their rights. If more detailed information is required or the rights to which the data subject is entitled are to be exercised, the user or data subject can contact STIEBEL ELTRON at any time so that we can deal with the matter.
The data subject has extensive rights with regard to the processing of personal data. Firstly, the data subject has a comprehensive right to information and can request the correction and/or deletion or blocking of their own personal data if necessary. The data subject can also request that processing be restricted and has the right to object. With regard to the personal data provided to STIEBEL ELTRON by the data subject, there is also a right to data portability.
If one of the rights is to be asserted and/or more detailed information about this is to be requested, contact STIEBEL ELTRON customer service. Alternatively, the STIEBEL ELTRON data protection officer can also be contacted.
Once given, consent can be freely revoked at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The customer service and the data protection officer of STIEBEL ELTRON are also the contact persons for this.
If the processing of personal data is not based on consent, but on another legal basis, you can object to this data processing. The objection leads to a review and, if necessary, termination of the data processing. The user or data subject will be informed of the result of the review and - if the data processing is nevertheless to be continued - will receive more detailed information from STIEBEL ELTRON as to why the data processing is permissible.
STIEBEL ELTRON has appointed a data protection officer who supports STIEBEL ELTRON in data protection issues and whom users and data subjects can also contact directly. The data protection officer and his team will be happy to answer any questions regarding STIEBEL ELTRON's handling of personal data or provide further information on data protection issues:
STIEBEL ELTRON GmbH & Co KG
Data Protection Officer
Dr. Stiebel Straße 33
37603 Holzminden
Telephone: 0 55 31 - 702 703
Fax: 0 55 31 - 702 95 106
E-mail: datenschutz@stiebel-eltron.de
If the user is of the opinion that the processing of personal data by STIEBEL ELTRON is not in accordance with this privacy policy or the applicable data protection regulations, the user has the right to lodge a complaint with the supervisory authority. The user can also lodge a complaint with STIEBEL ELTRON's data protection officer. The data protection officer will then investigate the matter and inform the user of the outcome of the investigation.
The app may contain links to other websites. These links are usually labelled as such. STIEBEL ELTRON has no influence on the extent to which the applicable data protection regulations are complied with on the linked websites. We therefore recommend that users also inform themselves about the data protection declarations of other websites.
The status of this privacy policy is indicated by the date. STIEBEL ELTRON reserves the right to amend this privacy policy at any time with effect for the future. Changes will be made in particular in the event of technical adjustments to the app or changes to data protection regulations. The latest version of this privacy policy can always be accessed directly via the app. STIEBEL ELTRON recommends that you regularly inform yourself about changes to this privacy policy.
STIEBEL ELTRON GmbH & Co KG (STIEBEL ELTRON), Holzminden, as the contractual partner for the customer account, is responsible for the processing of personal data in connection with the use of the customer account. The contact details of STIEBEL ELTRON can be found in the legal notice; the contact persons for questions regarding the processing of personal data are named directly in this privacy policy.
STIEBEL ELTRON takes the protection of users' privacy and private data very seriously. STIEBEL ELTRON collects, stores and uses users' personal data only in accordance with the content of this privacy policy and the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the national data protection regulations.
With this data protection declaration, STIEBEL ELTRON informs you to what extent and for what purposes personal data is processed in connection with the use of the customer account.
Personal data is information relating to an identified or identifiable natural person. This includes all identity information such as name, e-mail address or postal address. Information that cannot be linked to the identity of the user (such as statistical data, for example the number of visits to a website) is not considered personal data. For the customer account, it is mandatory that the user identifies himself to STIEBEL ELTRON and provides, among other things, his name and contact details. STIEBEL ELTRON products, on the other hand, can generally be used without disclosing the user's identity, but the use of certain (online) functions may require the existence of a customer account.
When collecting personal data, only the data that is mandatory must be provided. In addition, further information may be possible, in which case it is voluntary. STIEBEL ELTRON will indicate in each case whether the fields are mandatory or voluntary. STIEBEL ELTRON will then provide information on the specific details in the relevant section of this privacy policy.
Automated decision-making based on personal data does not take place in connection with the use of the customer account.
Processing of personal information
The personal data is stored by STIEBEL ELTRON on specially protected servers within the European Union. These are protected by technical and organisational measures against loss, destruction, access, modification or dissemination of the data by unauthorised persons. Access to the data is only possible for a few authorised persons. These persons are responsible for the technical, commercial or editorial support of the servers. Despite regular checks, however, complete protection against all risks is not possible.
Personal data is transmitted over the Internet in encrypted form. We use TLS / SSL encryption (Transport Layer Security / Secure Socket Layer) for data transmission.
STIEBEL ELTRON only uses the personal information of users to provide the requested services. If external service providers are used by STIEBEL ELTRON to provide services, their access to the data is also exclusively for the purpose of providing the service. STIEBEL ELTRON takes technical and organisational measures to ensure compliance with data protection regulations and obliges its external service providers to do the same.
Furthermore, STIEBEL ELTRON does not pass on personal data to third parties without express consent, in particular not for advertising purposes. Personal data will only be passed on if the user himself has consented to the data being passed on or if STIEBEL ELTRON is authorised or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
Insofar as STIEBEL ELTRON transfers personal data itself or through service providers to countries outside the European Union, STIEBEL ELTRON complies with the special provisions of Art. 44 et seq. GDPR and also obliges its service providers to comply with these regulations. STIEBEL ELTRON will therefore only transfer personal data to countries outside the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is guaranteed in particular by an adequacy decision of the EU Commission or by suitable guarantees in accordance with Art. 46 GDPR.
Insofar as STIEBEL ELTRON obtains consent for the processing of users' personal data, Art. 6 para. 1 lit. a) GDPR is the legal basis for data processing.
Insofar as STIEBEL ELTRON processes personal data because this is necessary for the fulfilment of a contract or in the context of a contract-like relationship with the user, Art. 6 para. 1 lit. b) GDPR constitutes the legal basis for data processing.
Insofar as STIEBEL ELTRON processes personal data to fulfil a legal obligation, Art. 6 para. 1 lit. c) GDPR is the legal basis for data processing.
The legal basis for data processing is also Art. 6 (1) (f) GDPR if the processing of personal data is necessary to safeguard a legitimate interest of STIEBEL ELTRON or a third party and the interests, fundamental rights and freedoms of the user do not require the protection of personal data.
In this privacy policy, STIEBEL ELTRON always indicates the legal basis on which STIEBEL ELTRON bases the processing of personal data.
STIEBEL ELTRON always deletes or blocks the user's personal data when the purpose of storage no longer applies. However, data may be stored beyond this point if this is provided for by legal requirements to which STIEBEL ELTRON is subject, for example with regard to statutory retention and documentation obligations. In such a case, STIEBEL ELTRON deletes or blocks the personal data after the end of the corresponding requirements.
Each time the customer account is used, it is checked by comparing it with the data on STIEBEL ELTRON's servers. In this context, STIEBEL ELTRON collects the following information about the end device used, irrespective of registration: the IP address, details of the end device (device type) and the time of this enquiry. In addition, the status and the amount of data transferred are recorded as part of this enquiry. The IP address of the end device is only stored for the time of use of the customer account and then deleted or anonymised by shortening it. The other data is stored for a limited period of time. STIEBEL ELTRON uses this data to create a usage history of the customer account for reasons of transparency. These purposes also constitute STIEBEL ELTRON's legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.
It is necessary to register before using the customer account for the first time. During the registration process, the user's name, e-mail address and other contact details are requested. Once registration has been completed, a code will be sent to the email address provided, which must be entered to confirm registration and to activate the customer account.
The legal basis for the processing of data for registration is Art. 6 para. 1 lit. a) GDPR in the case of consent. Insofar as the registration takes place for the fulfilment or initiation of a contract, the legal basis for the processing of the data is additionally Art. 6 para. 1 lit. b) GDPR.
As part of the logging process, STIEBEL ELTRON uses the customer account to record which devices establish a connection to the STIEBEL ELTRON servers using the customer account and which activities are carried out. The main purpose of logging is to protect against misuse and to prove the proper provision of services and functioning of the systems. The legal basis is the legitimate interest of STIEBEL ELTRON within the meaning of Art. 6 para. 1 lit. f) GDPR, which arises from the above considerations.
The customer account can be used to book or activate additional functions that STIEBEL ELTRON may offer free of charge or for a fee at its own discretion. In this respect, the customer account is used to record when and via which device the corresponding functions were booked or activated. The legal basis in this respect is contract processing in relation to the agreements on the use of additional functions.
Insofar as additional functions are offered for a fee, billing takes place via the customer account. For this purpose, additional data required for payment processing, in particular the selected payment method and the relevant details, will be requested and stored. The purchase and payment history remains recorded for the customer account for the duration of its existence. The legal basis in this respect is also the processing of the contract or, after the limitation period for all conceivable contractual claims and the end of commercial law retention obligations, the legitimate interest in a comprehensive user history for reasons of transparency.
STIEBEL ELTRON attaches great importance to explaining the processing of personal data as transparently as possible and also to providing information about the rights to which the data subject is entitled. If more detailed information is required or the rights to which the data subject is entitled are to be exercised, the user or data subject can contact STIEBEL ELTRON at any time so that STIEBEL ELTRON can deal with the matter.
The data subject has extensive rights with regard to the processing of personal data. Firstly, the data subject has a comprehensive right to information and can request the correction and/or deletion or blocking of their own personal data if necessary. The data subject may also request that processing be restricted and has the right to object. With regard to the personal data transmitted to us by the data subject, there is also a right to data portability.
If one of the rights is to be asserted and/or more detailed information about this is to be requested, contact STIEBEL ELTRON customer service. Alternatively, the STIEBEL ELTRON data protection officer can also be contacted.
Once consent has been given, it can be freely revoked at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The customer service and the data protection officer of STIEBEL ELTRON are also the contact persons for this.
If the processing of personal data is not based on consent, but on another legal basis, you can object to this data processing. The objection leads to a review and, if necessary, termination of the data processing. The user or data subject will be informed of the result of the review and - if data processing is nevertheless to be continued - will receive more detailed information from STIEBEL ELTRON as to why data processing is permitted.
STIEBEL ELTRON has appointed a data protection officer who supports STIEBEL ELTRON in data protection issues and whom users and data subjects can also contact directly. The data protection officer and his team will be happy to answer any questions regarding STIEBEL ELTRON's handling of personal data or provide further information on data protection issues:
STIEBEL ELTRON GmbH & Co KG
Data Protection Officer
Dr. Stiebel Straße 33
37603 Holzminden
Telephone: 0 55 31 - 702 703
Fax: 0 55 31 - 702 95 106
E-mail: datenschutz@stiebel-eltron.de
If the user is of the opinion that the processing of his personal data by STIEBEL ELTRON is not in accordance with this data protection declaration or the applicable data protection regulations, the user has the right to lodge a complaint with the supervisory authority. The user can also lodge a complaint with our data protection officer. The data protection officer will then investigate the matter and inform the user of the outcome of the investigation.
The status of this privacy policy is indicated by the date. STIEBEL ELTRON reserves the right to amend this privacy policy at any time with effect for the future. Changes will be made in particular in the event of adjustments to technical processes or changes to data protection regulations. The current version of this privacy policy can always be accessed directly via the homepage, the app or the IFG. STIEBEL ELTRON recommends that you regularly inform yourself about changes to this privacy policy.