STIEBEL ELTRON GmbH & Co. KG, Dr. Stiebel-Straße 33, 37603 Holzminden, Germany – hereinafter referred to as STIEBEL ELTRON –
The following explanations are intended to provide you with an overview of how we ensure data protection with the MyStiebel App and the STIEBEL ELTRON customer account, what data we process for what purpose and the legal basis for the collection and processing of data.
STIEBEL ELTRON GmbH & Co. KG, Holzminden ("STIEBEL ELTRON"), as the operator of the app, is the controller responsible for processing the personal data of app users. The contact details of STIEBEL ELTRON can be found on the app under the company details; the points of contact for questions regarding the processing of personal data are named directly in this Privacy Policy.
STIEBEL ELTRON takes the protection of users' privacy and private data very seriously. STIEBEL ELTRON collects, stores and uses personal data of users only in accordance with the provisions of this Privacy Policy and the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the national data protection regulations.
In this Privacy Policy STIEBEL ELTRON provides information about the extent to which and the purposes for which personal data is processed in connection with the use of the app.
Personal data is information regarding an identified or identifiable natural person. This includes all information relating to a person's identity, such as name, email address or postal address. Information that cannot be linked to the identity of users (such as statistical information, for example on the number of users of the app), on the other hand, is not considered personal data.
The features of the app can only be used if there is an existing customer account or if a new customer account is created directly in the app. It is not possible for the app to be used without the identity of users being disclosed and without personal data being provided. The personal data will only be processed by STIEBEL ELTRON for the purposes of using the app, particularly to provide the requested information or features. If personal data is collected, users are only under an obligation to submit data that is strictly required. Additional details may be provided on a voluntary basis. STIEBEL ELTRON will indicate which details are strictly required (mandatory field) and which are voluntary. STIEBEL ELTRON will provide detailed information about this in the relevant section of this Privacy Policy.
There will be no automated decisions made on the basis of personal data in connection with the use of the app.
STIEBEL ELTRON stores personal data on specially protected servers within the European Union. The data is protected by technical and organisational measures against loss, destruction, access, modification or distribution by unauthorised persons. Only a small number of authorised persons have access to users' data. They are responsible for the technical, commercial or editorial maintenance of the servers. However, despite regular checks, it is not possible to protect data completely against all hazards.
The personal data is transmitted via the internet in an encrypted format. When transmitting data, STIEBEL ELTRON uses TLS/SSL encryption (transport layer security / secure socket layer).
STIEBEL ELTRON will only use users' personal information for the purpose of providing the requested service. Insofar as STIEBEL ELTRON uses external service providers when providing its services, they also only have access for the purpose of providing the services. STIEBEL ELTRON takes technical and organisational measures to ensures compliance with data protection requirements and places its external service providers under the same obligation.
STIEBEL ELTRON will not share personal data with third parties without express consent, particularly not for advertising purposes. Personal data will only be shared if users themselves have consented to the data being shared or if STIEBEL ELTRON is entitled or obliged to do so on the basis of statutory provisions and/or an order by a public authority or court. This may involve the provision of information for the purpose of criminal prosecution, the prevention of danger or the enforcement of intellectual property rights.
In the event that STIEBEL ELTRON transfers personal data, either itself or through service providers, to countries outside of the European Union, STIEBEL ELTRON will comply with the special provisions of Article 44 et seq. GDPR and will place its service providers under the obligation to comply with these provisions. STIEBEL ELTRON will therefore only transfer personal data to countries outside of the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is ensured, in particular, through an adequacy decision by the EU Commission or by appropriate safeguards in accordance with Article 46 GDPR.
Where STIEBEL ELTRON obtains a consent for the processing of users' personal data, Article 6(1)(a) GDPR is the legal basis for the data processing.
Where STIEBEL ELTRON processes personal data because this is necessary for the performance of a contract or in the context of a quasi-contractual relationship with the user, Article 6(1)(b) GDPR is the legal basis for the data processing.
Where STIEBEL ELTRON processes personal data for compliance with a legal obligation, Article 6(1)(c) GDPR is the legal basis for the data processing.
Furthermore, Article 6(1)(f) GDPR can be considered as the legal basis for data processing if the processing of personal data is necessary to protect a legitimate interest of STIEBEL ELTRON or a third party and the interests, fundamental rights and freedoms of the user do not require the protection of the personal data.
In this Privacy Policy STIEBEL ELTRON will always indicate on which legal basis STIEBEL ELTRON bases the processing of personal data.
STIEBEL ELTRON will always delete or block users' personal data once the purpose of the storage no longer applies. However, data may be stored beyond this if stipulated by legal requirements to which STIEBEL ELTRON is subject, for example with regard to statutory retention and record-keeping obligations. In such a case, STIEBEL ELTRON will delete or block the personal data once these requirements cease to apply.
Every time the app is accessed, STIEBEL ELTRON collects the following information about the end device: the IP address, the browser request and the time of this request. In addition, the status and the volume of data transmitted is recorded as part of this request. STIEBEL ELTRON also collects product and version details about the browser used and the computer's operating system. The IP address of the end device is only stored for the time the app is being used, and is then deleted or anonymised by truncation. The remaining data is stored for a limited period of time. STIEBEL ELTRON uses this data to provide the app and the content that can be accessed via the app. These purposes constitute legitimate interests of STIEBEL ELTRON in the data processing pursuant to Article 6(1)(f) GDPR.
Users need to have and use a customer account to use the app. This requires logging into the app with the credentials of the customer account, which is then transmitted to STIEBEL ELTRON for checking. Special data protection provisions apply to the processing of data in connection with the customer account. Further information may be added, in addition to the information already stored in the customer account. This information serves the purpose of adapting the app's features or features that can be accessed via the app to match the user's needs as closely as possible. The information requested in a mandatory field is required for the performance or conclusion of a contract with STIEBEL ELTRON for certain services.
The legal basis for processing the data for registration in the case of consent is Article 6(1)(a) GDPR. If you register with us for purposes of performance or conclusion of a contract, the additional legal basis for the processing of the data is Article 6(1)(b) GDPR.
When logging into the app, the user will be given the opportunity to create a new customer. If they already have a customer account, this can be used to log into the app. In such cases, registration is not required.
STIEBEL ELTRON uses third party services for some of the app's features. These services mainly consist of optional features that must be explicitly selected or used by the user. STIEBEL ELTRON has entered into contractual agreements with the respective service providers for the provision or integration of their services and is committed, to the extent possible, to ensuring that the third party providers also provide transparent information about the extent to which they process personal data and comply with the provisions of data protection law.
STIEBEL ELTRON uses Google Firebase in connection with the operation of the app. Google Firebase is a services provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This service includes various features that enable STIEBEL ELTRON to analyse in-app behaviour. This allows STIEBEL ELTRON, for example, to analyse screen views, the use of buttons and/or the effectiveness of promotional measures. STIEBEL ELTRON can also determine which features within the app are used frequently or rarely. Google Firebase stores, among other things, the number and duration of sessions, operating system, device models, region and a range of other data for this purpose. An overview of the data collected by Google Firebase is available at: https://support.google.com/firebase/answer/6318039?hl=en. In the context of the use of the service it cannot been ruled out that personal data of users is transmitted to the US. In order to protect the personal data of users, STIEBEL ELTRON has entered into an agreement for commissioned data processing, taking into account the standard contractual clauses.
Google Firebase is used to optimise the app. This constitutes a legitimate interest in line with Article 6(1)(f) GDPR.
Further information on Google Firebase can be found online at https://firebase.google.com/ and https://www.firebase.com/terms/privacy-policy.html.
STIEBEL ELTRON uses the app to send messages; users can contact STIEBEL ELTRON via the app.
If consent to transmission has been given and the technical requirements are met, STIEBEL ELTRON will transmit push notifications, particularly to provide information about relevant events and additional offers. Users are entitled to revoke their consent in this respect at any time, in particular by adjusting the setting in the end device accordingly. Users may revoke consent to receiving push notification via the operating system of the end device as follows:
iOS/settings/< app >/notifications
Android/settings/apps/app manager/< app >/notifications
The legal basis for the processing of the personal data is Article 6(1)(a) GDPR.
STIEBEL ELTRON uses the Google service "Firebase Cloud Messaging" to send push notifications. This service creates what is known as a "Firebase Cloud Messaging Registration Token", which uniquely identifies the app installation on the device and allows the message addressee to be recognised. Further details on Google Firebase Cloud Messaging can be found at https://firebase.google.com/products/cloud-messaging/ and in Google's Privacy Policy: https://www.google.com/policies/privacy/. Settings regarding the topics on which notifications will be transmitted are stored together with the anonymised token and kept by STIEBEL ELTRON until consent is revoked.
STIEBEL ELTRON attaches great importance to explaining the processing of personal data as transparently as possible and to providing information about the rights of data subjects. If they require more detailed information or if they wish to exercise any rights of data subjects, users or data subjects may contact STIEBEL ELTRON at any time and we will deal with their request.
The data subject has extensive rights with regard to the processing of personal data. Firstly, data subjects have a comprehensive right to information and may, if necessary, request the correction and/or deletion or blocking of their personal data. The data subject may also request the restriction of processing and has a right to object. The data subject also has a right to data portability with regard to personal data provided to STIEBEL ELTRON by the data subject.
If the data subject wishes to exercise any of the rights and/or requires further information in this regard, they can contact STIEBEL ELTRON's customer service. Alternatively, data subjects may contact the STIEBEL ELTRON data protection officer.
Any consent given may be revoked at any time with effect for the future. The revocation of consent does not affect the lawfulness of any processing that has taken place until such revocation. Again, the points of contact in this regard are customer service and the data protection officer of STIEBEL ELTRON.
If the processing of personal data is not based on consent but on another legal basis, users may object to this processing of data. The objection leads to a review of and, potentially, termination of the data processing. The user / data subject will be notified of the result of the review and – if STIEBEL ELTRON intends to continue the data processing – will be given more detailed information by STIEBEL ELTRON as to why the processing of the data is permissible.
STIEBEL ELTRON has appointed a data protection officer who supports STIEBEL ELTRON with data protection issues and whom users and data subjects can also contact directly. The data protection officer and his team will be happy to answer any questions relating to STIEBEL ELTRON's handling of personal data or to provide further information on data protection issues:
STIEBEL ELTRON GmbH & Co. KG
Data protection officer
Dr. Stiebel Straße 33
37603 Holzminden
Telephone : +49 (0) 55 31 - 702 703
Fax : +49 (0) 55 31 - 702 95 106
E-mail : datenschutz@stiebel-eltron.de
If users believe that STIEBEL ELTRON is not processing their personal data in accordance with this Privacy Policy or the applicable data protection provisions, they can lodge a complaint with the supervisory authority. Users may also complain to the data protection officer of STIEBEL ELTRON. The data protection officer will look into the matter and inform the user of the outcome.
The app may contain links to other websites. These links are usually marked as such. STIEBEL ELTRON has no influence over the extent to which the applicable data protection regulations are observed on the linked websites. We therefore recommend that users also find out for themselves about the respective privacy policies on other websites.
The effective date of this Privacy Policy is as indicated at the top. STIEBEL ELTRON reserves the right to amend this Privacy Policy at any time with effect for the future. Changes will be made, in particular, in the event of technical adjustments to the app or changes to data protection requirements. The current version of this Privacy Policy, as amended from time to time, can always be accessed directly via the app. STIEBEL ELTRON recommends that users regularly acquaint themselves with changes to this Privacy Policy.
STIEBEL ELTRON GmbH & Co. KG (STIEBEL ELTRON), Holzminden, as the contracting party for the customer account, is the controller for the processing of the personal data in connection with the use of the customer account. The contact details of STIEBEL ELTRON can be found in the company details; the points of contact for questions regarding the processing of personal data are named directly in this Privacy Policy.
STIEBEL ELTRON takes the protection of users' privacy and private data very seriously. STIEBEL ELTRON collects, stores and uses personal data of users only in accordance with the provisions of this Privacy Policy and the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the national data protection regulations.
In this Privacy Policy STIEBEL ELTRON provides information about the extent to which and the purposes for which personal data is processed in connection with the use of the customer account.
Personal data is information regarding an identified or identifiable natural person. This includes all information relating to a person's identity, such as name, email address or postal address. Information that cannot be linked to the identity of users (such as statistical information, for example on the number of times the website was accessed), on the other hand, is not considered personal data. It is mandatory for the customer account that users identify themselves to STIEBEL ELTRON and provide, among other things, their name and contact details. STIEBEL ELTRON's products, on the other hand, can typically be used without users disclosing their identity; however, the use of certain (online) features may require the existence of a customer account.
If personal data is collected, users are only under an obligation to submit data that is strictly required. Additional details may be provided on a voluntary basis. STIEBEL ELTRON will indicate which details are strictly required (mandatory field) and which are voluntary. STIEBEL ELTRON will provide detailed information about this in the relevant section of this Privacy Policy.
There will be no automated decisions made on the basis of personal data in connection with the use of the customer account.
STIEBEL ELTRON stores personal data on specially protected servers within the European Union. The data is protected by technical and organisational measures against loss, destruction, access, modification or distribution by unauthorised persons. Only a small number of authorised persons have access to the data. They are responsible for the technical, commercial or editorial maintenance of the servers. However, despite regular checks, it is not possible to protect data completely against all hazards.
The personal data is transmitted via the internet in an encrypted format. When transmitting data, we use TLS/SSL encryption (transport layer security / secure socket layer).
STIEBEL ELTRON will only use users' personal information for the purpose of providing the requested service. Insofar as STIEBEL ELTRON uses external service providers when providing its services, they also only have access for the purpose of providing the services. STIEBEL ELTRON takes technical and organisational measures to ensures compliance with data protection requirements and places its external service providers under the same obligation.
STIEBEL ELTRON will not share personal data with third parties without express consent, particularly not for advertising purposes. Personal data will only be shared if users themselves have consented to the data being shared or if STIEBEL ELTRON is entitled or obliged to do so on the basis of statutory provisions and/or an order by a public authority or court. This may involve the provision of information for the purpose of criminal prosecution, the prevention of danger or the enforcement of intellectual property rights.
In the event that STIEBEL ELTRON transfers personal data, either itself or through service providers, to countries outside of the European Union, STIEBEL ELTRON will comply with the special provisions of Article 44 et seq. GDPR and will place its service providers under the obligation to comply with these provisions. STIEBEL ELTRON will therefore only transfer personal data to countries outside of the European Union subject to the level of protection guaranteed by the GDPR. This level of protection is ensured, in particular, through an adequacy decision by the EU Commission or by appropriate safeguards in accordance with Article 46 GDPR.
Where STIEBEL ELTRON obtains a consent for the processing of users' personal data, Article 6(1)(a) GDPR is the legal basis for the data processing.
Where STIEBEL ELTRON processes personal data because this is necessary for the performance of a contract or in the context of a quasi-contractual relationship with the user, Article 6(1)(b) GDPR is the legal basis for the data processing.
Where STIEBEL ELTRON processes personal data for compliance with a legal obligation, Article 6(1)(c) GDPR is the legal basis for the data processing.
Furthermore, Article 6(1)(f) GDPR can be considered as the legal basis for data processing if the processing of personal data is necessary to protect a legitimate interest of STIEBEL ELTRON or a third party and the interests, fundamental rights and freedoms of the user do not require the protection of the personal data.
In this Privacy Policy STIEBEL ELTRON will always indicate on which legal basis STIEBEL ELTRON bases the processing of personal data.
STIEBEL ELTRON will always delete or block users' personal data once the purpose of the storage no longer applies. However, data may be stored beyond this if stipulated by legal requirements to which STIEBEL ELTRON is subject, for example with regard to statutory retention and record-keeping obligations. In such a case, STIEBEL ELTRON will delete or block the personal data once these requirements cease to apply.
Each use of the customer account requires a check of the details provided against the data held on the servers of STIEBEL ELTRON. In this context, STIEBEL ELTRON collects the following information about the end device used, irrespective of registration: the IP address, the browser request and the time of this request. In addition, the status and the volume of data transmitted is recorded as part of this request. The IP address of the end device is only stored for the time the customer account is being used and is then deleted or anonymised by truncation. The remaining data is stored for a limited period of time. STIEBEL ELTRON uses this data to create a usage history of the customer account for reasons of transparency. These purposes constitute legitimate interests of STIEBEL ELTRON in the data processing pursuant to Article 6(1)(f) GDPR.
Before using the customer account for the first time, users must register. As part of the registration process, the user's name, their email address and other contact details are requested. After registration has been completed, a code will be sent to the email address provided, which must be entered to confirm registration and which will activate the customer account.
The legal basis for processing the data for registration in the case of consent is Article 6(1)(a) GDPR. If you register with us for purposes of performance or conclusion of a contract, the additional legal basis for the processing of the data is Article 6(1)(b) GDPR.
STIEBEL ELTRON uses data logged via the customer account to record which devices were used to establish a connection to the servers of STIEBEL ELTRON using the customer account and which activities are carried out. The main purpose for keeping logs is to protect the customer accounts against misuse and to monitor the proper provision of services and functioning of the systems. The legal basis is the legitimate interest of STIEBEL ELTRON in line with Article 6(1)(f) GDPR as is set out in the above considerations.
Additional features, which may be offered by STIEBEL ELTRON at its own discretion free of charge or subject to a fee, can be unlocked and/or activated via the customer account. In this respect, the customer account is used to record when and via which device such features were unlocked and/or activated. The legal basis in this regard is the processing of a contract, namely of the agreements on the use of additional features.
If additional features are offered for a fee, they will be billed via the customer account. This process involves the request and storage of additional data, which is necessary for the processing of the payment, and in particular the chosen payment method and related details. The purchase and payment history will be recorded in relation to the customer account for the duration of its existence. Again, the legal basis in this respect is the processing of a contract and/or, after all possible contractual claims have become time-barred and the retention obligations under commercial law have expired, the justified interest in a full user history for reasons of transparency.
STIEBEL ELTRON attaches great importance to explaining the processing of personal data as transparently as possible and to providing information about the rights of data subjects. If they require more detailed information or if they wish to exercise any rights of data subjects, users or data subjects may contact STIEBEL ELTRON at any time and STIEBEL ELTRON will deal with their request.
The data subject has extensive rights with regard to the processing of personal data. Firstly, data subjects have a comprehensive right to information and may, if necessary, request the correction and/or deletion or blocking of their personal data. The data subject may also request the restriction of processing and has a right to object. The data subject also has a right to data portability with regard to personal data provided to us by the data subject.
If the data subject wishes to exercise any of the rights and/or requires further information in this regard, they can contact STIEBEL ELTRON's customer service. Alternatively, data subjects may contact the STIEBEL ELTRON data protection officer.
Any consent given may be revoked at any time with effect for the future. The revocation of consent does not affect the lawfulness of any processing that has taken place until such revocation. Again, the points of contact in this regard are customer service and the data protection officer of STIEBEL ELTRON.
If the processing of personal data is not based on consent but on another legal basis, users may object to this processing of data. The objection leads to a review of and, potentially, termination of the data processing. The user / data subject will be notified of the result of the review and – if STIEBEL ELTRON intends to continue the data processing – will be given more detailed information by STIEBEL ELTRON as to why the processing of the data is permissible.
STIEBEL ELTRON has appointed a data protection officer who supports STIEBEL ELTRON with data protection issues and whom users and data subjects can also contact directly. The data protection officer and his team will be happy to answer any questions relating to STIEBEL ELTRON's handling of personal data or to provide further information on data protection issues:
STIEBEL ELTRON GmbH & Co. KG
Data protection officer
Dr. Stiebel Straße 33
37603 Holzminden
Telephone : +49 (0) 55 31 - 702 703
Fax : +49 (0) 55 31 - 702 95 106
E-mail : datenschutz@stiebel-eltron.de
If users believe that STIEBEL ELTRON is not processing their personal data in accordance with this Privacy Policy or the applicable data protection provisions, they can lodge a complaint with the supervisory authority. Users may also complain to our data protection officer. The data protection officer will look into the matter and inform the user of the outcome.
The effective date of this Privacy Policy is as indicated at the top. STIEBEL ELTRON reserves the right to amend this Privacy Policy at any time with effect for the future. Changes will be made, in particular, in the event of adjustments to the technical processes or changes to data protection requirements. The current version of this Privacy Policy, as amended from time to time, can always be accessed directly via the homepage, the app or WED. STIEBEL ELTRON recommends that users regularly acquaint themselves with changes to this Privacy Policy.