Privacy Statement
As the protection of your privacy is very important to us, we always comply with the provi-sions of European and German data protection law when performing any kind of data pro-cessing (e.g. collection, processing and transmission).
As far as we are aware, no personal data is collected or processed via our app. However, as an email address is indicated in the App Store for you to contact us and potentially send personal information, this privacy statement presents an overview of the data collected and the way in which you can receive information on the data provided to us.
1. Our contact for data protection enquiries
The “controller” of all data processing operations on our webpages, as defined in the data protection regulations, is
LAUDA DR. R. WOBSER GMBH & CO. KG, Laudaplatz 1, D-97922 Lauda-Königshofen, Tel.: +49 9343 503-0, Fax: +49 9343 503-222, Email: info@lauda.de
In accordance with the legal requirements, we have appointed
Mr
Dan Ochs
Würth IT GmbH
Drillberg 6
D-97980 Bad Mergentheim
Email: datenschutz@würth-it.de
as the Data Protection Officer at our company.
Please send any data protection enquiries to the above address.
2. What data is collected and processed via the app?
We have made a conscious decision to only collect and process data that is absolutely nec-essary to use the app. Therefore, no personal data (e.g. names, email addresses, phone numbers) have to be collected or processed to enable the use of the app.
However, a certain amount of other non-personal data must be collected and processed to ensure that a connection can be established between the app and the thermostat.
This is done using so-called “two-factor authentication”. You can find out below how this works and which data is collected and stored:
Two-factor authentication
When you connect the app to a LAUDA thermostat, the thermostat will transmit a cer-tificate to your app. The validity of the certificate will then be verified by the app. The app will take a unique hash value from the certificate and store it on your device.
When a connection is established between the app and the LAUDA thermostat for the first time, two-factor authentication is used to determine whether the person using the app actually has access to a LAUDA thermostat. If two-factor authentication is suc-cessful, the LAUDA thermostat will generate a so-called “token”. This token will then be transferred to the app and stored with the hash value on your device.
When you reconnect the app to a LAUDA thermostat, the app will check whether a token has already been generated for the hash value. The validity of the token will be verified by the LAUDA thermostat. If the token in your app is valid, two-factor authen-tication will not take place again.
No personal data is contained in the hash value or token, and they are not used to collect or store any additional data (e.g. about your device).
You can always delete the token in the LAUDA thermostat menu; another successful two-factor authentication process will then be required to enable access.
The information stored in the app about the certificate transmitted by the LAUDA thermostat can also be deleted at any time.
The app will not process any information other than the data that is generated and stored on your device during the two-factor authentication process.
No user profiles are created via the app.
However, we have provided an email address in the App Store for you to contact us. If you ever contact us via email, you will provide us with personal data. You can find out below how your data will be processed in such cases:
Contact via email
You can contact us at the email address indicated in the App Store. In such cases, we will store any personal data provided in your email.
We will only ever use your data to process your enquiry and may use your details to contact you for this purpose. This data will not be used for advertising purposes or disclosed to third parties.
The legal basis for the processing of any data provided via email is point (f) of Art. 6 (1) GDPR. If the aim of making contact is to conclude a contract, the additional legal basis for processing will be point (b) of Art. 6 (1) GDPR.
We will only ever process any personal data sent via email to contact you. When con-tacting you via email, we also have the necessary legitimate interest in the processing of data.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Any personal data provided via email will no longer be re-quired when our conversation with you is over. Our conversation will be considered over when the circumstances suggest the matter has been conclusively clarified.
Right to object:
You may object to the processing of your personal data at any time by contacting us via one of the channels indicated above. If you contact us via email and object to the storage of your personal data, we will not be able to continue our conversation.
In such cases, any personal data stored over the course of our communication will be deleted.
3. Rights of data subjects
If your personal data is ever processed, you will be a “data subject”, as defined in the GDPR, and may exercise the following rights against the controller:
Access, rectification, restriction of processing and erasure
You have the right to obtain free information at any time regarding the personal data we may store on your person, the origin and recipients of such data and the purpose of any data processing performed via email and our app. If the legal requirements are met, you may also request the rectification and/or erasure of your personal data and the restriction of data pro-cessing.
Right to data portability
You have the right to receive any personal data that you have provided to us, as the control-ler, in a structured, commonly used and machine-readable format.
Right to information
If you have asserted your right to rectification, erasure or the restriction of processing against us, as the controller, we will be obliged to inform all recipients of your personal data about the rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to ask us, as the controller, to inform you about such recipients.
Right to object
You may always object, on grounds relating to your particular situation, to any processing of your personal data based on point (e) or (f) of Art. 6 (1) GDPR, including any profiling based on those provisions (although we do not carry out any profiling).
We will then only continue to process your personal data if we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if your personal data is processed for the establishment, exercise or defence of legal claims.
Notwithstanding the provisions set forth in Directive 2002/58/EC, you may exercise your right to object by automated means through information society services that use technical speci-fications.
Revocability of consent
In addition, you may always revoke any consent you have given with future effect by contact-ing us via one of the channels indicated above. If you revoke your consent, this will not af-fect the legality of any data processing carried out on the basis of your consent before the revocation date.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority – particularly in the Member State of your habitual residence, place of work or place of the alleged infringement – if you believe the processing of your personal data infringes the provisions of the General Data Protection Regulation.
The supervisory authority that receives the complaint will inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy in ac-cordance with Art. 78 GDPR.
4. Changes to this privacy statement
As we reserve the right to make necessary changes to this privacy statement without prior notice, we recommend that you regularly check this page for any possible amendments.