2. Protection of minors under the age of 16
If we find that a minor under the age of 16 has sent personal data to us without the consent of the parent or legal guardian or without the parent or legal guardian's agreement to the minor's consent, we will immediately delete the data.
3. Information we collect and how we use your information
In order to provide our services, we collect the data required to do this. This includes, for the purposes of personalisation, your email address, as well as technical information about your Koubachi hardware (including unique identification numbers of such hardware).
The aim of the processing of your data is primarily to provide you with the services for your Koubachi hardware, but the information may also be used for product development, research and development, and the analysis of properties, as well as for support. A pseudonymous ID is stored for the purposes of troubleshooting and product improvement. Your data will be stored for as long as it is required by GARDENA to fulfil the above-mentioned purposes, but under no circumstances for longer than the applicable laws allow.
4. Purposes of data processing and legal basis
Your personal data is processed on the basis of the following legal bases for the following purposes:
- Contract initiation in accordance with Art. 6, Para. 1 a) and b) of the GDPR
- Contract execution in accordance with Art. 6, Para. 1 b) of the GDPR
- Customer management in accordance with Art. 6, Para. 1 b) and c) of the GDPR
- Communication and data exchange in accordance with Art. 6, Para. 1 a), b), c) and f) of the GDPR
- Public image and advertising in accordance with Art. 6, Para. 1 f) of the GDPR
- Implementation of declarations of consent in accordance with Art. 6, Para. 1 a) of the GDPR
- Ensuring proper operation of a data processing system in accordance with Art. 6, Para. 1 c) and f) of the GDPR.
5. Security and confidentiality and how we protect your data
In order to ensure the security and confidentiality of your data, we use data networks that, among other things, are protected by state-of-the-art firewalls and password protection mechanisms. We have taken appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration and destruction.
6. Feedback form
Data that you share with us via the feedback form is processed for communication purposes and for the purpose of data exchange, in other words in order to respond to your specific query. This data is stored for the period of time necessary to process it for these purposes or until the expiration of any ensuing retention periods. In addition to your specific enquiry, this data includes your email address and information about the device on which you are running the app (device type, operating system version, country setting) and the version of the Koubachi app being used.
7. Use of location data
Some of our services only work if we can determine your location (e.g. weather display). You can provide this to us as part of our services. The data is stored as part of your profile and sent only in pseudonymised form to third parties for the purposes of providing the relevant service (e.g. displaying the weather for your location). We also do not create profiles with location and/or movement data.
8. Disclosure of your information, deletion
Access to your personal data stored by us is limited to our employees, and to service providers contracted by us whose tasks require them to handle this personal data.
Insofar as third parties have access to your data, we have obtained consent from you for this purpose or there is a legal basis for this. The service providers process the data only on our instructions and are obliged to comply with the applicable provisions of data protection law. All processors have been carefully selected and receive access to your data only to the extent and for the period required in order to provide their services or to the extent to which you have given your consent to the processing and use of the data.
The servers of some of the service providers that we use are located in the USA or in other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data is processed in a country that does not have the same high level of data protection as in the European Union, we ensure that your personal data is adequately protected by means of contractual arrangements and other recognised instruments. We expressly draw your attention to this point in the context of the individual services.
Where personal data is transferred to third countries, this is carried out on the basis of the adequacy decision of the European Commission on the EU-U.S. Privacy Shield in accordance with Art. 45 of the GDPR and the EU model contract 2010 in accordance with Art. 46 Para. 2 c) of the GDPR in conjunction with Commission Decision of 5 February 2010 (2010/87/EU) and in accordance with Art. 49, Para. 1 a) of the GDPR.
Any exchange of data within the group of undertakings to which we belong takes place exclusively within the EU/EEA and Switzerland, and only for internal management purposes. We understand "group of undertakings" to refer to affiliated companies within the meaning of Art. 4, No. 19 of the GDPR.
9. Profiling, cookies and web tracking
11. Use of development tools
To ensure the proper operation of our app we use a number of different development tools (e.g. Sentry, Datadog and Crashlytics). Some of these tools process personal data (for example, IP addresses). We use these programs solely for the purpose of ensuring the proper operation of the platform (for example, to record errors or system crashes).
12. Consent to the processing of your personal data
You may revoke your consent at any time. To do this, please send an email to the following address: email@example.com
13. Your rights
You have a number of statutory rights, which we would like to draw your attention to below. In addition, our data protection officer, it.sec GmbH Co. KG, is available to answer any questions you may have regarding your personal data that we collect and process at firstname.lastname@example.org.
a) Right of access and right to data portability
You have the right to information regarding your personal data processed by us at any time. If the data processing takes place on the basis of your consent or in accordance with Art. 6, Para. 1 b) of the GDPR on the basis of a contract, you may also request, in accordance with Art. 20, Para. 1 of the GDPR, the provision of your stored personal data in a structured, commonly used and machine-readable format. At your request, we will also forward the data directly to the recipient specified by you.
b) Right to rectification, restriction and deletion
You may also, in accordance with Art. 16 to 18 of the GDPR, ask us to rectify, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason for restricting further data processing, or the data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by statutory retention periods.
c) Rights to object
If our data processing is based solely on our legitimate interests in accordance with Art. 6, Para. 1 f) of the GDPR, you may object to this processing in accordance with Art. 21, Para. 1 of the GDPR. We will then stop processing your data, unless we are able to demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is required for the establishment, exercise or defence of a legal claim.
d) Right of withdrawal
If you have given us your consent to allow the processing of your personal data, you have a right of withdrawal with effect for the future in accordance with Art. 7, Para. 3 of the GDPR.
e) Right to file a complaint with the supervisory authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws.
f) Contact details
In order to exercise your rights, you can send us an informal notification using the following contact details. Furthermore, if you wish to withdraw your consent, please send a message specifying which declaration of consent you wish to withdraw to the following:
89079 Ulm, Germany
Data protection officer
it.sec GmbH & Co. KG
— Data protection officer —
89077 Ulm, Germany
Tel.: +49 (0)731/20589-24
14. Notification of changes
As at: 23/04/2018