1. General data protection information
1.1 Responsible party
The body responsible for the data processing carried out within the scope of App is:
We have appointed a data protection officer. You can reach him under the following contact details:
deDATA GmbH & Co. KG
Habichtswalder Str. 18
Phone: +49 (0) 561 316 85 89
1.2 Storage period
Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
1.3 Legal basis for the storage of personal data
This app uses encryption for reasons of security and to protect the transmission of confidential content, for example, inquiries that you send to us as the app operator or communication between app users. This encryption prevents all transmitted data from being read by unauthorized third parties.
2. Your rights
The GDPR grants data subjects whose personal data is processed by us certain rights, which we would like to inform you about at this point:
2.1 Revocation of your consent to data processing.
Many data processing operations are only possible with your consent. We will explicitly obtain this from you before starting data processing. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
2.2 Right to object to data collection in special cases and to direct advertising
If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal bases on which processing is based can be found in this data protection declaration. If they object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the processing to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising
2.3 Right of complaint to a supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The right of appeal is without prejudice to other administrative or judicial remedies.
2.4 Information, deletion and correction
You have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing, as well as a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
2.5 Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
– If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
– If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
– If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
– If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined which interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
2.6 Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
3. Access rights of our app
For the operation of the App, we require the following access rights, which allow us to access certain functions of your device.
– Bluetooth Android API to scan for nearby devices. Scans are filtered to find only those Bluetooth devices that claim to be Uniflex machines
– Device identifier (e.g. advertising ID)
– Phone status (e.g. “On” or “Standby”)
– Network connection
– Network status (e.g. if the device is offline, u-a- for streaming content)
– Audio playback
– Push notifications (Android devices have the default setting that push notifications are automatically enabled. This default setting can be revoked during the registration process and at any time in the app in the profile under “Settings”. Apple devices have the default setting that push messages are automatically disabled, should you wish to receive push messages, please enable this feature here in the profile under “Settings”).
– Vibrate (for push notifications)
– Memory access (for writing and reading app images and audio files).
Access to the device functions is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. In addition, the processing is carried out on the basis of Art. 6 para. 1 S 1 lit. b GDPR for the fulfillment of the contract for the use of our app.
4. Information on the processing of your data when using our app
Personal data is processed when you use our app. We have listed for you below which personal data we specifically process.
4.1 Data processed during download
When you download the app, information is already automatically transmitted to the app store you have selected (Google Play Store or Apple App Store). These data are in particular your username, email address, if applicable customer number of your account, the time of the download, payment information and the individual device identification number. The processing of this data is carried out exclusively by the App Store and is beyond our control.
4.2 Creation of a user account through registration and login
This data processing is justified by the fact that (1) the processing is necessary for the
fulfillment of the contract between you as the data subject and us as the app operator pursuant to Art. 6 (1) lit. b DSGVO for the use of the app, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the app, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR.
4.3 Data processed when using the app
4.3.1 Data collection
By using the app, information is collected that is technically necessary for the administration of the users, for the start-up of the app and in particular for the transmission of conversion data. This allows us to continue to offer the functions of our app in the future and to ensure stability and security. The following data is collected:
- Location data (for Android to search for Bluetooth devices).
- Personal data (storage on the server)
- e-mail address
- first name
- last name
- Password (as hash code, no plain text)
- Conversion data (stored on the server, if function is active in the settings)
- Item name
- Machine type
- Serial number
- Press dies
- Target diameter
- Actual diameter
- Correction value
- Opening diameter
- Holding time
- Unit of measurement
- Pressing force
- Number of pieces
- Number of the batch
- World time of forming
- Local time of the forming
- Operator e-mail address
- Machine data (stored on your local terminal)
- MAC address
- Bluetooth services used
- Internal device ID
- Access status/HTTP status code
- Amount of data transferred
- Language settings
- Operating system and version
- Connection data (e.g. WiFi or mobile data connection)
- Screen resolution
- Website data that enabled a redirection to our app (so-called referrer),
- Request parameters (e.g. authentication code or campaign ID)
- App sessions and duration of app sessions
- App interaction
4.3.2 Data storage
Your data is stored either on your local terminal device or on a server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (see also 4.3.1 Data collection). The servers of Hetzner Online GmbH are located exclusively in Germany. The data on your device is not accessible to other applications.
4.3.3 Storage duration
The app’s local data is stored for as long as the app is installed.
4.3.4 Purpose of use
We collect data (1) to provide you with the Service and related features; (2) to improve the features and functionality of the App; and (3) to prevent and remedy misuse and malfunction. The Identifiable User Data on the Server is used solely for the purpose of illustrating the operation of the Service and for user management purposes.
4.3.5 Inspection and disclosure of data
It is possible to inspect all data stored on the server. This access takes place via SSH and is set up exclusively for selected employees of Uniflex-Hydraulik GmbH. In addition, there is the possibility of viewing via the web interface. This is possible for every user with “superadmin” rights. Currently, this possibility exists exclusively for selected employees of Uniflex-Hydraulik GmbH. Only the user himself has access to the local data on the device. No data is passed on to third parties.
4.3.6 Legal basis
This data processing is supported by the fact that (1) the processing is necessary for the fulfillment of the contract between you as the data subject and us as the app operator pursuant to Art. 6 (1) lit. b GDPR for the use of the app, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the app and being able to offer a service that is in line with the market and interests, which ultimately outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR.
4.3.7 Example illustrating the data flow when using the app
- Employee 1 of customer 1 (M1K1) installs the app from the App Store or Play Store on his tablet/smartphone (device).
- He registers in the app.
- His data is sent to the cloud. The cloud then sends a mail asking for confirmation of the email address.
- If the email address has been confirmed, the merchant (superadmin) receives an email that a new customer has registered.
- The dealer logs into the web backend and activates the customer account. The M1K1 now belongs to the user group “user”, so he has the possibility to log in on any device with the merchant app. M1K1 cannot use the web backend. M1K1 will be notified about the account activation by mail.
- If M1K1 now logs into the app, he can access the press tables there. Furthermore, he can connect to machines that are in Bluetooth range and that the dealer has previously added in the web backend for customer 1.
- M1K1 can create favorites and see favorites from all machines of customer 1, because they are synchronized via the cloud.
- If M1K1 manufactures hoses, he can view these results on the device he is connected to the machine. After manufacturing, these are transferred to the cloud if there is an internet connection, otherwise as soon as a crimping has been completed where there is an internet connection.
- The dealer can view the favorites and the results in the web backend. He can additionally filter them by customer and machine.
- Employee 2 of customer 1 (M2K1) cannot look at production results of M1K1, but sees his favorites.
M1K1 can only log in on one device. If he is logged in on device A and logs in on device B, he will be automatically logged out on device A.
If the merchant wants to delegate his work, he can make a “user” a “superadmin”, so he also gets the possibility to view all data via the web backend.
4.4 Data processed by way of an inquiry by e-mail, telephone or fax
If you contact us by way of the app, e-mail, telephone or fax, your contact details, inquiries as well as the associated data will be stored by us.
If your contact is related to the performance of a contract or to pre-contractual measures with us, the processing of your data is based on Art. 6 (1) lit. b GDPR for purposes of contract performance. If this is not the case, the processing of your data is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the fast and effective processing of requests addressed to us. The inquiries you send us as well as related information remain with us until the purpose of storage (especially the completion of the request) ceases to apply or you request us to delete it. Legal retention periods remain unaffected.
5. Passing on and transfer of collected data
In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if this is legally permissible or required. This may be the case, among other things, if the processing is necessary to protect vital interests of the user or another natural person.
5.1 Illegal or abusive use of the app
5.2 Foundation, purchase and sale of subsidiaries, company components
6. Disclosure and transfer of collected data to the USA and other third countries.
Your personal data may be transferred to the USA or other third countries through the use of the Google Play Store or Apple App Store. We would like to point out that no level of data protection comparable to the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.