Privacy policy APP

Privacy policy APP

The topic of data protection is an important concern for us. For this reason, we would like to inform you about the handling of your personal data by our app by way of our privacy policy. In particular, what data we collect, what we use the data for and for what purpose this is done. Personal data is all information with which you can be identified and which thus allows conclusions to be drawn about you. We treat your personal data confidentially and in accordance with the requirements of the statutory data protection regulations and this data protection declaration.

1. General data protection information

1.1 Responsible party

The body responsible for the data processing carried out within the scope of App is:

Uniflex-Hydraulik GmbH
Robert-Bosch-Str. 50-52
61184 Karben
Tel.: 06039-9171-0
E-mail: info@uniflex.de

We have appointed a data protection officer. You can reach him under the following contact details:

deDATA GmbH & Co. KG
Habichtswalder Str. 18
34119 Kassel
Phone: +49 (0) 561 316 85 89
E-mail: buero@dedata.de

1.2 Storage period

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

1.3 Legal basis for the storage of personal data

The processing of personal data is only permitted if there is an effective legal basis for the processing of this data. If we process your data, this is regularly done on the basis of your consent pursuant to Art. 6 (1) lit. a of the General Data Protection Regulation (GDPR) (e.g. when you voluntarily provide your data in the registration mask or as part of the contact form), for the purpose of fulfilling a contract pursuant to Art. 6 para. 1 lit. b GDPR (e.g. when using in-app purchases or the use of other paid app functions) or on the basis of legitimate interests according to Art. 6 para. 1 lit. f GDPR, which are always weighed against your interests (e.g. advertising measures). The relevant legal bases will be explicitly stated at a separate point in this privacy policy, if applicable.

1.4 Encryption

This app uses encryption for reasons of security and to protect the transmission of confidential content, for example, inquiries that you send to us as the app operator or communication between app users. This encryption prevents all transmitted data from being read by unauthorized third parties.

1.5 Changes to this privacy policy

We reserve the right to change this privacy policy at any time in compliance with legal requirements.

2. Your rights

The GDPR grants data subjects whose personal data is processed by us certain rights, which we would like to inform you about at this point:

2.1 Revocation of your consent to data processing.

Many data processing operations are only possible with your consent. We will explicitly obtain this from you before starting data processing. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

2.2 Right to object to data collection in special cases and to direct advertising

If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal bases on which processing is based can be found in this data protection declaration. If they object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the processing to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising

2.3 Right of complaint to a supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority. The right of appeal is without prejudice to other administrative or judicial remedies.

2.4 Information, deletion and correction

You have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing, as well as a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

2.5 Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

– If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

– If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.

– If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.

– If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined which interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

2.6 Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

3. Access rights of our app

For the operation of the App, we require the following access rights, which allow us to access certain functions of your device.

– Bluetooth Android API to scan for nearby devices. Scans are filtered to find only those Bluetooth devices that claim to be Uniflex machines

– Device identifier (e.g. advertising ID)

– Phone status (e.g. “On” or “Standby”)

– Network connection

– Network status (e.g. if the device is offline, u-a- for streaming content)

– Audio playback

– Push notifications (Android devices have the default setting that push notifications are automatically enabled. This default setting can be revoked during the registration process and at any time in the app in the profile under “Settings”. Apple devices have the default setting that push messages are automatically disabled, should you wish to receive push messages, please enable this feature here in the profile under “Settings”).

– Vibrate (for push notifications)

– Memory access (for writing and reading app images and audio files).

Access to the device functions is necessary to ensure the functionality of the app. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. In addition, the processing is carried out on the basis of Art. 6 para. 1 S 1 lit. b GDPR for the fulfillment of the contract for the use of our app.

4. Information on the processing of your data when using our app

Personal data is processed when you use our app. We have listed for you below which personal data we specifically process.

4.1 Data processed during download

When you download the app, information is already automatically transmitted to the app store you have selected (Google Play Store or Apple App Store). These data are in particular your username, email address, if applicable customer number of your account, the time of the download, payment information and the individual device identification number. The processing of this data is carried out exclusively by the App Store and is beyond our control.

4.2 Creation of a user account through registration and login

When you create a user account or log in, we use your Access Data (“Mandatory Data”) to enable you to access and manage your User Account in accordance with our Terms of Service. Mandatory Data in the registration process is marked with an asterisk and is required for the conclusion of the User Agreement. If you do not provide this information, you will not be able to create a user account. We use the mandatory data to authenticate you when you log in and to follow up on requests to reset your password. In your user account, you can view and change your stored data at any time. We process and use the data you enter during registration or a login to (1) verify your authorization to manage the User Account; (2) enforce the App’s Terms of Use and any related rights and obligations; and (3) contact you to send you technical or legal notices, updates, security messages, or other communications, such as those related to managing the User Account.

This data processing is justified by the fact that (1) the processing is necessary for the

fulfillment of the contract between you as the data subject and us as the app operator pursuant to Art. 6 (1) lit. b DSGVO for the use of the app, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the app, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR.

4.3 Data processed when using the app

4.3.1 Data collection

By using the app, information is collected that is technically necessary for the administration of the users, for the start-up of the app and in particular for the transmission of conversion data. This allows us to continue to offer the functions of our app in the future and to ensure stability and security. The following data is collected:

  • Location data (for Android to search for Bluetooth devices).
  • Personal data (storage on the server)
  • e-mail address
  • first name
  • last name
  • Password (as hash code, no plain text)
  • Conversion data (stored on the server, if function is active in the settings)
  • Item name
  • Machine type
  • Serial number
  • Press dies
  • Target diameter
  • Actual diameter
  • Correction value
  • Opening diameter
  • Holding time
  • Unit of measurement
  • Pressing force
  • Number of pieces
  • Number of the batch
  • World time of forming
  • Local time of the forming
  • Operator e-mail address
  • Machine data (stored on your local terminal)
  • MAC address
  • Name
  • Bluetooth services used
  • Internal device ID
  • Access status/HTTP status code
  • Amount of data transferred
  • Language settings
  • Operating system and version
  • Connection data (e.g. WiFi or mobile data connection)
  • Screen resolution
  • Website data that enabled a redirection to our app (so-called referrer),
  • Request parameters (e.g. authentication code or campaign ID)
  • App sessions and duration of app sessions
  • App interaction

4.3.2 Data storage

Your data is stored either on your local terminal device or on a server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (see also 4.3.1 Data collection). The servers of Hetzner Online GmbH are located exclusively in Germany. The data on your device is not accessible to other applications.

4.3.3 Storage duration

The app’s local data is stored for as long as the app is installed.

4.3.4 Purpose of use

We collect data (1) to provide you with the Service and related features; (2) to improve the features and functionality of the App; and (3) to prevent and remedy misuse and malfunction. The Identifiable User Data on the Server is used solely for the purpose of illustrating the operation of the Service and for user management purposes.

4.3.5 Inspection and disclosure of data

It is possible to inspect all data stored on the server. This access takes place via SSH and is set up exclusively for selected employees of Uniflex-Hydraulik GmbH. In addition, there is the possibility of viewing via the web interface. This is possible for every user with “superadmin” rights. Currently, this possibility exists exclusively for selected employees of Uniflex-Hydraulik GmbH. Only the user himself has access to the local data on the device. No data is passed on to third parties.

4.3.6 Legal basis

This data processing is supported by the fact that (1) the processing is necessary for the fulfillment of the contract between you as the data subject and us as the app operator pursuant to Art. 6 (1) lit. b GDPR for the use of the app, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the app and being able to offer a service that is in line with the market and interests, which ultimately outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR.

4.3.7 Example illustrating the data flow when using the app

  1. Employee 1 of customer 1 (M1K1) installs the app from the App Store or Play Store on his tablet/smartphone (device).
  2. He registers in the app.
  3. His data is sent to the cloud. The cloud then sends a mail asking for confirmation of the email address.
  4. If the email address has been confirmed, the merchant (superadmin) receives an email that a new customer has registered.
  5. The dealer logs into the web backend and activates the customer account. The M1K1 now belongs to the user group “user”, so he has the possibility to log in on any device with the merchant app. M1K1 cannot use the web backend. M1K1 will be notified about the account activation by mail.
  6. If M1K1 now logs into the app, he can access the press tables there. Furthermore, he can connect to machines that are in Bluetooth range and that the dealer has previously added in the web backend for customer 1.
  7. M1K1 can create favorites and see favorites from all machines of customer 1, because they are synchronized via the cloud.
  8. If M1K1 manufactures hoses, he can view these results on the device he is connected to the machine. After manufacturing, these are transferred to the cloud if there is an internet connection, otherwise as soon as a crimping has been completed where there is an internet connection.
  9. The dealer can view the favorites and the results in the web backend. He can additionally filter them by customer and machine.
  10. Employee 2 of customer 1 (M2K1) cannot look at production results of M1K1, but sees his favorites.

M1K1 can only log in on one device. If he is logged in on device A and logs in on device B, he will be automatically logged out on device A.

If the merchant wants to delegate his work, he can make a “user” a “superadmin”, so he also gets the possibility to view all data via the web backend.

4.4 Data processed by way of an inquiry by e-mail, telephone or fax

If you contact us by way of the app, e-mail, telephone or fax, your contact details, inquiries as well as the associated data will be stored by us.

If your contact is related to the performance of a contract or to pre-contractual measures with us, the processing of your data is based on Art. 6 (1) lit. b GDPR for purposes of contract performance. If this is not the case, the processing of your data is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the fast and effective processing of requests addressed to us. The inquiries you send us as well as related information remain with us until the purpose of storage (especially the completion of the request) ceases to apply or you request us to delete it. Legal retention periods remain unaffected.

5. Passing on and transfer of collected data

In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if this is legally permissible or required. This may be the case, among other things, if the processing is necessary to protect vital interests of the user or another natural person.

5.1 Illegal or abusive use of the app

If it is necessary to clarify illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.

Any disclosure of the personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with national legal requirements to disclose data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to the aforementioned third parties in the event of indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR do not override this.

5.2 Foundation, purchase and sale of subsidiaries, company components

As part of the further development of our business, it may happen that the structure of our company changes, by changing the legal form, founding, buying or selling subsidiaries, company parts or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law. Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR are not overridden.

6. Disclosure and transfer of collected data to the USA and other third countries.

Your personal data may be transferred to the USA or other third countries through the use of the Google Play Store or Apple App Store. We would like to point out that no level of data protection comparable to the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Nach oben