Klarstein Privacy Policy
In addition to our online range, we offer a mobile app (‘Klarstein App’) that you can download to your mobile device. In the following, we will inform you about the collection of personal data when using our Klarstein app. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, and user behaviour.
1. Provider/operatorof the app
(1)  The service provider and responsible body in accordance with Article 7 of theEU General Data Protection Regulation(GDPR) is
Chal-Tec GmbH, Wallstraße 16, 10179 Berlin(‘Chal-Tec’, ‘we’, ‘us’).
Email:appsupport@go-bbg.com
Tel: +49(0)30 408 173 508,
Fax: +49(0)30 408 173 505
(2)  You can reach our data protection officer at privacy@chal-tec.com or at our postal address with the addition ‘Data Protection Officer".
2.     What are personal data
(1)   ‘Personal data’ are defined by law as ‘individual details about personal or factual circumstances of a specific or identifiable natural person. This includes information such as name, address, email address or other information that can be traced back to a specific natural person.
(2)  When you contact us by email or via a contact form, we will save your email address and, if you have given these to us, your name and telephone number in order to answer your questions. We delete the data that arises in this context after it is no longer required to store it, or - in the case of statutory retention requirements - restrict processing.
(3)   If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.
3.     Your rights regarding your personal data
(1)   With regard to your personal data stored by us, you can assert the following rights against us under the respective requirements of the applicable standards:
-       You have the right torevoke your consent to the processing of data at any time with effect for the future(Art. 7 Para. 3 GDPR).
-       You have the right torequest information about the personal data we have stored about you at any time(Art. 15 GDPR).
-       You have the right tohave your data corrected or deleted(Art. 16, 17 GDPR).
-       You have the right to request that theprocessing of your data be restricteddue to inadmissible data processing (Art. 18 GDPR).
-       If the data has been corrected, deleted or restricted, you have the right tonotify all recipientsto whom your personal data has been disclosed (Art. 19 GDPR).
-       You have the right to receive the data collected by us within the framework of the contract or by way of consentin a structured formand the right to have this datatransmitted to third parties at your request,as far as technically possible(Art. 20 GDPR).
-       You have the right toobject to the processing of your personal data in certain cases(Art. 21 GDPR).
(2)   You also have the right to make a complaint to a data protection supervisory authority about the processing of your personal data in our company.
4.     Type and use of personal data
(1)   When downloading the mobile app, the required information, in particular the username, email address and customer number of your account, the time of the download, payment information and the individual device code, are transferred to the online platform from which the download is made. We have no influence over this data collection and are not responsible for it. We only process the data insofar as it is necessary for downloading the mobile app to your mobile device.
(2)  When using the mobile app, we collect the personal data described below to enable convenient use of the functions. The following data are technically necessary for us to offer you the functions of our mobile app and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
a.     Emailaddress
b.     Usage data (in a particular list of devices connected to the app service, logs of individual activities, location of the active device, the time window of device activity in the cloud (via the app or through the device connected to the cloud), report of defective products)
c.     Unique device identification for technical customer support
d.     Firmware version
e.     Hardware model
f.      Time stamp for the first and last activation for technical customer support
g.     IP address
h.     MAC address
i.      IMEI (International Mobile Equipment Identity)
j.      IMSI (International Mobile Subscriber Identity)
k.     Mobile phone number (MSISDN)
l.      Name of the mobile device
m.   Access status / HTTP status code
n.     Amount of data transferred in each case
o.     Browser
p.     Operating system and its interface
q.     Language and version of the browser software
r.      The signal strength of the WiFi for technical customer support.
The data provided can be revoked in the future at any time without giving reasons. The user must then note that in the event of revocation, the proper functions of this app may be impaired.
(3)  A personal user account is required to use our app. It is possible to create the user account with your email address or via your social media account (Facebook, Twitter, Google). When creating the user account with your email address, the following personal data is also required:
a.     Surname
b.     First name(s)
c.     Password of your choice
d.     Username of your choice
When creating a user account via the social media account you have selected, an identity request is sent to the social media platform and verified and activated after confirming the identity of the user account in our app. The profile picture used in the social media accounts you have selected will be stored as the profile picture of the user account in our app.
(4)  With our app it is possible to add several Smart Klarstein products provided with a corresponding WiFi chip to the app (e.g. Klarstein humidifier, stand heater, Klarstein air conditioner) as a device in order to be able to control them centrally via the app (creation of a so-called ‘hub’). Depending on the Smart Klarstein product, it may be possible to control other parameters such as temperature, humidity, timer, etc., which the Smart Klarstein product measures via the built-in sensors and then send back to the app. For better control of individual Smart Klarstein products, it may be necessary to specify the number of rooms in which the Smart Klarstein products to be controlled is set up and to define the rooms. We will also receive the following information about the registered Smart Klarstein products:
a.     Location of the device
b.     Device ID
c.     Serial number
d.     Product code
e.     IP address
f.      If necessary, the layout of the cleaned areas in the event of an error reported by a robot vacuum cleaner
(5)  The data collected are for the provision of the app services as well as for the other purposes of creating the user account, contacting the user, the device authorisations for access to personal data, interaction with external social networks, infrastructure monitoring, analysis and management of contact data and sending news. If the required data is not provided, the provision of the app's services cannot be guaranteed.
(6)  The user can release the access rights to the Smart Klarstein product or to a hub that has been created, including all connected devices, to other, already verified users, so that they can remotely control or monitor the activities of the Smart Klarstein products. The user can revoke this authorisation at any time. If the other approved user has not yet been verified, the logged-in user can invite them to verify by entering their email address. They will then receive an invitation to register by email.
(7a)  It is possible to use Amazon's Alexa voice services in our Klarstein app. The so-called Alexa skills are required for this. These include third-party services (Skills) such as digital content, software, the Amazon Alexa app as well as customer service and other related services. The activation of the Skill and the general use of Amazon Alexa generally require prior registration with Amazon. If you use Alexa Skills, your personal data will be passed on to Amazon via Alexa-enabled devices. We have no influence over the personal data collected, processed and used in this context. The responsible party in this context is only Amazon.
Alexa Skill is based on the infrastructure operated by Amazon Media EU S.à.r.l. More information can be found in the Alexa Terms of Use atAlexa Terms of Use - Amazon Customer Service. The Klarstein Skill is available in the Amazon Alexa Skill Store, which is operated by Amazon. The Klarstein Skill does not collect, process or store any personal data and has no control over any personal data or voice commands collected by Amazon. By calling up the Skill, we cannot draw any conclusions about personal data, in particular not about possible preferences or use of other Skills of individual users. The legal basis for data processing is provided in the case of consent in accordance with Art. 6 (1) a) GDPR. The Klarstein Skill has no age limit and is not aimed at children under 13 years of age. There are no purchase options or paid services - neither digital nor physical - of any other kind at Klarstein Skill. An analysis of your usage behaviour via Klarstein Skill will not take place. No advertisements will be played in the Klarstein Skill via the Amazon Alexa voice control services.
We point out that with your registration with Alexa and the use of Alexa Services of Amazon Media EU S.à.r.l, you give your consent to store and process this personal data. The purpose and scope of the data collection can be found in the aforementioned terms of use and the data protection declaration of Amazon Media EU S.à.r.l. atAmazon.de Privacy Notice - Amazon Customer Service.
(7b) It is possible to use Google' Assistant voice services in our Klarstein app. The so-called "Google Action" is required for this. These includes third-party services (Actions) such as digital content, software, the Google Assistant app as well as customer service and other related services. The activation of the Action and the general use of Google Assistant generally require prior registration with Google. If you use Google Actions, your personal data will be passed on to Google via Google-enabled devices. We have no influence over the personal data collected, processed and used in this context. The responsible party in this context is only Google.
Google Action is based on the infrastructure operated by Google. More information can be found in the Google Terms of Use at Google Assistant Terms of Use. The Klarstein Action is available in the Google Assistant, which is operated by Google. The Klarstein Action does not collect, process or store any personal data and has no control over any personal data or voice commands collected by Google. By calling up the Action, we cannot draw any conclusions about personal data, in particular not about possible preferences or use of other Actions of individual users. The legal basis for data processing is provided in the case of consent in accordance with Art. 6 (1) a) GDPR. The Klarstein Action has no age limit and is not aimed at children under 13 years of age. There are no purchase options or paid services - neither digital nor physical - of any other kind at Klarstein Action. An analysis of your usage behaviour via Klarstein Action will not take place. No advertisements will be played in the Klarstein Action via the Google Assistant voice control services.
We point out that with your registration with Google and the use of Google Assistant, you give your consent to store and process this personal data. The purpose and scope of the data collection can be found in the aforementioned terms of use and the data protection declaration of Google.
(8)  With our app, Klarstein recipes can be added to a favourites list in the user account. These can be liked or (anonymously) rated.
(9)  You must provide the data in order to be able to use the services of our app. Depending on the desired functionality of the services of our app, there may be additional data that is not absolutely necessary for the use of the app services, which will be marked as such and which you are free to provide.
(10) The data will be stored for the duration of your user account, which you can delete at any time. Your data will then only be stored for as long as required by law (e.g. retention periods under commercial or tax law) or for the provision of the services of our app. After the period has expired, the relevant data will be routinely deleted, provided that it is no longer required to fulfil or initiate a contract and/or we have no legitimate interest in further storage and/or you have given your consent to further use.
5.     Legal basis for processing your personal data,
We process your personal data as follows:
-       to provide the services of the app (Art. 6 Para. 1 lit. b GDPR);
-       to contact the customer (Art. 6 Para. 1 lit. b GDPR);
-       to create and manage your user account (Art. 6 Para. 1 lit. b GDPR);
-       for device authorisation for access to personal data (Art. 6 Para. 1 lit. a GDPR);
-       for interaction with external social networks (see under 3.2 Verification of user identity)
-       for infrastructure monitoring (Art. 6 Para. 1 lit. b, lit. f. GDPR)
-       Analysis (Art. 6 Para. 1 lit.b, lit.f. GDPR)
-       to comply with official requests for information (Art. 6 Para. 1 lit. c GDPR),
6.     Push notifications
Depending on the selection of the option in your created user account, we will send you push notifications, which will be shown as short messages on your display and with which you are actively informed, e.g. about device status and technical updates. In addition, we send in-app notifications, which you will then receive when using the app.
7.     Data transfer to third parties
(1)  Your personal data will only be passed on to a third party,
-       insofar as we have received your express consent to do so, or
-       if a legal obligation makes it necessary to pass on your data, e.g. an official request for information;
-       insofar as it is necessary for the purpose of contract processing (so-called transfer of functions);
-       insofar as we are using a third party to fulfil a service by way of an order data processing relationship (so-called order processing). This can be done to operate the app or for technical services. It should be expressly noted that we remain the responsible party for the lawful processing of your data so that there is no data transfer.
(2)  The personal data collected from you, in particular
a.     List of connected Smart Klarstein products and log files about their activities
b.     User account through which the Smart Klarstein products are controlled
c.     Transmitted Alexa voice service data from Amazon (Skills)
d.     Locations of the Smart Klarstein products
e.     The time window for the activities of the Smart Klarstein products
f.      Registration in the app
g.     Values measured and transmitted currently and in the past (e.g. temperature, humidity, timers, reset via WiFi, etc.) or applied functions, such as fan rotation speed, economy mode, etc. with a corresponding time stamp
h.     Bug reports,
are processed in the European Union on cloud servers from Tuya, Inc., a company certified according to the regulations of the GDPR with a branch in Frankfurt am Main. Your data will only be transferred to contract data processors operating outside the European Economic Area on the basis of data processing contracts if the additional conditions for processing in third countries according to Art. 44 ff GDPR are met (an appropriate level of protection in the third country concerned, suitable guarantees according to Art. 46 GDPR).
(3)  If you create your user account via your social media account, you will be redirected to the login page of the selected social network. If you then log into your account with this social network, a confirmation of your identity will be sent to the social network.
(4)  The Klarstein app is based on Google ‘Firebase’ as the backend system. All user-relevant data, in particular
a.     Email address
b.     Password
c.     Username
d.     List of connected Smart Klarstein products,
are stored in the European Union on cloud servers from Firebase, Inc., a company of the Google group of companies certified according to the regulations of the GDPR with a branch in Frankfurt am Main.
(5)  In order to be able to send you push and in-app notifications, we use the services of Kumulos Ltd, based in Dundee One, UK. If you receive push and in-app notifications from us, Kumulos, Ltd. evaluates for us whether and when you have taken note of them.
8.     Data security
Chal-Tec always endeavours to process personal data by taking all appropriate technical and organisational measures so that they are secure and in particular not accessible to unauthorised persons. In this respect, we express that full data security cannot be guaranteed when communicating by email.
In order to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures that are continuously optimised in accordance with technical developments.
9.     Your rights regarding your personal data
With regard to your personal data stored by us, you can assert the following rights against us under the respective requirements of the applicable standards:
-       You have the right torevoke your consent to the processing of data at any time with effect for the future(Art. 7 Para. 3 GDPR).
-       You have the right torequest information about the personal data we have stored about you at any time(Art. 15 GDPR).
-       You have the right tohave your data corrected or deleted(Art. 16, 17 GDPR).
-       You have the right to request that theprocessing of your data be restricteddue to impermissible data processing (Art. 18 GDPR).
-       If the data has been corrected, deleted or restricted, you have the right tonotify all recipientsto whom your personal data has been disclosed (Art. 19 GDPR).
-       You have the right to receive the data collected by us within the framework of the contract or by way of consentin a structured formand the right to have this datatransmitted to third parties at your request, as far as technically possible(Art. 20 GDPR).
-       You have the right toobject to the processing of your personal data in certain cases(Art. 21 GDPR).
If you have any questions about the collection, processing or use of your personal data, information, correction, blocking or deletion of data as well as revocation of any consent given or objection to a specific use of data, please contact our company Data Protection Officer by email at:appsupport@go-bbg.comor write to the address given in Section 1. The inquiries will be answered as quickly as possible and always within one month. You can also lodge a complaint with a supervisory authority.