Data protection provisions in accordance with the GDPR

We are delighted that you are interested in our company. Data protection is highly important to Beurer GmbH.
Personal data such as the name, address, or e-mail address of a data subject is always processed in compliance with the General Data Protection Regulation and in compliance with the national data protection provisions applicable for Beurer GmbH. The purpose of this Data Protection Declaration is for our company to inform the general public about the manner, scope, and purpose of the personal data that we collect, use, and process. In addition, this Data Protection Statement will explain the rights of data subjects.
Beurer GmbH, as the controller for processing, has implemented many technical and organisational measures to ensure that the personal data processed is protected to the greatest possible degree. However, online data transfers are by their nature associated with security vulnerabilities, meaning that absolute protection cannot be guaranteed.

1. The name and address of the controller responsible for processing, as well as the company Data Protection Officer

Controller:
Beurer GmbH
Söflinger Straße 218
89077 Ulm, Germany
Germany
Tel.: 0731-3989-144
E-mail: datenschutz@beurer.de
Website: www.beurer.de
Company Data Protection Officer:
Data Protection Officer for Beurer GmbH
Söflinger Straße 218
89077 Ulm, Germany
Germany
Tel.: +49 731 3989-144
E-mail: datenschutz@beurer.de
Website: www.beurer.de 

2. Purposes for which personal data is processed and legal basis

a) Use of the app with registration

If you voluntarily register when using the app, the following data is stored both locally on your end device and in the Beurer cloud:

  • First name
  • Last name
  • E-mail address
  • Password
  • Gender
  • Newsletter yes/no
  • Date of registration

If you save your health data in the app after registration, the following data is saved depending on the functions used:

  • Profile picture
  • Indoor environment that is recorded by the LR 500 air purifier: temperature, humidity, fine dust (PM 2.5)
  • Individually set limit values for temperature, humidity and fine dust
  • Assigned device name for the air purifier
  • Selected room in which the device is located
  • Created schedules for when the purifier should be running
  • Number of connected air purifiers

The legal basis for data processing is Article 9, Para. 2 a) in conjunction with Article 6, Para. 1, Sentence 1 a) GDPR.
The purpose of the data processing is to support the management of your personal well-being.
The data is stored until the user uninstalls the app and deletes the user account/profile in the Beurer cloud.

b) If you register for our newsletter

If you have explicitly consented for us to do so in accordance with Article 6, Para. 1, Clause 1 a) GDPR, we will use your email address to regularly send you our newsletter for marketing purposes. Providing us with an email address is sufficient for receiving the newsletter.

You can unsubscribe at any time, for example by using the link provided at the end of each newsletter. Alternatively, you are also welcome to email an unsubscribe request to datenschutz@Beurer.de at any time.

You will receive the letter only until you revoke consent.

c) Use of tracking technologies by Firebase Analytics

Insofar as you have expressly provided your consent in accordance with Article 6 Para. 1 Sentence 1 a of the GDPR, we will use information on user behaviour in order to better understanding user activities in our app and improve ease of use.
The data generated by tracking and information concerning your use of the app will be sent to a Firebase Analytics server in Belgium and the Netherlands and stored there. The data will be supplied to us in anonymised form for statistical purposes so we can carry out analysis.
The duration of storage for the tracking data is until the user requests the deletion. After requesting the deletion, Google deletes the data in the following 30 – 180 days.

No tracking technologies are used when using Huawei AppGallery apps.

You can find further information on this at: https://firebase.google.com/terms/data-processing-terms 
Your consent to the use of tracking tools is valid until it is revoked. It can be revoked at any time with effect for the future in the app settings.

d) Authorisations:

The following authorisations are required, depending on the functions used:

  • Change, delete, or read USB memory contents: This authorisation is needed in order to write log files on the smartphone. These can be made available to customer service by email in the event of an error, at the customer's request
  • Location: This authorisation is needed for Bluetooth® communication. As of Android version 6.0, Google has modified the regulations for app access to the smartphone's Bluetooth® function. Due to the new regulations, apps accessing the Bluetooth® function require this authorisation.
  • Full network access: This authorisation is needed in order to synchronise the measurements with the cloud.
  • Access network connections: This authorisation is needed for checking the internet connection.
  • Pair with Bluetooth® devices: This authorisation is needed for Bluetooth® communication with the connected devices.
  • Access Bluetooth® settings: This authorisation is needed for Bluetooth® communication with the connected devices.
  • WLAN connection: This authorisation is needed to check the WiFi connection.
  • Establish and cancel WLAN connection: This authorisation is needed in order to synchronise the measurements.
  • Deactivate idle mode
    This authorisation is needed for Bluetooth® communication. Idle mode is deactivated during synchronisation between the app and device, as switching to idle mode ends data synchronisation.

3. Disclosure of data

Within Beurer GmbH, entities that require access to data to fulfil contractual and legal obligations receive access to the data.
Beurer GmbH's external service providers may also receive this data. These service providers may be:

  • Service providers for processing customer service enquiries
  • IT service providers, hosting service providers, and service providers for operating the IT system
  • Service providers for newsletter dispatch, following the provision of consent
  • Partner platforms, following the provision of consent

4. Rights of the data subject

You have the right:

  • pursuant to Article 15 GDPR to request information about your personal data that we process. In particular, you may request information about the purposes of processing, category of personal data, categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data if we have not collected it, and about the existence of automated decision-making including profiling, and where applicable meaningful information about the details thereof;
  • pursuant to Article 16 GDPR, immediately request the rectification of inaccurate or incomplete personal data relating to you stored by us;
  • pursuant to Article 17 GDPR, request the erasure of personal data relating to you stored by us, unless processing is required for the exercising of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of the public interest, or for the establishment, exercise, or defence of legal claims;
  • pursuant to Article 18 GDPR, to request the restriction of processing of your personal data in the event that you dispute the accuracy of the data; processing is unlawful but you decline its erasure and we no longer need the data but you require it for the establishment, exercise, or defence of legal claims; or you have submitted an objection to processing pursuant to Article 21 GDPR;
  • pursuant to Article 20 GDPR, to receive the personal data relating to you that you have provided to us in a structured, established, and machine-readable format, or to request the transfer of the same to another controller;
  • pursuant to Article 7, Para. 3 GDPR, to at any time revoke any consent you have provided to us. This will result in us no longer being permitted to continue the data processing that this consent relates to in the future, and
  • pursuant to Article 77 GDPR, to lodge a complaint to a supervisory authority. Generally, you can contact the supervisory authority for your usual place of residence or place of work or our registered headquarters for this purpose.

5. Right to object

If your personal data is processed based on legitimate interests pursuant to Article 6, Para. 1, Clause 1, lit. f GDPR, you have the right to submit an objection to the processing of your personal data pursuant to Article 21 GDPR, provided that there are reasons to do so arising from your particular situation, or if the objection relates to direct advertising. In the latter case, you have a general right to object, which we will implement without requiring a particular situation to be stated.

If you would like to exercise your right to revoke consent or to object, it is sufficient to send an e-mail to datenschutz@beurer.de to do so.

6. Obligation to make data available

In the context of using the app, you are required to make available personal data that is essential for service provision. Without this data, we are not able to provide the service.