in accordance with Art. 13 of the General Data Protection Regulation (GDPR)

Data protection is important to us and part of our Code of Conduct. The following information explains how we collect and use your personal data and outlines your rights.

1. Entity responsible for data processing and contact person
Eltako GmbH
Hofener Straße 54
70736 Fellbach
Management Board: Horst Ulrich Ziegler, Ulrich Ziegler
Email: info@eltako.de

2. Contact details of the Data Protection Officer (DPO)
Stefan Knecht
Tel.: +49 (0) 7021 487628
E-Mail: datenschutz@eltako.de

3. Purpose and legal basis on which we process personal data
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Telecommunications Telemedia Data Protection Act (TTDSG) and other relevant data protection regulations. You can find further details and supplements on the data and its processing purposes in our contractual documents (EULA).

3.1 Consent (Art. 6 para. 1 (a) GDPR)
If you have given us active consent to process personal data for a specific purpose, the respective consent is the legal basis for the processing mentioned there. You can revoke consent at any time with effect for the future. >> >> Please note that consent for data processing in Germany is only effective from the age of 16. If you are younger than 16, please ask your legal guardian for permission. You give your consent, for example, by activating existing interfaces or comfort functions. This is particularly the case with voice control. Before activating/consenting, please read the valid data processing instructions of the service providers who also use your data for their own purposes. In this context, we expressly refer to section 6 regarding suitable guarantees.
https://policies.google.com/privacy?hl=de
https://www.amazon.de/Datenschutzportal-f%C3%BCr-Alexa/

3.2 Performance of contractual duties (Art. 6 para. 1 (b) GDPR)
We process your personal data based on our end user license agreement with you. The data is processed for the following purposes:

• Establishing a customer account with cloud functionality
• Ensure functionality
• Provide and improve products and services/services
• Provide product support
• Verify compliance with the license agreement
• Document acceptance of the EULA

3.3 Compliance with legal obligations (Art. 6 para. 1 (c) GDPR)
We process your personal data if this is necessary for the fulfillment of legal obligations. For example, on the order of an information procedure or a retention period in accordance with the tax code.

3.4 Legitimate interests pursued by us or a third party (Art. 6 para. 1 (f) GDPR)
We may also use your personal data on the basis of a balance of interests to protect the legitimate interest of us or third parties. This is done for the following purposes:

• For the defense or assertion of legal claims
• Abuse control and ensuring system / network security
• Non-personalized statistics to improve products and marketing concepts
• Interest-related advertising is currently not carried out. Should this be implemented subsequently, our users will receive an OPT-OUT-Option for the associated automated aggregation/analysis of data.

4. Categories of personal data we process
The following data will be processed:

• Last name, first name -> You do not have to enter your real name here. A pseudonym is sufficient.
• Account data (e-mail address, password and associated provided content (learned devices & serial number)).
• IP address and timestamp
• Diagnostic data
• System and device data of your terminal device
• Device events and device states when you report an error
• Data that is generated when convenience functions are activated (e.g., location, connection of voice control)

5. Who will get to see your data?
We only pass on personal data if there is a legal basis for doing so and/or suitable guarantees exist for your rights and freedoms.

We pass on your personal data within our company to those positions that require this data to fulfill contractual and legal obligations. In addition, the following entities receive your data:

• Order processors used by us (Art. 28 GDPR) or service providers for supporting activities, in particular in the areas of IT services, software providers, external data centers, support/maintenance of IT applications, hosting, development, analysis, convenience functions.
• Independent third parties when necessary to meet legal requirements (e.g., tax advisors).

Our selected service providers must meet specific confidentiality requirements. They are granted access to personal data to a limited extent and for a limited period of time, which is necessary for the fulfillment of the task(s).

6. Transfer of personal data to a third country or international organization
When you activate convenience features, especially voice control, third-party providers located in an insecure third country receive your data. To our knowledge, there are no suitable guarantees for your rights and freedoms for these data transfers. Please be aware of this before using these interfaces.

From our side, no data processing takes place outside the EU or the EEA. Should we subsequently decide to do so, we will place particular emphasis on appropriate safeguards.

7. How long we’ll keep your information
The storage period depends on the purpose of processing and is as long as necessary to achieve the purpose pursued. Subsequently, the data will be deleted or irreversibly anonymized, e.g. by aggregating or removing any data that would allow re-identification.

If a legal limitation period exists, we retain certain personal data until the end of that period.

If legal obligations require us to continue storing the data, processing will be restricted and the data will be blocked from access.
You can delete your customer account yourself via the APP.

8. To what extent do we use automated individual decision-making (including profiling)?
We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. Should we ever make use of such processes in individual cases, you will be notified of such separately if legally required.

9. Your data protection rights
You have the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure (the right to be forgotten) under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. In principle, the right to object to the processing of personal data by us exists under Article 21 GDPR, provided that the processing is based on a legitimate interest (Art. 6(1)(f) GDPR). However, this right of objection only applies in the case of very special circumstances of your personal situation, whereby rights of our company may possibly conflict with your right of objection.
The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to deletion.
If you wish to assert one of these rights, please contact our data protection officer at datenschutz@eltako.de.

You have a right of appeal to the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstrasse 20
70173 Stuttgart

10. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for the performance of the contract, in particular functionality, improvement and support services. In the case of optional data, failure to provide it may mean that the service cannot be provided as usual, such as the activation of convenience features.

Status: 01/27/2023