Preambel

This service (hereinafter referred to as "App") is provided by Steinel GmbH, Die-selstr. 80-84, 33442 Herzebrock-Clarholz, Germany, info@steinel.de (hereinafter referred to as "we" or "us") as the controller within the meaning of the applicable data protection law.

Within the scope of the app, we enable you to retrieve and display the following in-formation: 

- Camera product settings

- Live image and live sound recordings from the viewing area of the camera of the connected camera product

- Retrieving the recorded video sequences

When using the app, we process personal data. Personal data means any infor-mation relating to an identified or identifiable natural person. Because protecting your privacy when using the app is important to us, we would like to inform you in the following which personal data we process when you use the app and how we handle this data. In addition, we inform you about the legal basis for the pro-cessing of your data and, insofar as the processing is necessary to protect our le-gitimate interests, also about our legitimate interests.

Important: Please note that you yourself are responsible for compliance with the applicable data protection laws with regard to the processing of personal data of third parties in the context of the use of the app (e.g. camera recordings of other persons). 

You can access this privacy policy at any time under the menu item "Privacy" with-in the app.

1. Information about the processing of your data

Certain required information is already processed automatically as soon as you use the app. We have listed below which personal data is processed:

1.1 Information collected during download

When downloading the app, certain required information is transmitted to the app store selected by you (e.g. Google Play or Apple App Store), in particular the user name, the e-mail address, the customer number of your account with which the respective app store is used, the time of the download, payment information and the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our reasonable control.

1.2 Information that is collected and processed

As part of your use of the app, we automatically collect certain data that is re-quired for the use of the app. This includes: 

- internal device-ID, 

- version of your operating system, 

- time of access.

This data is automatically transmitted to us, but not stored by us, (1) in order to provide you with the app and the associated functions; (2) to improve the functions and performance features of the app and (3) to prevent and eliminate misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para.1 (b) GDPR, and (2) because we have a legitimate in-terest in ensuring the functionality and error-free operation of the app and to pro-vide a market and interest-oriented service, Art. 6 para. 1 (f) GDPR.

In addition, the operator of the server infrastructure Nabto ApS processes data for identification of the respective devices, for license verification and for diagnostic purposes (Art. 6 para. 1 (b) GDPR, Art. 6 para. 1 (f) GDPR):

- IP-address,

- product-ID, 

- device-ID, 

- device key,

- timestamp of a server connection.

1.3 Usage of the App

Within the scope of the app, you can enter, manage and edit various information, tasks and activities. This information includes in particular data about the 

- product settings

- Information about the product (serial number, IP address, set device pass-word

- your mobile device (serial number, operating system, device model, device software)

- your connected Wi-Fi network (SSID, Wi-Fi network name, Wi-Fi network password)

The app may also require the following permissions:

- establish and disconnect Wi-Fi connections

- Internet access: This is required in order to transmit entries made outside the Wi-Fi network in which the camera product is integrated to the camera product. (e.g. product settings, live access to camera and audio). This also enables push notifications to be received outside the camera product's Wi-Fi network.

- camera access: This is needed so that you can scan the QR code to connect to another camera light.

- memory access: To manually save your video recordings and photo record-ings of the camera product in the memory of your mobile device.

- microphone: To use the intercom function of the camera product via the app.

- location access: This is required to enable a quick configuration when con-necting the camera product to the network. The name of the Wi-Fi network is automatically taken over by the location access.

- push messages: To enable push messages, information identifying the mo-bile device used (IP address, Firebase cloud messaging unique identifier) is processed (can be disabled).

Other permissions/settings that may be required for individual functions:

- vibrating alarm

- full network access

- show network connections

- deactivate stand-by mode

- show Wi-Fi connections

- get internet data

The processing and use of usage data is carried out for the provision of the app and the various functions of the app. This data processing is justified by the fact that the processing is necessary for the fulfillment of the contract between you as a data subject and us pursuant to Art. 6 para. 1 (b) GDPR.

2. Data disclosure and transfer

In addition to the cases explicitly mentioned in this data privacy policy, your per-sonal data will only be disclosed without your express prior consent if this is legal-ly permissible or required. This may be the case, among other things, if the pro-cessing is necessary to protect the vital interests of the user or another natural person.

2.1 If it is necessary to clarify illegal or abusive use of the app or for legal prosecution and/or we are obliged to do so, personal data may be forwarded to law enforce-ment agencies or other authorities and, if necessary, to injured third parties or le-gal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place under certain circumstances if this serves the enforcement of terms of use or other legal claims. We are also le-gally obligated to provide information to certain public authorities upon request. These are, in particular, law enforcement agencies, authorities that prosecute ad-ministrative offenses subject to fines, and the tax authorities.

Any disclosure of the personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 (c) GDPR in conjunction with national legal requirements to dis-close data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to third parties if there are indications of abusive behavior or in order to enforce our terms of use, other conditions or legal claims, Art. 6 para. 1 (f) GDPR.

2.2 We rely on contractually affiliated companies of the Steinel Group as well as the following third-party companies and external service providers to provide our ser-vice:

- Nabto ApS: Operator of the server infrastructure by means of which the data from the camera are transmitted to the mobile device used.

Any disclosure of personal data is justified by the fact that we have carefully se-lected our third-party companies and external service providers as order proces-sors within the scope of Art. 28 GDPR, regularly reviewed them and contractually obligated them to process all personal data exclusively in accordance with our in-structions.

We do NOT share or store any personal information on our servers - other than what is mentioned in this privacy policy.

2.3 As our business evolves, we may change the structure of our company by chang-ing its legal form or by establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. For any transfer of personal in-formation to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 (f) GDPR do not prevail.

3. Changes of purpose

Your personal data will only be processed for purposes other than those described above if this is permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes before further processing and provide you with all other relevant information.

4. Your rights as a data subject

4.1 Right of access

You have the right to obtain from us at any time, upon request, information about the personal data we process concerning you within the scope of Art. 15 GDPR. For this purpose, you can submit a request by mail or e-mail to the address below.

4.2 Right to rectify inaccurate data

You have the right to demand that we correct the personal data concerning you without delay if it should be incorrect. To do so, please contact us at the addresses below.

4.3 Right to erasure

You have the right to request that we erase the personal data concerning you un-der the conditions described in Art. 17 GDPR. These conditions provide in particular for a right to erasure if the personal data are no longer necessary for the purpos-es for which they were collected or otherwise processed, as well as in cases of un-lawful processing, the existence of an objection or the existence of an erasure ob-ligation under Union law or the law of the Member State to which we are subject. To exercise your right to erasure, please contact us at the contact addresses be-low.

4.4 Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is dis-puted between the user and us, for the duration that the verification of the accura-cy requires, as well as in the event that the user requests limited processing in-stead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the contact ad-dresses below.

4.5 Right to data portability

You have the right to obtain from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the contact addresses below.

5. Right of objection

You have the right to object at any time, on grounds relating to your particular sit-uation, to the processing of personal data concerning you which is carried out, in-ter alia, on the basis of Article 6 para. 1 (e) or (f) GDPR, in accordance with Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exer-cising or defending legal claims. If we should process your personal data for di-rect marketing purposes, you have the right to object at any time to the pro-cessing of personal data concerning you for the purpose of such marketing..

6. Right to complain

You also have the right to contact the competent supervisory authority in the event of complaints. The competent supervisory authority is:

Landesbeauftragte/r für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2 – 4, 40213 Düsseldorf, Tel.: +49 211 384240, E-Mail: poststelle@ldi.nrw.de.

7. Contact the data protection officer

If you have any questions or comments about our handling of your personal data, or if you would like to exercise the rights as a data subject set out in sections 6 and 7, please contact our data protection officer using the following contact de-tails: Dr. Ralf Heine, c/o Aulinger Datenschutz & Consulting GmbH, Frankenstraße 348, 45133 Essen, Germany, Tel.: +49 201 9598662.

8. Changes to this privacy policy

We always keep this privacy policy up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, pro-cessing or use of your data. The current version of the privacy policy is always available under "Privacy" within the app.