Privacy Policy

We, Kieback&Peter GmbH & Co. KG (hereinafter Kieback&Peter), are delighted that you are interested in our company. Our Privacy Policy is intended to provide information for visitors to our website, applicants, interested parties, and external partners, as well as other groups of persons whose personal data we process.

We aim to structure our Privacy Policy in such a way that it is quick and easy for everyone to see what data we process and for what purposes.

If you have any questions about our Privacy Policy, please send an e-mail to privacy[at]kieback-peter.com.

General Information

The controller in accordance with Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:

Kieback&Peter GmbH & Co. KG
Tempelhofer Weg 50
12347 Berlin, Germany

E-mail: info[at]kieback-peter.de

(See our imprint).

You can contact our data protection officer Mr. Marco Tessendorf at privacy[at]kieback-peter.com or by sending a letter to “Data protection” at our postal address.

You have the following rights with regard to your personal data:

  • Right of access: Art. 15 GDPR
  • Right to rectification: Art. 16 GDPR
  • Right to erasure: Art. 17 GDPR
  • Right to restriction of processing: Art. 18 GDPR
  • Right to data portability: Art. 20 GDPR

If data is processed on the basis of Art. 6 Para. 1(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Privacy Policy.

If you file an objection, we will no longer process your personal data in question unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 Para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21 Para. 2 GDPR).

Objections are free of charge and can be made without a required form. If possible they should be sent via e-mail to: privacy[at]kieback-peter.com. Objections can also be sent via post to “Data protection” at our postal address.

You have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data by us.

The authority responsible for you is the Berlin Commissioner for Data Protection and Freedom of Information at the following address:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin, Germany

Phone: +49 30 13889-0

E-mail: mailbox[at]datenschutz-berlin.de

1. Information security and data protection management

The protection of personal data is a matter of importance to us. In addition to a data protection management system, Kieback&Peter also has an information security management system in place in which data protection standards are firmly established.

Kieback&Peter’s information security management system is audited and certified on a regular basis pursuant to DIN ISO 27001.

Procedures and regulations are in place stipulating that every employee is acquainted with issues surrounding data protection. This includes every employee being given instruction in the applicable regulations upon commencement of work. By signing the employment contract, every employee undertakes to handle all personal data with utmost confidentiality. Data protection training is provided regularly. In addition, information on the subject of data protection is available at a central location. A data protection officer has been appointed (see “Our data protection officer”).

Your data is stored on servers in an external data center. Special precautions are taken to carefully protect these servers against loss, destruction, falsification, unauthorized access, or unauthorized disclosure.

 

2. Website encryption

For security reasons and to protect the transmission of confidential content (e.g., inquiries via our contact form), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the abbreviation “https://” and by the padlock symbol in the address line of the browser. If SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.

 

3. Hosting service providers and maintenance and servicing of the website

We use external service providers to help us operate our website. These providers have been carefully selected and commissioned by us, are bound by our instructions, and are audited regularly. The cooperation is based on order processing contracts pursuant to Art. 28 GDPR.

These external service providers, who provide us with technical support (e.g., web hosters, programmers), usually have the possibility to at least access personal data. Such access is not intended. However, it is impossible to rule out that in individual cases certain personal data may be disclosed to these service providers during the course of their work.

We use the following external service providers:

  • UpCloud Ltd. Company, Eteläranta 12, 6. krs, FI-00130 Helsinki, Finland, e-mail: hello[at]upcloud.com, website: www.upcloud.com; Privacy Policy: https://upcloud.com/privacy-policy/; purpose: hosting for the content management system
  • interactive tools GmbH, Schönhauser Allee 12, e-mail: info[at]interactive-tools.de, website: www.interactive-tools.de; purpose: maintenance of our website.

Profiling (Art. 4 No. 4 GDPR) describes a type of automated processing of personal data that consists of analyzing or predicting certain personal aspects like people’s work performance, economic situation, health, or personal preferences. Kieback&Peter does not use automated decision-making and profiling processes that can have legal effects on you or that can exert considerable negative impacts on you in a similar manner.

This Privacy Policy was last updated in August 2020.

It may be necessary to amend this Privacy Policy due to the further development of our website or due to changes in legal or official requirements.

Processing of Your Data

1. Cookies

a) Description of data processing

This website uses cookies. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which the company that sets the cookie (in this case us) receives certain information. Cookies cannot execute programs or transmit viruses to your computer.

This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies
  • Persistent cookies

Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a “session ID” with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.

 

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 Para. 1(f) GDPR.

 

c) Purpose of data processing

This website uses cookies for web analyses with Google Analytics and for advertising purposes with Google Dynamic Remarketing. Additional information can be found under “3. Web analysis with Google Analytics” and “4. Advertising with Google Dynamic Remarketing”.

 

d) Duration of storage, options to object

Cookies are stored on the user’s computer and transmitted from this computer to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing your browser settings. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

 

2. Usage data and log files

a) Description of data processing

If you use our website solely for informational purposes, i.e., if you do not register or otherwise provide us with information, our system automatically collects data and information that your browser transmits to our server (usage data):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Volume of data transferred in each case
  • Web page from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

The data is stored temporarily in our system’s log files. This data will not be stored together with other personal data.

 

b) Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 Para. 1(f) GDPR (legitimate interest).

 

c) Purpose of data processing

The temporary storage of data by the system is necessary for the provision of our website. To this end, the user’s IP address, in particular, must also be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 Para. 1(f) GDPR.

 

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose of its collection. For data collected for the provision of the website, this is the case when the respective session has ended.

 

e) Option to object

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the Internet site. Consequently, there is no option for the website visitor to object to this.

 

3. Web analysis using Google Analytics

This website uses Google Analytics, a web analysis service from Google. Google Analytics uses cookies. The information generated by the cookies regarding the use of the website is generally transmitted to a Google server in the USA and stored there.

This website uses Google Analytics with the extension that anonymizes IP addresses. This means that a truncated version of your IP address is sent to Google. This ensures it cannot be used to identify you personally. If the data collected about you has a personal reference, it is thus immediately excluded.

The legal basis for the use of Google Analytics is Art. 6 para. 1(f) GDPR (legitimate interest).

We use Google Analytics to analyze the use of our website and thus enable us to improve it on a regular basis. The statistics obtained enable us to improve our services and make them more interesting for you as a user. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 Para. 1(f) GDPR.

In the event that personal data is sent to the United States, we entered into a data protection contract with Google that contains the Standard Contractual Clauses adopted by the European Commission (appropriate safeguard regarding Art. 46 Para 2 (c) GDPR).

You can prevent cookies from being stored on your computer by configuring the appropriate settings in your browser. However, we would like to point out that you may not be able to use all of the functions of this website to their full extent if you do so.

You can also prevent the data generated by the cookie pertaining to your usage of the website (including your IP address) from being recorded and processed by Google by downloading and installing this browser plugin.

If you visit our site from a mobile device (e.g., smartphone or tablet), you can also prevent Google Analytics from collecting data by clicking on the following link. In this case, a special opt-out cookie is set. If you delete your cookies, you will need to click on this link again.

 

4. Advertising with Google Dynamic Remarketing

In addition to Google Analytics, this website uses Google’s Remarketing function. We can use this function to address you as a visitor in a targeted manner via advertisements when you visit our websites. This is possible because personalized, interest-related advertisements are activated for you when you visit other websites in the Google Display network.

Google uses cookies to perform the website usage analysis, which forms the basis for creating the interest-related advertisements. Google stores a small file with a numerical sequence in your browser for this purpose. This number is used to record the visits to the website and anonymized data concerning the usage of the website. If you then visit another website in the Google Display network, you will be shown pop-up ads that quite likely consider product and information areas you called up previously.

The legal basis for the use of Google Remarketing is Art. 6 para. 1(f) GDPR (legitimate interest). Our legitimate interest is to provide you with customized advertisements and thus to offer you a better surfing experience.

In the event that personal data is sent to the United States, we entered into a data protection contract with Google that contains the Standard Contractual Clauses adopted by the European Commission (appropriate safeguard regarding Art. 46 Para 2 (c) GDPR).

You can permanently deactivate the Google’s usage of cookies by downloading and installing the browser plugin available here. You can view additional information about Google Remarketing in the Google Privacy Policy.

 

5. Google Maps services

This website uses the services of Google Maps. This allows us to display an interactive map directly on the website, making it easier for you to find a branch near you.

When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. The usage data specified in this Privacy Policy is also sent. This is done regardless of whether Google provides a user account via which you are logged in or whether there is no user account. If you are logged into Google, your data will be directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research, and/or the needs-based design of its website. This type of evaluation is carried out in particular (even for users who are not logged in) in order to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact Google in order to exercise this right. The Google Maps Terms of Service can be found here.

The legal basis for the use of Google Maps is Art. 6 Para. 1(f) GDPR (legitimate interest). Our legitimate interest is to display an interactive map directly on the website, making it easier for you to find a branch near you.

In the event that personal data is sent to the United States, we entered into a data protection contract with Google that contains the Standard Contractual Clauses adopted by the European Commission (appropriate safeguard regarding Art. 46 Para 2 (c) GDPR).

 

6. YouTube video platform

We use the YouTube.com platform to embed videos that are stored on YouTube on our website and make them publicly available. YouTube is a service provided by a third party not affiliated with us, YouTube LLC (see below for the address and link to the third-party privacy notice).

When you click on an embedded video to start playback, Privacy Enhanced Mode ensures that, unless you are currently signed in to a Google service, YouTube only stores cookies on your device that do not contain any personally identifiable information. These cookies can be prevented through appropriate browser settings and extensions.

The legal basis for the use of YouTube is Art. 6 Para. 1(f) GDPR (legitimate interest). Our legitimate interest is to offer you the best possible visiting experience on our website by directly integrating the videos.

In the event that personal data is sent to the United States, we entered into a data protection contract with Google that contains the Standard Contractual Clauses adopted by the European Commission (appropriate safeguard regarding Art. 46 Para 2 (c) GDPR).

Address and link to the third-party Privacy Policies:

YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA; YouTube is a subsidiary of Google Inc. You can find information about data processing and the Privacy Policies of YouTube and Google here and here.

a) Description of data processing

There are different ways of contacting us on our website.

 

b) By contact form

If you use our contact form, we will record the data you enter (your e-mail address, your zip code, possibly your first and last name, and your company). Kieback&Peter uses data that you transmit to us in this manner to reply to and electronically process your request in our system (see the section “Systems for Processing Data”). We invoke Art. 6 Para. 1(b) GDPR (implementation of pre-contractual measures) and Art. 6 Para. 1(f) GDPR (general inquiries) as the legal bases for this. Our legitimate interest consists of guaranteeing you efficient service.

 

c) Via e-mail

If you communicate with us via e-mail, you transmit us data such as your return address, information in the content of your signature (such as your position and contact data), general data such as the time sent, as well as any special data you may have transferred in an attachment (e.g., your CV if you sent us an application) in the process. Data that you transmit to us in this manner is also used to reply to and electronically process your request in our system (see the section “Systems for Processing Data”). For one thing, we provide this communication channel to allow you to contact us quickly electronically. We are thereby fulfilling a legal guideline laid out by the German Telemedia Act (TMG). To this extent, Art. 6 Para. 1(c) GDPR constitutes the legal basis. Additionally, we may invoke Art. 6 Para. 1(f) GDPR. Our legitimate interest consists of guaranteeing you efficient service.

 

d) By telephone

If you communicate with one of our employees by telephone, we will record certain traffic and communication data, such as the connection number or the length of the conversation. Furthermore, our employees are obligated to briefly record the content of your conversation in our system (see section “Systems for Processing Data”). We invoke Art. 6 Para. 1(f) GDPR as the legal basis for this. The purpose and our legitimate interest in processing this data is making our service more efficient (e.g., passing on information concerning your issue in our company and providing you with optimum advising if you call us again).

 

e) By mail

If you contact us by mail, we will record data concerning your return address and the content of the document. Some of the transmitted documents are stored in digital form so they can be processed more quickly. We invoke Art. 6 Para. 1(f) GDPR as the legal basis in this regard as well.

 

f) Through personal contact, e.g., at trade fairs

You can also contact Kieback&Peter at events, presentations, or at trade fairs and leave your contact information for us, for instance, by giving us your business card. We will digitize the data we collect in this manner by transferring it to our CRM system. If needed, the relevant conversation content will be recorded. We invoke Art. 6 Para. 1(b) GDPR (implementation of pre-contractual measures) and Art. 6 Para. 1(f) GDPR (general inquiries) as the legal basis for this. Our legitimate interest consists of being able to provide you with optimum consulting during later exchanges.

Some of our employees use the lead app from the provider alivello at trade fairs and other events. It collects contact data, language data, and additional information, such as interest in our products. The data collected is transferred to alivello’s systems and sent to the responsible Kieback&Peter branch so it can follow up on the contacts (e.g., create offers, record in the CRM system). Once the data has been recorded, the prospective customer receives a personalized letter of thanks via the lead app.

The data is used to make quantitative and qualitative evaluations of the visits to the stand, e.g., customers from which region visited our stand and which products they were interested in. Furthermore, the data will be used to establish contact with the interested party for the purpose of sending them the (product) information they requested and initiating business. We invoke Art. 6 Para. 1(b) GDPR and Art. 6 Para. 1(f) GDPR as the legal basis for this processing.

The cooperation with alivello is based on an order processing contract pursuant to Art. 28 GDPR.

 

g) Verifying and enriching data

In order to provide the best responses to requests and verify and update our database, we supplement our personal data through research and enrichment, if necessary (e.g., by completing opening salutations or assigning a position or department). The only sources we use to do this are publicly accessible sources.

 

h) Duration of storage

We will store your data as long as necessary to process a request. An exception to this is data that we may not delete owing to legal obligations (e.g., documents that must be stored according to tax law and commercial law) and data that is required to exercise our legitimate interests, such as assertion of claims.

This section tells you how Kieback&Peter processes your personal data when you apply for a job advertised by us or apply to work with us on your own initiative.

You provide us with your personal data voluntarily as part of the application process. However, the provision of personal data is necessary in order to for us to process your application or to conclude an employment contract with us. This means that if you do not provide us with any personal data in an application, we cannot enter into an employment relationship with you.

 

a) Description of data processing

We collect and store all data that you provide to us through your application. This includes your contact details, your application documents (CV, cover letter, previous professional experience, training and certificates as well as our notes from interviews with you), your salary expectations, the type of employment you are looking for and the date from which you are available and, in exceptional cases, your identification documents.

In addition, this also applies to all other data you provide us with, including any correspondence you may have with us during the application process and, where applicable, the results of recruitment tests or online tests (for more information, see “Competence and potential analyses by ananda-team GmbH“).

Special categories of personal data (Art. 9 GDPR), such as health data, may be among the data collected.

We may also obtain the above information about you from other sources, including temporary employment agencies, headhunters, recruiters and the employment agency that you provide us with, websites, and other publicly available information on the Internet. This includes, for example, data that you have manifestly made public in an online profile (e.g. XING, LinkedIn). We may also receive data that you send to us via third-party websites, e.g., from employment websites such as StepStone or Monster.

 

b) Purpose of data processing

We collect, store and use your personal data in order to carry out the selection process. The data you provide will be used to process your application and, in the event of an employment relationship being established, to implement the employment relationship.

 

c) Legal basis for data processing

The legal basis is Section 26 Para. 1 of the German Federal Data Protection Act (BDSG) and Section 22 Para. 1(b) of the German Federal Data Protection Act or, in the case of public profiles, Article 6 Para. 1(f) GDPR in conjunction with Art. 9 Para. 2(e) GDPR. In this case, the legitimate interest is to obtain a clear, brief profile of you, which you have manifestly made public within the meaning of Art. 9 Para. 2(e) GDPR.

If consent is required for processing (e.g., for inclusion in our talent pool), Section 26 Para. 2 of the German Federal Data Protection Act in conjunction with Art. 7 GDPR or – depending on the case – Art. 6 Para. 1(a) GDPR forms the legal basis for this.

Furthermore, we may process personal data about you as far as this is necessary to defend ourselves against legal claims asserted against us resulting from the application process. To this extent, the legal basis is Art. 6 Para. 1(f) GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).

Insofar as there is an employment relationship between you and us, we can continue to process the personal data that we have already received from you for the purposes of the employment relationship in accordance with Section 26 para. 1 of the German Federal Data Protection Act.

 

d) Recipients of data

Your application will be processed as quickly as possible by the responsible personnel department of Kieback&Peter. Kieback&Peter consists of several legally independent companies, each with its own personnel department, which process applications received for the job advertisements of the individual Kieback&Peter company.

If you do not apply in response to a job advertisement but register in the talent pool, a personnel department of Kieback&Peter will contact you as soon as there is a vacancy that matches your profile. In the meantime, your profile, which is visible to all companies within Kieback&Peter will be stored in the talent pool.

Your application will then be checked – provided you have given your consent – by the relevant specialist departments, shareholdings and subsidiaries of Kieback&Peter.

 

e) Applicant management systems from heroes GmbH

heroes GmbH assists us with the installation and operation of our applicant management system and is represented by managing director Till Stadick, Welfenstrasse 22 81541 München, e-mail: info@heroes.eu, website: www.he-roes.de.

We have concluded an order processing contract with heroes GmbH in accordance with Art. 28 GDPR, in which we guarantee the protection of your data. Information on data protection at heroes GmbH can be found here.

 

f) Competence and potential analyses by ananda-team GmbH

In certain cases (e.g., during the selection of managers or sales employees), a personality analysis is performed for applicants during the application process. For this purpose, the applicants (voluntarily) take an online test. The service provider ananda-team GmbH performs the test. In this case, Kieback&Peter generates a link that the applicant in question can use to log into ananda-team GmbH and take the test. The results are made available to the responsible personnel department of Kieback&Peter and then forwarded to the supervisor, if necessary.

We have concluded an order processing contract with ananda-team GmbH in accordance with Art. 28 GDPR, in which we guarantee the protection of your data. Information on data protection at ananda-team GmbH can be found here.

 

g) Duration of storage

Unless you give us permission to use your documents for other positions that become available (talent pool), we will store your personal data for 6 months or for as long as we require it for the legitimate interest of Kieback&Peter in accordance with applicable law. If data no longer needs to be stored, it is deleted.

If you accept employment with us, we will retain your personal data for the duration of your employment relationship in accordance with the Kieback&Peter Employee Privacy Policy.

a) Description of data processing

For customers, suppliers, other business partners, and interested parties, we process personal data essentially to initiate, justify, and process contractual, pre-contractual, and delivery relationships, including delivery, payment, and any guarantees or product liability.

To do so, we collect the following information in particular:

  • Address, first name, last name, academic title
  • E-mail addresses
  • Address
  • Telephone number (landline and/or cell phone)
  • Fax number
  • Bank details
  • Position at the company (e.g., project manager)
  • Affiliation to department organization (e.g., departmental affiliation)
  • Correspondence (written correspondence and meeting minutes)

 

b) Purpose of data processing

This data is collected for the following purposes:

  • Your identification
  • To perform our contractual relationship
  • Correspondence and communication with you
  • Invoice issue
  • Credit check
  • Processing any existing claims, as well as asserting any claims against you or the customer or supplier.

Additionally, we process – to the extent required in the scope of the contractual relationship and/or other collaboration – personal data that we permissibly obtain from publicly accessible sources (e.g., public register, print media, Internet) or that is legitimately transferred from other third parties (e.g., information about a loan).

 

c) Recipients of data

At Kieback&Peter, only the persons and offices (e.g., specialist departments) that require personal data to fulfill our contractual and statutory obligations or to preserve our legitimate interests receive access to this data.

Furthermore, personal data is also transferred to other companies within our corporate group or is transferred by them to us, or these companies are granted access to this data.

In addition, we utilize various service providers (e.g., IT service provider companies) and performing agents to fulfill our contractual and statutory obligations, and they also receive data to this end.

In addition, we can transfer your personal data to additional recipients outside of the company to the extent required to fulfill the contractual and statutory obligations. They can include the following, for instance:

  • Public offices and institutions (e.g., financial authorities and courts)
  • Auditors, tax consultants, appraisers
  • Bank of the customer, supplier, or business partner (SEPA payment medium)

In addition, we forward data about the purpose of the credit check to credit agencies.

 

d) Legal basis for data processing

The data processing is required for the purposes mentioned for pre-contractual measures, proper execution of contractual relationships, mutual fulfillment of obligations resulting from contractual relationships, and termination of contractual relationships according to Art. 6 Para. 1(b) GDPR.

To the extent necessary, we will process your data beyond the actual fulfillment of the contract to preserve our legitimate interests or those of third parties, e.g., forwarding data within the corporate group, asserting legal claims, and for defense purposes in legal disputes. The legal basis in these cases is Art. 6 Para. 1(f) GDPR.

In addition, we process personal data to fulfill legal specifications (e.g., from commercial and tax law) according to Art. 6 Para. 1(c) GDPR.

 

e) Duration of storage

We will delete your personal data as soon as it is no longer needed for the purposes mentioned above. After the termination of the contractual relationship, your personal data will be stored as long as we are legally required to do so. This results on a regular basis as a result of legal verification and storage obligations that, among other things, are regulated in the Commercial Code and Tax Code. According to these codes, the storage periods can last up to ten years.

Additionally, personal data may be stored for the period during which claims may be asserted against us (legal period of limitation of three up to thirty years).

If the respective purpose is no longer relevant or if the corresponding periods have expired, your data will be deleted on a regular basis.

Products, Services, and Apps

When you use our service platform Connect, we will process your personal data as well.

 

a) Description and purpose of data processing

Registration

Please register if you would like to use our service platform and thus our remote accesses. When you register, we will collect the personal data required to form and fulfill the contract, such as your first name, last name, e-mail address, address of your company’s main office, and the password you have specified. This data is transferred from our CRM system in the process.

User management

The service platform has a user management function in which you, as an administrator, can save and change e-mail addresses and passwords (mandatory information), names, notes, and phone numbers for other users.

Log files

When you use Connect, the system automatically collects log data and saves it in log files. The following information in particular, including dates, is recorded in the log files:

  • Login
  • Logout
  • Acceptance of the General conditions for provisioning and using online services (yes/no)
  • Acceptance of the General conditions for remote access (yes/no)
  • Creating/deleting user accounts
  • Activating/deactivating user accounts
  • Enabling/blocking e-mail
  • Enabling/blocking remote access

 

b) Remote maintenance and order processing

If you use our services in the form of remote maintenance, access to personal data is possible or necessary in some instances. In these cases, you require a contract for order processing pursuant to Art. 28 GDPR with us. You enter into such a contract with us by accepting the General conditions for remote access.

 

c) Legal basis for data processing

Art. 6 Para. 1(b) GDPR forms the legal basis for data processing for setting up, provisioning, and using the service platform. We need the data to fulfill the service contract with you.

To the extent necessary, we process your data beyond the actual fulfillment of the contract to preserve our legitimate interests or those of third parties. This applies in particular to the log data collected or stored by the system. It helps us guarantee the security of the service platform and improve it continually. These purposes constitute our legitimate interest in processing the data pursuant to Art. 6 Para. 1(f) GDPR.

 

d) Duration of storage

We process your personal data essentially only as long as necessary to fulfill our contractual and legal obligations. That means we will delete your personal data as soon as it is no longer needed for the purposes mentioned above. During the process, it may be the case that personal data is stored for the period during which claims may be asserted against us.

In addition, administrators may delete your user accounts at any time on their own. Or, upon request, we will delete the administrator account.

With the Qanteon ReadMe app (hereinafter “App” for short), you can record the consumption from meters using a mobile device, e.g., a smartphone or a tablet. In this section, we will tell you which data is collected when you use the app and how we use it.

 

a) Data processing when you download the app

To download and install our app from Google Play Store, you first need to register for a user account with Google and conclude a corresponding usage agreement. We exert no influence on this, and in particular, we are not party to such a usage agreement. When you download and install the app, the information necessary for this is transferred to the respective app store, in particular, the user name, e-mail address, and customer number of the account, the time of the download, and the unique number of the terminal device (IMEI = International Mobile Equipment Identity). We exert no influence on this data collection and are not responsible for it.

You can find additional information about this data processing in the Google Privacy Policy.

 

b) Data transfer to Qanteon

To synchronize the data with Qanteon, you need to register in the app using a valid Qanteon user account.

When the results of the reading are synchronized, the following data is transferred:

  • Measuring point data
  • Measured value
  • Date and time of the reading
  • Photos of the reading (if you use the photo documentation)

All measured values are stored in the database together with the name from the user account. So that Qanteon can identify the smartphone or tablet, the IMEI is also transferred to Qanteon and stored by it.

 

c) Device authorizations

So that the app can function properly, you need to allow access to certain functions of your smartphone or tablet. You will be asked to grant the relevant access authorization once at the beginning or when you use the function in question. You can revoke authorizations in the device settings. Please note that proper functioning of the app may be negatively impacted if you revoke such authorizations.

If a user grants one of the authorizations mentioned below, the app may process the respective personal data (which is to say, this data may be accessed).

Network access & network connections

Network access is required because synchronization can be used only in online mode.

NFC (near-field communication)

The NFC interface is accessed so that NFC stickers can be read with smartphones.

Camera

To offer you the optional measurement point identification via QR code or photo documentation of the meter reading, the app must be able to access the camera of your mobile terminal device.

Storage

Your photo storage is accessed if you transfer photos of the reading to Qanteon during the synchronization.

The only purpose of access to the device functions is the functional capability of the functions offered by our app.

 

d) Deletion of data during uninstallation

If the app is deleted, local information and data are also deleted.