Name and Address of the Controller
The controller is the entity that alone – or jointly with others – determines the purposes and means of processing personal data. The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
JUMO GmbH & Co. KG
Dr. Steffen Hossfeld
Moritz-Juchheim-Straße 1
36039 Fulda
Germany
Phone: +49 661 6003-0
Email: mail@jumo.net
Website: www.jumo.de
We have appointed an external data protection officer:
BerIsDa GmbH | Website: http://www.berisda.de
You can reach the data protection officer by mail at JUMO GmbH & Co. KG, Attn: Data Protection Officer, Moritz-Juchheim-Straße 1, 36039 Fulda oder per E-Mail unter datenschutz@berisda.de
1. Scope of Processing Personal Data
The controller collects and uses personal data of its users (hereinafter also referred to as data subject, "affected person" or "visitor") only to the extent necessary to provide a functional app and to display content and services. The collection and processing of personal data for other purposes generally only takes place with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons, the processing is carried out due to pre-contractual or contractual measures, is permitted by legal regulations, and/or there is a legitimate interest of the controller.
Your personal data is generally collected directly from you, e.g., when you contact us, consent to services in this app, or use forms within the app. In addition, technical data necessary for the operation of the app is automatically collected when installing and using the app.
If the controller obtains consent from the data subject for processing operations of personal data, Art. 6(1)(a) GDPR serves as the legal basis. If special categories of data are processed according to Art. 9(1) GDPR, Art. 9(2)(a) GDPR applies. For any transfer to a non-secure third country, processing is based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device, data processing also takes place based on § 25(1) TTDSG.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required for pre-contractual measures.
If processing is necessary to fulfill a legal obligation to which the controller is subject, Art. 6(1)(c) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of the controller or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis.
Unless a specific storage period is stated in this privacy notice, personal data of our app users will remain with us until the purpose for data processing no longer applies. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply, consent is revoked, or processing is objected to. Storage may also occur if required by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of data also occurs when a legally prescribed retention period expires, unless further storage is necessary for contract conclusion or fulfillment.
The European General Data Protection Regulation (GDPR) requires that the transfer of personal data, which is already being processed or is to be processed after its transfer to a third country or an international organization, is only permitted if a level of data protection comparable to the requirements of the GDPR is ensured. This can be guaranteed, for example, by the existence of an adequacy decision by the EU Commission pursuant to Art. 45 (1), (3) GDPR or the implementation of internal company data protection regulations approved by a supervisory authority (so-called "appropriate safeguards ", Art. 46 (2), (3) GDPR). If there is no level of data protection comparable to the requirements of the GDPR, risks may arise when processing in a third country.
Risks of transfer to a non-secure third country: Personal data may potentially be disclosed by the provider to other third parties beyond the actual purpose of fulfilling the contract, who may use the data for advertising purposes, for example. Furthermore, effective enforcement of data subject rights against the provider is likely not possible. There is a higher probability that incorrect data processing may occur, as the provider's technical and organizational measures to protect personal data may not fully meet the quantitative and qualitative requirements of the GDPR. It is also possible that government authorities may access the provided personal data without the data subject being aware of it. This is generally in line with European legal regulations, for example for the purpose of hazard prevention. However, the threshold for the admissibility of such data processing is higher in the European Union than in the recipient country. In summary, non-secure third countries do not have a level of data protection comparable to the requirements of the GDPR.
In our app, we use tools from providers whose headquarters or the headquarters of the parent company (or affiliated companies) are located in a third country from a data protection perspective. We also transfer data to the USA. Data transfer to the USA is permitted if the recipient is certified under the "EU-US Data Privacy Framework " (DPF) or has appropriate additional safeguards. The DPF is an (individual) agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards. If data is transferred to a provider certified under the DPF, a separate notice is provided for the respective service provider.
Providing your personal data is generally neither legally nor contractually required. There is no obligation to provide it. However, failure to provide it may result in you not being able to use functions, services, forms, and other processing in our app. We recommend that you only provide personal data that is necessary, for example, to process your request, to carry out your desired offer, and to use the functions we offer. If the provision of your personal data is legally or contractually required, we will inform you of this through a separate notice in the respective processing section of this privacy notice.
The collection of technical data (and possibly the collection of your IP address as personal data) for the provision of the app and the storage of the data in log files is essential for the operation of the app and is carried out automatically when using this app. If you do not wish this, you must close or uninstall the app.
If we process personal data about you, you as the data subject have the following rights against us as the controller:
You have the right, within the framework of the applicable legal provisions, to request information about your collected and stored personal data at any time (free of charge). This includes, among other things, information about the purposes of processing, the origin and recipients, the storage duration, and the existence of various rights.
You have the right to request the rectification (including completion) of your data from the controller if the processed personal data concerning you is incorrect or incomplete for the purpose of processing. The controller must carry out the rectification without delay.
You may request the erasure of your personal data at any time under the conditions of Art. 17 GDPR, unless circumstances exist that entitle or oblige the controller to continue processing your personal data (such as statutory retention obligations).
If the legal requirements are met, you may request the restriction of the processing of your personal data within the scope of Art. 18 GDPR.
If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obliged to inform them of your requests regarding rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You may request that the controller inform you about these recipients.
If you have provided us with personal data and automated processing is carried out based on your consent or a contract, you have the right, within the scope of Art. 20 GDPR, to receive the data you have provided in a commonly used, machine-readable format, provided that the rights and freedoms of other persons are not affected. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.
You have the right to object to the processing of your data at any time, provided the processing is based on a balancing of interests. This is the case when the controller relies on public interest or legitimate interest for processing (see Art. 6(1)(e) and (f)). The prerequisite is that you present reasons arising from your particular situation that outweigh the controller's interest. The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
Art. 21(2) GDPR contains a specific, differing provision if your personal data is used for direct marketing purposes. In this case, you have the right to object to the processing of your personal data at any time without any further conditions. Your personal data will no longer be processed for direct marketing purposes. If profiling is associated with direct marketing, you may also object to this.
You may exercise your right to object in connection with the use of information society services by means of automated procedures using technical specifications.
According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. Exceptions may apply if appropriate measures to protect your rights are ensured, and there are necessary contractual arrangements or legal provisions, or you have explicitly consented.
You have the right to withdraw your data protection consent at any time. The legality of the data processing carried out until the withdrawal remains unaffected. You may submit the withdrawal via email or postal mail to the controller.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. However, if you are located in another federal state or outside Germany, you may also contact the local data protection authority there.
For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the app operator, this app uses SSL/TLS encryption. You can recognize an encrypted connection by the change in the browser's address line from “http://” to “https://” and by the lock symbol in the browser bar. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
">
1. Description and Scope of Data Processing
Each time our app is accessed, our system automatically collects data and information from the system of the accessing device.
The following access rights are required:
The following data is collected:
- Information about the app (version)
- The user's operating system (including version)
- The user's internet service provider
- The user's IP address
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the delivery of app content to the user's device. For this purpose, the user's IP address must be stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the app. Additionally, the data helps us optimize the app and ensure the security of our IT systems. The data is not evaluated for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
4. Duration of Storage, Objection and Removal Options
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the app, this is the case when the respective session ends.
In the case of storage in log files, this occurs after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that assignment to the accessing device is no longer possible.
The collection of data for the provision of the app and the storage of data in log files is essential for the operation of the app. Therefore, the user has no possibility to object.
1. Description and Scope of Data Processing
Our app and email signatures provide email addresses and phone numbers that allow electronic and/or telephone contact. In such cases, the personal data transmitted via email will be stored. In the case of telephone contact, personal data may also be stored to process your request.
There is no disclosure of data to third parties in this context. The data is used exclusively for making contact and conducting the conversation.
2. Legal Basis for Data Processing
The legal basis for processing the data transmitted via email or telephone is Art. 6(1)(f) GDPR. If the contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR.
3. Purpose of Data Processing
The processing of personal data is solely for handling the contact request. This also constitutes the legitimate interest in processing the data.
4. Duration of Storage, Objection and Removal Options
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent via email or transmitted by phone, this is the case when the conversation with the data subject has ended. The conversation is considered ended when it can be inferred from the circumstances that the relevant matter has been conclusively resolved. If a contract results from the contact, the corresponding (legal) retention obligations and regulations apply.
If a data subject contacts us via email or telephone, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted.
Our app is available for the Android and iOS operating systems. The respective app store operators are responsible for the provision and processing of data when using the app stores:
- Android: Google Play – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
- iOS: App Store – Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA, https://www.apple.com/de/legal/privacy/
When downloading the app, the following data may be transmitted to the respective app store: email address, username, customer number of the downloading account, individual device identifier, payment information, and the time of download. We have no influence over the collection and processing of this data; it is carried out exclusively by the app store you have selected.
The operating system of your device defines data permissions that allow apps (such as the JUMO smartCALC app) to access certain data and transmit it to us or other services.
You can adjust your data permissions as follows:
Advertising ID / Device Identifier (device-wide)
- Android: Settings > Google > Ads > Reset advertising ID
- iOS: Settings > Privacy > Advertising > Limit Ad Tracking
Device Information / Statistics / Usage and Diagnostic Data (device-wide):
- Android: Settings – Google – Three-dot menu – Usage and diagnostics
- Android (alternative): Settings – Privacy – Usage & diagnostics
- iOS: Settings – Privacy & Security – Analytics & Improvements – (iPhone) Share Analytics