In the following, and in accordance with the applicable data privacy regulations, we will inform you about, among other things, the type and scope of the personal data that we collect

(hereinafter referred to as the “simatec app”), for what purposes and on what legal basis we process these data, and your rights as a data subject.

1. Name and contact details of the responsible person, Union representative in accordance with Art. 27 GDPR

1.1 Responsible under data protection law within the meaning of Art. 4 (7) GDPR is

(hereinafter also referred to as “we” or “us”). You will find further information in the imprint.

Die simatec GmbH, Christinstraße 16, 75177 Pforzheim ist benannter Unions-Vertreter der simatec AG nach Art. 27 DSGVO.

(Subsequently, we will also refer to data subjects collectively as “users”).

a) The “simatec world of maintenance” app was developed to operate and configure simatec products via smartphone.

Configuring IMPULSE as well as extracting status data
Configuring simatherm as well as extracting status data

b) Another purpose of the processing is to support the predictive maintenance and analysis of simatec products as well as the improvement and further development of the simatec app.

c) Compiling statistics relating to patterns and trends of browsing simatec websites or the use of other applications or software.

d) Managing enquiries or other requests in relation to simatec products and services.

e) Insofar as we process personal data, the legal basis is Art. 6 (1) (b) GDPR within the scope of the registration and provision of the user account as well as the provision of documentation and after-sales support for customers. In addition, Art. 6 (1) (f) GDPR is the legal basis for the protection of legitimate interests. On the one hand, the legitimate interests are to support the customer, in particular the predictive maintenance and management of simatec products or simatec-supported products, and for simatec, they are for the ongoing development and improvement of the simatec app.

As part of the provision of the simatec app, your personal data will be processed by external service providers. With these agreements, we have concluded on commissioned data processing in accordance with Art. 28 GDPR. If necessary for support purposes, your data will be exchanged with affiliated simatec companies. Otherwise, disclosure to third parties will not take place.

Your data will not be transferred to third countries. Our processors are based in the EU/EEA and only process data there.

a) We process your data as long as the user account is active and as long as you have not objected to the processing of your data, which is processed on the basis of Art. 6 (1) (f) GDPR, and there are no overriding interests on our part. In this case, we reserve the right to anonymise your data and to process it exclusively in aggregated form, without personal reference, for the purpose of supporting and maintaining simatec products.

b) If you delete your user account, the data will be stored for a period of 1 year for documentation and verification purposes (purpose limitation) and then automatically deleted or anonymised. We reserve the right to store data if and as long as this is necessary for the assertion and defence of legal claims.

c) c) Statutory and contractual retention requirements remain unaffected. We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. We will delete your personal data as soon as it is no longer required for the above-mentioned purposes. In this respect, personal data may be retained for the time during which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). In addition, we store your personal data insofar as we are legally obliged to do so. Corresponding proof and retention obligations result from commercial, tax and social security regulations, usually 6 or 10 years.

1) Within the context of hosting our simatec app, your data, which is processed by us, is processed on the basis of an order processing contract.

(2) If web analysis services and third-party providers are used, the data will be transmitted to the extent described in this document.

(1) Your data will not be transferred to third countries, except for Switzerland. Our processors are based in the EU/EEA and only process data there.

(2) Data transfers to third-party providers of the App Store and the Google Play Store are referenced in section 8.

(1) Our app may contain links to websites operated by third parties that are not covered by this privacy policy. These third-party websites have their own privacy policies and may also use cookies or other tracking technologies. The respective operator or the person designated as responsible for the relevant website is responsible.

(2) The links to external websites are checked by us before linking. However, we have no influence on whether their operators comply with data protection regulations. If we become aware of any legal infringements or violations, we will remove the corresponding links.

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights.

(1) The data subject has the right to obtain confirmation from the data controller as to whether personal data concerning him or her are being processed; if this is the case, he or she shall have the right to access those personal data and to the information listed in detail in Art. 15 GDPR. Under certain legal conditions, you have the right to rectification in accordance with Art. 16 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR and the right to deletion (“right to be forgotten”) in accordance with Art. 17 GDPR. In addition, you have the right to receive the data that you have provided in a structured, common and machine-readable format (right to data portability) in accordance with Art. 20 GDPR, insofar as the processing is carried out using automated procedures and is based on consent in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) or based on a contract in accordance with Art. 6 (1) (b) GDPR.

If the processing is based on consent, you can revoke your consent to the processing of personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

You have the option to submit a complaint to us or to a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement (Art. 77 GDPR). In Baden-Württemberg, the supervisory authority responsible for our Union representative, simatec GmbH, is:

The State Commissioner for Data Protection and Freedom of Information, PO box 10 29 32, 70025 Stuttgart Tel.: 0711/615541-0, FAX: 0711/615541-15, poststelle@lfdi.bwl.de

d) Right to object in accordance with Art. 21 GDPR

In addition to the above rights, you have the right to object as follows:

Right to object on a case-by-case basis

Based on your particular situation, you have the right to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) sentence 1 (f) GDPR (data processing on the basis of a balance of interests); this also applies to a proﬁling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can provide evidence of compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Right to object to the processing of data for advertising purposes

In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to proﬁling insofar as it is related to such direct advertising. If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.

(1) We have implemented technical and organisational security measures in accordance with Art. 24, 32 GDPR, in order to protect your personal data from loss, destruction, manipulation and unauthorised access. All our employees and all third parties involved in data processing are obliged to comply with the requirements of the GDPR and to handle personal data confidentially.

(2) SSL or TLS encryption: This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. An encrypted connection can be recognised from the fact that the address line of the browser changes from “http://” to “https://” and from the lock symbol on your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We reserve the right to change our security and data protection measures to the extent necessary due to technical development, the expansion of our services or legal changes. In these cases, we will also adapt our privacy policy accordingly. Please therefore note the current version of our privacy policy.

Privacy policy for “simatec world of maintenance” app