fsb.de

Data Privacy Statement

for the LightCommand Web App and the LightAccess Pro App

An overview of data protection

Introduction
As the operator of L700 LightAccess Pro (hereinafter referred to as the “service”), Messrs Franz Schneider Brakel GmbH + Co KG, Nieheimer Str. 38, 33034 Brakel, Germany (hereinafter referred to as “We”) are the body responsible for processing the personal data of users of the service. You will find our contact details in the publishing details for the service, whilst the interlocutors for questions on the processing of personal data are cited in this Data Privacy Statement itself.

We take the protection of your privacy and private data very seriously. We collect, store and utilise your personal data only in accordance with the contents of this Data Privacy Statement and the applicable provisions in data protection law, specifically the European Union’s General Data Protection Regulation (GDPR) and domestic data protection requirements. We would like by means of this Data Privacy Statement to inform you of the extent to which personal data are processed in conjunction with utilisation of the service and for what purpose.

Personal data
Personal data are information about an identified or identifiable natural person. This includes any information about your identity such as your name, your email address or your postal address. Information that cannot be associated with your identity (such as statistical data on, for instance, users of the service) is, by contrast, not deemed to be personal information.

It is fundamentally possible for you to use our service without disclosing your identity or citing personal data. We merely then gather general information about your visiting our service. Personal data are, however, acquired from you for some of the services offered. These data are then only ever processed by us for purposes relating to utilisation of that service, notably as a means of providing the information requested. Where the collection of personal data is concerned, only the furnishing of essential data is obligatory. Any further particulars can be provided but do not need to be. We indicate whether provision of a given piece of information is obligatory or voluntary in each case. We go into this in greater detail in the applicable section of this Data Privacy Statement.

No automated decision-making is carried out on the basis of your personal data in conjunction with your using our service.

Processing personal data
We store your details on particularly well-protected servers within the European Union. Technical and organisational measures serve to protect these against loss, destruction, fraudulent access or the alteration or dissemination of your data by unauthorised persons. Only very few authorised persons are able to access your data. These are responsible for the technical, commercial or editorial care of servers. Even with regular monitoring, however, it is not possible to afford complete protection against all hazards.

Your personal data are transmitted via the web in encrypted form. We use TLS/SSL (Transport Layer Security/Secure Socket Layer) encryption for data transmission purposes.

Divulging personal data to third parties
We only ever use your personal information to perform the services you request. Wherever external service providers are employed by us in the course of performing services, they access data solely for the purpose of performing a service. We adopt technical and organisational measures to ensure adherence to data protection law requirements and oblige our external service providers to do likewise.
Neither will we divulge your data to third parties without your express consent, especially not for advertising purposes. Your personal data will only be divulged if you have consented to this being done or in cases where statutory provisions and/or official instructions/court orders entitle or oblige us so to do. This may in particular obtain where information is required for the purpose of prosecuting a criminal offence, averting a hazard or enforcing intellectual property rights.

Rechtsgrundlagen der Datenverarbeitung
In cases where we obtain your consent to process your personal data, point (a) of Article 6(1) GDPR serves as the lawful basis for so doing.
In cases where we process your personal data because this is necessary to perform a contract or within the framework of a quasi-contractual relationship with you, point (b) of Article 6(1) GDPR serves as the lawful basis for so doing.
In cases where we process your personal data in fulfilment of a statutory obligation, point (c) of Article 6(1) GDPR serves as the lawful basis for so doing.
A further lawful basis for processing data can take the form of point (f) of Article 6(1) GDPR in cases where processing your personal data is necessary to safeguard a legitimate interest of our company or a third party and where your own interests, basic rights and liberties do not necessitate protection of your personal data.
We always indicate within the framework of this Data Privacy Statement the lawful basis upon which the processing of your personal data rests.

Deletion of data and storage duration
We always delete/block your personal data as a rule once the reason for storing them ceases to apply. Data may, however, additionally be stored if this is provided for in legal stipulations by which we are bound, with regard, for instance, to statutory duties of retention and documentation. In such an instance, we delete/block your personal data once the applicable stipulations cease to apply.

Using our service – Information about the devices you employ

Whenever our service is accessed, we collect the following information about your computer or the mobile terminal device you use independently of your registration: the IP address, the enquiry received from your browser and the time involved in making the enquiry. We additionally record the status and volume of the data transmitted in the course of the enquiry. We also gather product and version information on the browser and operating system used. Further, we establish the website from which the service was accessed. The IP address is only stored for the period during which the service is used and is subsequently deleted or else anonymised by shortening it. The remaining data are stored for six months.

We process these data so as to be able to make the service available to you. Furthermore, we use these data for operation of the service, notably as a means of detecting and remedying faults, determining the level of take-up of the service, and carrying out adjustments or improvements. These are the purposes underpinning our legitimate interest in processing data pursuant to point (f) of Article 6(1) GDPR, the lawful basis for such processing. Where we process data so as to be able to make the service available to you, we are entitled to do so under point (b) of Article 6(1) GDPR.

Adoption of the local storage technique
Use is made of the local storage technique for our service – as in many websites. This involves data being stored locally in your browser’s cache, allowing your preferences and any default options set such as language settings to be made immediately available when using our service.

So as to enable your presettings and preferences to be taken account of when you next visit our service, such data are stored over and beyond completion of the browser session or, respectively, our service. You can delete such data at any time by deleting the caches in your browser settings. Please note that you may only be able to make limited use of our service, or not be able to use it at all, if you delete essential data.

Third parties cannot gain access to data kept in local storage. The data are not divulged to third parties and are not used for advertising purposes.
Data held in local storage are technically necessary as a means of enabling you to use and avail yourself of basic functions of our service. The lawful basis for processing such data is point (b) of Article 6(1) GDPR. Our enabling you to use our service simultaneously constitutes our legitimate interest in processing data pursuant to point (f) of Article 6(1) GDPR.

Registration
To be able to use L700 Light Access Pro, you must register for our service. This involves your furnishing the details enquired after at registration such as your name, address and email address. We also record the time and date of registration and your IP address. You benefit from this by not having to re-input these data every time you use the service. Performance of contract as per point (b) of Article 6(1) GDPR forms the lawful basis for processing your registration data. Information whose provision is obligatory at registration is required for the performance or setting-up of a contract for specific services with us. A customer account is opened for you when you register. We then inform you that your customer account has been activated. We store the data in your customer account for as long as an active customer relationship remains in place. Where no activity is discernible for a period of three years, the status of the customer relationship is reset to inactive. You can demand deletion of your customer account at any time.

Using the customer account, controlling access to doors via the service
You can award access rights to third parties in your customer account. You can also convey time-limited single access rights to the desired user by text message or email for this purpose. The user’s terminal device to which authorisation is sent can thereupon transmit optical signals to communicate with a door’s locking system. You can then use our service to facilitate the applicable act of access with the aid of the locking system. We need to process certain data to ensure this control function proceeds smoothly. A specific identification number is assigned to each locking system that is, by turn, synchronised via the service so as to be able to issue and monitor authorisations to open and close the locking system. We additionally log the following data of yours in this connection: name, IP address and the designation of the locking system concerned. This is necessary in order to be able to perform the contract entered into with you to use the service in conjunction with the locking system concerned pursuant to point (b) of Article 6(1) GDPR. You also have the option of notifying us of the time zone and location of the locking system concerned, though this is not obligatory. We additionally process what are known as log files. These are activity logs containing information on the users who operate locking systems that have been cleared for access and when they do so (time and date). Suitably authorised users can view these log files via the service. You can switch this activity log on or off yourself at any time. The lawful basis for processing these data is accordingly your consent pursuant to point (a) of Article 6(1) GDPR.

Visiting the website
Should you call the service up via our website rather than the app, the information on processing data via our website applies in addition to this Data Privacy Statement and can be called up here: www.fsb.de/dataprivacy.

Completion of contract

We only use your personal information for the purpose of completing a contract within our own company, associated companies and the company encharged with completing the contract.

Storage and divulgence
We work with various companies in the completion of contracts that are, for instance, responsible for the handling of payments and to which we divulge data for this purpose. Forming the lawful basis for this is point (b) of Article 6(1) GDPR. Processing your personal data is necessary for performance of the contract entered into with you. We ensure in the process that our partners likewise observe the provisions of data protection law. We store the data for as long as is required for performance of the contract. We subsequently continue to store these data for the legally prescribed period in order to meet post-contractual obligations and in line with the record retention periods laid down under mercantile and fiscal law. The record retention period generally amounts to ten years from the end of the respective calendar year.

Handling payments
Depending on the method of payment selected, payments may be handled by an outside service provider. Forming the lawful basis for the handling of payments is point (b) of Article 6(1) GDPR. Processing your personal data is necessary for performance of the contract entered into with you, though you are free to choose the method of payment adopted. We store the data for as long as is required for performance of the contract. We subsequently continue to store these data for the legally prescribed period in order to meet post-contractual obligations and in line with the record retention periods laid down under mercantile and fiscal law. The record retention period generally amounts to ten years from the end of the respective calendar year.

Communicating with us

You can contact us in several ways, including via the email addresses cited in our service or via our ticket system.

Using the ticket system
We make our ticket system available for you to make enquiries and report defects or faults that occur whilst using the service. Should you wish to avail yourself of this ticket system, we record the personal data you enter there to this end. We additionally store your IP address as well as the time and date of any enquiry you make. We process data conveyed via the ticket system exclusively for the purpose of being able to answer your enquiry/address your concern. You can decide yourself which information you convey to us via the ticket system. Forming the lawful basis for processing your data is your consent pursuant to point (a) of Article 6(1) GDPR. Where data need to be processed in the course of dealing with notices of defects in respect of performance of contract, point (b) of Article 6(1) GDPR likewise forms the lawful basis for processing the data. Once we have dealt with the issue, the data are initially retained in case of any queries there may be. Deletion of the data can be demanded at any time, though this will only be carried out once the matter has been completely settled; nothing in the above shall affect the statutory duties of retention.

Your rights and contact options

We lay great store by explaining how we process your personal data in as transparent a way as possible as well as by informing you of the rights you enjoy. Should you wish more detailed information or wish to exercise the rights you enjoy, you may get in touch with us at any time so we can address ourselves to your case.

Rights of data subjects
You enjoy wide-ranging rights with regard to the processing of your personal data. Firstly, you have a wide-ranging right to demand information and you can in some cases demand the correction and/or deletion/blocking of your personal data. You may also demand restrictions to processing and you have a right of objection. You also enjoy the right of data portability with regard to any personal data you convey to us, moreover. If you wish to assert any of your rights and/or would like to obtain further information on this, please consult our customer service. Alternatively, you can also consult our Data Protection Officer.

Withdrawing consent and lodging objections
You are free to withdraw any consent you have given at any time with effect for the future. Withdrawing consent does not affect the legitimacy of processing conducted on the basis of the consent given prior to its being withdrawn. The interlocutors here are likewise our customer service and Data Protection Officer. In cases where the processing of your personal data does not presuppose your consent but is conducted on some other lawful basis, you may object to this occurring. Your objection will lead to the matter being assessed and, where applicable to processing being terminated. You will be notified of the outcome of this assessment and we will – should it be deemed that data are to continue to be processed nonetheless – then provide you with detailed information on why this is admissible.

Data Protection Officer and contact details
We have commissioned an external Data Protection Officer to support us on issues pertaining to data protection law whom you may also consult directly. Our Data Protection Officer and his team will be glad to field questions relating to how we deal with personal data or to provide further information on issues pertaining to data protection law:

Dr. Christoph Rempe
Fachanwalt für Informationstechnologierecht (IT-Recht)
BRANDI Rechtsanwälte Partnerschaft mbB
Adenauerplatz 1
33602 Bielefeld
Telefon +49 521 96535-875

Complaints
If you feel our processing of your personal data does not accord with this Data Privacy Statement or the applicable data protection requirements, you are entitled to submit a complaint to the regulatory authority. You may also submit complaints to our Data Protection Officer. He will then assess the matter and notify you of the outcome.

Further information and amendments

Links to other websites
Our service may contain links to other websites. Such links are generally indicated as being such. We have no way of influencing whether the data protection requirements in force are observed at linked websites. We accordingly recommend that you also consult the Data Privacy Statements for these other websites.

Amendments to this Data Privacy Statement
The date of issue of this Data Privacy Statement is indicated below. We reserve the right to amend our Data Privacy Statement at any time with effect for the future. Amendments are made notably in the event of technical adjustments being made to the service or provisions of data protection law being amended. The version of our Data Privacy Statement currently applicable can always be called up directly via the service. We recommend your keeping regularly informed about amendments to our Data Privacy Statement.

Date of issue of this Data Privacy Statement: February 2020