Principles of data processing at Liebherr (information requirements)

EMT sales app

 

A. General

I. What does this Data Protection Declaration regulate?

We attach great importance to the protection and security of your personal data. Therefore, we consider it vital to inform you about which personal data for which purpose we use in your case, and also what rights you have in respect of your personal data.

II. What are personal data and what does processing mean?

1. "Personal data" (hereinafter also called "data") are all the details that make a statement about a natural person. Personal data are not just details that allow a direct conclusion to be drawn about a certain person (such as a person's name or email address), but also information with which with suitable additional knowledge a connection can be made with a certain person.

2. "Processing" means those actions that are performed to your personal data (such as the collection, recording, organisation, structuring, storage, use or erasure of data).

 

B. Data processing

I. Who is responsible for processing your data?

The controller for processing your data is:

Liebherr-EMtec GmbH

Liebherrstrasse 12

88457 Kirchdorf an der Iller, Germany

Contact:

Phone.: +49 7354 80-0

II. What data do we collect and for what purpose?

When downloading or calling up the app via your mobile device, we collect the following data:

  • 1. Date and time of access to the app
  • 2. Period of access to the app
  • 3. Files you retrieve via the app
  • 4. The amount of data submitted to you
  • 5. Your operating system
  • 6. Your connection to the internet
  • 7. The smartphone you use (device ID)
  • 8. Your IP address

When authenticating using an existing Liebherr account of Liebherr-IT Services GmbH, we process the following data:

  • 9. Explicit user identification (UPN)
  • Note: This date is transmitted to us by Liebherr-IT Services GmbH when authenticating with a Liebherr account in our app.

We also process the following data during the authentication process:

  • 10. App-ID
  • 11. Country
  • 12. Language

To synchronize and optimize the functions of the app and analyzing crashes we gather the following data:

  • 13. App-ID-Token (Identifier, that identifies the app) with date and time

On principle, we process these data for the following purposes only:

  • 1. To secure the App offer (data categories 1-8)
  • 2. As part of the authentication and authorization for the use of the app (data categories 9 + 10)
  • 3. In order to display the correct App language (data categories 11 + 12)
  • 4. In order to optimize and stabilize the EMT Sales App (data category 13)

Data processing for other purposes will only be considered if necessary requirements pursuant to Art. 6 paragraph 4 GDPR are met. In this case, we will of course fulfil any requirements to inform pursuant to Art. 13 paragraph 3 GDPR and Art. 14 paragraph 4 GDPR.

III. On what legal basis will we collect your data?

The legal basis for processing your data is basically – unless there are also specific regulations– Art. 6 GDPR.

The processing of your data is effected on the following legal basis:

1. Data processing prior to entering into a contracts and performance of contracts (Art. 6 paragraph 1, point b) GDPR (applies to purposes 2-4)

2. Data processing based on a balancing of interests (Art. 6 paragraph 1, point f) GDPR) (applies to purpose 1)

Our legitimate interests are:

1. Improvement of the stability, functionality and security of the app (applies to purpose 1)

If we process your data on the basis of a balancing of interests, you have the right to object to the processing of your data, taking the requirements of Art. 21 GDPR into account. 

We process your data solely to the extent to which this is necessary in order to fulfil the above stated purposes.

IV. To whom and for what purpose do we transfer which categories of your data?

If appropriate, we transfer your data to:

1. other member companies of the Liebherr Group, provided this is necessary to initiate, perform or terminate a contract, or for our part we have a legitimate interest in the transmission and your predominant legitimate interest is not opposed to this; (all data categories)

2. our service providers that we use in order to achieve the above stated purposes; (all data categories)

3. Courts, courts of arbitration, authorities or legal advisors, if this is required to comply with current law, or to assert, exercise or defend legal claims. (all data categories)

V. Will your data be processed outside the European Union?

The transfer of data to locations in countries outside the European Union (so-called third countries) is only permissible (1) if you have given us your consent or (2) if the European Commission has decided that an appropriate level of protection is afforded in a third country (Article 45 DGPR). Should the Commission not have taken such a decision we may only transfer your data to third parties that are in a third country provided there are suitable warranties (e.g. standard data protection clauses that are accepted by the Commission or the supervisory authority in after a specific procedure), and the assertion of your rights as a data subject is ensured or the transfer is permissible in individual cases on the grounds of other legal bases (Article 49 GDPR).

VI. When will we delete or anonymise your data?

We process your data as long as this is necessary for the purpose in question, unless you have effectively objected to the processing of your data or effectively withdrawn a consent you have given or the user agreement is finished by a proper notice of termination

VII. To what extent is there automated decision-making in individual cases?

Basically, to substantiate and pursue business dealings we do not utilize any fully automated decision-making as per Article 22 GDPR. Should we apply this process in individual cases we will inform you separately, provided this is prescribed by law.

VIII. To what extent is your data used for profiling?

We process your app usage data partly automatically with the aim of being able to use our app functions comprehensively for you as well as continuously improving and developing our app based on your user behavior. Certain personal aspects will be evaluated (profiling).

 

C. How are your personal data protected against access by unauthorised third persons and loss?

We employ technical and organisational security measures in order to ensure that your data are protected against loss, inaccurate alteration or unauthorized access by third parties. Moreover, for our part in every case, only authorized persons have access to your data and this is only insofar as is necessary in the scope of the above stated purposes.

  

D. Rights of the data subject and right to complain

Within the legally forseen scope, you have the right to

1. information of your data;

2. rectification of inaccurate data and completion of incomplete data;

3. erasure of your data, particularly if (1) it is no longer necessary for the purposes stated in this Data Protection Declaration, (2) you have withdrawn your consent and there are no other legal basis for the processing, (3) your data have been unlawfully processed, or (4) you have objected to the processing and there are no overriding legitimate interests for processing.

4. restriction of the processing of your data, particularly if the accuracy of the data is contested by you or the processing of your data is unlawful and instead of deletion you demand restriction of use.

5. receive your data in a structured, commonly used and machine-readable format and to have your data transmitted from us directly to another controller.

Please note that the lawfulness of processing based on consent performed prior to the withdrawal will not be affected by your withdrawal.

If you assert any of the above stated rights are asserted but not in writing, please understand that we may require you to provide evidence showing that you are the person you claim to be.

Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.

 

E. Who is my contact for questions concerning data protection, and how can I reach him or her?

If you have any questions concerning data protection, please contact:

Liebherr-IT Services GmbH

Corporate Privacy

St. Vitus 1

88457 Kirchdorf an der Iller

E-mail:

As at: March 2020