Leifheit Privacy Policy for Soehnle Connect App

As at: June 2022

Scope

Leifheit Aktiengesellschaft, Leifheitstraße 1, 56377 Nassau/Lahn, Germany (hereinafter referred to as: “Leifheit” or “we”) appreciates your interest in Soehnle Connect products and the Soehnle Connect app.

As data protection controller, we want to ensure that you feel safe when using the Soehnle Connect app and Soehnle Connect products with regard to the protection of your personal data, because we take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course. We are the responsible party (controller) for your personal data, which is processed directly about you as the data subject, meaning a natural person whose personal data is processed by the controller responsible for processing. We have implemented numerous technical and organisational measures to guarantee the most seamless protection of personal data processed within the scope of our products and services.

The Soehnle Connect app is designed to simplify your health and body conscious living and support you in maintaining and improving your health. This Leifheit Privacy Policy of the Soehnle Connect app (hereinafter referred to as “Privacy Policy”) explains the way in which we process your personal data, and your rights - within the context of these provisions, when you use the Soehnle Connect app (hereinafter referred to as “app”) provided by us - which are associated with your app user account (hereinafter referred to as “devices). Personal data is information about your identity. This includes, for example, details such as name, address, telephone number, email address and date of birth. Particular types of personal data, specifically sensitive data, are details about your health. Soehnle Connect products measure body weight or calculate other health/body-related information, depending on the range of functions, such as body weight and water content, body fat percentage, muscle mass, calorie consumption as well as date and time of measurement. The scope of data collection and processing depends on the measurement functions offered by the product that you have purchased. Please refer to the product information of the particular Soehnle Connect product.

The app may contain links to external websites, which are operated by our associated companies, third parties, or us. If you click on one of these links, the website will be displayed on the web browser of your smartphone and the processing of your personal data will be subject to the privacy policy of the respective website.

For more detailed information, please see the corresponding figures in the Table of Contents.

Understanding these provisions is essential for using the app with the devices. We recommend that you carefully read and understand the entire contents of these provisions so that you can make the appropriate decisions for you. These provisions are not necessarily applicable to services, activities or products of third parties, to which you are potentially referred, and could apply to other data protection regulations.

Table of Contents

I. Name and address of the controller
II. Contact details of the data protection offer
III. How we collect and use your personal data
IV. Rights of the data subject
V. Security
VI. Change to our Privacy Policy
VII. Links
VIII. Questions, suggestions, complaints

I. Name and address of the controller

The controller within the meaning of the GDPR and other national data protection laws of member states as well as other data protection regulations is:

Leifheit AG

Leifheitstraße 1
56377 Nassau
Germany
Email: info@leifheit.com

II. Contact details of the data protection offer

The data protection officer of the controller can be reached at:

DataCo GmbH

Nymphenburger Str. 86

80636 Munich

Germany
Email: datenschutz@dataguard.de

III. How we collect and use your personal data

1. Possible uses of our range of products and services

Please note that the processing of your data is carried out on the basis

that you grant your explicit consent to the processing of data concerning you for one or more of the purposes just defined;
and that the processing for fulfilment of the existing agreement with us, or any agreement to which you are party, is required.

Your consent can be revoked at any time.

Personal data is information about your identity. This includes, for example, details such as name, address, telephone number, email address and date of birth.

Particular types of personal data, specifically sensitive data, are details about your health. Soehnle Connect products measure body weight or calculate other health/body-related information, depending on the range of functions, such as body weight and water content, body fat percentage, muscle mass, calorie consumption as well as date and time of measurement.

The scope of data collection and processing depends on the measurement functions offered by the product that you have purchased. Please refer to the product information of the particular Soehnle Connect product.

All default settings made by us are selected in such a way that essentially only personal data, whose processing is required for the specific processing purpose, will be processed.

Under no circumstances will we forward your data to your health insurance provider and/or other existing insurance policies, without your explicit consent. Your data will not be shared for research and/or marketing purposes. In addition, we will not sell your data to third parties or allow any third-party advertising measures within our Soehnle Connect range.

2. Stipulated minimum age

Our Soehnle Connect range must only be used by persons who are at least 16 years of age. Collection or processing of personal data of individuals younger than 16 years of age is explicitly against our will and without our knowledge. This also constitutes a breach of our general terms and conditions of business.

3. Possible uses of our range of products and services

Whether and which personal data is collected and processed, depends on whether you use our products or services with or without the setup of a user account. You are free to decide on this:

We offer each of our users the possibility of setting up a user account on our Soehnle Connect platform. However, you can also use our Soehnle Connect app without registering via a user account; in this case there will be a limited spectrum of possible uses, as we will explain below.

In each case, the following data is collected and processed during installation of the app, and the following access permissions will be required:

Read telephone status and ID
Receive SMS, read SMS or MMS
Approximate location (network-based)
Read call log
Change or delete SD card contents
Read SD card contents
Search for accounts on the device
Display network status
Full internet access
Bluetooth settings
Run pairing with Bluetooth devices

No movement profiles are created by us.

4. Below you will find information regarding which data will be processed when using the Soehnle Connect app:

4.1 Using the Soehnle Connect app without a user account

If you want to use the Soehnle Connect app without a user account, no transfer of data to our server or to servers of third parties assigned by us will take place.

However, you must provide certain mandatory information when setting up the app in order to be able to use the app. Essentially, the following data concerning you will be collected and processed:

Name (indicating a full name is, however, voluntary)
Date of birth
Gender
Email address
Body weight
Current weight

As an option (not mandatory information) you can also store a photo.

In addition, the following health-related data can be collected and processed according to the scope of use by you and the corresponding hardware related to you:

Weight
Desired weight and time in which the desired weight is to be reached
Body fat percentage
Water content
Muscle mass
Number of steps
Target (steps per day)
Sleep duration and sleep intensity
Desired sleep duration per day
Calorie consumption
Desired calorie consumption per day
Heart rate
BMI
Date and time of all measurements
Distance covered per day
Level of activity
Step length
Records that have been achieved
Targets achieved
User ID
Systolic blood pressure
Diastolic blood pressure
Irregular heartbeat
Pulse rate
PM2.5
Temperature

If you decide to delete the app, your data will be completely erased from your mobile phone/smartphone, depending on the operating system that you use. If you reinstall the Soehnle Connect app, the data might no longer be available to use. However, individual operating systems are configured so that the user data remains stored on the local device. We have no influence over these settings, so you would have to find out from the manufacturer of your operating system how the data can be deleted manually.

4.2. Using the Soehnle Connect app with a registered user account

If you decide to create a user account on our Soehnle Connect platform, the following other provisions and notes shall apply.

a. Collection and processing of personal data as part of the registration procedure for the information provided for your app account

Once you have created a user account on our Soehnle Connect platform and synchronised your data, your personal data will no longer only be stored locally on your (mobile phone) device, but via the internet on a server. Both the transfer and the storage of your data is encrypted.

Having a user account means that we are able to access your personal data and process this for you within the scope of our Soehnle Connect range.

The following data will be collected and processed:

Name (indicating a full name is, however, voluntary)
Date of birth
Gender
Email address
Body weight
Weight

As an option, you can also store a photo

The following health-related data can be collected and processed according to the scope of use by you and the corresponding hardware related to you:

Weight
Desired weight and time in which the desired weight is to be reached
Body fat percentage
Water content
Muscle mass
Number of steps
Target (steps per day)
Sleep duration and sleep intensity
Desired sleep duration per day
Calorie consumption
Desired calorie consumption per day
Heart rate
BMI
Date and time of all measurements
Distance covered per day
Level of activity
Step length
Records that have been achieved
Targets achieved
User ID
Systolic blood pressure
Diastolic blood pressure
Irregular heartbeat
Pulse rate
PM2.5
Temperature

Mandatory information: During registration, it is essential that you provide the data marked as mandatory information in the electronic registration form to be able to use the Soehnle Connect platform. This is your chosen user name, password and your email address. Providing your full name is always voluntary. We advise choosing a secure, complex password.

In many cases, we will not be able to identify you based on this information.

To be able to assess your data correctly, you must enter your date of birth, size and current weight when setting up a user account.

The data collected is stored on the servers of our contractual partner, Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA, on our behalf. We have carefully selected the company. Storage only takes place in the region of the Federal Republic of Germany, meaning that European and German data protection law will be applicable and your rights will be preserved accordingly within the contractual relationship with our contractual partner. However, it cannot be ruled out that your data will remain within the European Union. In order to guarantee suitable safeguards to protect the transmission and processing of personal data outside the EU, the data transmission to and data processing by Microsoft will be carried out on the basis of suitable safeguards in accordance with Article 46 ff GDPR, particularly through the conclusion of so-called standard data protection clauses in accordance with Article 46 Para. 2 (c) GDPR. A copy of these safeguards can be requested. See the above-mentioned contact details.

In any synchronisation using the app, your Soehnle Connect data will be transferred by your Soehnle Connect product encrypted to the server/servers. This data will be stored to provide you with our Soehnle Connect range in full. In addition, the data will be connected, thus linked, to your user account.

Furthermore, when assigning a Soehnle Connect product to your user account, it is necessary that you provide certain technical data (such as the identification number of your Soehnle Connect product or the hardware supplied with the Soehnle Connect product). This information will be treated as personal data.

When the transmission function is activated, the data measured or calculated by the respective Soehnle Connect product is transferred via the Soehnle Connect app to the connected user account on the Soehnle Connect platform. Details on the transmission function as well as its activation and deactivation can also be found in the Help section https://www.soehnle.de/service/haeufige-fragen-faq/ of the Soehnle Connect platform.

b. Device sharing

There is also the option to connect an individual Soehnle Connect product with multiple user accounts (e.g. of family members or housemates). When the Soehnle Connect product is operated properly, normally it is technically impossible for personal data to be transferred to other users of this Soehnle Connect product. However, when operated incorrectly, it cannot be excluded that specific measurements become assigned to the wrong user. Details on possibilities of use are also available in the Help section at https://www.soehnle.de/faq or in the product information provided with the Soehnle Connect product.

C. For what purpose is personal data processed on the Soehnle Connect platform

We use

the data provided during registration to manage the respective user account, thus to control access to the user account, to send the necessary information to the Soehnle Connect platform or for your use (such as replacement passwords).
the Soehnle Connect data transmitted by a Soehnle Connect product solely for your display and evaluation in your user account.

No data is currently processed for interest-based advertising via our Soehnle Connect range. However, we reserve the right to carry out such data processing to improve our range of products and services. When such a function is introduced, we will give you sufficient notice and ask for a new declaration of consent.

d. Duration of data collection and processing

Your data will only be stored with us for as long as you have a user account with Soehnle Connect, or until there is a reason for deletion. Deletion of the stored personal data will be made immediately once you withdraw your consent to data processing, or when knowledge of the data is no longer needed for fulfilling the processing purpose (or upon termination of our contractual relationship) or when storage of the data is not allowed for other legal reasons.

e. Collection and sharing with government institutions

Collection of personal data as well as their transmission to authorised government institutions and authorities only takes place within the context of the relevant laws or if we are obliged to do so by court order. Our employees and the service providers that we assign are under legal obligation to observe secrecy and to comply with the terms of the applicable data protection law.

f. Use of apps and tools of third-party providers

Access to your data by third-party provider apps is not granted under our default settings. However, you can allow us to do so by adjusting the appropriate setting to connect your Soehnle Connect profile to a third-party provider app. In particular, we provide the option to synchronise your data with Google Fit and the Apple Health app. If we share data, at your instigation, to a third party, this data will be subject to the data protection guidelines of this third party. You can revoke your consent to sharing data with third parties, at any time, via your Soehnle Connect profile or in your mobile phone settings.

There is also the option to share information about your Soehnle Connect product on other platforms via the Soehnle Connect platform using so-called widgets or plug-ins for social networks, such as, for example, Facebook and LinkedIn. Entry is only carried out manually, meaning that third-party providers have no access to the data on the Soehnle Connect platform. However, it cannot be excluded that the products and services of third-party providers will collect and process personal data. We have no influence over the interaction with these programmes; this will be due to the data protection guidelines of the company that provides them.

IV. Rights of the data subject

If personal data concerning you is processed, you are the data subject within the meaning of GDPR and - provided that the legal requirements in accordance with Article 15 to 21 of the GDPR are met - you have the following rights towards the controller:

Right to information
You have, at any time, the right to request information about the personal data that we have stored about you, the origin and the recipient of the data as well as the purpose of data processing. In addition, you can also contact Leifheit AG as the controller by email at Datenschutz@leifheit.com
Right of access, correction, deletion or restriction of processing
You can request access to your personal data, the correction of false or incomplete personal data or the deletion of your personal data.
Revocation, blocking/restriction and data portability
In view of the fact that the processing of your personal data is carried out based on your consent, you have the right to revoke your consent at any time with effect for the future.By withdrawing consent, the lawfulness of the processing carried out on the basis of the consent up to the revocation shall not be affected. You are also entitled to delete your user account (the app account) registered with the app, to submit complaints or messages or to make the appropriate data privacy settings, in order to control your personal data or prevent us from further processing.
Under the conditions of Article 20 of the European General Data Protection Regulation (GDPR) you also have the right to data portability, thus to receive the personal data concerning you that you have provided us with, in a structured, accessible and machine-readable format, and to transmit this data to another controller without hindrance.
Revocation
You have the right, on compelling legitimate grounds relating to a particular situation, to file an objection at any time against the processing of personal data concerning you, which is made on the basis of Article 6 Para. 1 (1)(e) or (f) of the GDPR; this also applies to a profiling pursuant to these provisions. The controller will no longer process the personal data concerning you, unless they can provide compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or the processing is used for assertion, exercise or defence of legal claims.
Right to appeal to a supervisory authority
Without prejudice to an administrative or judicial remedy otherwise, you have the right to appeal to a supervisory authority, particularly in the member state of your place of residence, of your workplace or the place of the alleged infringement, if you consider that the processing of the personal data concerning you violates the GDPR. The supervisory authority where the appeal was lodged, informs the complainant on the status and results of the appeal, including the possibility of a judicial remedy, in accordance with Article 78 of the GDPR. The supervisory authority for Leifheit AG is

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Hintere Bleiche 34

55116 Mainz, Germany

If you would like to assert your data protection rights, please use our contact details under Legal Notice or send an email to Leifheit AG as controller at Datenschutz@leifheit.com.

V. Security

We implement technical and organisational measures, in order to protect your data stored with us, in particular against tampering, loss, destruction and access by unauthorised persons. Our security measures are continuously improved in line with technological development.
All data will be transferred encrypted with the latest technology and according to European and German data protection regulations (when using the Soehnle Connect app with a registered user account) and stored. When assigning a Soehnle Connect product to your user account or the app, authentication is required using PIN entry in the encrypted so-called “pairing method” with the device. Details on this method can also be found in the Help section at https://www.soehnle.de/faq or in the product information provided with the Soehnle Connect product.

Additionally, we recommend in your own interest that you ensure your mobile phone is provided with adequate protection using password entry or another suitable method.

VI. Change to our Privacy Policy

We reserve the right to change our security and data protection measures, as far as this becomes necessary for technical development. In these cases, we will - where necessary - also adapt our privacy statements accordingly and inform you about this immediately. We therefore ask you to take note of the current version of our Privacy Policy. The last revision date of this Privacy Policy can be found at the top of the page.

Where this is legally required, we will request your consent for the new data usage and the amended Privacy Policy. We will notify you by email or within the Soehnle Connect app.

Amendments essentially come into effect when the revised Privacy Policy is published on the relevant websites.

Please note that the setup of the new products and services regularly leads to an update of our Soehnle Connect app. If your approval for using the data is required, you will be asked for approval after the update is made, with a restart.

If you have installed automatic background updates on your mobile phone, this can lead to an automatic download of the latest app version. Refusal to give your consent to the adapted Privacy Policy means you will no longer be able to use the Soehnle Connect app in the future. We therefore recommend that you switch off the background updates so that you can check this first. The latest version of our Privacy Policy is also available in the app store that you use.

VII. Links

If you use external links which are offered in line with our Soehnle Connect products, our Privacy Policy does not cover the products and services there. If we provide links, we make every effort to ensure that these also correspond to our data protection and security standards. However, we have no influence over the compliance with data protection and security regulations by other providers. For this reason, we would ask that you find out from other providers about the data protection regulations provided there.

VIII. Questions, suggestions, complaints

You can retrieve the Privacy Policy within the app at any time under the main menu “Privacy Policy”.

If you have any further questions, suggestions or complaints about our information regarding data protection and processing of your personal data, you can contact Leifheit AG directly as the controller at Datenschutz@leifheit.com.

Moreover, without prejudice to an administrative or judicial remedy otherwise, you have the right to appeal to a (data protection) supervisory authority, particularly in the member state of your place of residence, of your workplace or the place of the alleged infringement, if you consider that the processing of the personal data concerning you violates German or European data protection law.