Privacy Policy – HARO TOILET SEAT FINDER APP

Find out about the data protection regulations when using the Toilet Seat Finder App.

Introduction

The following Privacy Policy applies to the use of the Toilet Seat Finder App (App) offered by Hamberger Sanitary GmbH.

As to what personal data is processed, for what purpose and on what legal basis, is explained below. You will receive information on how to contact the data controller and the data protection officer of Hamberger Sanitary GmbH, and what rights you have with regard to the processing of personal data.

Personal data denotes any information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified directly or indirectly, in particular, by association with an identifier such as a name, an identification number, location data or an online identifier.

Data controller (Art. 4 No. 7 GDPR)

The data controller responsible for processing your personal data is:

Hamberger Sanitary GmbH

Sebastian-Tiefethaler-Str. 2

83101 Rohrdorf

Germany

Data protection officer

If you have specific questions about the protection of your data, please contact the data protection officer at Hamberger Sanitary GmbH:

Datenschutz Prinz GmbH

Dipl.-Inf. (FH) Tim Prinz

Südliche Ringstraße 26

91126 Schwabach

E-mail: datenschutzbeauftragter@hamberger-sanitary.de

I. Type of data processed, purposes of processing, legal basis and retention period

1. Data processing when using the App

a) Data collection when downloading and installing the App

i. Scope of processing

In order to download and install our App from an App store (Google Play, Apple App Store), you must first register for a user account with the provider of the respective App store and conclude a corresponding usage agreement with them.We have no influence on this, in particular, we are not a party to such a usage agreement. When downloading and installing the App, the necessary information is transferred to the respective App store, in particular, your user name, your e-mail address and the customer number of your account, the time of the download, payment information and the individual device identification number.We have no influence on this data collection and are not responsible for it. We only process this provided data insofar as this is necessary for downloading and installing the App on your mobile end device (for example, smartphone, tablet).

ii. Legal basis

Data processing is performed on the basis of the legitimate interest of Hamberger Sanitary GmbH in the efficient and secure provision of its online services in accordance with Art. 6 (1) lit.f. GDPR. Beyond that, this data is not stored any further.

b) App tracking analysis

Google Analytics

Insofar as you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

i. Scope of processing

Google Analytics uses cookies that enable your use of our App to be analysed. The information collected by means of cookies about your use of this App is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

While using this App, your user behaviour is recorded in the form of “events”. Events may include:

• Page impressions
• First visit to the App
• Start of the session
• Your “click path”, interaction with the App
• Scrolls (whenever a user scrolls to the end of the page [90%])

• Clicks on external links
• Internal queries
• Interaction with videos
• File downloads
• Ads seen / clicked

• Language setting

It also records:

• Your approximate location (region)
• Your IP address (in shortened form)
• Technical information about the end devices you use (e.g. language setting, screen resolution)

• Your internet provider

ii. Purposes of processing

On behalf of this App’s operator, Google shall use this information to analyse your use of the App and to compile reports on App activities. The reports provided by Google Analytics are used to analyse the performance of our App.

iii. Recipients

Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor pursuant to Art. 28 GDPR) Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities will access the data stored by Google.

iv. Third-country transfer

In situations where data is processed outside the EU/EEA and there is no level of data protection in line with the European standard, we have concluded EU standard contractual clauses with the service provider, in order to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transmission of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to legal remedies against access by authorities.

v. Storage period

The data sent by us and linked to cookies shall be automatically deleted after 2 months. The deletion of data whose retention period has been reached takes place automatically once a month.

vi. Legal basis

The legal basis for this data processing shall be your consent pursuant to Art. 6 (1) Sentence 1 lit.a GDPR.

vii. Revocation

You may revoke your consent at any time with effect for the future by removing the App from your device. The lawfulness of the processing carried out on the basis of the consent until revocation shall remain unaffected.

You can prevent the use of Google Analytics and the processing of this data by Google by not giving your consent.

You can find more information on the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/gb/ and at https://policies.google.com/?hl=en-GB.

c) Product interface

i. Scope of processing

The product interface is used to import products that are relevant to the user. Based on the data determined in the App, products of the provider are made available for display in the App. For your security, the data transmission is carried out with SSL encryption.

What data is collected

The IP address and country code are collected and stored in order to use the interface. This information is only used to import product data into our App.

ii. Purpose

Your data shall be processed, in order to enable the loading of the provider’s product data.

iii. Legal basis

The legal basis for this processing is Art. 6 (1) (f) GDPR (legitimate interest).

iv. Storage period

Your data shall only be stored for the duration of the data transfer. After completion of the data transfer, this data is deleted again immediately.

II. Requested permissions

For some functions, the App must be able to access the camera option of your mobile device. Depending on which mobile operating system you use, this may require your explicit access permission.

Before you can enter the camera option, you must agree to the use of the camera and microphone. The operating system cannot distinguish between image and video recording.

III. Data subjects’ rights

In principle, you have the following rights vis-à-vis the data controller with regard to the personal data concerning you. There may be statutory exceptions to these rights.

Right of disclosure (Art. 15 GDPR)

The right of disclosure affords the data subject comprehensive insight into the data concerning him or her and some other important criteria – such as the purposes of processing or the duration of storage.

Right of rectification (Art. 20 GDPR)

The right of rectification includes the possibility for the data subject to have inaccurate personal data concerning him or her corrected.

Right to erasure (Art. 17 GDPR)

The right to erasure includes the possibility for the data subject to have data deleted by the data controller. However, this is only possible if the personal data concerning him or her is no longer necessary, is being processed unlawfully or if consent in this regard has been revoked.

Right to the restriction of processing (Art. 18 GDPR)

The right to restriction of processing includes the possibility for the data subject to prevent further processing of the personal data concerning him or her for the time being. A restriction occurs, above all, in the review phase of other perceived rights by the data subject.

Right to data portability (Art. 20 GDPR)

The right to data portability includes the possibility for the data subject to receive the personal data concerning him or her from the data controller in a common, machine-readable format in order to have it transferred to another data controller, if necessary.

Right of objection (Art. 21 GDPR)

The right of objection includes the possibility for data subjects to object to the further processing of their personal data in a specific situation, insofar as this is justified by the performance of public tasks or public (and private) interests.

Right to withdraw consent

If the processing of personal data is based on your consent (Art. 6 [1] lit.a GDPR), you may revoke this consent at any time for the corresponding purpose. The lawfulness of the processing based on your consent remains unaffected until we receive your revocation.

Right of appeal to a competent supervisory authority

You have the option of contacting the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, if you believe that the processing of your personal data does not comply with the EU General Data Protection Regulation.

IV. Data security

We maintain state-of-the-art technical measures to ensure data security; in particular, to protect your personal data against risks during data transmission and against unauthorised third parties gaining knowledge thereof, data is only transmitted in SSL-encrypted form.

Version as of: 14.03.2023