We at Liebherr-Hausgeräte GmbH are pleased to welcome you to our SmartDevice app (hereinafter also referred to generally as the “app”) and thank you for your interest in the Liebherr Group.
The protection and security of your personal data is extremely important to us. We therefore consider it essential that we inform you below about the types of personal data we collect concerning you, the purposes for which we process this and the rights you have in relation to your personal data.
This data privacy policy is governed by the GDPR and any Swiss data protection law that may apply.
The Liebherr SmartDevice app
The Liebherr SmartDevice app allows you to visualise and configure data relating to your Liebherr fridge and freezer. To make use of the Liebherr SmartDevice app, you need to have a Wi-Fi-enabled module (hereinafter referred to as “SmartDeviceBox”), a MyLiebherr account and an internet connection. The SmartDeviceBox connects your Liebherr fridge and freezer to the internet via a Wi-Fi-enabled router. The SmartDeviceBox can be retrofitted on Liebherr fridges and freezers which are SmartDevice-compatible. On some Liebherr fridges and freezers, the SmartDeviceBox is already integrated. In combination with the SmartDeviceBox, the Liebherr SmartDevice app enables you to control various features of your Liebherr fridge and freezer remotely, such as the cooling temperature, while you are out and about. The Liebherr SmartDevice app instantly shows you all the important alert messages, such as telling you that a door that has accidentally been left open. The Liebherr SmartDevice app has a notification function which will remind you, for example, when the air filter next needs to be changed or when the ventilation grille needs to be cleaned.
The controller for the processing of your data is:
Liebherr-Hausgeräte GmbH
Memminger Straße 77-79
88416 Ochsenhausen
Germany
E-mail: privacy.appliances@liebherr.com
Our data protection officer can be reached using the following contact details:
Corporate Privacy
Liebherr-IT Services GmbH
St. Vitus 1
88457 Kirchdorf an der Iller
Germany
E-mail: datenschutz@liebherr.com
Within the provisions of the legislation, as the data subject you have the right to:
If you seek to assert the above rights, kindly note that we may require you to provide proof to establish that you are the person who you say you are.
Furthermore, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the GDPR.
Our app may contain links to and from websites of other providers which are not affiliated with us (“third parties”). Once the link has been clicked, we no longer have any influence over the processing of any data transferred to the third party upon clicking the link (such as the IP address, or URL where the link is located), as the conduct of third parties is obviously beyond our control. We are therefore unable to take any responsibility for the processing of such data by third parties.
Our app may contain links for sharing content on our app on various social networks and/or messenger services. When you use our app, the links on our website do not result in any data being transferred to the providers of social networks or messenger services. Only if you click on one of the links to share content from our app will data (such as your IP address or the URL on which the link is located) be transmitted to the respective provider of the social network or messenger service. We have no influence on the subsequent processing of the data by the respective provider of the social network or messenger service.
Each time you download, access and use our app, the provider running on your end device (computer, smartphone or similar) automatically sends information to our web servers and we store this information in so-called log files.
What data do we process and for what purpose?
We process the following data:
We process this data in principle only for the purpose of ensuring stability as well as network and information security.
Processing for other purposes occurs only if the requisite legal conditions pursuant to Art. 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Art. 13(3) GDPR and Art. 14(4) GDPR.
On what legal basis do we process your data?
Your data is processed for the purposes of the legitimate interests in accordance with Art. 6(1)(f) GDPR.
The legitimate interests pursued by us are to improve and maintain the stability, functionality, and security of our app.
You have the right to object to processing at any time on the basis of Art. 6(1)(f) GDPR for reasons arising from your specific situation.
When you register and authenticate yourself within the app, we collect the following information that is required to do this.
What data do we process and for what purpose?
We process the following data if required:
Note: If you register using a social login from Apple, Facebook, Google or Microsoft, the social login provider will send us, in addition to a User Principal Name (UPN), other data such as your first and last names (all providers), your profile picture (Facebook) or the link to your Google+ profile (Google) if you have activated or enabled these features with the respective social login provider. This data is not processed by us for any purpose.
We generally only process this data for the purposes of registration and authentication in the app.
Processing for other purposes occurs only if the requisite legal conditions pursuant to Art. 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Art. 13(3) GDPR and Art. 14(4) GDPR.
On what legal basis do we process your data?
Your data is processed for the performance of a contract or to take steps prior to entering into a contract in accordance with Art. 6(1)(b) GDPR.
When you use the app, we collect the following information that is required to do this.
What data do we process and for what purpose?
We only ever process this data for the purposes of using the app, analysing faults and improving the app.
Processing for other purposes occurs only if the requisite legal conditions pursuant to Art. 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Art. 13(3) GDPR and Art. 14(4) GDPR.
On what legal basis do we process your data?
Your data is processed for the performance of a contract or to take steps prior to entering into a contract in accordance with Art. 6(1)(b) GDPR.
A. General information
We use technologies and services in connection with the provision of our app. The information below allows us to provide you as the user of our app with additional information on data processing when technologies and services are used.
I. What are technologies and services?
Technologies and services are small text files which a web server or an app can store and read on your end device (computer, smartphone or similar) via the web browser or app you are using. Technologies and services contain individual, alphanumeric character strings that enable the web browser or app you are using to be identified and they may also contain information on user-specific settings.
Examples of technologies and services are small text files which a web server or an app can store and read on the end device (computer, smartphone or similar) you are using. Technologies and services contain individual, alphanumeric character strings that enable the web browser or app you are using to be identified and they may also contain information on user-specific settings.
The technologies and services referred to above are hereinafter also referred to together as “technologies”.
II. What types of technologies and services are there?
We distinguish between essential technologies on the one hand and optional technologies on the other:
Both essential and optional technologies may be so-called session technologies or persistent technologies. These differ in terms of their intended lifetime or functional life:
Note: You can generally erase the data stored on the technologies yourself via your end device settings. For details, please refer to the instructions from your end device manufacturer.
B. Use of technologies in our app
I. Essential technologies
1. Which essential technologies are used for what purpose and for how long?
|
Service |
Purpose |
Service provider |
Functional life |
|
Consent management |
Obtaining and managing consent and storage of information about consent decisions |
Usercentrics GmbH, |
30 days |
|
Language detection |
Language detection for user-oriented language display of the app |
- |
Until the app is closed |
|
AppsFlyer (fraud prevention) |
For stability and security and to prevent any fraud with our campaigns |
AppsFlyer Ltd., 14 Maskit St., POB 12371, Herzliya, Israel |
Until the purpose is achieved |
In order that you can manage the use of optional technologies in our app, we have implemented a consent management service. The first time you access our app you will be presented with a previously defined query (“Technologies and services”) via the consent management service. This allows you to accept or decline the use of optional technologies by clicking the appropriate button. Clicking on “settings” will also take you to the settings of the consent management service. Here, for example, a simplified list of technologies classified by type is included. The consent management service enables you, for example, to find out about the purposes of the technologies we use, the data processed in each case as well as any data recipients. Also, in the case of optional technologies, you can give or withdraw your consent at any time by selecting or deselecting the relevant box.
Please note that essential technologies are already stored when accessing our app and that the relevant box is preselected. Essential technologies cannot be deselected via the consent management service. The functionality of the consent management service itself in turn requires the use of certain technologies.
Service provider information:
Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany
Website:
General Terms and Conditions:
https://usercentrics.com/terms-and-conditions/
Privacy policy:
We use a session technology to enable user-oriented language display of our app. This means the language of your end device will be detected and our app will be displayed for you in the same language.
We use the services of the provider AppsFlyer Ltd., 14 Maskit St., Herzliya, Israel (AppsFlyer); parent company: AppsFlyer Inc. 111 New Montgomery St Ste 400 San Francisco, CA, 94105-3616 United States (hereinafter referred to together as “AppsFlyer”), with the “IP anonymisation” extension (also called “IP masking method”), to ensure that our campaigns are protected from fraud (“AppsFlyer fraud prevention”).
This involves certain information on the devices used by users, their online usage behaviour and page content retrieved being collected, processed and used. AppsFlyer uses this data on our behalf to uncover and prevent cases of mobile fraud, i.e. manipulative and fraudulent activities connected with our marketing measures. Based on the data that is collected and then aggregated, AppsFlyer can tell us whether certain activities related to our app (e.g. downloading or installation) have been caused by manipulation.
For this purpose, we have concluded a data processing agreement (“data processing addendum”) with AppsFlyer in accordance with Art. 28 GDPR and the standard contractual clauses of the EU. In accordance with this, AppsFlyer will process the data collected (data about your end device or your web browser, IP addresses and your app activities) on our behalf for the purposes of evaluating your use of our app, compiling reports on app activity and providing other services for us relating to our app and internet usage.
The data collected by AppsFlyer can be stored and processed in the USA or in any other country in which AppsFlyer, or subprocessors of AppsFlyer, maintain facilities. However, the IP masking method we use means that before transfer to an AppsFlyer server in the USA and before storage there, the IP address is shortened within EU member states or in other EEA member states so that no IP address is transferred in its entirety. This prevents identification of a person or makes this significantly more difficult.
You can object to the collection and storage of data by AppsFlyer at any time with effect for the future by following the instructions at https://www.appsflyer.com/optout. Alternatively, you can stop the use of the AppsFlyer technology by e-mailing us at smartdevice@liebherr.com and notifying us that you withdraw your consent in writing.
Information about the service provider:
AppsFlyer Ltd., 14 Maskit St., Herzliya, Israel
Website:
Privacy policy:
2. On what legal basis are essential technologies used?
We use technologies that are essential for safeguarding our legitimate interests in accordance with Art. 6(1)(f) GDPR.
Our legitimate interests are:
3. How can I object to the use of essential technologies?
You can exercise your right to object using the blocking options described under “Erasing/blocking technologies” (cf. Art. 21(5) GDPR), i.e. by blocking essential technologies via your app settings.
Please note that, in the case of erasing without blocking, essential technologies will be used again when you access our app at a later point in time. Please also note that deactivating or erasing or blocking essential technologies may adversely affect the performance and functionality of our app and may cause certain features and functions to be unavailable.
II. Optional technologies
We would like to use the information below to enable you to make a sound decision for or against the use of optional technologies and the associated data processing.
1. Which optional technologies are used for what purpose and for how long?
|
Service |
Purpose |
Service provider |
Functional life |
|
Google Analytics |
App analysis |
Google Ireland Limited, Dublin 4, Ireland |
Up to two years |
|
Google Firebase Crashlytics |
Error reports |
Google Ireland Limited, Dublin 4, Ireland |
Up to two years |
|
AppsFlyer (marketing & re-targeting) |
Marketing |
AppsFlyer Ltd., 14 Maskit St., POB 12371, Herzliya, Israel |
Until the purpose is achieved |
Subject to your consent, we use app analysis technologies to analyse the use of our app and allow us to improve it continuously. The anonymised user statistics obtained (e.g. number and origin of app users) enable us to optimise our app and make its design more attractive – e.g. by appropriately positioning frequently accessed information or topics on our app in line with customer requirements.
For app analysis we use “Google Analytics”, an app analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter jointly referred to as “Google”), with the “IP anonymisation” extension (also called “IP masking method”). For this we have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. In accordance with this, Google will process the data collected (data about your end device or your web browser, IP addresses and your website or app activities) on our behalf for the purposes of evaluating your use of our app, compiling reports on app activity and providing other services for us relating to our app and internet usage.
The data collected using Google Analytics can be stored and processed in the USA or in any other country in which Google, or subprocessors of Google, maintain facilities. However, the IP masking method we use means that before transfer to a Google server in the USA and before storage there, the IP address is shortened within EU member states or in other EEA member states so that no IP address is transferred in its entirety. This prevents identification of a person or makes this significantly more difficult. Only in exceptional cases will the complete, i.e. unshortened, IP addresses be transferred to a Google server in the USA and only shortened there.
For a data transfer to a third country, i.e. a country outside the EU or EEA, appropriate safeguards for the protection of your personal data are generally required. After the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield was declared invalid by the European Court of Justice, the EU-US Privacy Shield can no longer be used to guarantee an adequate level of protection in the USA in line with EU standards. This means that currently in the USA there is no level of data protection that is equivalent to that in the EU pursuant to Art. 45 GDPR, and we cannot provide appropriate safeguards under Art. 46 GDPR to offset this shortfall. Data transfer to the USA is consequently only permitted in this case with your explicit consent in accordance with Art. 49(1)(a) GDPR. Possible risks of data transfer are that access by state authorities and/or intelligence services cannot be ruled out and your data, possibly without you being specifically informed about it and without being granted enforceable rights and effective legal remedies, can be processed by them for reasons of national security, prosecution or for other purposes in the public interest of the USA.
Service provider information:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Terms and conditions of commissioned data processing for Google advertising products:
https://privacy.google.com/businesses/processorterms/
Terms of Use:
https://marketingplatform.google.com/about/analytics/terms/de/
Overview of data usage in Google Analytics:
https://support.google.com/analytics/answer/6004245?hl=de
Privacy policy:
https://policies.google.com/privacy?hl=de
Technical explanation of “IP anonymisation (or IP masking method) in Google Analytics”:
https://support.google.com/analytics/answer/2763052?hl=de
Additional note:
If you wish to deactivate Google Analytics, you can download and install the “Browser add-on for deactivation of Google Analytics” at the following address https://tools.google.com/dlpage/gaoptout?hl=de. This option only disables app analysis so long as you are using an end device on which you have installed the add-on.
We have integrated Google Firebase Crashlytics into the app in order to analyse and fix faults. The reporting is designed to ensure stability and improve the app. Information is collected about the device that is being used and the use of the app (e.g. the time stamp, when the app was launched and when the crash occurred), and this enables us to diagnose and resolve problems. The data is stored in anonymised form. This personal data is not combined with any of your other profile information. The data protection policy of the provider will tell you how long the data which is collected in this way is stored for.
For fixing faults we use “Google Firebase Crashlytics”, an app analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter jointly referred to as “Google”), with the “IP anonymisation” extension (also called “IP masking method”). For this we have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. In accordance with this, Google will process the data collected (data about your end device or your web browser, IP addresses and your website or app activities) on our behalf for the purposes of evaluating your use of our app, compiling reports on app activity and providing other services for us relating to our app and internet usage.
The data collected using Google Analytics can be stored and processed in the USA or in any other country in which Google, or subprocessors of Google, maintain facilities. However, the IP masking method we use means that before transfer to a Google server in the USA and before storage there, the IP address is shortened within EU member states or in other EEA member states so that no IP address is transferred in its entirety. This prevents identification of a person or makes this significantly more difficult. Only in exceptional cases will the complete, i.e. unshortened, IP addresses be transferred to a Google server in the USA and only shortened there.
For a data transfer to a third country, i.e. a country outside the EU or EEA, appropriate safeguards for the protection of your personal data are generally required. After the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield was declared invalid by the European Court of Justice, the EU-US Privacy Shield can no longer be used to guarantee an adequate level of protection in the USA in line with EU standards. This means that currently in the USA there is no level of data protection that is equivalent to that in the EU pursuant to Art. 45 GDPR, and we cannot provide appropriate safeguards under Art. 46 GDPR to offset this shortfall. Data transfer to the USA is consequently only permitted in this case with your explicit consent in accordance with Art. 49(1)(a) GDPR. Possible risks of data transfer are that access by state authorities and/or intelligence services cannot be ruled out and your data, possibly without you being specifically informed about it and without being granted enforceable rights and effective legal remedies, can be processed by them for reasons of national security, prosecution or for other purposes in the public interest of the USA.
Information about the service provider:
Google Ireland Limited, Gordon House, 44-47 Barrow Street Dublin 4 D, Ireland
Website:
Privacy policy:
Subject to your consent, we use the services of the provider AppsFlyer Ltd., 14 Maskit St., Herzliya, Israel (“AppsFlyer”); parent company: AppsFlyer Inc. 111 New Montgomery St Ste 400 San Francisco, CA, 94105-3616 United States (hereinafter referred to together as “AppsFlyer”), with the “IP anonymisation” extension (also called “IP masking method”), to learn more about which channels users have become aware of our app/service on by statistically analysing our app/service and further advertise our products (“AppsFlyer – marketing & re-targeting”).
This involves certain information about the devices that are used by the users, their app usage behaviour and page content that is retrieved being collected, processed and used. AppsFlyer uses this data on our behalf to establish how users respond to certain campaigns, how they use the app and interact with it and for assessing the performance of our marketing measures and channels.
For this purpose, we have concluded a data processing agreement (“data processing addendum”) with AppsFlyer in accordance with Art. 28 GDPR and the standard contractual clauses of the EU. In accordance with this, AppsFlyer will process the data collected (data about your end device or your web browser, IP addresses and your app activities) on our behalf for the purposes of evaluating your use of our app, compiling reports on app activity and providing other services for us relating to our app and internet usage.
The data collected by AppsFlyer can be stored and processed in the USA or in any other country in which AppsFlyer, or subprocessors of AppsFlyer, maintain facilities. However, the IP masking method we use means that before transfer to an AppsFlyer server in the USA and before storage there, the IP address is shortened within EU member states or in other EEA member states so that no IP address is transferred in its entirety. This prevents identification of a person or makes this significantly more difficult.
For a data transfer to a third country, i.e. a country outside the EU or EEA, appropriate safeguards for the protection of your personal data are generally required. After the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield was declared invalid by the European Court of Justice, the EU-US Privacy Shield can no longer be used to guarantee an adequate level of protection in the USA in line with EU standards. This means that currently in the USA there is no level of data protection that is equivalent to that in the EU pursuant to Art. 45 GDPR, and we cannot provide appropriate safeguards under Art. 46 GDPR to offset this shortfall. Data transfer to the USA is consequently only permitted in this case with your explicit consent in accordance with Art. 49(1)(a) GDPR. Possible risks of data transfer are that access by state authorities and/or intelligence services cannot be ruled out and your data, possibly without you being specifically informed about it and without being granted enforceable rights and effective legal remedies, can be processed by them for reasons of national security, prosecution or for other purposes in the public interest of the USA.
You can object to the collection and storage of data by AppsFlyer at any time with effect for the future by following the instructions at https://www.appsflyer.com/optout. Alternatively, you can stop the use of the AppsFlyer technology by e-mailing us at smartdevice@liebherr.com and notifying us that you withdraw your consent.
Information about the service provider:
AppsFlyer Ltd., 14 Maskit St., Herzliya, Israel
Website:
Privacy policy:
https://www.appsflyer.com/services-privacy-policy
2. On what legal basis are optional technologies used?
We use optional technologies on the basis of consent in accordance with Art. 6(1)(a) in conjunction with Art. 7 GDPR.
3. How can I withdraw the consent I have granted for the use of optional technologies?
When you (first) access our app, we request, among other things, your consent for the use of optional technologies by means of a predefined query (“Technologies and services”). You can withdraw the consent you have granted at any time with effect for the future and thereby prevent further collection of your data by deselecting optional technologies (app analysis, marketing) in the settings of the consent management service.
If and insofar as you do not consent or withdraw consent already granted - (further) data collection by means of optional technologies requiring consent and data processing associated with this will cease. This has no disadvantages in terms of using the app unless you also deactivate the technology functions for essential technologies.
The withdrawal of consent will not affect the legality of the processing carried out on the basis of the consent up to withdrawal.
As an alternative to withdrawing your consent, the options described under “Erasing/blocking technologies” relating to erasing or blocking technologies along with the information provided there are also available to you.
C. Erasing/blocking technologies
Technologies are stored on your end device which means that you have the control over these. If you do not want us to recognise your end device, you can deactivate or erase technologies already stored on your end device at any time – manually or automatically – and/or block storage of technologies with future effect by making the relevant setting on your end device, e.g. “Do not accept technologies” or similar. Most apps can also be configured so that technology storage is only accepted if you agree to this separately on a case-by-case basis. If you do not want to accept technologies from our service providers and partners, you should have your web browser set to “Block third-party technologies” or similar. For details of the options described, please refer to the instructions from your end device manufacturer.
Please note that in the case of erasing without blocking, essential technologies will be set again and we may ask you again for your consent to optional technologies when you access our app at a later point in time. Please also note that deactivating or erasing or blocking essential technologies may adversely affect the performance and functionality of our app and may cause certain features and functions to be unavailable.
You can manage the settings for the use of optional technologies and the data processing associated with this at any time in the settings of the consent management service.
As part of the provision of our app, we integrate different content and functional elements (hereinafter also referred to collectively as “services”) which are obtained from the web servers of their respective providers (hereinafter referred to as “third-party providers”). Your IP address always needs to be transferred to the respective third-party provider to ensure the proper presentation and provision of the services. Although we endeavour to only integrate services where the respective third-party provider uses the IP address only to deliver the services, we have no influence on the subsequent processing by third-party providers.
For data transfers requiring consent, we ask you for your consent for the data transfer to third-party providers/third countries associated with the use of miscellaneous services, among other things, when you access our app for the first time with a predefined query (“Technologies and services”). If you do not already grant your consent with this predefined query, third-party services requiring your consent will be blocked on our app and no data will be transferred to third-party providers/third countries. Instead, you can grant your consent separately in each case for individual third-party services by clicking “Accept” in the respective blocker. If, in future, you no longer want to grant consent individually to each third-party service and want to be able to load them without the respective blocker, you also have the option of selecting “always accept” and therefore also consenting to the associated data transfers for all other third-party services which you open on our app in the future.
You can withdraw the consent you have granted at any time with effect for the future and thereby prevent further transfer of your data by deselecting the corresponding services under “Miscellaneous services (optional)” in the settings of the consent management service.
We may transfer your data to:
A data transfer to entities in countries outside the European Union or the European Economic Area (so-called third countries) or to international organisations is permissible only (1) if you have given us your consent or (2) if the European Commission has decided that there is an adequate level of protection in a third country (Art. 45 GDPR). If the Commission has not taken such a decision, we can transfer your data to recipients located in a third country only if appropriate safeguards exist (e.g. standard data protection clauses adopted by the Commission or the supervisory authority under a specific procedure) and the enforcement of your rights as a data subject is guaranteed or the transfer is permissible in individual cases on the grounds of other legal bases (Art. 49 GDPR).
Where we transfer your data to third countries, we will inform you of the respective details of the transfer at the relevant points in this data protection declaration.
We process your data, provided that this is necessary for the respective purpose, if you have not effectively objected to the processing of your data or effectively withdrawn the consent that you may have granted.
If statutory retention obligations exist, we will have to store the data affected thereby for the duration of the retention obligation. After the expiry of the retention obligation, we will check whether there is any further necessity for processing. If there is no longer any necessity, your data will be deleted.
We use technical and organisational security measures to ensure that your data is protected from loss, from improper changes or from unauthorised access by third parties. Moreover, we ensure that, on our side, only authorised persons are granted access to your data and then only to the extent necessary for the above-mentioned purposes. The transfer of all data is encrypted.
Version: October 2022