Principles of Personal Data processing for the MyLiebherr Account and the Liebherr SmartDevice App (Privacy Policy)

This Privacy Policy sets out the manner in which Liebherr-Hausgeräte GmbH, Memminger St. 77-79, 88416 Ochsenhausen, Germany and its related entities, affiliates and subsidiaries (collectively referred to herein as "us", "we" or "our" or the “Liebherr Group”) collects, uses, discloses and manages your Personal Data.

This Privacy Policy applies to your use and access of the MyLiebherr Account and the Liebherr SmartDevice App and all our other products and services described in this Privacy Policy. By submitting any Personal Data to us and by using our services, you consent to us collecting, using and disclosing your Personal Data in accordance with the terms of this Privacy Policy and further warrant that all Personal Data submitted to us is complete, true and correct. If you provide Personal Data of a third party (e.g. information of your spouse, children or other family members) to us, you additionally represent and warrant that the consent of such third party has been obtained for the collection, use and disclosure of such Personal Data for the purposes as set out below.

A. General

I. What does this privacy policy regulate?

We attach great importance to the protection and security of your Personal Data. It is therefore important for us to inform you about the Personal Data we process in the context of your MyLiebherr Account and the Liebherr SmartDevice App, about the purposes for which we process this Personal Data and about the rights you have in relation to your Personal Data.

All our Personal Data processing activities comply with the European General Data Protection Regulation (hereinafter referred to as "GDPR") as well as with the Singapore Personal Data Protection Act (hereinafter referred to as "PDPA").

II. II. General notes on the MyLiebherr Account and the Liebherr SmartDevice App

1. MyLiebherr Account

The "MyLiebherr Account" is your central user account at Liebherr-Hausgeräte GmbH. You have to register in order to create a MyLiebherr Account. You can register on the “MyLiebherr Portal" (https://home.myliebherr.com). When you register via the MyLiebherr Portal, you will receive an e-mail with a confirmation link at the end of the registration process. You must click on the confirmation link in order to complete the registration process. Alternatively, you can also sign up for the MyLiebherr Account using your Google, Facebook or Microsoft accounts (hereinafter referred to as "Social Login"). Please note that we have no influence on the processing of your Personal Data by Google, Facebook and Microsoft. With your MyLiebherr Account you can use the Single-sign-on service of Liebherr-Hausgeräte GmbH (hereinafter referred to as "SSO"). SSO allows you to use other access-restricted digital services (hereinafter referred to as "Modules") connected to the SSO using identical access data. SSO allows you to navigate between Modules without the need for a separate registration and login process. SSO automatically transfers the data stored in your MyLiebherr Account which are required for the use of the relevant Modules to the respective module providers in order to offer you the best possible comfort. The Modules are operated either by Liebherr-Hausgeräte GmbH or by subsidiaries of Liebherr-Hausgeräte GmbH.

2. Liebherr SmartDevice App

The Liebherr SmartDevice App allows you to view and configure the data of your Liebherr refrigerator and freezer. To use the Liebherr SmartDevice App, you need a WLAN-enabled module (hereinafter referred to as "SmartDeviceBox"), a MyLiebherr Account and an internet connection. The SmartDeviceBox connects your Liebherr refrigerator and freezer to the internet via a WLAN-enabled router. The SmartDeviceBox can be retrofitted to SmartDevice-enabled Liebherr refrigerators and freezers. Some Liebherr refrigerators and freezers already have the SmartDeviceBox integrated. In combination with the SmartDeviceBox, the Liebherr SmartDevice App allows you to control various functions of your Liebherr refrigerator and freezer, such as the cooling temperature, while on the move. With the Liebherr SmartDevice App, you can immediately see any important alarm messages, such as a door accidentally left open. The Liebherr SmartDevice App has a notification function that reminds you when the next air filter change is due or when the ventilation grille needs to be cleaned, for instance.

III. What is Personal Data and what does processing mean?

"Personal Data" means, simply put, any information (whether true or not) relating to an identified or identifiable natural person (e.g. any information about you). In addition to information that allows a direct inference about a specific person (such as a person’s name or e-mail address). Personal Data may also include information that can be linked to a certain person with appropriate additional knowledge.

"Processing" means any operation or set of operations which is performed on Personal Data (such as the collection, recording, organisation, ordering, storage, use or deletion of Personal Data).

IV. Who is responsible for processing my Personal Data?

Liebherr-Hausgeräte GmbH, Memminger St. 77-79, 88416 Ochsenhausen, Germany determines the purposes and means of the processing of Personal Data. Liebherr-Hausgeräte GmbH is the so-called "Controller" in accordance with the GDPR. Liebherr-Hausgeräte GmbH can be reached via phone (+4973529280), fax (+497352928408) and email (info.hau@liebherr.com).

B. Data processing in relation to the MyLiebherr Account

I. Which Personal Data are collected for which purposes?

When calling up the MyLiebherr Portal, the following Personal Data are processed by our web server and stored in what are known as log files:

1. date of access to the MyLiebherr Portal;

2. time of access to the MyLiebherr Portal;

3. Internet address of the website on which you were when you called up the MyLiebherr Portal (URL);

4. files you access through the MyLiebherr Portal;

5. amount of data transferred to you;

6. your browser type and version;

7. your operating system;

8. the domain name of your Internet access provider (e.g. Telekom, Vodafone, etc.); and/or

9. your (external) IP address.

When registering and using a MyLiebherr Account via the MyLiebherr Portal without the use of Social Login, we process the following Personal Data in addition to the Personal Data mentioned in points 1-9 hereinabove:

10. registration date;

11. your unique user ID (UPN);

12. date and time of the last successful login; and/or

13. your e-mail address.

When registering and using a MyLiebherr Account via Social Login, we process the following Personal Data in addition to the Personal Data mentioned in points 1-13 hereinabove:

14. Social Login identification feature (so-called identifier).

Note: If you register or authenticate yourself with a Facebook Social Login, Facebook will also provide us with your last name, first name and profile picture in addition to the data listed in points 13 and 14. We do not process such data for any purpose.

Note: When you register or authenticate with a Google Social Login, Google will provide us with your last name, first name, and the link to your Google Plus profile in addition to the information listed in points 13 and 14. We do not process such data for any purpose.

Note: If you register or authenticate with a Apple Social Login, Apple will provide us with your last name and first name in addition to the information listed in points 13 and 14. We do not process such data for any purpose.

For the optimal use of the Modules connected to the MyLiebherr Portal, we collect the following Personal Data on a voluntary basis in addition to the data mentioned in points 1-14:

15. your preferred language;

16. your title;

17. your address;

18. your phone number;

19. your Liebherr refrigerator and freezer serial number;

20. your Liebherr refrigerator and freezer device type; and

21. your SmartDeviceBox serial number.

We process the Personal Data listed in points 1- 21 for the following purposes:

1. to protect our website (data categories used: 1-9);

2. to register a MyLiebherr Account via the MyLiebherr Portal (data categories used: 10-13);

3. to register a MyLiebherr Account via Social Login (data categories used: 10-14)

4. for the central administration of user and profile data for SSO (data categories used: 10-21);

5. for the use of SSO (data category used: 11);

6. for transmission to the provider of the selected module (data categories used: 13, 15-21); and

7. to support your MyLiebherr Account and to generally provide you with our services related the MyLiebherr Account and the Liebherr SmartDevice App (data categories used: 1-21).

We generally process your Personal Data only to the extent necessary for the fulfilment of the above mentioned purposes. Processing of your Personal Data for purposes other than the ones mentioned above may only occur where this is allowed both under the PDPA and the GDPR. With regard to the GDPR, we will take Art. 6 (4) GDPR into account. Furthermore, we will of course comply with any requirements to provide information according to Art. 13 (3) GDPR and Art. 14 (4) GDPR.

II. On what legal basis do we process your Personal Data?

We will only process your Personal Data, if we have a legal basis to do so both under the PDPA and under the GDPR.

As regards the GDPR, the legal basis for processing your Personal Data is Art. 6 GDPR, in so far as there are no further specific legal provisions. In detail, the processing of your Personal Data is based on the following legal bases:

1. Data processing for the performance of contracts (Article 6 (1) (b) GDPR) (applies to purposes 2-7)

2. Data processing based on a balance of interests (Article 6 (1) (f) GDPR) (applies to purpose 1)

3. Data processing to fulfil a legal obligation (Art. 6 (1) (c) GDPR) (applies to purpose 1)

4. Consent (Article 6 (1) (a) GDPR) (applies to any transmission of your Personal Data to non-EU/EEA countries for purpose 6)

Our legitimate interest is: The improvement of the stability, functionality and security of the Portal (applies to purpose 1)

If we process your Personal Data on the basis of a balance of interests, you have the right to object to the processing of your Personal Data under the provisions of Art. 21 GDPR.

If we process your Personal Data based on your consent, you have the right to withdraw your consent at any time with future effect.

III. To whom and for what purposes do we transfer which categories of your Personal Data?

Where necessary in the course of providing you with our services, we will transfer your Personal Data:

1. To the providers of the Modules you actively use and possibly of other services (data categories 13, 15-21);

2. To other companies of the Liebherr Group, if this is necessary for the initiation, execution or termination of a contract or if there is a legitimate interest in the transfer on our part and your predominant legitimate interest is not in conflict with the same; (data categories 13-21);

3. To the Social Login provider of your choice (data category 14);

4. To the service providers we use to achieve the above purposes (data categories 1-21);

5. To any court, arbitration tribunal, public or governmental authorities or legal advisor when required to comply with applicable law, or to assert, exercise or defend legal claims (data categories 1-21); and/or

6. to any other party to whom you authorise us to disclose the Personal Data (data categories 1 to 21).

IV. Will my Personal Data be processed outside the European Union?

Your Personal Data will in general be transferred to and stored within the European Union. A Personal Data transfer to Personal Data processors in countries outside the European Union (known as third countries) is only permitted (1) if you have given us your consent hereto or (2) if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, we may only transfer your Personal Data to third parties located in a third country insofar as appropriate safeguards exist (e.g. standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and the enforcement of your rights is ensured. We will at all times ensure that organisations to whom we transfer your Personal Data will provide a standard of protection to Personal Data so transferred that is comparable to the protection under the PDPA.

Please note that your Personal Data could be transferred to countries outside the EU/EEA if the provider of one of your Modules is based in such a country. We will seek your express consent prior to any transmission to such provider.

V. When do we delete or anonymise your Personal Data?

We process and retain your Personal Data as long as this is necessary for the purposes for which such Personal Data was collected, unless you have effectively objected to the processing of your Personal Data or have effectively revoked your consent. We do not keep Personal Data longer than necessary and will destroy or anonymise Personal Data which we no longer require or which is no longer necessary for legal or business purposes.

In addition, as far as statutory retention obligations exist - e.g. in commercial law or tax law - we will have to save the relevant Personal Data for the duration of such mandatory retention obligation. After the expiry of such mandatory retention period, we will check whether there is any further need for processing. If there is no such further necessity, your Personal Data will be deleted or anonymised.

C. Data processing in relation to the Liebherr SmartDevice App

I. Which Personal Data are collected for which purposes?

To use the Liebherr SmartDevice App, you need a MyLiebherr Account. In addition to the Personal Data referred to above in section B.I., we collect the following Personal Data from you:

1. the device data of your Liebherr refrigerator and freezer (serial number, selected name, model and type);

2. the sensor data of your Liebherr refrigerator and freezer (temperature status, compressor speed, open door status);

3. the device data of your Liebherr SmartDeviceBox (serial number, model, type, connection status);

4. the technical configuration of your device (model, manufacturer, operating system used, connection status);

We generally process such Personal Data only for the following purposes:

1. Provision of the functions of the Liebherr SmartDevice App (data categories used: 1-4);

2. Error analysis and improvement of the app (data categories used: 1-4 and data categories in B.I. 1-9); and

We generally process your Personal Data only to the extent necessary for the fulfilment of the above mentioned purposes. Processing for purposes other than the ones mentioned above may only occur where this is allowed both under the PDPA and the GDPR. With regard to the GDPR, we will take Art. 6 (4) GDPR into account. Furthermore, we will of course comply with any requirements to provide information according to Art. 13 (3) GDPR and Art. 14 (4) GDPR.

II. On what legal basis do we process your Personal Data?

We will only process your Personal Data, if we have a legal basis to do so both under the PDPA and under the GDPR.

As regards the GDPR, the legal basis for processing your Personal Data is Art. 6 GDPR, in so far as there are no further specific legal provisions. In detail, the processing of your Personal Data is based on the following legal bases:

1. Consent (Article 6 (1) (a) GDPR) (applies to purposes 2); and

2. Data processing for the performance of contracts (Article 6 (1) (b) GDPR) (applies to purpose 1).

If we process your Personal Data based on your consent, you have the right to withdraw your consent at any time with future effect.

III. To whom and for what purposes do we transfer which categories of your Personal Data?

Where necessary in the course of providing you with our services, we will transfer your Personal Data:

1. To other companies of the Liebherr Group, if this is necessary for the initiation, execution or termination of a contract or if there is a legitimate interest in the transfer on our part and your predominant legitimate interest is not in conflict with the same; (data categories 1-7);

2. To the service providers we use to achieve the above purposes; (data categories 1-7)

3. To any court, arbitration tribunal, public or governmental authorities or legal advisor when required to comply with applicable law, or to assert, exercise or defend legal claims. (data categories 1-7); and/or

4. to any other party to whom you authorise us to disclose the Personal Data (data categories 1 to 21).

IV. Will my Personal Data be processed outside the European Union?

Your Personal Data will in general be transferred to and stored within the European Union. A Personal Data transfer to Personal Data processors in countries outside the European Union (known as third countries) is only permitted (1) if you have given us your consent hereto or (2) if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, we may only transfer your Personal Data to third parties located in a third country insofar as appropriate safeguards exist (e.g. standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and the enforcement of your rights is ensured. We will at all times ensure that organisations to whom we transfer your Personal Data will provide a standard of protection to Personal Data so transferred that is comparable to the protection under the PDPA.

V. When do we delete or anonymise your Personal Data?

We process and retain your Personal Data as long as this is necessary for the purposes for which such Personal Data was collected, unless you have effectively objected to the processing of your Personal Data or have effectively revoked your consent. We do not keep Personal Data longer than necessary and will destroy or anonymise Personal Data which we no longer require or which is no longer necessary for legal or business purposes.

In addition, as far as statutory retention obligations exist - e.g. in commercial law or tax law - we will have to save the relevant Personal Data for the duration of such mandatory retention obligation. After the expiry of such mandatory retention period, we will check whether there is any further need for processing. If there is no such further necessity, your Personal Data will be deleted or anonymised.

VI. Liebherr SmartDevice App Skill for Amazon Alexa

Amazon Echo is Amazon hardware for voice input and output. Amazon Echo devices allow Amazon to analyse, evaluate and execute voice commands. Amazon Echo devices require an Amazon user account to function and can be extended to include additional features by adding so-called "skills". The Liebherr SmartDevice App skill allows you to control some functions of the Liebherr SmartDevice App via your Amazon Echo device through voice commands. This requires you to activate the Liebherr SmartDevice App skill in your Amazon account and link your MyLiebherr Account to this skill. Through this link, voice commands given by you can be interpreted by Amazon and sent to the Liebherr SmartDevice App for execution via an anonymous digital signature.

Except for the data indicating that you have an Amazon account and a MyLiebherr Account, no Personal Data will be sent by us to Amazon or by Amazon to us.

VII. Liebherr SmartDevice App functions for Conrad Connect

Conrad Connect is a service of Conrad Connect GmbH that allows you to link the functions of the Liebherr SmartDevice app with various smart devices and apps supported by Conrad Connect. This makes it possible for a certain event (e.g. time) to trigger an action (e.g. activate SuperCool function). The use of Conrad Connect requires a Conrad Connect user account and can be extended with interfaces for additional functions by adding the manufacturer or brand. This connection enables you to control some functions of the Liebherr SmartDevice app via Conrad Connect. For this purpose you need to activate the Liebherr SmartDevice app in your Conrad Connect user account and link it to your MyLiebherr account.

Except for the data indicating that you have a Conrad Connect user account and a MyLiebherr account, no Personal Data will be sent by us to Conrad Connect or by Conrad Connect to us.

VIII. Liebherr SmartDevice App Trigger for IFTTT

IFTTT is a service of IFTTT Inc., which allows you to combine the functions of the Liebherr SmartDevice App with various applications supported by IFTTT. In this way, a particular event (e.g. entering your home) can trigger a specific action (e.g. activating the Supercool feature). To use IFTTT, you will need to activate the Liebherr SmartDevice App Trigger in your IFTTT account and link your MyLiebherr Account to the Liebherr SmartDevice App Trigger.

Except for the data indicating that you have an IFTTT account and a MyLiebherr Account, no personal information will be sent by us to IFTTT Inc. or sent by IFTTT Inc. to us.

IX. Liebherr SmartDevice app functions for HomeConnect Plus

HomeConnect Plus is an app that allows you to link the functions of the Liebherr SmartDevice app with various smart devices supported by HomeConnect Plus. In this way, a particular event (e.g. entering the home) can trigger an action (e.g. activate SuperCool function). The use of HomeConnect Plus requires a HomeConnect Plus user account and can be extended with interfaces for additional functions by adding the manufacturer or brand. This connection allows you to control some functions of the Liebherr SmartDevice app via HomeConnect Plus. For this purpose you need to activate the Liebherr SmartDevice app in your HomeConnect Plus user account and link your MyLiebherr account.

With the exception of the date that you have a HomeConnect Plus user account and a MyLiebherr account, no personal data will be transmitted from us to HomeConnect Plus or by HomeConnect Plus to us.

X. Liebherr SmartDevice App Actions for Google Home

The Google Home Smart Speaker is Google hardware for voice input and output. With the Google Home Smart Speaker voice commands can be analysed, evaluated and executed by Google. The Google Home Smart Speaker devices require a Google user account to function and can be extended with interfaces for additional features by adding so-called “actions". The Liebherr SmartDevice app actions allow you to control some functions of the Liebherr SmartDevice app via your Google Home Smart Speaker device through voice commands. This requires you to activate Liebherr SmartDevice app actions in your Google account and link your MyLiebherr Account to these actions. Through this link, voice commands given by you can be interpreted by Google and sent to the Liebherr SmartDevice app for execution via an anonymous digital signature.

Except for the data indicating that you have a Google account and a MyLiebherr Account, no personal data will be sent by us to Google or by Google to us.

D. How are my Personal Data secured against unauthorised access and loss?

We use technical and organisational security measures in order to secure your Personal Data against loss, incorrect modification, unauthorised collection, use, disclosure, copying, unauthorised access by third parties in general and similar threats. Moreover, on our part, only authorised persons will ever have access to your Personal Data and they can only access it to the extent required within the framework of the purposes named above. All Personal Data is transferred in encrypted form.

E. Cookies and other technologies

We use cookies and other technologies in connection with the provision of our website. For further details about our cookie usage, please see our cookie information.

F. Data Subject Rights and Right of Appeal

As an individual whose Personal Data is processed (a so-called "Data Subject") you have certain rights both under the PDPA and under the GDPR. This section describes the rights you have under the GDPR but shall under no circumstances be interpreted as limiting with regard to your rights under the PDPA.

Within the legal framework of the GDPR, you have the right to

1. obtain information about your Personal Data;

2. the correction of incorrect Personal Data and completion of incomplete Personal Data;

3. the deletion of your Personal Data, in particular, if (1) they are no longer necessary for the purposes stated in this Privacy Policy, (2) you withdraw your consent and there is no further legal basis for processing, (3) your Personal Data have been unlawfully processed or (4) you have objected to the processing and there are no legitimate reasons for processing;

4. a limitation of the processing of your Personal Data, especially should you dispute the accuracy of the Personal Data or the processing of your Personal Data is illegal and you demand limitation of use in place of deletion; and

5. to receive your Personal Data in a structured, standard and machine-readable form and to demand that we transfer your Personal Data directly to another responsible party.

We ask for your understanding that, where the above rights are not asserted in writing, we may require you to provide evidence proving that you are the person you claim to be. You also have a right of appeal with the responsible supervisory authority.

If you withdraw your consent to any or all purposes for which your Personal Data was collected and depending on the nature of your request, we may not be in a position to continue to provide our services to you. Please note that the lawfulness of our prior processing activities based on prior consent is not affected by a subsequent your withdrawal of consent.

G. How do I contact the Data Protection Officer?

Should you have any questions regarding data protection please contact:

Data Protection

Liebherr-IT Services GmbH

St. Vitus 1

88457 Oberopfingen, Germany

datenschutz@liebherr.com

Last updated: March 2021