Table of contents

I. Identity and contact details of the data controller

II. Contact details of the data protection officer

III. Permissions

IV. Data processing in the LEDVANCE SMART + WiFi App

V. Provision of the app and creation of log files

VI. Usage of cookies

VII. Hosting

VIII. Geotargeting

IX. Registration

X. Content Delivery Networks

XI. Telemetry Data

XII. Usage of Firebase Crashlytics

XIII.Usage of SDK

XIV. Data processing by backup service

XV. Rights of the data subject

XVI. Changes to this information

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other national data protection laws of the Member States as well as other data protection regulations is:

LEDVANCE GmbH
Parkring 1-5
85748 Garching
Germany
+49 89 780673-100
contact@ledvance.com
https://www.ledvance.com

The designated data protection officer is:

Mr. Matthias Lindner
bDSB LEDVANCE
c/o  intersoft consulting services AG 
Beim Strohhause 17 
20097 Hamburg 
Germany
privacy@ledvance.com

The following authorizations are required to implement the functions in the app:

• Photos (iOS)
  Store photos and videos from connected devices
• Location Services (iOS)
  Access to SSID information during the pairing process, set application location, condition settings (weather, automated rules)
• Microphone (iOS)
  Enables the two-way voice control
• Camera (iOS)
  QR Code scanner for pairing process, photo function for profile image creation
• Bluetooth Sharing (iOS)
  Pairing with and control of devices
• Media Sharing (iOS)
  Store photos and videos from connected devices
• Camera (Android)
  QR Code scanner for pairing process, photo function for profile image creation
• Location (Android)
  Access to SSID information during the pairing process, set application location, condition settings (weather, automated rules
• Microphone (Android)
  Two-way voice control
• Device memory (Android)
  Store photos and videos from connected devices

On this page we inform you about the privacy policy of the LEDVANCE SMART + WiFi App for Android and iOS ("App"). The App is offered by LEDVANCE GmbH, Parkring 1-5, 85748 Garching near Munich, Germany ("LEDVANCE GmbH", "we" or "us").

1. Scope of processing personal data

The app is used for technical control of SMART+ devices and provides direct technical support for users. Multi-user access is enabled.

The processing of personal data takes the form of creating a user account. The data is also stored for user support. The following personal data may be collected:

• Username
• Password
• E-Mail-address
• Username
• Photo
• Location

 

The following data is processed when the app is started:

• Information about the type and version of the app
• Operating system of the user
• Date and time of access
• Language settings
• Time zone of the device

The servers automatically collect and store information in so-called server log files, which your device automatically transmits when you use the app. The stored information is:

• Browser type and version
• Operating system used
• Referrer-URL
• Date and time of the server request
• IP address

Third parties do not have access to server log files. This data is not merged with other data sources.

2. Purpose of the processing

The processing of personal data allows the users of the App to have technical control of SMART+ devices and direct contact for technical support.

3. Legal basis for the processing of personal data

The processing of the aforementioned data is necessary for the execution of the user contract, which forms the basis for the use of the app and the related services. This includes processing in order to safeguard your data and error detection as well as supporting users. Therefore, legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR.

There may be situations where we do not only use your data to fulfil the contract (e.g., to fulfil obligations to public bodies). The legal basis in those cases is either your consent or, depending on the situation, another legal basis within the meaning of Art. 6 GDPR.

In some cases the processing of technical data serves to safeguard a legitimate interest of our company in providing a functional application for users and is therefore based on Art. 6 para. 1 sentence 1 lit.  f GDPR as the legal basis for the processing.

4. Duration of storage

The personal data will be stored until the account is deleted, exclusively for the above-mentioned purpose. With the deletion of the account by the user all data will be removed.

5. Right to withdraw your consent

In case you granted consent to us regarding processing your personal data, you are entitled to withdraw your data protection consent at any time with future effect. The withdrawal of the consent shall not affect the legality of the processing carried out on the basis of the consent until the withdrawal.
In order to do so, please send an email to: privacy@ledvance.com 

6. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
The user is given the opportunity to object to the processing by e-mail request.
In order to do so, please send an email to: privacy@ledvance.com

1. Description and scope of data processing

Each time our app is accessed, our system automatically collects data and relevant information from the computer system of the calling device.

The following data is collected:

• Browser type and version used
• The user's operating system
• The IP address of the user
• Date and time of access
• language settings, time zone, app-version

 

This data is stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Purpose of data processing

The temporary storage of the IP address by the system is necessary for the delivery of the app to the device of the user. For this purpose, the user’s IP address must be kept for the duration of the session.

The storage in logfiles is done to ensure the functionality of the app. The data is also used to optimise the app and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place.

3. Legal basis for data processing

The processing of the aforementioned data is necessary for the execution of the user contract, which forms the basis for the use of the app and the related services.  Hence the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. In addition for the aforementioned purposes, our legitimate interest lies in the processing of data in compliance with Art. 6 para. 1 s. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The session is complete when the collection of data for the provision of the app is accomplished.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is not possible.

5. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
The user is given the opportunity to object to the processing by e-mail request.
In order to do so, please send an email to: privacy@ledvance.com 

1. Description and scope of data processing

Our app uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user’s device. If a user calls up the app, a cookie can be stored on the user’s operation system. These cookies contain a string of characters that allows the browser to be uniquely identified when the app is reopened.

We use cookies to make our app more user-friendly. Some elements of our app require the calling browser to be identified even after a page break.

The following data is stored and transmitted in the cookies:

• Language settings
• Log-in information
   

The user data collected in this manner is pseudonymised by technical measures. It is therefore not possible to assign the data to the user accessing the site. The data is not stored together with other personal data of the users.

2. Purpose of data processing

The purpose of using technical cookies is to simplify the use of app for users. Some functions of our app cannot be offered without the use of cookies. These require that the device is recognised even after a page change.

We need cookies for the following applications:

• Applying language settings
• Assignment to nearby server

 

The user data collected by technical cookies are not used to create user profiles.

3. Legal basis for data processing

The legal basis for the processing of personal data using technical cookies is Art. 6 Para. 1 S. 1 lit. f GDPR.

4. Duration of storage and possibility of objection and erasure

Cookies are stored on the user's device and transmitted to our server by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our app, it is possible that not all functions of the app can be used to their full extent.

The app is hosted on servers of a service provider commissioned by us.

Our service providers Cloud built on AWS – Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you use the app. The stored information is:

• Browser type and version
• Used operating system
• Referrer URL
• Hostname of the accessing computer
• Time and date of the server request
• IP address of the user's device
   

This data will not be merged with other data sources.

The server of the app is geographically located in Frankfurt, Germany. Nevertheless, we cannot rule out the possibility that your data may also be processed in the USA. The USA currently does not have an adequate level of protection, which may result in security risks.

We make sure that the requirements under the GDPR concerning transfers to third countries are met. Therefore, transfers may only take place if the special requirements of Art. 44 - 49 GDPR are fulfilled.

To protect data, AWS uses, among others, Standard Contractual Clauses (SCC). These were provided by the EU Commission and are intended to ensure that the data transfer complies with the protection standards even if your data is transferred to and stored in third countries such as the USA.
The data is collected on the basis of Art. 6 para. 1 lit. f GDPR.
The apps operator has a legitimate interest in the technically error-free presentation and optimization of his app - for this the server log files must be recorded.

We use the IP address and other information provided by the user (e.g. the postal code used for registration or ordering) to approach regional target groups (so-called "geotargeting").

The regional target group approach is used, for example, to automatically display regional offers or advertisements that often are more relevant to users. The legal basis for the use of the IP address and any other information provided by the user (e.g. postal code) is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in ensuring a more precise target group approach and thus providing offers and advertising with greater relevance for our users.

Part of the IP address and the additional information provided by the user (e.g. postal code) are merely processed and not stored separately.

You can prevent geotargeting by, for example, using a VPN or proxy server that prevents accurate localization. In addition, depending on the browser you are using, you can also deactivate a location localisation in the corresponding browser settings (as far as this is supported by the respective browser).

We use geotargeting on our app for the following purposes:

• Weather forecast
• Control of smart devices according to the weather

1. Description and scope of data processing

We offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected as part of the registration process:

• Email address
• Pseudonym
• Telephone / mobile phone number
• IP address of the user's device
• Date and time of registration

 

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Purpose of data processing

Registration of the user is required for the provision of certain content and services on our app.

• Usage of the app
• Multi-user functionality

 

3. Legal basis for data processing

The processing of the aforementioned data is necessary for the execution of the user contract, which forms the basis for the use of the app and the related services.  Hence the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. In addition for the aforementioned purposes, our legitimate interest lies in the processing of data in compliance with Art. 6 para. 1 s. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for the data collected during the registration process if the registration is cancelled or modified on our app.

5. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
The user is given the opportunity to object to the processing by e-mail request.

In order to do so, please send an email to: privacy@ledvance.com 

6. Account deletion

As a user you have the possibility to cancel the registration at any time. You can request a change to the data stored about you at any time.
The user can request the deletion of his account within his account via a corresponding button.

Amazon CloudFront

1. Description and scope of data processing

We use functions of the Amazon CloudFront content delivery network of Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon CloudFront). A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet to deliver content, especially large media files such as videos. Amazon CloudFront provides web optimization and security services that we use to improve the load times of our app and protect it from misuse. When you use our app, a connection will be established to Amazon CloudFront's servers to retrieve content, for example. This allows personal data to be stored and evaluated in server log files, in particular the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and the operating system).

This data can be transferred to servers of AWS Cloudfront in the USA and to AWS. The USA currently does not have an adequate level of protection, which may result in security risks.

We make sure that the requirements under the GDPR concerning transfers to third countries are met. Therefore, transfers may only take place if the special requirements of Art. 44 - 49 GDPR are fulfilled.
For more information on Amazon CloudFront's collection and storage of data, please visit: 

 https://aws.amazon.com/de/privacy/

2. Purpose of data processing

Amazon CloudFront features are used to deliver and accelerate online applications and content.


3. Legal basis for data processing

The data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The app´s operator has a legitimate interest in the technically error-free presentation and optimization of his app - for this the server log files must be recorded.

4. Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

5. Objection and erasure

Information about objection and erasure options regarding Amazon CloudFront can be found at:

https://aws.amazon.com/de/privacy/

1. Description and scope of data processing

We collect telemetry data in our app. In the course of telemetry data processing, the behaviour within the app and device information such as

• Model
• and OS version

 

of the user, but no personal data whatsoever.

2. Purpose of data processing

The data are processed for the following purposes:

• Infrastructure monitoring
• Application monitoring
• Resource optimisation
• Troubleshooting
• Functional data analysis of the Smart Device
• User behaviour
• Analysis of the app performance:
   
  • Launch speed of the app
  • Charging times
  • Times for jumps between pages
  • Usage of the buttons

 

3. Legal basis for the data processing

These data are recorded on the basis of Art. 6 para. 1 lit. f GDPR. The app operator has a legitimate interest in the technically error-free display and optimisation of his app - for this purpose the server log files must be recorded.

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

5. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
To make the objection valid, users can write an informal e-mail to privacy@ledvance.com, or remove the data by deleting the account and the app.

1. Description and scope of data processing

We collect telemetry data in our App for error reporting. To do this, we use the Firebase Analytics tool by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its representative in the European Union, Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google), in particular, Firebase Crashlytics.
Firebase Crashlytics can be used to determine the impact of a crash and investigate its cause. This immediately improves the stability and performance of the application for the users. Therefore, we use Firebase Crashlytics for the security and stability of the App application.These services are an integral part of our offer and cannot be deactivated. Data is transmitted anonymously and not personalized to Google.
The use of Firebase Analytics, in particular Firebase Crashlytics can result in data transmission to US servers. The USA is currently considered an insecure third country under the European data protection law. It is possible that personal data may be subject to access by U.S. authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights may be enforceable.
To ensure adequate safeguards for the protection of the transfer and processing of personal data outside the EU, data are transferred to and processed by Google on the basis of appropriate safeguards in accordance with Art. 46 et seq. GDPR, in particular through the conclusion of the so-called standard data protection clauses set out in Art. 46(2)(c) GDPR.

You can find more information on data processing by Firebase Analytics here: https://firebase.google.com/support/privacy
and in the Google Privacy Policy.

Firebase Crashlytics is used for Android and iOS crash reporting und integrated in the firebase tool. Information on data processing by Crashlytics can be viewed here:
https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms https://firebase.google.com/terms/crashlytics-app-distribution-mcc https://support.google.com/chromecast/answer/6076570?hl=de

To ensure the App's functionality, the following authorisations are requested or the hardware components of the end device are used:

• Camera
• Local area network
• External memory

2. Purpose of data processing

The purpose of the processing is to ensure the App's functionality and to generate error reports in the event of errors.

3. Legal basis for data processing

The legal basis for the processing of your personal data is Art. 6(1)(1)(f) GDPR. We have a legitimate interest in providing a functional App and continuous improvement in the event of malfunctions.

4. Storage duration

Personal data shall be stored for as long as it is necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g., for tax and accounting purposes.

5. Objection and erasure

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 (1) (f)GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
In order to do so, please send an email to: privacy@ledvance.com 

1. Description of the use of SDKs

We use SDKs to provide functional modules. For this purpose, the used code is embedded into the SDKs.

2. Third party libraries used for iOS

• AFNetworking
• CocoaAsyncSocket
• CocoaLumberjack
• DACircularProgress
• FBSDKCoreKit
• FBSDKLoginKit
• FBSDKShareKit
• FLAnimatedImage
• FMDB
• IQKeyboardManager
• Libextobjc
• lottie-ios
• Masonry
• MBProgressHUD
• MJRefresh
• MMKV
• MQTTClient
• OCMock
• OpenSSL-Universal
• Reachability
• SDWebImage
• SQLCipher
• SSZipArchive
• TPCircularBuffer
• TZImagePickerController
• UICKeyChainStore
• YYModel

 

3. Third party libraries used for Android

• Firebase messaging
• Google map
• Google speech
• Google play services location
• Gson
• recyclerview-swipe
• recyclerview-animators
• SwitchButton
• Flexbox
• Openssl
• Fastjson
• Eventbus
• OKHttp
• RxJava
• Lottie
• Systembartint
• adapterdelegates3
• MPAndroidChart
• TextLayoutBuilder
• android-jsc
• mqttv3
• Fresco
• React-native
• DSBridge-Android
• Grpc
• Libevent
• Mars
• MMKV
• Litho
• LDNetDiagnoService_Android
• LoopView
• grpc-java
• react-native-svg
• react-native-image-picker
• wcdb
• zxing
• commons-compress
• soloader
• bouncycastle
• Android-BluetoothKit
• Android-nRF-Mesh-Library
• Kotlin
• Android Support
• Matrix
• Mbedtls
• Libuv
• Libsrtp
• Cjson
• Kcp
• Curl
• FFmpeg
• Rapidjson

 

The SDK are used on the basis of Art. 6 para. 1 lit. f GDPR.

We have a legitimate interest in the technically error-free display and optimization of our app - for this purpose the SDK must be used.

You can use backup services to back up settings and data from apps on your device. Backed-up information is transferred to and stored on the server of the backup service you are using and can be restored to the original device or another device. The scope of data collection depends on the backup service used, but in particular, app settings and data, the user name, the email address, the customer number of your account, the time of the backup and the individual device ID can be processed. The processing of this data is carried out exclusively by the provider of the backup service used and is beyond our sphere of influence.

As far as your personal data is processed, you have the following rights as a data subject, provided that the legal requirements are met:

• Right to information and disclosure (Art 15 GDPR).
• Right of rectification and erasure (Art 16, 17 GDPR); if erasure is not possible, processing may be restricted (see below).
• Restriction of processing (Art 18 GDPR)
• Objection to data processing (Art 21 GDPR)
• Data portability (Art 20 GDPR)
• Withdrawal of consent (Art 7(3) GDPR)
• Right of appeal to the supervisory authority (Art 77 GDPR)

 
You will find more detailed explanations below.

Right to object
You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

What right do you have in the event of data processing for legitimate or public interest?
Pursuant to Article 21 para. 1 GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para.1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision.
In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

What right do you have in the event of data processing for direct marketing?
If we process your personal data for direct marketing purposes, you have the right pursuant to Art. 21 para. 2 GDPR to object at any time to the processing of personal data concerning you for the purpose of such advertising, this also applies to profiling insofar as it is associated with such direct marketing.
In the event of your objection to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Revocation of consent
You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for the future.

Right to information
You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.

Further rights
In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice.
In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority (Article 77 GDPR).

Assertion of your rights
To exercise your rights, you can contact the controller or the data protection officer using the contact details above. We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.
 

If the purpose or manner of processing your personal data changes significantly, we will update this information in time and inform you about the changes.