Table of contents
I. Identity and contact details of the data controller
II. Contact details of the data protection officer
III. Permissions
IV. Data processing in the SMART+ app in general
V. Data processing when starting the app
VI. Data processing when using a user account
VII. Provision of the app an creation of log files
VIII. Hosting
IX. Content delivery networks
X. Telemetry data
XI. Usage of firebase-crashlytics
XII. Usage of sdk
XIII. Dataprocessing with special services
XIV. Data processing by backup services
XV. Rights of the data subject
XVI. Changes to this information
The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other national data protection laws of the Member States as well as other data protection regulations is:
LEDVANCE GmbH
Parkring 1-5
85748 Garching
Germany
+49 89 780673-100
contact@ledvance.com
https://www.ledvance.com
The designated data protection officer is:
Mr. Matthias Lindner
bDSB LEDVANCE
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
Germany
privacy@ledvance.com
The following authorizations are required to implement the functions in the app:
On this page we inform you about the privacy policy of the SMART + App for Android and iOS ("App"). The App is offered by LEDVANCE GmbH, Parkring 1-5, 85748 Garching near Munich, Germany ("LEDVANCE GmbH", "we" or "us").
Unless otherwise stated in this privacy policy the following applies:
1. Scope of processing
The App is used for technical control of SMART+ devices and provides direct technical support for users. Multi-user access is enabled.
2. Control of smart devices and information associated with these devices
With this App, you can control various smart products, provided that these devices are designed for this purpose.
Depending on which of these devices you want to control with this app, different data may be affected.
In some cases (e.g. if they are linked to a user account), this data may be assigned to you or third parties. If you use third-party data in the app, you are responsible for obtaining the appropriate usage rights. This is the case, for example, if you control smart video cameras with the app. In this case, you are responsible for ensuring that these video recordings are permitted.
A list and detailed description of the data used with our smart devices can be found on our website here.
3. Personal reference and user account
When the app is installed, a unique ID is generated and stored on Ledvance servers. This ID cannot be linked to a specific person unless the user registers with their email address.
In principle, the use of the app does not require user registration.
Depending on the device to be controlled, user registration with an email address and password (user account) may be necessary in individual cases (e.g. for multiple users or camera integration).
A current list of products that require a user account can be found here.
4. Purpose of processing in general
The general purpose of processing personal data with the app is to allow users of the App to have technical control of SMART+ devices and for technical support by LEDVANCE.
5. Legal basis for the processing of personal data in the SMART+ App in general
Where the app uses personal data this is necessary for the execution of the user contract, which forms the basis for the use of the app and the related services. This includes processing in order to safeguard your data and error detection as well as supporting users. Therefore the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR.
There may be situations where we do not only use your data to fulfil the contract (e.g., to fulfil obligations to public bodies). The legal basis in those cases is either your consent or, depending on the situation, another legal basis within the meaning of Art. 6 GDPR.
In some cases the processing of technical data serves to safeguard a legitimate interest of our company in providing a functional application for users and is therefore based on Art. 6 para. 1 sentence 1 lit. f GDPR as the legal basis for the processing.
6. Duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. In addition, data will not be deleted if and as long as we have an overriding legitimate interest in doing so (e.g. to protect our rights or defend ourselves against legal claims).
The following data is processed when the app is started:
· Information about the type and version of the app
· Operating system of the user
· Date and time of access
· Language settings
· Time zone of the device
The servers automatically collect and store information in so-called server log files, which your device automatically transmits when you use the app. The stored information is:
· smartphone type and model number
· Operating system used
· Referrer-URL
· Date and time of the server request
· IP address
Third parties do not have access to server log files. This data is not merged with other data sources.
The following data is processed when using a user account:
· Username (optional)
· Password
· E-Mail-address
· Profilepicture (optional)
· Timezone location
Deleting a user account will result in the deletion of all associated data.
Regular users can delete their accounts themselves. Instructions on how to do this can be found here.
Guest accounts can only be deleted by regular user.
In addition, authorised account holders can also request the deletion of their accounts by sending an email to the following address: privacy@ledvance.com
Please note that certain functions (e.g. video storage from smart video cameras in the cloud) require a valid user account. If such accounts are deleted, these functions will no longer be available.
1. Description and scope of data processing
Each time our app is accessed, our system automatically collects data and relevant information from the computer system of the calling device.
The following data is collected:
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary for the delivery of the app to the device of the user. For this purpose, the user’s IP address must be kept for the duration of the session.
The storage in logfiles is done to ensure the functionality of the app. The data is also used to optimise the app and to ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place.
3. Legal basis for data processing
The processing of the aforementioned data is necessary for the execution of the user contract, which forms the basis for the use of the app and the related services. Hence the legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. In addition for the aforementioned purposes, our legitimate interest lies in the processing of data in compliance with Art. 6 para. 1 s. 1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The session is complete when the collection of data for the provision of the app is accomplished.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is not possible.
5. Objection and erasure
Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
The user is given the opportunity to object to the processing by e-mail request.
In order to do so, please send an email to: privacy@ledvance.com
A) general cloud data (e.G. app ID pls see above IV 3)
This is active as log the app is used
b) optional Cloud storage for video
This only applies if this service is booked within the app
In any event the app cloud is hosted on servers of a service provider commissioned by us.
However, in order to book this Cloud storage option for video, you must agree to the paid user agreement with the cloud storage provider for this service (Tuya).
Our service providers Cloud built on AWS – Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you use the app. The stored information is:
Browser type and version
Used operating system
Referrer URL
Hostname of the accessing computer
Time and date of the server request
IP address of the user's device
This data will not be merged with other data sources.
The server of the app is geographically located in Frankfurt, Germany. Nevertheless, we cannot rule out the possibility that your data may also be processed in the USA. The USA currently does not have an adequate level of protection, which may result in security risks.
We make sure that the requirements under the GDPR concerning transfers to third countries are met. Therefore, transfers may only take place if the special requirements of Art. 44 - 49 GDPR are fulfilled.
Amazon.com, Inc. including Amazon Web Services, has certified itself under the Data Privacy Framework (DPF) program. This means that Amazon has publicly committed to complying with the DPF obligations and the data transfer to the USA is based on this currently valid adequacy decision of the European Commission. Insofar as data is otherwise processed outside the EU/EEA, we have concluded the standard data protection clauses (SSCs) defined by the EU Commission in accordance with Art. 46 GDPR in order to create a secure level of data protection.
To protect data, AWS uses, among others, Standard Contractual Clauses (SCC). These were provided by the EU Commission and are intended to ensure that the data transfer complies with the protection standards even if your data is transferred to and stored in third countries such as the USA.
The data is collected on the basis of Art. 6 para. 1 lit. f GDPR.
The apps operator has a legitimate interest in the technically error-free presentation and optimization of his app - for this the server log files must be recorded.
Amazon CloudFront
1. Description and scope of data processing
We use functions of the Amazon CloudFront content delivery network of Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon CloudFront). A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet to deliver content, especially large media files such as videos. Amazon CloudFront provides web optimization and security services that we use to improve the load times of our app and protect it from misuse. When you use our app, a connection will be established to Amazon CloudFront's servers to retrieve content, for example. This allows personal data to be stored and evaluated in server log files, in particular the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and the operating system).
This data can be transferred to servers of AWS Cloudfront in the USA and to AWS. The USA currently does not have an adequate level of protection, which may result in security risks.
Amazon.com, Inc. including Amazon Web Services, has certified itself under the Data Privacy Framework (DPF) program. This means that Amazon has publicly committed to complying with the DPF obligations and the data transfer to the USA is based on this currently valid adequacy decision of the European Commission.
Insofar as data is otherwise processed outside the EU/EEA, we have either concluded the standard data protection clauses (SSCs) defined by the EU Commission in accordance with Art. 46 GDPR in order to create a secure level of data protection or
otherwise ensured that the requirements under the GDPR concerning transfers to third countries are met. Therefore, transfers may only take place if the special requirements of Art. 44 - 49 GDPR are fulfilled.
For more information on Amazon CloudFront's collection and storage of data, please visit:
https://aws.amazon.com/de/privacy/
2. Purpose of data processing
Amazon CloudFront features are used to deliver and accelerate online applications and content.
3. Legal basis for data processing
The data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The app´s operator has a legitimate interest in the technically error-free presentation and optimization of his app - for this the server log files must be recorded.
4. Duration of storage
Your personal information will be retained for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.
5. Objection and erasure
Information about objection and erasure options regarding Amazon CloudFront can be found at:
https://aws.amazon.com/de/privacy
1. Description and scope of data processing
We collect telemetry data in our app. In the course of telemetry data processing, the behaviour within the app and device information such as
2. Purpose of data processing
The data are processed for the following purposes:
3. Legal basis for the data processing
These data are recorded on the basis of Art. 6 para. 1 lit. f GDPR. The app operator has a legitimate interest in the technically error-free display and optimisation of his app - for this purpose the server log files must be recorded.
4. Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.
5. Objection and erasure
Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision. Whether or not the objection is successful, shall be determined through the balancing of interests.
To make the objection valid, users can write an informal e-mail to privacy@ledvance.com, or remove the data by deleting the account and the app.
1. Description of the use of SDKs
We use SDKs to provide functional modules. For this purpose, the used code is embedded into the SDKs.
2. Third party libraries used for iOS
Certain functions of the app require additional or different processing of personal data. You will find the relevant information below
Smart video camera services
When using smart camera devices with the App, the following special features apply.
You are responsible for ensuring that the video and audio data itself is processed and used by you in a lawful manner.
1. Use without cloud storage
Video and audio files are stored on your device.
You have full access to them and can also delete the data yourself.
2. Use of the cloud storage option
To do this, you need a user account and must
activate the corresponding cloud storage option in the app
This involves confirming a corresponding paid usage agreement with Tuya.
You can then also use the booked cloud storage via the app for video and audio files (save and delete).
You can use backup services to back up settings and data from apps on your device. Backed-up information is transferred to and stored on the server of the backup service you are using and can be restored to the original device or another device. The scope of data collection depends on the backup service used, but in particular, app settings and data, the user name, the email address, the customer number of your account, the time of the backup and the individual device ID can be processed. The processing of this data is carried out exclusively by the provider of the backup service used and is beyond our sphere of influence.
With regard to the option offered in the app for storing video data in the cloud, please note the information under ‘XV. DATA PROCESSING WITH SPECIAL SERVICES’.
Do you have problems with one of our SMART+ products? We are happy to help you.