1.0 General information
1.1 Controller within the meaning of data protection law
Otto Wilde Grillers GmbH
40219 Düsseldorf, Germany
Phone: 0211 54213030
1.2 Data Protection Officer
When contacting our Data Protection Officer, please specify the company to which your request relates. Please refrain from enclosing sensitive information such as a copy of an identification document with your request.
2. Data collection regarding the use of our app
2.1 Access to and storage of information in terminal equipment
By using our app, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.
In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our app), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities in our app.
2.2 Information collected during download of the app
2.3 Data processing when using the app
As part of your use of the app, we collect certain data that is required for the provision and use of the app. The following data is processed for these purposes: internal device ID, version of your operating system, time of access, IP address, content of access.
This data is automatically transmitted to us in order to provide you with the service and related functions and to prevent and resolve misuse and malfunctions. This data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in ensuring the functionality and error-free operation of the app.
Our database and microservices are hosted by AWS. The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter: AWS). We have concluded a data processing agreement with AWS in which we bind them to protect the data of our customers and to process it strictly in accordance with our instructions. By using AWS, personal data may also be transmitted to the parent company of AWS in the U.S. In this case, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the country outside the EU.
2.4 Technical functions of the app
The app requires the following permissions for the full use of our services:
- Internet access: This is required to load data from our content management system and to receive sensor data from the grill.
- Bluetooth: This function is required to enable the G32 Grill to connect to the app via Bluetooth.
- Location (Access fine location): This function is required to enable the G32 Grill to connect to the app via Wi-Fi.
Camera access: This is needed to
- facilitate the connection via Wi-Fi with the G32 Grill by scanning a QR code.
- create a profile picture with the camera.
- File System of the device: This access is required to select a profile picture from the gallery of the device.
- Push Notifications: This is needed to send you push notifications about [...].
- ATT (App Tracking Transparency - for iOS): This functions asks whether you give your consent to the processing of your personal data (the so-called "advertising ID" of your Apple device and associated data) for tracking purposes across devices and apps.
The permissions to access the above functions are explicitly requested at the latest during the first use of the app on the device and can be confirmed or denied.
If you have granted the individual permission, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. A granted authorization can be cancelled in the settings of the device in most cases at any time (however, this depends on the device and the operating system, which we have no influence of). The lawfulness of the data processing already carried out remains unaffected by the revocation. Please note that permissions that have not been granted may restrict the use of the app.
2.5 Creation of a user account (registration) and login
You can download our app from the app store without registering with us. Personal data is not collected for us in the course of downloading the app. Nor is any personal data passed on to us by the app store provider. However, you cannot make meaningful use of our apps without registering for our app. / In principle, it is possible to use the app without registering, but with registration you can use further offers and functionalities in our app.
When you create a user account or sign up, we use your credentials (first and last name, email address and password) to grant you access to and manage your user account ("mandatory data"). Mandatory data is marked as such and is required for the use of the app or the use of further functionalities. If you do not provide this data, you will not be able to create a user account.
Furthermore, on the basis of our legitimate interest to ensure the functionality and error-free operation of the app and to detect misuse pursuant to Art. 6 para. 1 lit. f GDPR, the following data will be collected and processed by us when you use the app:
Date of your registration
Date of your last login
2.6 Push Notifications
Our app uses push services of the system providers. These are short messages that are shown on the user's display with the user's consent and with which the user is actively informed about meat probe temperature, zone probe temperature, low gas level, grill connection lost, sudden change in gas level and timers.
In the case of the use of push notifications, a device token from Apple or a registration ID from Google is assigned. The sole purpose of their use by us is the provision of the push services. These are only encrypted device IDs. We cannot draw any conclusions about the individual user. When registering for push notifications, the following data is also transmitted to us:
IP address of the requesting device
Date and time of registration
During the installation of our app, you can decide whether you want to use this functionality. To unsubscribe from the push notifications at a later date, you can use the unsubscribe option in our app. You can find this option under preferences/notifications.
The collection and processing of device-specific information is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future via the above-mentioned settings option.
2.7 Google Firebase
In our app, we use the service "Google Firebase", an analysis and monitoring tool of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) ("Google"). As part of the use of Google Firebase, mobile device identifiers, including so called Mobile advertising IDs, Analytics App Instance IDs, IDFVs/Android IDs and Instance IDs are processed by Google on our behalf.
We use the following Google Firebase features in our app:
- Analytics: This feature uses mobile device identifiers and cookie-like technologies to analyse user behaviour (e.g. your screen views, buttons pressed, in-app purchases or the effectiveness of advertising) in the app. This enables us to improve our app and advertising measures based on the needs of our users. You can find more information on data collection here: https://support.google.com/firebase/answer/6318039?hl=de
- Crashlytics: This feature allows us to technically analyse crashes. For this purpose, various data (e.g. the timestamp, when the app was started and when the crash occurred) is processed, that enable us to diagnose and solve problems in our app. In individual cases, this data may also contain personal data (e.g. pseudonymised device IDs). This personal data is not combined with your other profile information.
- Performance Monitoring: This is used to create and analyse reports on the network behaviour of our app to be able to improve the stability of the infrastructure and thus the performance of our app. This only monitors the network behaviour between the app and its own endpoints that can be reached via the internet. For example, we use this to determine the average time that is needed to start the app.
- Dynamic Links: This allows the user and optimises the sharing of content from the app via the share function.
- Remote Config Personalisation (Predictions): This feature applies machine learning to analytics data collected by Google Firebase to create dynamic user segments in the app based on the predicted behaviour of our app users.
- In-App Messaging: This is used to deliver so-called in-app messages (notifications/campaigns that are only displayed in the specific app). For this purpose, a pseudonymised push reference is assigned to the mobile device, which serves as the "destination" for the in-app message.
The aforementioned processing of personal data through the use of the service only consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future via the settings in our app preferences/firebase.
The information generated about the use of our app is transmitted with an anonymised IP address to a Google server in the U.S. and stored there. Since a transfer of personal data to the U.S. and other third countries takes place, furtherappropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. and other third countries to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S. and other third countries.
Depending on the purpose, the data transferred to Google will be deleted within 60 days to 14 months and then only used by us in anonymised form, i.e. without personal reference.
3. Data transfer and recipients
Your personal data is not transferred to third parties, unless
we have explicitly pointed this out in the description of the respective data processing.
you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR,
the transfer pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern app-hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers. These include our service provider for app hosting (here the hosting provider RUVDS is used with server location in Germany).
4. Storage period
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
Data collected for the orthodontists within the scope of commissioned processing will be deleted after the end of the contract or after the end of the commissioned processing as instructed by the client.
5. Your rights
In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:
The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
6. Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to firstname.lastname@example.org
7. Necessity of providing personal data
The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.
8. Automated decision making / profiling
Automated decision making or profiling according to Art. 22 GDPR does not take place.
9. Subject to change