The protection and security of your personal data is our top priority. Accordingly, we comply with the statutory regulations in order to offer your data the best possible protection.
When using the BEGA Connect Web App (hereinafter also referred to as the "Web App") and your BEGA connectors, as little personal data or device data as possible is processed. Nevertheless, individual functions or services cannot be used or can only be used to a limited extent without the processing of personal data.
In the following, we would like to inform you about the type, scope and purpose of data collection and its use.
The BEGA Connect Web App enables the user to control and configure BEGA components.
is responsible for the operation of the app and thus for the processing of personal data: BEGA Gantenbrink-Leuchten KG P.O. Box 3160 D-58689 Menden [email protected] (hereinafter referred to as "we" or "BEGA").
The data protection officer responsible for BEGA is Mr M. Helling c/o BEGA Gantenbrink-Leuchten KG P.O. Box 3160 D-58689 Menden [email protected]
General terms: This privacy policy uses terms according to the way they are defined in the GDPR. The definitions (Art. 4 GDPR) can be viewed here, for example: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679
BEGA ID is the assigned individual identification number (ID) using which BEGA customers may register in the customer portal. The app does not access plain data on the basis of which the customer could be identified from the app; instead, it only accesses the ID (pseudonymisation)
Cookies are text files that are stored on or read from your device by a website or a mobile application connected to the internet. They contain combinations of letters and numbers in order for example to recognise the user and the user's settings when reconnecting to the service placing the cookie, to make it possible to remain logged in to a customer account, or to statistically analyse a particular user behaviour.
Categories of data that we mention in this privacy policy particularly include
Personal data (Art. 4 (1) GDPR) means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data will be deleted as soon as the purpose of the processing no longer applies or the BEGA ID is deleted, or a prescribed storage period expires, unless further storage of the personal data is necessary to fulfil another contractual or general legal obligation towards the user.
Recipients of personal data are employees of BEGA who, according to a graduated authorisation concept, must process data for the purposes listed below if necessary in order to be able to implement the desired services and functions of the app. In addition, so-called processors in accordance with Art. 28 GDPR may receive data in the course of a service provider function, such as our IT service providers. Our service providers process personal data in accordance with instructions within the European Union or the European Economic Area or in a third country if this is permitted under an adequacy decision or other suitable guarantees (Art. 44 et seq. GDPR). We contractually oblige our service providers to take appropriate technical and organisational measures to ensure data protection and to maintain data secrecy. Data processing in a so-called third country does not take place unless expressly indicated in this privacy policy. With regard to the transfer of data to other recipients, we only pass on information about users if this is required by law, if the user has consented or if we are authorised to do so.
As a data subject within the meaning of the GDPR, users of the app have various rights to ensure the protection of their privacy. These are: the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure.
The user also has the right to revoke consent once given (Art. 6 para. 1 lit. a GDPR) (Art. 7 para. 3 GDPR). The proper revocation of consent does not affect the legality of the data collection carried out up to that point.
In addition, the user has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, Article 21 GDPR.
You also have the right to lodge a complaint with a data protection supervisory authority (Art 77 GDPR in conjunction with Section 19 BDSG). The data protection supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, e-mail: [email protected]. Data subjects are free to contact any other data protection supervisory authority.
We do not use automated decision-making in individual cases, including profiling, to reach such a decision in accordance with Art. 22 (1) and (4) GDPR.
The following explanations relate to the processing of personal data by the BEGA Connect app.
(a) Description and purposes of the processing
When the web app is activated or called up, data is regularly transmitted, such as the IP address and further information about the end device used (smartphone, tablet, computer, etc.), the operating system used (iOS, Android with the respective version number), log files about the time of access to the web app, the so-called referrer URL and the amount of data transferred. We cannot identify individual users based on this data. The information helps us to determine the attractiveness of our offer and, if necessary, to improve its performance or content and make it even more interesting, but also to maintain an appropriate level of data and IT security by being able to understand whether our web app is being accessed legally. This is our legitimate interest.
(b) Legal basis
Legitimate interests, Art. 6 para. 1 letter f GDPR
(c) Data categories covered
Usage data, traffic data
(d) Recipients of the data outside the app
No
(e) Transfer to a third country outside the EU / EEA
No
(f) Storage period
Until the account is deactivated or deleted.
(a) Description and purposes of the processing
No registration is required to access the web app. However, registration with the BEGA ID is technically necessary to use the functions of the web app, e.g. to transfer a Connect system to another end device (smartphone, tablet, laptop, PC, etc.) or to another user, as well as for the (shared) use of a Connect system by one or more users via the Internet (web browser).
For these types of use, the user registers via the BEGA website. After registration, only the BEGA ID is recorded within the web app. The BEGA ID is the only identifier within the app. It is not merged with customer data outside the app, e.g. for profiling or personalised advertising purposes.
(b) Legal basis
Performance of the contractual services, Art. 6 para. 1 letter b GDPR
(c) Data categories covered
BEGA-ID
(d) Recipients of the data outside the app
Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany; hosting provider (MS Azure Cloud) ("Microsoft").
(e) Transfer to a third country outside the EU / EEA
Not provided for. However, there is an order processing contract with Microsoft (Art. 28 GDPR), which also covers so-called EU standard contractual clauses. As additional protective measures, data is only transmitted in encrypted form and is highly pseudonymised, i.e. only a so-called token ID (sequence of numbers) is stored, which is not personally identifiable for third parties.
(f) Storage period
Until the account is deactivated or deleted.
(a) Description and purposes of data processing
Registered users with a BEGA ID can use the closed area to manage products and services.
BEGA also uses functionally required session ID cookies within the closed area. As soon as the user has logged into the closed area, the session ID cookies store the link to the website that was open at the time of login, the language selected at the time of login and the value as to whether the user should be shown the privacy policy. In addition, the remote user ID, the user ID and the email address are also recorded as part of the BEGA ID. The session ID cookies used by BEGA are only stored in the user's web browser for the current session and are automatically deleted when the browser is closed.
The use of the closed user area requires that the user authorises the session ID cookies used by BEGA and the storage of data using session storage.
(b) Legal basis
Art. 6 para. 1 lit. b, f GDPR
(c) Data categories covered
Usage data, BEGA-ID
(d) Recipients of the data outside the app
None.
(e) Transfer to a third country outside the EU / EEA
Not provided.
(f) Storage period
Until the session cookies or the entire account are deactivated or deleted.
(a) Description and purposes of the processing
An error diagnosis service is used as part of the BEGA Connect web app to ensure the stability and reliability of the web app and to constantly improve it. To do this, we rely on anonymised crash reports. For this purpose, we have installed on our server the software of the "Sentry" analysis service from the provider Functional Software, Inc. dba Sentry, 45 Fremont St, San Francisco, California 94105, US. (https://sentry.io) is installed. Sentry uses cookies and similar technologies to log and monitor errors that can be recognised in the source code and to improve the technical functionality and performance of our web app. In order to respond to error messages and possible speed deficits, we transmit anonymised error/log data about the use of the web app to our Sentry software, within which this data is evaluated. This is so-called metadata, such as information about the operating system and browser used, the programming language used, possible causes of errors and the server used. We delete the stored data ("events") after 90 days at the latest. In addition, back-ups are stored for a further 90 days and then automatically deleted.
We have implemented the cloud version of Sentry. Data transfer to the USA cannot be ruled out. We have therefore concluded additional data protection agreements with Sentry in the form of so-called EU standard contractual clauses, which ensure an appropriate level of data protection.
Further information on Sentry's terms of use and data protection can be found at https://sentry.io/terms/ and https://sentry.io/privacy/.
(b) Legal basis
Legitimate interest, Art. 6 para. 1 letter f GDPR
(c) Data categories covered
Traffic data, usage data
(d) Recipients of the data outside the web app
None.
(e) Transfer to a third country outside the EU / EEA
Yes (USA). EU standard contractual clauses have been agreed.
(f) Storage period
Maximum 90 days plus 90 days back-up.
The following explanations relate to the software-supported processing of data through the initialisation and use of the BEGA Connector.
(a) Description and purposes of the processing
When using the software implemented in the Connector, data is regularly transmitted, such as the device ID and log files. In the event of serious system errors (crashes, etc.), this data may be shared with our software service provider. The information is required to ensure the functionality and optimisation of the software and to guarantee the security of our information technology systems. We cannot identify individual users on the basis of this data. Should such data be personally identifiable in individual cases, the data processing serves our legitimate interest.
(b) Legal basis
Legitimate interests, Art. 6 para. 1 letter f GDPR
(c) Data categories covered
Usage data, traffic data
(d) Recipients of the data outside the app
IT service provider (Art. 28 GDPR).
(e) Transfer to a third country outside the EU / EEA
No
(f) Storage period
Until the app is deactivated or deleted
(a) Description and purposes of the processing
The BEGA ID token is registered in our cloud database as part of the initialisation of the connector for remote access to BEGA luminaires. This transmission takes place automatically.
Only the BEGA ID is recorded after transmission. Merging with customer data, e.g. for the purposes of profiling or personalised advertising, is excluded.
(b) Legal basis
Performance of the contractual services, Art. 6 para. 1 letter b GDPR.
(c) Data categories covered
BEGA-ID
(d) Recipients of the data outside the app
Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany; hosting provider (MS Azure Cloud) ("Microsoft").
(e) Transfer to a third country outside the EU / EEA
Not provided for. However, there is an order processing contract with Microsoft (Art. 28 GDPR), which also covers so-called EU standard contractual clauses. As additional protective measures, data is only transmitted in encrypted form and is highly pseudonymised, i.e. only a so-called token ID (sequence of numbers) is stored, which is not personally identifiable for third parties.
(f) Storage period
Until the account is deactivated or deleted.
Disclaimer This privacy policy applies to the BEGA Connect web app and the BEGA Connector. If interfaces to third-party services are integrated within the web app, we are not responsible for any data processing that takes place there. We are not obliged to check whether content from third parties that can be accessed via the Web App is compliant with data protection regulations or not, nor do we carry out any such checks. We reserve the right to change or adapt the privacy policy at any time. We therefore ask our users to keep themselves regularly informed about possible changes to the privacy policy at this point. Changes may be made in particular if we expand or change functions.