Data Protection Notice for Einhell Connect

The entity responsible for processing your data is Einhell Germany AG. Exceptions in this regard are described in this data protection notice.

Our contact information is as follows:

Einhell Germany AG
Wiesenweg 22
94405 Landau/Isar, Deutschland
E-Mail: [email protected]

Contact information for the Data Protection Office is available under No. 20 below.

Personal data is specific information relating to the personal or factual circumstances of an identifiable person. This includes information such as IP address and browser settings, your form of address, your correct name, your address, your email address, your phone number, your date of birth, and information about your Einhell products, for example. Personal information that cannot be directly associated with your true identity – such as your favourite websites or the number of users on a site, for example – is not considered personal information.

To use the Einhell Connect app it is necessary to create an account. Personal details such as your form of address, your name, your address, your company if applicable, your date of birth, phone number, email address, and information about your Einhell products are recorded as part of this registration.

The Company uses the personal data you provide for the purpose of the technical administration of the app, in providing services, for customer management only to the extent required for each respective purpose.

The legal basis for the processing of your personal data depends on the purpose underlying the processing.

5.1 Services

The legal basis for the processing of personal data for the purpose specified above is Art. 6(1) lit. b GDPR. We provide our services as part of fulfilling contractual obligations. We are unable to fulfil or perform the contract with you if we are unable to process personal data.

5.2 Einhell Connect app

The following data is collected or stored for the Einhell Connect app.

• Date: Required for operation
• Email address: This is required for registration and authentication.
• Password: This is required for registration and authentication.
• Country and language: This information is required for the language settings in the app and for marketing purposes.
• Newsletter subscription: This information is used to determine whether the newsletter is to be sent to the account holder or not.
• Device serial number: The device serial number is required for device registration and to identify the device in the app.
• Location: This information is required by the system but will not be stored or transmitted for Bluetooth mowers. An exception is if the location is entered for the Smart mode. In this case the location will be stored and is used for the calculation of the Smart mode. The information will be deleted if the user removes it within the application. For camera-based mower models, the location information (including but not limited to GNSS satellite positioning data) is obtained and processed by the device to ensure normal operation and provide core functions. The location data is only used for device positioning and path planning related services and is not used for user identification or third party marketing purposes. Bluetooth-ID: The Bluetooth ID is required for device registration and to identify the device in the app. Time and date of last synchronization: This information is required by our customer services department so that they can check that the available information is up-to-date in the event of servicing.
• Set schedules (days and times): This information is required for the „Schedules“ function.
• Set mowing areas (start point and frequency): This information is required for the „Zones“ function.
• Working time: This information is required for the „Statistics“ function.
• Mowing time: This information is required for the „Statistics“ function.
• Distance travelled: This information is required for the „Statistics“ function. Mower status: This information is required for the „Status indication“ function.
• Error messages: This information is required for the „Error messages“ function.
• Rain sensor setting: This information is required for the „Rain sensor setting“ function.
• Edge mowing setting: This information is required for the „Edge mowing setting“ function. FAQ's: This information is required for the „FAQs“ function.
• Email addresses of other users: The email addresses are saved to enable other users to use a registered device.
• Device name: The device name is stored for personalization by the user.
• Camera Images: Some mower models have a camera unit that generates images of the area in front of it and processes them. Real-time image frame data is collected by the device camera for vision-based obstacle avoidance and environmental perception. Image data is only used for device operation decisions and algorithm optimizations and is not used for user identification or third party marketing purposes. The device owner is able to share the camera data for customer service purposes, yet this is only done upon the owner's explicit request. Firmware version: The firmware version is required by our customer services department so that they can check that the firmware is up-to-date in the event of servicing. The information is also required for the „Firmware update“ function.
• Battery charge status: This information is saved so that it can be displayed in the app. It is also required by our customer services department that they can provide technical support to the customer in the event of servicing.
• Item number: This is not actively transmitted but is determined on the basis of the serial number and is required to register the device.
• Version number: This is not actively transmitted but is determined on the basis of the serial number and is required to register the device.
• MAC address: This is not actively transmitted by the app, but is part of the Bluetooth protocol and is provided to us by Android to identify the device.
• Sunset/sunrise times: This information is provided by camera-based mower models and sent to the Application as it is required for the setting and execution of schedules.
• Wi-Fi Information (local IP Address, Wi-Fi name, signal strength): This is required to establish a Wi-Fi connection for mower models that support a connection via Wi-Fi.

Permissions

The following permissions are required on the operating system for use of all functionalities of the app:

Camera: Capturing images and videos

Memory: Changing or deleting SD card content Reading SD card content 

You have the option to register your device in the app. To do this, you can either enter the serial number of the device or scan it using your camera. To do this, you will be asked for access to your camera. The use of the memory on your SD card is only required temporarily for registration. When registering a lawn mower via the camera, the app uses it exclusively as a scanner. Photographs are taken. However, these are only used temporarily to scan the serial number and are therefore not stored permanently.

Location: Accessing exact location (GPS and network-based)

Accessing the approximate location (network-based)

Other: Accessing Bluetooth settings

Accessing additional location provider commands

Bluetooth is used to connect your mobile end device and your lawn mower. This use requires location sharing as specified by the operating system. Without this, Bluetooth use is not possible.

We do not have access to the location ourselves at any time. This is not relevant for us, but is only required to pair the mobile device and the lawn mower via Bluetooth.

Accessing all networks

Retrieving network connections

Retrieving WLAN connections

Accessing internet data

These are used for the user's communication with the server, e.g. during the login process.

Deactivating the phone's sleep mode

This access is required if you activate push notifications, with which the app displays information on the lock screen, for example. Here, too, no data transmission takes place. It is also required for firmware updates for the robot lawn mower. New firmware is installed on the robot lawn mower via the app or the phone. As this update process can take a few minutes, we deactivate the sleep mode during this time so that the update process is not interrupted.

Reading the service configuration

This access is required when you submit a crash report

Your personal data is not transferred to third parties, unless required for the purpose of concluding a contract or you have explicitly given your consent. When providing services, it may, for example, be necessary for us to forward your address and order information to your wholesale partner, service partner. If we use external service providers, they are carefully selected and are obligated to comply with all data protection provisions in accordance with Art. 28 GDPR (see No. 5).

When you contact us by email or contact form, the information you provide is stored for the purpose of processing your query as well as for potential follow-up questions.

For the app we use the Single Sign-On function from Facebook, Apple and   
Google. Detailed information for each service will be provided below.  

Sign in with Apple  
If you are a member of Apple Inc („Apple“), Infinite Loop, Cupertino, CA 95014, you can sign in to our App by clicking the „Login with Apple“ button (or similar). To sign in, you will be redirected to Apple, where you can sign in using your Apple Usage Data. When you log in in this way, we receive the following data from your Apple profile: email address, and user id (token). We use this data exclusively for the purpose of registration / login as a customer. For the purpose of the processing of the data by Apple and your rights in this regard, please refer to Apple‘s privacy policy: https://support.apple.com/en-us/102609. We have no influence on the processing by Apple. If you do not agree with such data transfer between Apple and us, we ask you not to register with us with your Apple access. Conversely, data may also be transferred from our App to Apple. The legal basis for the transfer of or to Apple is your consent (Art. 6 para. 1 a GDPR). A provision of this data is voluntary. A registration with Apple is not required for a contract with us.  

Sign in with a Google account  
If you are a member of Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland, you can log in to our App by clicking on the   
button „Login with Google“ (or similar). To log in, you will be redirected to Google, where you can log in with your Google usage data. When you log in in this way, we receive the following data from Google from your Google profile: email address, and user ID (token). We use this data exclusively for the purpose of registration/login as a customer. For the purpose of the processing of the data by Google and your rights in this regard, please refer to the data protection information of Google: https://policies.google.com/privacy. We have no influence on the processing by Google. If you do not agree with such data transfer between Google and us, we ask you not to register with us with your Google access. Conversely, data may also be transferred from our App to Google. The legal basis for the transfer of or to Google is your consent (Art. 6 para. 1 a GDPR). A provision of this data is voluntary. A registration with Google is not required for a contract with us.   

Sign in with a Facebook account  
If you are a member of Meta Platforms Technologies Ireland Ltd. („Facebook“, formerly known as Facebook Technologies Ireland Ltd.), 4 Grand Canal Square, Dublin 2, Ireland, you can log in to our App by clicking on the button „Login with Facebook“ (or similar). To log in, you will be redirected to Facebook, where you can log in with your Facebook usage data. When you log in in this way, we receive the following data from Facebook from your Facebook profile: email address, and user ID (token). We use this data exclusively for the purpose of registration/login as a customer. For the purpose of the processing of the data by Facebook and your rights in this regard, please refer to the data protection information of Facebook: https://www.facebook.com/privacy/policy. We have no influence on the processing by Facebook. If you do not agree with such data transfer between Facebook and us, we ask you not to register with us with your Facebook access. Conversely, data may also be transferred from our App to Facebook. The legal basis for the transfer of or to Facebook is your consent (Art. 6 para. 1 a GDPR). A provision of this data is voluntary. A registration with Facebook is not required for a contract with us. 

Transmitting a crash report 

To improve the app and fix bugs, we use a feature of the Microsoft Appcenter to submit a crash report. To do this, the app sends a crash report to the address in.appcenter.ms, which contains the following data:  

• App version  
• Our email address  
• Device ID  
• Error message or error code  

The transmission is not made to Microsoft, but to us, and is used solely to check for functional errors in the app. To ensure the technical stability of our services, Sentry is used to log system errors. The information generated by Sentry is generally transferred to and stored on a Sentry server in the USA. Sentry has submitted to the EU‘s standard contractual clauses for this purpose. The data is stored for a maximum of 90 days and then deleted without residue. The data is processed on the basis of our legitimate interest in accordance with Art. 6 paragraph 1 lit f GDPR. 

Microsoft Clarity
When using our application, non-personally identifiable data such as access times, IP addresses, and interaction data (in particular cursor and scroll movements) are collected. The screen content is not recorded; only relative click positions are processed for the creation of heatmaps. This processing is used exclusively for the analysis and optimization of the user interface and user experience (UI/UX/usability). Playback data is stored for a maximum of 30 days, and heatmap data for a maximum of 13 months. Users have the option to disable tracking within the application at any time.  

If you choose to receive the newsletter offered in the app, we require an email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in procedure). In order to personalise the newsletter, we store personal data, such as IP address, form of address, first name, last name and email address. We then use this data in sending the requested information and to document your consent. The consent granted to store data, email address and to use it in sending the newsletter may be withdrawn with future effect at any time, either via the link in the newsletter or by submitting it in writing to Einhell Germany AG, Wiesenweg 22, 94405 Landau an der Isar, Germany, [email protected]. We use CleverReach GmbH & Co. KG (Muehlenstr. 43 – 26180 Rastede – Germany) to manage and send our newsletter. In order to be able to send the data properly, the above-mentioned personal data is transmitted to CleverReach.

Our employees and service providers we employ are obligated to maintain confidentiality and to abide by the provisions of applicable data privacy law. The Company undertakes appropriate technical and organisational security measures to protect your personal data from loss, alteration, destruction and against access by unauthorised persons and unauthorised dissemination. Our security measures are updated in accordance with technical advancements.

To protect the security of your data during transmission, we use current state-of-the-art encryption processes.

We generally retain your data for as long as it is needed to provide for use of our offering and the services associated with it or for as long as we have a legitimate interest in its continued retention (e.g. following fulfilment of contract, we may still have a legitimate interest in marketing by post). Deletion of data occurs following expiry of statutory or contractual retention periods (e.g. retention periods specified by tax and commercial law). Data not subject to retention periods are deleted once they are no longer needed to fulfil the specified purpose.

Device/user inactivity

The account, the connection to the device and the device data are deleted after 18 months of inactivity, i.e. the serial numbers are released again for registration. You will receive a reminder email about this after 16 months. You can of course re-register the device at any time.

As a user of our app, you are entitled to certain rights. To exercise your rights, please refer to the information in the section on contacts. Please make sure, however, that we are able to clearly identify who you are.

Pursuant to the General Data Protection Regulation, you may at any time upon request and at no cost receive written information on which data we have stored about you (e.g. name, address). Furthermore, you have the right to correct or delete this data, if statutory requirements have been met. Exempt from this right to deletion are, for example, data on business processes that are subject to statutory retention periods.

You have the right to restrict the processing of your personal data.

In addition, you have the right to object to the processing of data by us. We will then cease processing your data, except where – pursuant to statutory provisions – we can demonstrate compelling legitimate grounds for continued processing that outweigh your rights.

Furthermore, upon request we pledge to provide for the transferability of personal data you provide by making this data available in a commonplace and machine-readable data format.

You may at any time and with future effect withdraw consent to the processing of personal data that you granted us for one or more specific purposes. This does not affect the lawfulness of processing that occurred prior to your withdrawal of consent.

Processing of your personal data solely by automated means occurs only if necessary for concluding or fulfilling a contract and if it does not involve any legal or like effect on you.

We retain the right to periodically modify this data protection notice so that it meets current legal requirements or in order to implement changes to our services in the data protection notice (e.g. when introducing new services). This data protection notice will then apply to any subsequent visit to the website.

You have the right to direct any complaints about the processing of your personal data to the relevant regulatory authority. You may contact either the data protection authority with jurisdiction at your place of residence or your federal state, or the data protection authority with jurisdiction over us. This is the:

Landesamt für Datenschutzaufsicht (State Office for Data Protection Monitoring)
Promenade 27
91522 Ansbach
Email: [email protected]
Website: https://www.lda.bayern.de

If you have any complaints, you can contact our Data Protection Officer. We recommend you only send confidential information via postal mail.

Einhell Germany AG Data Protection Officer
Einhell Germany AG
Wiesenweg 22
94405 Landau/Isar
Germany
Email: [email protected]
Phone: +49 9951 942 - 0