This data protection statement applies to the use of our PLANT.BOOK mobile app (“app”) and services we offer through it.
Alongside easy, efficient operability, we consider the protection of your personal data to be a top priority. The protection of your privacy is a key concern for us when processing personal data and we take this into account in all our business processes.
Therefore our processing of personal data collected while using our app always takes place in line with the respective provisions governing data protection.
This data protection statement will tell you which of your personal data are collected and retained when you use our app or our services offered through the app. You will also receive information on how and on what legal basis your data are used, what rights you have with regard to the use of your data, and which contact methods are available to you.
1. CONTROLLER
The controller responsible for processing your personal data in accordance with Article 4(7) GDPR is:
Zeppelin Systems GmbH
Graf-Zeppelin-Platz 1
88045 Friedrichshafen
Germany
Tel.: +49 7541 202 02
Fax: +49 7541 202 1491
Plantbook@zeppelin.com
2. PROCESSING OF PERSONAL DATA AND PURPOSES OF THE PROCESSING
2.1 What are personal data?
Personal data means all information relating to an identified or identifiable natural person, Article 4(1) GDPR. This includes information such as your name, address, phone number, and date of birth. Data which cannot be traced to you, such as statistical or anonymous data, are not personal data.
2.2 Which data do we collect?
2.2.1 Data collected when you download our app
When you download our app, certain necessary information is transmitted to the app store you have chosen to use (e.g. Microsoft Store or Apple App Store). This information includes your username, email address, your customer account number, the time of the download, payment information if required, and the individual reference number of your end device. These data will only be processed by the respective app store and are outside our control.
2.2.2 Automatic data collection
When you use our app, we will automatically collect specific data; these data are necessary in order to use our app. They include: internal device ID, operating system version, time of access, retrieving the local device language, etc.
These data are transmitted to us automatically, but we do not store them; they are used (1) to provide you with our app and the related functions, (2) to improve the functions and performance features of our app, and (3) to prevent and eliminate misuse and malfunctions. This data processing is justified because (1) the processing is necessary for us to provide our app (point (b) of Article 6(1) GDPR), or (2) we have a legitimate interest in ensuring the functionality and smooth operation of our app and being able to offer a service that reflects the market and your interests. For further information on the balancing of interests pursuant to point (f) of Article 6(1) GDPR, please contact us using the contact details provided in this data protection statement.
2.2.3 Data collected when you use our app
You can opt to transmit data pertaining to you within our app. We use these data, including personal data, for the following purposes:
- Registration
When you use the registration screen on our app to register, and so are able to use a personal login, we collect your personal data (first name, surname, company, position, email address, connection to Zeppelin, Zeppelin client number (optional), country of residence). We use these data to provide our services to you and to engage in a user relationship with you. The legal basis for this is point (b) of Article 6(1) GDPR. Without these data, we are unable to provide you with our services or to properly fulfill the contractual relationship with you.
- Advertising purposes
We will also use your data for advertising purposes (via telephone or in the form of email newsletters) if you wish to receive such communications. The legal basis for the processing of these data is your consent (point (a) of Article 6(1) GDPR). You may revoke your consent at any time. To do so, please contact us using the contact details provided in this data protection statement, follow the respective instructions in our advertising messages or simply send us an email at ZSD-Widerruf@zeppelin.com. The withdrawal of consent does not affect the legality of any processing based on consent which took place previously. You are not obliged to provide us with your data for advertising purposes. However, without these data, we are unable to send you advertising material.
- Storage of interest-related data
If you are not an existing customer, you may choose to give us your consent for the storage of the personal information you have provided to us when using our app. To this end, we process your data in our CRM system to provide individualized services and supply you with appropriate support that is relevant to your interests, in particular when you send us queries or when we produce quotes for you. The legal basis is point (a) of Article 6(1) GDPR. You may revoke your consent at any time. To do so, please contact us using the contact details provided in this data protection statement or simply send us an email at ZSD-Widerruf@zeppelin.com. The withdrawal of consent does not affect the legality of any processing based on consent which took place previously. You are not obliged to provide us with your data for the purposes specified above. Without these data, however, we are unable to offer you, as an interested party, our best possible support.
- Contact form
If you send us queries via our contact form, the data you enter into the contact form, including the contact details you provide there, e.g. name, email address, etc., will be stored and used for the purposes of processing your request. We collect these data in order to accept your query and process it, see point (b) of Article 6(1) GDPR. Insofar as we process your data for the purposes of accepting and handling your requests, you shall be contractually obliged to provide us with these data. Without these data, we are unable to accept and handle your requests.
- Permissions
Our app uses the following permissions:
Permission |
Purpose |
1. Internet access
2. Camera access
3. Data access
4. Microphone access 5. Access to mail program |
1. This is required to save your input to our servers. 2. This is required so that you can take photos of your documents and save them in the app and on our servers. 3. This is required so that you can attach files in your device’s memory to a lead and send them. 4. This is required so that you can enter notes to a lead by dictating them. 5. This is required when sending queries to Zeppelin. |
We process and use your data in order to provide the service. This data processing is justified because the processing is necessary for the performance of the contract between you, the data subject and us, pursuant to point (b) of Article 6(1) GDPR in relation to the use of the app.
3. VALIDITY AND AMENDMENT OF THIS DATA PROTECTION POLICY
The current data protection statement can be accessed at any time on our app at the following link. This data protection statement is currently valid, and can be amended and updated by us at any time. We therefore recommend that you visit this website from time to time to keep abreast of any updates to our data protection statement.
4. RIGHTS OF DATA SUBJECTS
As a data subject in the sense of the GDPR, you are entitled to the following rights. Should you wish to exercise these rights, please contact our data protection officer using the contact details provided in Clause 10 or contact us directly using the following contact details:
Zeppelin Systems GmbH
Graf-Zeppelin-Platz 1
88045 Friedrichshafen
Germany
Tel.: +49 7541 202 02
Fax: +49 7541 202 1491
Plantbook(at)zeppelin.com
4.1 Right of access
Pursuant to Article 15 GDPR, you have the right to obtain confirmation as to whether we process personal data concerning you. If this is the case, you can also request that we provide the further information listed in points (a) to (h) of Article 15(1) and Article 15(2) GDPR.
4.2 Right to rectification
Pursuant to Article 16 GDPR, you have the right to rectification and/or completion, provided that the processed personal data which concerns you are incorrect or incomplete.
4.3 Right to restriction of processing
Under the provisions set out in Article 18 GDPR, as the data subject you have the right to demand restriction of processing of personal data. This right shall apply in particular if the accuracy of your personal data is disputed between you and us, for a period enabling the controller to verify the accuracy thereof, and in the case that you have an existing right to erasure and you request the restriction of their use instead of erasure; furthermore in the case that the data are no longer required for our pursued purpose, but that they are required by you for the establishment, exercise or defense of legal claims, and if a successful objection to processing is still disputed between you and us.
4.4 Right to erasure
Under the provisions set out in Article 17 GDPR, as the data subject you have the right to demand the erasure of personal data without undue delay. These provisions in particular provide for the right of erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, and in cases of unlawful processing, the presence of an objection, or for compliance with a legal obligation which requires processing by Union or member state law to which we are subject.
4.5 Right to data portability
Pursuant to Article 20 GDPR, you have the right to receive personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format. Within the limits of Article 20(1) GDPR, you also have the right to transfer those data to another controller nominated by you.
4.6 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to point (e) or (f) of Article 6(1) GDPR, in accordance with Article 21 GDPR. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing assists in the establishment, exercise or defense of legal claims.
5. AUTOMATED INDIVIDUAL DECISION-MAKING OR PROFILING MEASURES
We do not use automated processing methods for decision-making – including profiling.
6. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you infringes the applicable data protection law. Please contact us using the contact details provided in this data protection statement for information on the competent supervisory authority in our case.
7. STORAGE PERIOD FOR PERSONAL DATA/ERASURE OF PERSONAL DATA
In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal data is required to fulfill a legal obligation.
Should you require further information on our data erasure and storage periods, please contact us using the contact details provided in this data protection statement.
8. CHANGE OF PURPOSE
Your personal data will only be used for purposes other than those described insofar as this is permitted by law, or if you have consented to a change of data processing purpose. In the case that data are processed for purposes other than those for which the data were originally collected, we shall inform you of this different purpose prior to the processing, and shall provide you with all information relevant thereto.
9. DISCOLOSURE OF DATA TO THIRD PARTIES/RECIPIENTS OF DATA
9.1 The personal data that we collect and retain shall never be used by us for sale, trade or loan, and we shall not disclose your personal data to third parties unless we have a statutory obligation to do so. Data may be disclosed e.g. to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of our app or products, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlawful or unfair conduct). Data may also be disclosed for the enforcement of Terms and Conditions of Use or other agreements. We are also obliged to grant access to certain public bodies on request. These include law enforcement authorities, authorities which prosecute administrative offenses, and tax authorities. These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is point (f) of Article 6(1) GDPR. For further information on the balancing of interests pursuant to point (f) of Article 6(1) GDPR, please contact us using the contact details provided in this data protection statement.
9.2 Your data shall also be disclosed if you have consented to that. The legal basis to this extent is point (a) of Article 6(1) GDPR. You also have the right at any time to withdraw your consent. To do so, please use the contact details provided in this data protection statement or simply send us an email at ZSD-Widerruf@zeppelin.com. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal thereof.
9.3 Subsidiaries of the data controller
Your personal data may also be disclosed to and used by the data controller’s subsidiaries.
This is the case when services are provided by several collaborating subsidiaries of the group (e.g. rendering of services that are not (solely) provided contractual partner or collaborating Zeppelin subsidiaries when developing and providing our services). Your data may be disclosed to provide all participating subsidiaries with the same necessary consistent data.
The legal basis for this are points (b) and (f) of Article 6(1) GDPR.
For further information on the balancing of interests pursuant to point (f) of Article 6(1) GDPR, please contact us using the contact details provided in this data protection statement.
Your data shall also be disclosed for promotional purposes (newsletter dispatch, trade fair invitations, product information. etc.) by the data controller’s subsidiaries in charge of your region if you have consented to that. The legal basis for this is point (a) of Article 6(1) GDPR. You also have the right at any time to withdraw your consent. To do so, please use the contact details provided in this data protection statement or simply send us an email at ZSD-Widerruf@zeppelin.com. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal thereof.
Some of the subsidiaries mentioned above process your data outside the European Economic Area (EEA).
To protect your personal rights when transferring your data we ensure that the contracts with relevant recipients in third party countries comply with the EU Commissions standard clauses according to point (c) of Article 46(2) GDPR. To inquire about these documents please use the contact details provided in this data protection statement.
You can access an updated overview of the data controller’s subsidiaries via the following link.
9.4 “Processors”
We rely on contractually bound third-party companies and external service providers (“processors”) to supply our range of products and services. In such cases, personal data are disclosed to these processors to enable further processing thereof. These processors are carefully selected and regularly checked to ensure that your privacy remains protected. The processors may only use the data for the specified purposes, and are also contractually obliged to handle your data in compliance with this data protection statement and the applicable data protection laws.
Specifically, we use the following processors:
- Service providers for sending our email newsletter, some of whom are also based in the USA.
Data is disclosed to processors on the basis of Article 28(1) GDPR, alternatively on the basis of our legitimate interest in the economic and technical benefits provided by the use of specialized processors, and based on the fact that your rights and interests in protecting your personal data are not overridden, point (f) of Article 6(1) GDPR. For further information on the balancing of interests pursuant to point (f) of Article 6(1) GDPR, please contact us using the contact details provided in this data protection statement. If necessary, we shall obtain your consent to disclose your personal data to processors, in which case point (a) of Article 6(1) GDPR forms the legal basis. You also have the right at any time to withdraw the provided declaration of consent with regard to data protection with immediate effect. To do so please contact us using the contact details provided in this data protection statement or simply send us an email at ZSD-Widerruf@zeppelin.com. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal thereof.
10. CONTACT METHOD/DATA PROTECTION OFFICER
You can contact us through our data protection officer as follows with regard to access to your personal data, to have inaccurate data corrected, blocked or erased, or if you have further questions regarding the use of your personal data:
Zeppelin GmbH
Group Data Protection Officer
Graf-Zeppelin-Platz 1
85748 Garching bei München
Germany
Tel.: +49 89 32 000-0
Fax: +49 89 32 000-482
Email: datenschutz@zeppelin.com
Please note that access can only be granted if you give us, in full: your first name and surname, your current and, if necessary, previous address, your date of birth, and your email address. This information is used exclusively for alignment purposes, which in turn ensures that no unauthorized third party can obtain your personal data. Any product, transaction, and/or contract numbers which we have sent to you are also useful and helpful, but not necessary, in enabling us to identify the relevant data quicker.
As of: June 2019