DENIOS AB
Datorgatan 3
561 33 Huskvarna

Tel.: 036 - 39 56 60
E-Mail: info@denios.se
Internet: www.denios.se

Integritetsskydd DENIOS IoT-Services

1. Introduction

The use of our IoT services requires the processing of personal data. With the following information, we would like to give you, the "data subject", an overview of the processing of your personal data by us and your rights under the data protection laws.

The processing of personal data, for example your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

By means of this data protection statement, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection possible for personal data processed via our IoT services. Nevertheless, Internet-based data transmissions may always have security vulnerabilities, so that absolute protection cannot be guaranteed.

2. Controller

DENIOS SE
Dehmer Strasse 58-66
32549 Bad Oeynhausen

Telephone: 05731 753-0 Fax: 05731 753-199 E-Mail: info@denios.de

3. Data protection officer
You may contact the data protection officer as follows:
datenschutz@denios.de
You may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Definitions

The data protection statement is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was adopted. Our data protection statement is intended to be easy to read and understand for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration:

1. Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristics specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

2. Data subject

The data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing

Processing is any operation or series of operations performed in connection with personal data, whether or not by automated methods, such as collection, recording, organisation, filing, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

5. Contract processor

The contract processor is a natural person or legal entity, authority, institution or other body that processes personal data on behalf of the controller.

6. Recipient

A recipient is a natural person or legal entity, public authority, institution or other body to which personal data is disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative mission under Union law or the law of the member states shall not be considered as recipients.

7. Third party

A third party is a natural or legal person, public authority, institution or body other than the data subject, the controller, the contract processor and the persons authorised to process the personal data under the direct responsibility of the controller or the contract processor.

8. Consent

Consent is any voluntary, informed and unambiguous declaration of intent given by the data

subject for the specific case in the form of a declaration or other unequivocal affirmative action by which the data subject indicates that he consents to the processing of personal data relating to him.

5. Technology

Our IoT services use SSL or TLS encryption to guarantee the security of data processing and to protect the transmission of confidential content, such as your login data that you send to us as the operator.

We use this technology to protect your transmitted data.

6. Data processing for use of the application / web interface

Our IoT services offer you the option to register. Even without registration, our IoT services collect a range of general data and information during use. The following data is recorded in the server log files:

• Browser types and versions used,
• The operating system used by the accessing system,
• The features that are controlled via an accessing system in the application/ web interface,
• The date and time of access to the application / web interface,
• An Internet protocol address (IP address)

When processing this general data and information, we do not draw any conclusions about your person. Rather, this information is needed

1. To correctly deliver the contents of the IoT services,

2. To ensure the long-term functionality of our IT systems and the technology of our IoT services, and

3. To provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

The data and information collected is analysed by us with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above.

The data in the server log files is stored separately from all personal data provided by a data subject and automatically deleted after 1 month at the latest.

7. Data processing when using the company account

7.1 Registration / authentication of the company account

When you purchase our IoT services, you have the option of registering as an administrator by providing personal data for your company account using an authentication code.

To register as an administrator, you must provide the following data:

• Inputting the authentication code of your company account
• Valid e-mail address
• Name of your company (optional)
• Your company address (optional)

The personal data you enter during registration is processed for the purpose of registering the company account. It is possible to use the following features of the IoT services, in particular, only with an existing company account:

• Registration of the location of the devices used
• Checking the status messages of the devices used
• Inspection of the transmission quality of the devices used
• Inspection of the battery status of the devices used
• Definition of recipients for information, warnings and alarms via e-mail or SMS

Due to the contract processing agreement concluded between DENIOS and you, the legal basis for the processing of this personal data by us is the legal basis on which your processing of the personal data is based (Art. 28 Para. 1 GDPR).

By registering for our IoT services, the IP address assigned by your Internet Service Provider (ISP), the date and the time of registration are also stored.

The storage of the IP address assigned by your Internet Service Provider, the date and time of registration takes place against the background that only in this way can the misuse of our services be prevented, and if necessary, this data makes it possible to resolve criminal offences that have been committed. In this respect, the storage of this data is necessary for our protection.

The processing of this personal data is based on our legitimate interest in preventing the misuse of our services, Art. 6 para. 1, sentence 1 lit. f GDPR.

DENIOS will delete the data collected by us in the context of registration of the company account after the ending of the service agreement as well as the contract processing agreement concluded between DENIOS and you, but at the latest when you ask us to delete the data.

7.2 Creating additional users

As an administrator, you have the option of adding additional users for your company account at any time. The respective name, the respective e-mail address and the role of the user (user or admin) are required for this purpose. The newly created user will then receive an e-mail notification requesting confirmation of the registration and login as a new user of our IoT services.

Due to the contract processing agreement concluded between DENIOS and you, the legal basis for the processing of this personal data by us is the legal basis on which your processing of the personal data is based (Art. 28 Para. 1 GDPR).

DENIOS will delete the data collected by us in the context of the creation of additional users after the ending of the service agreement as well as the contract processing agreement concluded between DENIOS and you, but at the latest when you ask us to delete the data.

8. Placement of cookies

We use session cookies on our web interface. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. The session cookies are used to recognise that you have already visited individual pages of our web interface and that you may have logged in as a user. They are placed when you log in as a user of our web interface and are automatically deleted after you leave our website.

The data processed by cookies, which are needed for the correct functioning of the website, are necessary to protect our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

9. Sending notifications in the case of information, warning or an alarm

Within the framework of the IoT services, we grant you, as a registered user, the option of storing the mobile phone numbers and email addresses of a number of contacts specified by you (maximum of 5 mobile phone numbers, unlimited e-mail addresses) who are to be informed in the case of information, warning or an alarm.

The contact data you provide will be used by us solely for the purpose of registering the contact by sending a confirmation request regarding the stored contact data and for the purpose of notifying the respective contact in the case of information, warning or an alarm.

DENIOS will delete the data from the system after the ending of the service agreement as well as the contract processing agreement concluded between DENIOS and you, but at the latest when you ask us to delete the data.

Due to the contract processing agreement concluded between DENIOS and you, the legal

basis for the processing of this personal data by us is the legal basis on which your processing of the personal data is based (Art. 28 Para. 1 GDPR).

10. Recipients

We use different service providers to provide the IoT services and the associated services. We transmit your personal data to these service providers to the extent necessary in each case.

In addition to DENIOS AG, recipients of your personal data are the following external services within the scope of the purposes stated in this data protection declaration:

Contract processors

Contract processors of DENIOS AG

We use the ROBIOTIC Rico platform from ROBIOTIC GmbH, Oberes Feld 6, 33106 Paderborn to provide the entire service between the IoT devices and the end user interface. It includes:

• The communication between the IoT devices and the Rico IoT platform
• The cloud systems for data preparation (importing, filtering and cleaning), data analysis, applying rules, machine learning systems for intelligent analysis of data, triggering data and initiating processes
• The front-end web and mobile applications
• The support services including customer support, logging and monitoring, authentication and user management

Further information can be found here:
https://www.robiotic.com/de/datenschutz

External services

Other recipients of your data are the following

• Use of cloud services from Microsoft Azure

The ROBIOTIC Rico platform uses Microsoft's cloud computing platform for communication between our DENIOS devices and the end customer. This platform serves as a gateway for communication, as well as for the processing and storage of device and customer data necessary for the implementation of the services. Further information can be found here:

https://azure.microsoft.com/de-de/overview/trusted-cloud/privacy/

• Use of authentication services from Auth0

The ROBIOTIC Rico platform uses Auth0 for secure authentication and authorisation of our users (human or machine) on our platform. Auth0 can be used by us for services such as universal login, single sign-on (SSO), multi-factor authentication (MFA) and user management. Access to our systems is therefore partly dependent on Auth0 and in rare cases cannot be guaranteed. Further information can be found here: https://auth0.com/privacy

• Use of wysiwyntelecommunication

The ROBIOTIC Rico platform uses wysiwyn’s services to provide SMS or mobile app messaging for our customers. Messages can be sent via 600 + carrier direct connections and global coverage. This service is fully automated and seamlessly integrated with our platform or existing customer platforms where applicable. Wysiwyntelecommunication only serves as the supplier of the SMS infrastructure and has no effect on the content of the SMS message. Further information can be found here:

https://www.wysiwyn.com/datenschutz

• Use of the SenGrid Service from Twilio

The ROBIOTIC Rico platform uses the service from Twillio called SendGrid to provide e-mail messaging for our customers. E-mail messaging may include e-mail automation, e-mail testing, registration forms, e-mail templates, and e-mail statistics. This service is fully automated and seamlessly integrated into our platform or existing customer platforms where applicable. SenGrid serves only as the supplier of the e-mail infrastructure and has no influence on the content of the e-mail message.

https://www.twilio.com/legal/privacy

• Use of Salesforce

The ROBIOTIC Rico platform uses Salesforce as a CRM tool for automated billing of our services to potential external services, or to manage possible external services such as contracts or SIM cards. The Salesforce services and the Salesforce platform are part of the communication with our customers. Data from our customers or IoT devices can be stored and processed here to enable our services. Further information can be found here:

https://www.salesforce.com/de/company/privacy/

If necessary, we share personal data with law enforcement authorities, courts and government agencies and authorised third parties if this is required for the purposes of law enforcement, the assertion, exercise or defence of our legal claims and / or authorised third parties.

We do not intend to transfer personal data to third countries. In the context of our collaboration with Microsoft Azure, Auth0, Salesforce and Twilio, transmission of your personal data to the UK and the USA may take place. This transmission takes place throughout on the basis of the standard contractual clauses of the EU Commission.

11. Your rights as a data subject

The protection of your personal data is very important to DENIOS AG and its partners. Should you wish to assert your rights as a data subject, please contact us using the contact details of DENIOS AG or the Data Protection Officer.

11.1Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you is being processed.

11.2Right to information Art. 15 GDPR

You have the right to obtain from us, at any time and free of charge, information on the personal data stored about you as well as a copy of this data in accordance with the statutory provisions.

11.3Right to correction Art. 16 GDPR

You have the right to request the correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data.

11.4Deletion Art. 17 GDPR

You have the right to request that we delete the personal data concerning you immediately, as long as one of the reasons provided for by law applies and that processing or storage is not required.

11.5Restriction of processing Art. 18 GDPR

You have the right to request that we restrict processing if one of the legal requirements applies.

11.6Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data has been provided, as long as the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or takes place in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to have the personal data transmitted directly from one controller to another controller, in so far as this is technically feasible and in so far as this does not adversely affect the rights and freedoms of other persons.

11.7 Objection Art. 21 GDPR

You have the right to object at any time to the processing of personal data concerning you, which is carried out by virtue of Art. 6 para. sentence .1 lit. e (data processing in the public interest) or f (data processing based on a weighing of interests) GDPR.

If you object to a processing activity, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves for the assertion, exercise or defence of legal claims.

11.8 Revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

11.9 Complaint to a supervisory authority

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

12. Topicality and changes to the data protection statement

This data protection statement is currently valid and has the status: February 2021.

Due to the further development of our IoT services or due to changed legal or regulatory requirements, it may become necessary to amend this data protection statement. We therefore reserve the right to make changes at any time in compliance with the applicable data protection regulations.

You will find a separate data protection declaration here for the use of the IoT services: Datenschutzerklärung DENIOS IoT-Services

Meny
Logga in
Din varukorgLagd i varukorgen
Till varukorgen
Vi hjälper dig gärna!

Ring, chatta eller fyll i kontaktformuläret så hör vi av oss.

Mån - Tors: 08:00 - 16:30 | Fre 08:00 - 15:00