Data Privacy Statement for Users of the Dräger GDC Gateway App (iOS and Android)
General data privacy information
(“Data Privacy Statement”)
Dräger is firmly committed to protecting the privacy of all persons whose personal data is processed by Dräger. This document serves to inform you about the methods, scope, and purpose of the personal data collected and processed in connection with our Monitoring Connect App. This Data Protection Statement also serves to inform you about your rights as a data subject.
Our company processes your personal data on the following legal bases (General Data Protection Regulation, GDPR):
We will give you prior notice of any intended processing of your personal data for a purpose other than those stated in this Data Protection Statement.
The following data will be collected and stored for the reasons stated:
When using the app, the following contact data of the user will be processed: Name/institute/company, email address, geolocation data. The geolocation data is used to determine the location of devices/workers, for visualization on the map and documentation of alarm incidents including the location of the alarm.
If you use the app without logging into your account, all personal data will be stored exclusively in the app, which means only locally on your device, for as long as you do not share this data yourself with others.
Dräger has no access to the personal data stored within the app. In this case, the personal data is stored exclusively for the user's own purposes.
When using the app after logging into their account, the app user additionally provides the following data: First name, last name, email address, company
Data flow between app and server component
Personal data of the app user will be transferred to the web application. This data is accessible to authorized web users of the respective organization.
Personal data entered by the app user will be transferred to the web application. This data is accessible to authorized web users of the respective organization.
Your data will be automatically encrypted during transmission and storage. Our security precautions aimed at protecting your data always reflect state-of-the-art technology - but the maximum degree of protection can only be warranted if you regularly update your mobile device.
Dräger will only store your personal data for as long as is necessary for the above-mentioned purposes or as required by law.
Data processing
If you use the app with login or the web application, the personal data required for the login or credentials administration will be stored and processed.
Dräger may involve external service providers in the technical aspects of processing your data. In general, we prevent the data from being processed outside of the EU by carefully selecting and monitoring our service providers.
For technical reasons for login, the user ID and the login password hash will be mirrored worldwide in the registration system.
Our service providers and suppliers have accepted contractual obligations that require them to comply with relevant data protection requirements.
Data Controller
Dräger
Safety AG & Co. KGaA
Revalstrasse 1
23560 Lübeck
Questions relating to the processing of your personal data and requests for information, correction or deletion of data can be submitted to our Group Data Protection Officer.
Via
email: dataprivacy@draeger.com
Rights and obligations
Subject to meeting the statutory conditions, you have the following rights pursuant to Article 14 (2) lit. c and Articles 15 to 22 GDPR: The right of access, right to rectification, right to erasure, the right to restrict the processing of your data, and the right to data portability.
You have the right to object to the processing of your personal data.
If we process your data to safeguard legitimate interests, you may object to this data processing for reasons arising from your particular situation. We will then cease the processing of your personal data, unless we can demonstrate compelling legitimate reasons for the data processing that prevail over your interests, rights and freedoms, or if the data processing serves the purpose of asserting, exercising or defending legal interests.
You may at any time lodge a complaint with our Group Data Protection Officer, who can be contacted at the address provided above, or with a data protection supervisory authority.
Last modified: September 2021
Data Privacy Statement for Users of the Dräger Gas Detection Connect (GDC) Website
General data privacy information
(“Data Privacy Statement”)
Thank you for your interest in Dräger Gas Detection Connect (GDC). Data protection and data security for customers and users is a top priority for Dräger. We are committed to processing personal data in compliance with the General Data Protection Regulation (“GDPR”) and the relevant national data protection regulations, particularly including the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”). Personal data includes all data that relate to an identified or identifiable individual person, e.g. name, address and email address.
This Data Privacy Statement serves to inform you about the methods, scope and purpose of the personal data collected and processed by us in connection with Dräger Gas Detection Connect. This Data Privacy Statement also serves to inform you about your rights as a data subject.
Please note that selected services and functions available on our website may be subject to different and/or separate data protection statements. If this is the case, we will expressly refer to these different and/or separate data privacy statements at the time we collect the personal data. Please also note that our online services are not intended for children. The minimum age for new customer accounts is 18 years.
The data controller in charge of data protection matters related to the processing of personal data (within the meaning of Article 4 no. 7 GDPR) is Dräger Safety AG & Co. KGaA. Revalstrasse 1, 23560 Lübeck, Germany (“Dräger”, “we”, “us”).
Our Data Protection Officer can be contacted by sending an email to dataprivacy@draeger.com, and by regular mail to
Drägerwerk AG & Co. KGaA
Group Data Protection Officer
Moislinger Allee 53-55
23558 Lübeck, Germany
Personal data will be collected when you visit our website and use the services offered by Dräger Gas Detection Connect. The precise scope of data, the purposes of their collection, and the legal basis for their collection and processing all depend on various aspects that, in particular, include the way you use our website and the functions available on it.
1. Visiting our website (Dräger Gas Detection Connect)
Our website can be accessed by anyone, without being required to disclose personal data. Certain personal data will, however, be collected, even on visits that exclusively serve information-only purposes. Some of this data is strictly required for technical reasons in order to be able to display our website. Our website also uses certain analysis techniques based on what are known as cookies, along with similar technologies. Our website also contains links to other websites whose operators may process additional (personal) data.
When you visit our website for information-only purposes, we will only process the personal data that is transmitted to our server by your browser software. This data is technically required for the purpose of displaying our website and warranting its stability and security. The following data is collected:
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Respectively transferred data volume
• Referrer website
• Browser software
• Operating system and user interface
• Language and version of the browser software
The data is processed on the legal basis of Article 6 (1) lit. f GDPR for the purpose of safeguarding our legitimate interest in operating our website without malfunctions. The data will be stored for a period of seven days and then deleted automatically.
Our website offers you several options to contact us with questions and comments. You may contact us via our service hotline or by using our contact form. If you use one of these options to contact us, we will process the information you submit to us, including any personal data, to the extent necessary for the purpose of processing your inquiry. The legal basis of the data processing is Article 6 (1) lit. b GDPR. In certain cases, we may process additional personal data for safeguarding our legitimate interests on the legal basis of Article 6 (1) lit. f GDPR, particularly including for the prevention of fraud and misuse of our services (more information can be found in clause 4 of this Data Privacy Statement).
3. Customer account
You have the possibility to create a personal customer account for Dräger Gas Detection Connect (“Customer account”). Registering an account involves providing certain mandatory information that is required to create the customer account in our online system. Additional data may be disclosed on a voluntary basis. The mandatory fields will be designated accordingly. Once you submit the completed registration form to us, we will send you an email asking you to confirm your registration. Clicking on the confirmation link will complete the registration process and create your customer account. An overview of your personal data is provided in your customer account.
We will process the personal data stored in your customer account based on Article 6 (1) lit. b and f. GDPR for purposes related to the performance of our services and to safeguard our legitimate interests. Our legitimate interest is to offer the service to our users and to prevent malfunctions and fraudulent activities (more information can be found in clause 4 of this Data Privacy Statement).
You may change your data in your customer account settings at any time and delete your customer account using the button provided in the account settings. If you delete your customer account, we will delete all personal data collected in connection with the account, provided the deletion is not opposed by statutory or contractual retention obligations. In cases where retention obligations apply, we will restrict the data processing to the minimum necessary. In this case, the data is processed on the legal basis provided for in Article 6 (1) lit. b and c GDPR.
4. Data processing for the performance of legal obligations and to safeguard legitimate interests
We may also process the personal data for the purposes specified above for the purpose of meeting our own legal obligations. In this case, the legal basis of the data processing is Article 6 (1) lit. c GDPR.
We will, to the extent necessary, also process personal data beyond the purposes specified above in order to safeguard our legitimate interests or the legitimate interests of third parties. In this case, the data processing is based on Article 6 (1) lit. f GDPR. Our legitimate interests particularly include
• the assertion of legal claims and defense in legal disputes;
• the prevention and investigation of criminal offenses and serious misuse of our services; as well as
• the management and ongoing development of our business activities, including the delivery of information about services offered by our company, provided you have not expressly objected to receiving information (e.g. direct print advertising).
Am I required to disclose personal data?
In some of the cases described in this Data Privacy Statement, you will be required to disclose personal data. This applies, in particular, to the processing of personal data in connection with the opening of a customer account, subscription to our newsletter, processing of inquiries via the contact channels provided by us, and the placement of orders for products.
You will be informed of the data required by us at the time the personal data is collected (e.g. fields designated as mandatory*). This data is strictly necessary for us to provide our respective service, i.e. we will not be able to send you our newsletter or respond to your inquiries without the data.
In cases where we collect additional personal data from you, we will always inform you, at the time the data is collected, whether the disclosure of the respective information is mandatory under a statutory provision or contract, or if it is required for the inception of a contract.
Who will my personal data be disclosed to?
The personal data collected by us in connection with Dräger Gas Detection Connect will usually be processed internally, meaning within our company. Depending on the type of personal data, only certain departments or organizational units that require access to the data will be granted access to them. This includes, in particular, the departments responsible for our digital services or the respective business processes (e.g. our IT department).
Additionally, we may also make lawful disclosure of your personal data to third parties outside of our company, including, in particular,
• the recipients to whom we are required to transfer personal data for the purpose of performing contracts with them (e.g. to suppliers and logistics companies);
• our service providers, who render their services based on separate contractual agreements that may entail the processing of personal data, as well as to our authorized subcontractors; as well as
• non-public and public recipients provided we are legally compelled to disclose your personal data to them.
Will my data be transmitted to countries outside of the EU/EEA?
The general rule is that we will process your personal data exclusively inside the EU and/or European Economic Area.
In exceptional cases, it may be necessary to transmit the information to recipients in what are known as “third countries”. Third countries are countries outside of the European Union or the Agreement on the European Economic Area that cannot be presumed to offer a data privacy level that is comparable to the protection level inside the European Union. Insofar as the transmitted information also includes personal data, we will assure prior to any such transmission that the required adequate level of data protection is warranted in the respective third country or at the recipient in the third country. This may take the form of an “adequacy decision”, which is made by the European Commission and determines an adequate overall level of data protection for a certain third country. Alternatively, we may also base the transmission of data on EU standard contractual clauses agreed with a recipient, or on a declaration of consent issued by you.
Further
information on the suitable and adequate guarantees for observing an adequate
level of data protection is available on request. Further information about the
EU standard contractual clauses (in English) can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. Information
(in English) on the adequacy decisions can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Do you use automated decision-making methods?
We do not
use any automated decision-making methods (including profiling) within the
meaning of Article 22 GDPR in connection with the processing of your personal
data outlined in this Data Protection Statement. We will inform you separately
of any use of automated decisions in exceptional cases.
How long will you store my personal data?
We will ordinarily store personal data for as long as this is necessary for the purpose the data has been processed for, or for as long as we have a legitimate interest in storing the data, and provided your interest in a discontinuation of their storage and/or processing does not prevail. This means that we will store your data only for as long as necessary for making our website and the services associated with it available, and/or for as long as we are compelled to store the data under a statutory provision. We will delete personal data without requiring any action from the data subject as soon as the data is no longer necessary for the purpose they are processed for, or if their storage is otherwise prohibited by law.
The standard procedure is that
• the data will be deleted or anonymized after expiry of the period specified in the above clause describing the data processing and/or website function in further detail (also see clause 0 of this Data Protection Statement);
• the data processed by us in connection with a business relationship (and in particular in connection with products ordered from us) will be deleted upon expiry of the statutory retention periods; and
• the data processed in connection with the customer account will be deleted at the time a customer account is closed, provided their further storage is not required to comply with statutory or contractual retention periods applicable in the context of the respective business relationship.
The personal data we are required to store for reasons of compliance with retention obligations will be stored until the respective retention obligation has lapsed. To the extent we store personal data exclusively for the purpose of compliance with retention obligations, the processing of the data will usually be restricted, i.e. the data can only be accessed if necessary, for the purpose of the retention obligation.
What are my rights as a data subject?
The following serves to inform you about your rights as a data subject within the meaning of Article 4 no. 1 GDPR. Reference is made to Articles 15 to 21 GDPR with respect to the further pertinent details.
To exercise these rights, please contact our Data Protection Officer at the contact details provided above, or use one of the technical contact options provided by us for your convenience.
1. Right to of access, Article 15 GDPR
You have the right to receive information about whether and what kind of personal data is processed by us. This includes, but is not limited to, information about the period in and purposes for which we process your data, the source of your data, and the recipients or categories of recipients to whom we will disclose your data. You may also request us to provide you with a copy of your data.
2. Right to rectification, Article 16 GDPR
Data subjects have the right to request us to promptly correct any inaccurate or outdated personal data. You may also request the completion of any personal data that is found to be incomplete. We will also inform third parties about these corrections if required under a statutory provision, to the extent we have disclosed your data to them.
3. Right to erasure (also “right to be forgotten”), Article 17 GDPR
Data subjects have the right to request the prompt deletion of their personal data, but only if one of the following reasons apply:
• your data is no longer necessary for the purposes they were collected or processed for in any way, or the purpose has been achieved;
• you revoke your consent and the data processing cannot be based on any other legal basis;
• you object to the processing of your data and there are no prevailing legitimate reasons for continuing the data processing; in cases where personal data is used for direct advertising and you do not wish to receive this direct advertising, all you need to do is send us an objection to the data processing;
• your personal data was processed unlawfully;
• the deletion of your personal data is required to comply with a legal obligation under EU law or a member state law governing our company.
Please note that your right to be forgotten may be restricted by statutory provisions. This includes, in particular, the restrictions stipulated in Article 17 GDPR and Section 35 German Federal Data Protection Act (“Bundesdatenschutzgesetz”).
4. Right to restrict the processing of data (blocking), Article 18 GDPR
Data subjects also have the right to request us to restrict the processing of their personal data if one of the following conditions is satisfied:
• you dispute the accuracy of your personal data and do so over a period that allows us to review the accuracy of your personal data;
• the data processing is unlawful and you object to the deletion of your personal data and instead demand a restriction be imposed on the use of your personal data;
• we no longer require your personal data for the purposes they were processed for, but you require them to exercise, assert or defend legal interests, or
• you object to the data processing for as long as it remains uncertain whether our legitimate interests prevail over yours.
If you have effectively restricted the data processing for one of the above reasons, we will notify you before lifting the restriction.
5. Right to revoke consent, Article 7 (3) GDPR
You may revoke a previously granted declaration of consent at any time with effect for the future. You may revoke your consent by submitting a simple written notice to the above contact addresses, or by using the technical contact options provided by us. If you revoke your previously granted consent, this will not affect the lawfulness of any data processing that took place prior to your revocation of consent.
6. Right to data portability, Article 20 GDPR
Data subjects have the right to receive the personal data they have provided us with in a structured, common and machine-readable format, and to transfer this data to third parties. Further details and limitations are provided for in Article 20 GDPR. Exercising this right is without prejudice to your right to be forgotten.
7. Right to lodge a complaint with the supervisory authority, Article 77 GDPR
If you believe that the processing of your data by our company violates applicable data protection law, you have the right to lodge a complaint with a responsible supervisory authority in general, and in particular with the Schleswig-Holstein Independent Data Protection Center or the respective supervisory authority in the EU member state of your place of residence, your place of employment, or the place where the alleged data protection violation took place.
8. Right to object to data processing, Article 21 GDPR
|
Data subjects have the right to object to the processing of their personal data at any time on the basis of Article 6 (1) lit. e or f GDPR for reasons resulting from their particular situation; this also applies to profiling based on the same provisions. If you object, we will cease processing your personal data, unless we can demonstrate compelling legitimate reasons for continuing the data processing that prevail over your interests, rights and freedoms, or if the data processing serves the purpose of asserting, exercising or defending legal interests. If we process personal data for direct advertising purposes, data subjects have the right to object to the processing of their personal data for direct advertising purposes at any time; this also applies to profiling in as far as it is associated with this direct advertising. We will cease the processing of personal data for direct advertising purposes if you object to their processing for these purposes. |
Last modified: September 2021