Data Protection Declaration INSTINCT Mobile App
The security of your personal data is paramount for Mayer & Co Beschläge GmbH (hereinafter referred to as “MACO”, “we” or “us”).
MACO therefore places greatest importance on protecting any personal data you have disclosed to us. MACO processes and uses your personal data exclusively in accordance with the requirements of the General Data Protection Regulation (GDPR) as well as the Data Protection Act (Datenschutzgesetz – DSG) and Telecommunication Act (Telekommunikationsgesetz – TKG).
This document explains which information we collect and how we process and protect any personal data disclosed to us.
Unfortunately, the nature of the subject may give this declaration a rather technical feel, but we have tried to keep the most important points as easy and clear as possible.
1. Name and address of the responsible entity (controller)
MACO is the controller within the meaning of Art. 4 (7) GDPR and therefore provides the following information:
Mayer & Co Beschläge GmbH
Alpenstraße 173
5020 Salzburg
Tel.: +43 662 6196-0
Fax: +43 662 6196-1449
Data protection officer contact details: dataprotection@maco.eu
2. What is personal data?
Personal data within the meaning of Art. 4 (1) GDPR comprises all data and information that relates to an identified or identifiable natural person (data subject). This includes your name, addresses, contact details, phone number and IP address.
3. Which data do we process, for which purpose and on which legal basis?
3.1. App use
When you use our app, the following personal data is processed through the INSTINCT mobile app and the INSTINCT Bluetooth module:
- Name or pseudonym selected by the user (owner of the smartphone);
- Name or pseudonym selected for the door or location where the door to be controlled is located;
- Icon selected by the user;
- Time and date stamp of the (personal) event.
The data is stored locally on your smartphone only or on the smartphones of administrators. We therefore never have access to, and are unable to read, your data. This method ensures that we comply with the data minimisation principle as well as privacy by default to the greatest extent possible.
The data is therefore automatically processed by the app and through your smartphone in order to provide app functions such as access administration. This is therefore necessary in order for us to fulfil our (pre-)contractual obligations to you.
3.2. Issuance of access rights
If you are an administrator and wish to issue additional access rights, you can generate an alphanumerical code in the app which you can forward to additional users.
If you set up additional users, the names or pseudonyms selected by you are also processed in the app. This data is required so that you can set up and manage further users and so that these users may also use the INSTINCT system. The data is processed on the basis of our (pre-)contractual obligations to you.
However, this information is also stored locally only, on your smartphone, the smartphones of any other administrators or the smartphones of authorised users. We do not have any access to it.
3.3. Event log
System-relevant events are logged and stored with time and date stamp in the INSTINCT Bluetooth module. These events include, in particular, successful access as well as denied access attempts of all users and administrators set up in an INSTINCT system.
If the device of an INSTINCT system administrator is linked to the INSTINCT Bluetooth module, these events are transferred to the administrator’s INSTINCT mobile app where they are stored locally within the app on the administrator’s smartphone. We therefore also do not have any access to this data. MACO cannot, and does not, process this data further in any way due to the nature of the system.
3.4. Crash notifications
We depend on anonymised crash notifications to continuously improve the stability and reliability of the INSTINCT mobile app. We use App Center, a Microsoft service, for this purpose.
In the event of a crash, the following user information is transferred to the Microsoft servers: app version, operating system version, accumulated exceptions. We process the data on the basis of our justified interest in the provision of a user-friendly and secure app and the needs-based further development of our product as well as the app appearance.
4. Transfer to third parties
As your data described in Section 3.1 to 3.3 is stored locally only on your smartphone and/or the smartphones of administrators, we do not have any access to it. We are therefore also unable to transfer this data to third parties.
To the necessary extent, we forward the crash notifications to IT service providers which also support us with the provision of our services (order processors).
All of our order processors exclusively process your data by our order and on the basis of our instructions for the provision of the above services.
5. Storage and/or archiving period
The personal data collected by your INSTINCT mobile app is stored inside the app for as long as you use the app or until you delete the data in the app yourself (e.g. by deleting the door in your app).
In order to also delete all of the data in the INSTINCT system and/or on the smartphones of administrators, you must ask an administrator to remove you as a user from the INSTINCT system. This deletes all personal data and entries in the event log triggered by you are anonymised and can therefore no longer be traced back to your person.
6. Data security
We implement adequate technical and organisational security measures to protect your personal data against accidental or unauthorised deletion, modification as well as against loss, theft and unauthorised reading, transfer, reproduction, use, changes and access. We and our employees are also obligated to comply with data secrecy and confidentiality regulations. Our vicarious agents and representatives who require access to your personal data for the performance of their professional tasks shall also be granted access and undertake to comply with the same data secrecy and confidentiality obligations.
7. Rights of the data subject in accordance with the GDPR
You have the right to obtain information in a clear, transparent and easy-to-understand manner about how we process your personal data as well as your rights as a data subject (Art. 13 et seqq. GDPR):
You generally have the right to obtain information on your personal data processed by us. You also have the right to request the rectification of incorrect data and the erasure of your data (right to be forgotten). You may further have the right to restrict the processing of your data as well as the right to receive the data provided by you in a structured, standard and machine-readable format (data portability). However, as we do not have any access to your app and the data processed by your app, we are unable to provide you with information on which specific data is being processed in your app. We are therefore also unable to erase, rectify or restrict the processing of the data in your app.
You may also withdraw your consent to the processing of your personal data with future effect if the processing is based on your consent.
As the data subject, you can object to the use of your data at any time if the data is processed for direct marketing purposes.
If we process your data for justified purposes, you further have the right to object at any time if your personal situation gives rise to do so.
You can also file a complaint with a data protection authority. The data protection authority responsible for our company is the Austrian Data Protection Authority (www.dsb.gv.at), Barichgasse 40-42, 1030 Vienna, Austria. However, before you complain to the Data protection Authority, or if you have any questions relating to data protection, please contact us directly at:
Mayer & Co Beschläge GmbH
Alpenstraße 173
5020 Salzburg
Tel.: +43 662 6196-0
dataprotection@maco.eu
As of: 2 April 2020
