Data protection information SIGMA EOX® app
Responsible authority and data protection officer
Responsible for the SIGMA EOX® app is
SIGMA-ELEKTRO GmbH
Dr. Julius-Leber- Str. 15
67434 Neustadt a.d. Weinstraße
Data Protection Officer: Dennis Glas
You can reach our data protection officer by post at the above address with the addition “Data Pro-tection Officer” or by e-mail at datenschutz@sigmasport.com
Type, purpose and scope of the data collection (relevant legal basis)
In the SIGMA EOX® app you can make the settings described below yourself, so that you can influ-ence the type, purpose and scope of data collection.
1. Start of the app:
With the SIGMA EOX® app you can record and save your e-bike trips and view them directly after-wards.
Prerequisite for recording the trips using the app is an active connection with the e-bike. The con-nection to the e-bike is guaranteed via the EOX® REMOTE 500, a control unit mounted on the bike or the EOX® VIEW 1300. Since the connection is made via BLE, Bluetooth must be enabled on the smart phone.
As soon as the trips are available in the app, you can send them to portals or third parties. This re-quires a connection to third-party portals. You can make this connection in the app and select the portal where you want to share your data.
You can also make general settings for the app, your bike or the user. General settings include, among other things, the date format, time format and units of measure. Settings for the bike in-clude the display settings of the bike computer, as well as the setting up of different training views. User settings include name, year of birth, gender, height, weight and maximum heart rate.
The legal basis for this data processing is Art. 6 para. 1 (b) GDPR with regard to the data collection and processing required for the contractual use. For the rest, the collection and processing of per-sonal data takes place only on the basis of your expressly given consent, thus on the legal basis of Art. 6 para. 1 (a) GDPR.
2. SIGMA CLOUD:
The SIGMA EOX® app loads saved ride, trip and diagnostic data into the SIGMA CLOUD after you have logged in. There the data is processed by partners in the EU who are commissioned by us and contractually engaged by us.
In connection with the SIGMA CLOUD, SIGMA-ELEKTRO GmbH can collect information about your use and the performance of the service. This includes information about your Internet service pro-vider, information about when the software starts, the duration of using the service as well as in-formation about the content used by the service, and the occurrence of technical errors.
The legal basis for these data processing operations is Art. 6 para. 1 (f) GPDR. For the rest, the col-lection and processing of personal data takes place only on the basis of your expressly given con-sent, thus on the legal basis of Art. 6 para. 1 (a) GDPR.
3. User accounts from social networks:
You can create a link to user accounts from social networks such as Strava, komoot, Facebook, Twit-ter, WhatsApp or e-mail. However, we would like to point out that they can gain access to your data through the link. For the nature, purpose and scope of this external data collection and processing, please refer to the privacy policy of the relevant networks.
We are not responsible for data collection and processing in this context, but Google Inc. is, i.e. we do not collect and process personal data, so that we do not need a separate legal basis for this.
4. Videos:
The SIGMA EOX® app offers video tutorials on SIGMA channel on YouTube. The videos are linked, only the preview page of the videos is displayed via a two-click solution. This will only establish a connection to YouTube by transferring the preview screen.
When you play the video, the following data is transmitted to Google as the YouTube operator:
• IP address
• The specific address of the page called up
• The transmitted identifier of the browser
• The system date and time of the visit
• Already existing cookies, by which your browser can be clearly identified
Google Ireland Limited is the sole operator of YouTube for this data collection. For more infor-mation about the data collection and processing by Google Ireland Limited, please see here.
We are not responsible for data collection and processing in this context, but Google is, i.e. we do not collect and process personal data, so that we do not need a separate legal basis for this.
5. Use of analysis tools (Google Analytics)
If you have expressly agreed in our data protection settings (“Accept” button) that we use statisti-cal tools, we use “Google Analytics”, a web analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about your use of the website is usually trans-ferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to evaluate your use of our website, to compile reports on the activities within this website and to provide further services to us in connection with the use of this website and the Internet. Pseudonymous user profiles are created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that your IP address will be shortened by Google beforehand within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address transmitted by your browser is not merged with other personal data by Google or by us.
You can also prevent the use of Google Analytics if you do not agree to the use of the statistics tools when you click on the “Accept” button (privacy settings) displayed at the start of your app use.
You can find further information on data use by Google, setting and objection possibilities on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners and https://support.google.com/analytics/answer/6004245 .
The collected data will be deleted or made anonymous after 14 months.
Because Google Analytics is only used by us if you have expressly agreed to this in our data protec-tion settings (“Accept” button). The legal basis is Article 6 para. 1 (a) GDPR.
We use Crashlytics from Google to collect information about errors and crashes in connection with the app. This allows us to improve the stability and quality of our apps. The crash reports contain app-related information on the device status, device type, operating system, app version, time of the crash, as well as device identification number at the time of the crash.
Provided that they have taken note of the collection of diagnostic data, app crashes are anony-mously transmitted to Crashlytics Inc. and analyzed. The identification of individual app users is not possible.
Storage period
Since the data is only stored locally in your app if you do not decide to use the cloud, we have no influence on the deletion of this data. But you can delete or edit the data stored in your app at any time. So the data is stored on the app until you delete it in the app or until the app is deleted. De-leting the app on your smart phone also automatically deletes the corresponding data.
Access rights (relevant legal basis)
For the app to work, certain access permissions are technically necessary.
Technically conditional access rights for Android up to and including Android version 5.0
• Location query: App shows the current location, which is enabled by you via the appropri-ate device settings
• Bluetooth: Enable the authorization to establish a connection to other SIGMA components and exchange data
• Network access: Information on network status, use of the SIGMA CLOUD and map materi-al
• Background service: Service feature of the app that loads the data and provides the loca-tion even when closed
The legal basis for these data processing operations is Art. 6 para. 1 ( b) GDPR.
Technically conditional access rights for iOS up to and including iOS version 11
• Location query: App shows the current location, which is enabled by you via the appropri-ate device settings
• Bluetooth: Enable the authorization to establish a connection to other SIGMA components and exchange data
• Network access: Information on network status, use of the SIGMA CLOUD and map materi-al
• Background service: Service feature of the app that loads the data and provides the loca-tion even when closed
The legal basis for these data processing operations is Art. 6 para. 1 ( b) GDPR.
Obligation to provide personal data
Basically, the granting of a consent or the provision of personal data when using the SIGMA EOX® app – apart from the technically conditional access authorizations to be granted – is voluntary. If you don’t give consent or provide personal information, it will not generally have any adverse effect on you. However, there are functions that we cannot provide without your consent or the provision of personal data, for example because this personal data is required to perform the function you have requested or to provide the service you have requested. This means that in order to use the app, you must provide the personal data and consent that is necessary for the installation of the app and for the use of the functions of the app that you have requested or that we are legally obliged to collect. Without this data we will usually not be able to offer the services of the app (in full).
Change in purpose
Processing of your personal data for purposes other than those described will only take place if a legal provision allows this or if you have consented to the revised purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before further processing and provide you with all other relevant information.
Non-existence of an automated decision-making including profiling
We do not use automated decision-making including profiling according to Art. 22 GDPR.
Your rights as the affected party
Right to information
You have the right to request from us any time information about the personal data processed by us in the scope of Art. 15 GDPR by post or e-mail to datenschutz@sigmasport.com. We will then provide you with a copy of the personal data that is the subject of the processing in accord-ance with Art. 15 para. 5 GDPR. For this you can submit an application by post or by e-mail to the address given above.
Right to rectify/complete incorrect data
You have the right to request immediate correction or completion of personal data concerning you if it is incorrect. Please contact the above-mentioned addresses.
Right to delete
You have the right to demand the deletion of your personal data under the conditions described in Art. 17 GDPR. In particular, these requirements provide for a right to delete if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, and in cases of unlawful processing, the right to object or obligation to delete under Union law or the law of the Member State to which we are subject. To assert your right, please contact the below-mentioned addresses.
Right to restriction of processing
You have the right to demand from us that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between you and us, for the period of time required to verify correctness, and in the case you ask for limited processing instead of deletion in the case of an existing right of deletion; and furthermore in the event that the data is no longer required for the purposes we are pursuing, but which you or us require in or-der to assert, exercise or defend legal claims, and if the successful exercise of an objection be-tween you and us is still disputed. To assert your right, please contact the below-mentioned ad-dresses.
Right to data portability
You have the right to receive from us the personal data relating to you which you have provided to us in a structured, standard, machine-readable format in accordance with Art. 20 GDPR. To assert your right, please contact the below-mentioned addresses.
Right to object
You have the right at any time, for reasons arising out of your particular situation, to object in ac-cordance with Art. 21 GDPR against the processing of personal data relating to you on the basis of Art. 6 para. 1 (f) GDPR (“legitimate interests”). We will then stop the processing of your personal information, unless we can demonstrate compelling legitimate grounds for processing that out-weigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exer-cising or defending legal claims. You can send your objection by post or e-mail to our data protec-tion officer, whose contact details are given above.
Right to lodge complaints to a data protection supervisory authority
You have the right to lodge a complaint with our Data Protection Officer (contact details above, at the beginning of this Privacy Policy) or with a data protection supervisory authority. The contact details of the responsible data protection supervisory authority are as follows:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Prof. Dr. Dieter Kugelmann
Hintere Bleiche 34
55116 Mainz
As at: 12.03.2020