Privacy policy for the Serea smartphone app

This app is operated by pewag Schneeketten GmbH, Gaslaternenweg 4, 8041 Graz (“we” or “us”). This notice describes how we, as the controller, process your personal data in connection with this app.
In this privacy policy, we explain what we do with the data we have collected about you via this app. We recommend that you read this document carefully.

We comply with the legal requirements when processing data. This means, among other things
• We clearly state the purposes for which we process personal data. This is done through this privacy policy.
• We aim to limit our processing of personal data to only that personal data which is required for legitimate reasons.
• We will first obtain your explicit consent if this is necessary in order to process your personal data.
• We take appropriate security measures to protect your personal data and require the same from parties who process personal data on our behalf.
• We respect your right to information, correction or deletion of your personal data.

If you have any further questions or would like to know what personal data we hold about you, please contact us at dataprotection(at)pewag.com.

1. Purpose, data and retention period

We process personal information for a number of purposes in connection with our business, including the following.

1.1 Registration

To use the app, you need an account. This in turn is necessary to ensure that you can create and manage your lock. We store this data to ensure that you can operate your lock and, if you need support, we can provide you with the information you need immediately.

We process the following data for this purpose:
• Email : Linked to the user, app functionality (login/user contact, identification of user)
• UserName: Linked to the user, app functionality (display user name)
• Profile/image: Linked to the user, app functionality (display image for unlock actions/sharing) OPTIONAL
• Language and country: Linked to the user, app functionality (language of emails)
• Push notification token: Linked to the user, app functionality (sending push messages) OPTIONAL

The legal basis
The processing of the data that you voluntarily provide to us is based on your consent in accordance with § 107 TKG and Art. 6 para. 1 lit. a GDPR.

Data recipient
Your personal data will be processed in accordance with the applicable data protection regulations by our responsible departments, such as IT and customer service, which need it to achieve the above-mentioned purpose. This data is stored on a Google Cloud server in Frankfurt and is only accessible to us and our app development partner Ascent in Graz, Austria.

Third country transfer
There is no data transfer to countries outside the EU and the EEA.

Retention period
We delete or anonymize your personal data as soon as it is no longer required for the purposes for which it was collected and processed and provided that no other legal obligations require further storage.

1.2 Using the app

When you use the app, certain data is processed and stored by us. This is particularly the case when you add a lock, open a lock and share a lock. We need to store this data to ensure that you can use your lock without any problems. We also store this data in case you need support.
We process the following data for this purpose:

1.2.1 Add lock

• ID: The ID number of the lock
• Hardware Lock ID: The serial number of the lock
• Nick Name: The default name of the lock
• Add time: When the lock was added to the account (date and time)
• Update time: When the lock has been updated by the user.
• Lock Key: the password of the lock

1.2.2 Split lock

• Lock recipient: Link to the other registered user with whom the access is shared
• ID: The ID number of the lock
• Addition time: The timestamp of when the lock was split
• Time frame of sharing: period in which the lock is shared
• Whether the recipient has accepted the sharing

1.2.3 Unlocking the lock

• Opening time: The time stamp when the lock was opened
• Initiator: The ID number of the person who unlocks the lock
• Lock ID: The ID number of the lock
• GPS: The longitude and latitude information OPTIONAL

The legal basis
The processing of the data that you voluntarily provide to us is based on your consent in accordance with § 107 TKG and Art. 6 para. 1 lit. a GDPR.

Third country transfer
There is no data transfer to countries outside the EU and the EEA.

1.3 Contact form

If you use the contact function in the app to contact us with a support request, some data is automatically sent to our responsible support team. This data is required in order to easily recognize and reconstruct errors and thus provide you with the desired support.

We process the following data for this purpose:

• Email : Linked to the user, app functionality (login/user contact, identification of user)
• UserName: Linked to the user, app functionality (display user name)
• Message: The message you send us

You have the option to decline the following information, but we recommend that you leave this option checked to make it easier for us to provide you with the right solution:

– osVersion -Brand
– device -host
– Manufacturer
– Model
– Product
– Platform
– App Name
– Version
– Build number

The legal basis
The processing of the data that you voluntarily provide to us is based on your consent in accordance with § 107 TKG and Art. 6 para. 1 lit. a GDPR.

Third country transfer
There is no data transfer to countries outside the EU and the EEA.

1.4 Google Analytics for Firebase and Firebase Crashlytics

We use Google Analytics for Firebase and Firebase Crashlytics to improve our services and for statistical purposes. Data is collected on the frequency and type of use, including a device identifier. Data is transmitted in pseudonymized form for this purpose, which excludes a direct personal reference.

The legal basis
Your e-mail address is processed on the basis of your consent in accordance with § 107 TKG and Art. 6 para. 1 lit. a GDPR.

Data recipient
The pseudonymized data is transmitted to Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and is accessible to us and our app development partner Ascent in Graz, Austria, as well as to Google itself.
The IP address of this data is shortened, i.e. the last octet of the IPv4 addresses is replaced by zeros and the last 80 bits of the IPv6 variant are replaced by zeros. In this way, your exact location is not sent to Google. The information sent to Google is used to analyze the Serea app. In addition to us, Google can also access this data and possibly pass it on to third parties.
This option is 100% optional and by giving your consent you also accept that Google will use this data in the manner described. You can revoke your consent at any time in the app settings.

Third country transfer
Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 4043, USA Data.

Retention period
Device identifiers are stored for a period of 14 months and then deleted.

1.5 Google Firebase cloud messaging

To be able to send you push notifications, we use Google Firebase Cloud Messaging as a third-party provider. If you accept this service, Firebase uses an “installation ID” to determine which device to send the push notification to.

We process the following data for this purpose:

• Installation ID: these tokens that help to identify the device

The legal basis
Your e-mail address is processed on the basis of your consent in accordance with § 107 TKG and Art. 6 para. 1 lit. a GDPR

Third country transfer
Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 4043, USA Data.

Retention period
Google Firebase stores Firebase installation IDs until the Firebase customer makes an API call to delete the ID. After the call, the data is removed from the live and backup systems within 180 days.

2. data processing and storage

We take all possible measures to ensure that your data is stored securely and that unauthorized access to the data is not possible. All information collected is stored on our own servers or on those of partners who are committed to the same appropriate level of data protection.

3. your rights in relation to data processing

In principle, you have the right to information, rectification, erasure, restriction of processing, data portability, withdrawal of consent and objection.
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the competent national supervisory authority.

• The list of the respective national supervisory authorities can be found at: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
• In Austria, this is the Austrian Data Protection Authority (https://www.dsb.gv.at/kontakt).
You can reach us using the following contact details:
• pewag International GmbH, Gaslaternenweg 4, 8041 Graz
• dataprotection(at)pewag.com