Effective Date: 01.03.2024
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other data protection acts of the Member States as well as other data protection provisions is:
Tintometer GmbH
Schleefstraße 8-12
44287 Dortmund
Germany
Tel.: +49 231 94510-0
Email: info@lovibond.com
Website: www.lovibond.com
Tintometer® GmbH operate the Lovibond® PoolAssistant mobile application. This Privacy Policy outlines how we collect, use, and disclose information when you use the App. By using our app you agree to terms outlined in this privacy policy.
Name and address of the data protection officer
The data protection officer of the controller is:
TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy
Am TÜV 1
45307 Essen
Tel. 0201 - 8999-899
Fax 0201 - 8999-666
Email: privacyguard@tuvit.de
II. Interpretations and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our Service or parts of our Service.
Application refers to Lovibond® PoolAssistant, the software program provided by the Company.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Tintometer GmbH.
Country refers to Germany
Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the Application.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
III. Description and Scope of data processing
1. Information We Collect
A. Information You Provide
If you choose to register and use our cloud services, we collect the following types of Personal Information directly from you.
• Personal information such as email address, password when creating an account.
• User-generated content and preferences such as:
o Your Pool/whirlpool information
o Location information
o Measurement data
o App settings & preferences
o Other related information entered by user.
App registration is optional. We do not collect this information if You choose to use the Service without registering or using our cloud-based Services.
B. Automatically Collected Information
We may use third-party providers and products including Google Firebase Authentication, Firestore, App Check, and Analytics. When you use and interact with the Service, these services automatically receive certain usage data and information about your device, browser, and/or activity. This data may include:
• Device and usage/analytics information. Our Service may record information about the device you use to connect to our Services and your usage of the Services, including but not limited to your device’s IP address, the type of mobile device You use (including OS version, name, model, brand, and form factor), your mobile device unique ID, the time and date of Your visit, the time spent on those pages, and unique device identifiers and other diagnostic data.
C. Information Collected with your prior permissions
While using Our Application, in order to provide features of our Application, We may have access to certain information, with your prior permission:
• Information regarding your location
• Pictures and other information from your Device's camera and photo library
You can enable or disable access to this information at any time, through Your Device settings.
2. How We Use Your Information
We use the collected information for the following purposes:
• Provide and manage the Service. We use your Personal Information to provide and improve the App's features and functionality.
• Provide customer support. We use your Personal Information to respond to your customer support communications and inquiries and assist you in your use of the Service.
• Identify trends and improve the Service. We use your usage and analytics data to detect, prevent, and address technical issues. We may also use this information to test or implement new features or Services.
• As otherwise necessary or appropriate. We use third party providers and Services which may require Personal and/or Usage information to provide, maintain and improve these services, to maintain security, and prevent fraud.
3. Legal basis for the processing of personal data
In cases where we obtain the consent of the data subject to the processing of their personal data, Article 6(1)(a) of the EU Data Protection Regulation (GDPR) shall form the legal basis for the processing of personal data.
The legal basis for processing personal data that is necessary for the performance of a contract to which the data subject is party is Article 6(1)(b) GDPR. This also applies to processing required for the performance of pre-contractual measures.
The legal basis for processing personal data that is necessary for compliance with a legal obligation to which our company is subject is Article 6(1)(c) GDPR.
Where the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR shall form the legal basis.
Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR shall form the legal basis.
4. Erasure of data and retention period
We may use third-party Services including Google’s Firebase Analytics to collect anonymous analytics data to improve the user experience and enhance functionality of our app. If users choose to delete their account, the user-level data which is associated with user identifier such as user ID is retained for a period of 2 months. The anonymous and aggregated data which does not directly identify individuals and is used solely for statistical and analytics purposes may still be retained for the aforementioned purposes.
5. Information Sharing
Your information may be shared with Google who assist us in operating our app or providing services to you. Our App uses Google’s Firebase Services and information may be transferred, stored, and processed in accordance with Google's Privacy Policy. For more information, please visit Google Firebase Privacy Policy:
https://firebase.google.com/support/privacy?hl=en
6. Data Security
The security of Your Personal Data is important to us. We employ reasonable administrative, physical, and technical measures which are commercially available to safeguard and protect Personal Information under our control from unauthorized access, use, and disclosure.
We use Google Firebase services to manage, process and protect your information. See more information about Firebase Data Processing and Security Terms:
https://firebase.google.com/terms/data-processing-terms?hl=en#7.-data-security
IV. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR, and are entitled to exercise the following rights vis-à-vis the data controller:
1. Right to information
You may request confirmation from the controller as to whether we are processing personal data concerning you.
If such processing is taking place, you may request the following information from the controller:
• the purposes for which the personal data is being processed;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data held on you has been or will be disclosed;
• the period for which the personal data held on you will be stored, or if that is not possible, the criteria used to determine that period;
• the existence of the right to request from the controller rectification or erasure of the personal data held on you or restriction of processing or to object to processing;
• the existence of the right to lodge a complaint with a supervisory authority;
• all available information about the origin of the data if the personal data has not been obtained from the data subject;
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and 22(4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged
• consequences of such processing for the data subject.
You are entitled to request information about whether the personal data held on you will be transferred to a third country or international organisation, whereby you may also request confirmation that appropriate safeguards are in place with respect to this transfer in accordance with Article 46 GDPR.
2. Right to rectification
You have a right to obtain from the controller the rectification and/or completion of the processed personal data held on you if it is incorrect or incomplete. The controller shall perform the correction without undue delay.
3. Right to restriction of processing
You may request the restriction of processing of the personal data held on you if:
• the accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
• you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject
• Where the processing of the personal data held on you has been restricted, this data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
• Where you have obtained restriction of processing pursuant to the aforementioned requirements, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
• The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
• You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
• The personal data concerning you has been unlawfully processed.
• The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
• The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR
b) Notification of third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary:
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to under a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defence of legal claims
5. Right to notification
If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You are entitled to request that the controller informs you about those recipients.
6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:
• the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
• the processing is carried out by automated means
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdrawal of the declaration of consent under data protection law
You are entitled to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
• is necessary for entering into, or performance of, a contract between you and the data controller;
• is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
• is based on your explicit consent
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
V. Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us.
VI. Links to Other Websites and Applications
Our application may contain links to our website. In this case, please visit our Company’s privacy policy. If you choose to export your data via third party sources (e.g. WhatsApp, Email, Drive, Outlook etc.), we strongly advise you to visit their privacy policy before sharing your data. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
VII. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in our practices. We will notify you of any material changes through the App or other means.
VIII. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at poolassistant@lovibond.com