Privacy policy for ViStart (Germany)

Basic Information

We, Viessmann Werke GmbH & Co. KG (hereinafter referred to as "Viessmann" or "we") as part of the Viessmann Group, take the protection of your personal data very serious and adhere strictly to the rules of the currently applicable data protection laws. This includes in particular the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: "GDPR")).

The following declaration gives you an overview of how we guarantee data protection in the ViStart application, what type of data is collected and processed for what purpose and on what legal basis.

Responsible body within the meaning of the German Federal Data Protection Act (Bundesdatenschutzgesetz (“BDSG”)/ an GDPR:

Viessmann Werke GmbH & Co. KG
Viessmannstraße 1
D-35108 Allendorf (Eder)
Phone: +49 6452 70-0
Fax: +49 6452 70-2780
E-mail: info@viessmann.com
 

Scope

Scope of the data protection declaration

This privacy policy applies solely to the ViStart ("App") application. Apps from Viessmann may contain links to websites of other providers which are not covered by this data protection declaration.

Processing within the Viessmann Group

The following entities of the Viessmann group process personal data on behalf of us, the Viessmann Werke GmbH & Co. KG:

  • Viessmann Deutschland GmbH for sales and marketing purposes
  • VC/O GmbH for the operation of websites, apps and marketing
  • Viessmann IT Service GmbH for the operation of backend systems

The data collected may be processed or passed on to other group companies of the Viessmann Group if:

  • You have expressly consented to this and informed us elsewhere (e.g. in the app),
  • it is necessary for the purpose and division of labour within the Viessmann Group; corresponding contractual agreements have been concluded within the Viessmann Group for this purpose,
  • the data are made available pseudonymised by the responsible body and the responsible body guarantees that the commissioned group company cannot de-pseudonymise these data, or
  • the data is stored anonymously by the responsible body and the data thus stored is no longer subject to data protection regulations.

Personal data is sent to and processed by Viessmann Group companies on the basis of legitimate interest (Art. 6 Para. 1 Sentence 1 lit. f GDPR). The legitimate interest of the Viessmann Group consist in the efficient division of labor and the conduction of work by specialized parts of the company.

Principles of data processing by the Apps

The data collected through the apps or entered by you in the context of the use of the apps is used for the purposes explained in this data protection declaration and by us. 

Deletion and blocking

The deletion of the stored personal data takes place if you revoke your consent for storage, if the data are no longer necessary for the fulfilment of the purpose pursued with the storage or if their storage is inadmissible for other legal reasons. Insofar as a statutory retention period orders this, data will not be deleted, but blocked for other uses. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR. Anonymised data are not necessarily deleted.

Transfer to third countries

The companies of the Viessmann Group process/transmit the data you provide at locations in Germany and the European Union. Processing to third countries only takes place if this has been explicitly pointed out. If data is transferred to third countries, only data recipients in third countries will be selected who have an adequate level of data protection in accordance with Article 45 GDPR or offer suitable guarantees in accordance with Article 46 GDPR.

Automatic data processing when calling the apps

We automatically process data in so-called server log files, which the apps transmit to our servers. The following data is automatically stored in server log files:

  • Used operating system of the mobile device
  • The IP address of your mobile device
  • Time of the server request
  • Device ID of the mobile device

On the one hand, this is technically necessary for the operation of the apps and for the purpose of providing all functions of the apps.

IP address

The IP address is the globally valid identification of the source of your Internet access at the time of allocation by your Internet provider. It consists of four digit blocks separated by dots ("IPv4"), or is extended by additional digits ("IPv6"). In most cases, as a private user you will not use a constant IP address, as this is only temporarily assigned to you by your provider (so-called "dynamic IP address"). In the case of a permanently assigned IP address (so-called "static IP address"), it is in principle possible to clearly assign the user data using this feature. Except for the purpose of tracking unauthorised access to our website, we do not use this data to identify you personally. Instead, we simply evaluate on an anonymous basis which of our websites are the most popular, how many hits are made each day and similar data.

Legal basis

On the other hand, personal data of the server log files are processed on the basis of Art. 6 para. 1 lit. f DSGVO. This authorisation allows the processing of personal data within the scope of the "legitimate interest" of the responsible person, unless your fundamental rights, freedoms or interests prevail. Our legitimate interest lies in making administration easier and in the possibility of detecting and prosecuting hacking. You can object to this data processing at any time if there are reasons which exist in your particular situation and which speak against data processing. For this purpose, an e-mail to the data protection officer is sufficient. Our justified interest follows from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

Storage period

The server log files with the above data are automatically deleted after 30 days or anonymized if used for statistics. We reserve the right to store the server log files for a longer period of time if facts exist which suggest the assumption of unauthorized access (such as an attempt at hacking or a so-called DDOS attack).

Data processing in the context of communication with a heat generator

The purpose of the apps is to commission a Viessmann heat generator.

  1. As soon as a heat generator has been activated via the corresponding communication component with your app, its initial configuration and operating data (summarised as "heating data") are processed within the app. The app reads the data and makes them available, as well as functions based on these data. The legal basis for this is Art. 6 para. 1 sentence 1 b GDPR.
  2. The data is used to provide the app functions, to generate push messages (e.g. notes, maintenance, malfunctions), to increase plant operational reliability, to improve plant efficiency and to eliminate malfunctions. The legal basis for this is Art. 6 Para. 1 Sentence 1 b GDPR. The data is also used to improve service and system development. The legal basis for this is Art. 6 para. 1 sentence 1 f GDPR. Our legitimate interest lies in the improvement of service and system development.
  3. The data is used and possibly passed on in completely anonymous form for the purpose of increasing plant operational safety, improving plant efficiency, eliminating faults and improving service and plant development by other companies in the Viessmann Group and third parties. Anonymised means that it is not possible for third parties and Viessmann to assign plant data to your person and cannot subsequently assign it to you again. Personal data (e.g. name, address, plant user) will not be passed on.

General information and regulations for Viessmann Apps

Use of Firebase

Viessmann uses the Firebase analysis tool from Google LLC in the apps to analyze your behavior when using the apps. The data provided and used is collected and stored completely anonymously. These data are stored after complete anonymization in the USA. In this context, personal data is also transferred to the USA, although Google LLC is registered under the Privacy Shield to compensate for the lack of data protection in the USA (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The legal basis for this is Art. 6 para. 1 f GDPR. Our legitimate interest lies in the analysis of the use of our apps and the improvement and further development of the apps. You can prevent the transmission of the data generated by Firebase (including your IP address) to Google and the processing of this data by Google by removing the "tick" from the "Firebase/Fabric/Crashlytics" checkbox in the app menu with a click or a touch ("Opt-Out").

Use of Fabric

Viessmann uses the developer tool Fabric from Google LLC in the apps to evaluate the usability and interaction of the user within the app. The data provided and used are collected and stored completely anonymously. In this context, personal data is also transferred to the USA, although Google LLC is registered under the Privacy Shield to compensate for the lack of data protection in the USA (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The legal basis for this is Art. 6 para. 1 f GDPR. Our legitimate interest lies in the analysis, further development, improvement, optimization and assurance of the security of the app. You can prevent the transmission of the data generated by Fabric (including your IP address) to Google and the processing of this data by Google by removing the "tick" from the checkbox "Firebase/Fabric/Crashlytics" in the menu of the app with a click or a touch ("Opt-Out").

Use of Crashlytics

For the evaluation of error messages the app uses the tool Crashlytics from Google LLC. This tool provides information on the use of the app as well as useful information on unforeseen crashes or other malfunctions of the application and helps Viessmann to correct any errors. In this context, personal data is also transferred to the USA, although Google LLC is registered under the Privacy Shield to compensate for the lack of data protection in the USA (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The legal basis for this is Art. 6 para. 1 f GDPR. Our legitimate interest lies in the analysis, further development, improvement, optimization and assurance of the security of the app. You can prevent the transmission of the data generated by Crashlytics (including your IP address) to Google and the processing of this data by Google by removing the "tick" from the "Firebase/Fabric/Crashlytics" checkbox in the app menu with a click or a touch ("Opt-Out").

Use of cookies for authentication

The apps use cookies, i.e. text files that are created each time the user logs in to authenticate the user, stored on the end device and deleted from the user account when the user logs out. The legal basis for this is Art. 6 Para. 1 b GDPR, data processing is necessary for the execution of the contract with you.

Information on the rights of data subjects

This part of the Privacy Policy provides additional information about the exercise of your rights as a data subject against us. The exercise of your rights, e.g. deletion, restriction of processing, can lead to a restriction of app functionalities up to non-usability.

Your identity

In order to comply with the rights of data subjects under the GDPR, it may be necessary for us to request further information to prove your identity in cases of personal data collected on the basis of contractual relationships, on a random basis or in the case of justified doubt. This is particularly the case if a request for information is in electronic form, but the sender's details do not allow any conclusion to be drawn as to a natural person concerned.

You have the right

  • to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected from us, as well as the existence of an automated decision-making process including profiling and, where applicable, meaningful information on its details;
  • to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Article 16 GDPR;
  • to demand the deletion of your personal data stored by us pursuant to Article 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • to demand the restriction of the processing of your personal data pursuant to Article 18 GDPR insofar as the accuracy of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to Article 21 GDPR;
  • to receive, in accordance with Article 20 GDPR, the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another responsible party;
  • to object, pursuant to Art. 21 para. 1 GDPR, to data processing based on Art. 6 para. 1 sentence 1 lit. f GDPR ("legitimate interests") if there are reasons arising from your particular situation (as compared to the other persons whose data are processed); if processing based on Art. 6 para. 1 sentence 1 lit. f GDPR is carried out for advertising purposes, you may object ("opt-out") at any time without stating reasons.

    To exercise these rights, please contact us:

    Data Protection Officer of the Viessmann Group
    Viessmannstrasse 1
    D-35108 Allendorf (Eder)
    Phone: +49 6452 70-0
    Fax: +49 6452 70-2780
    E-mail: datenschutz@viessmann.com
  • to complain to a supervisory authority pursuant to Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, the registered office of the partner company or the Viessmann registered office.

    Competent supervisory authority
    The Hessian Data Protection Commissioner
    P.O. Box 3163
    D-65021 Wiesbaden, Germany
    Phone: +49 611 1408-0
    Fax: +49 611 1408-900
    E-mail: poststelle@datenschutz.hessen.de

Contact details

Your trust is important to us. Therefore we would like to answer your questions regarding the processing of your personal data at any time. If you have any questions that are not answered by this data protection declaration or if you would like more detailed information on a specific point, please contact us:

Contact details of the data protection officer:

Data protection officer of the Viessmann Group
Viessmannstrasse 1
D-35108 Allendorf (Eder)
Phone: +49 6452 70-0
Fax: +49 6452 70-2780
E-mail: datenschutz@viessmann.com

Competent supervisory authority
The Hessian Data Protection Commissioner
P.O. Box 3163
D-65021 Wiesbaden, Germany
Phone: +49 611 1408-0
Fax: +49 611 1408-900
E-mail: poststelle@datenschutz.hessen.de

Security advice

We make every effort to store your personal data in such a way that it is inaccessible to third parties by using all technical and organisational means at our disposal. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send confidential information by post.

ViStart DE_en Version 1.0 (2018- 07-25)