Sartorius Service Connect App Privacy Notice
Status: March 2021
Preamble
Protecting the security and privacy of your personal data is important to Sartorius Lab Instruments GmbH & Co. KG, Otto-Brenner-Strasse 20, 37079 Goettingen, Germany ("Sartorius"). Therefore, Sartorius operates the Service Connect App ("App") in compliance with applicable laws on data protection and data security.
In the following, we inform you about the processing of personal data when using our App. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
The data controller in the meaning of the General Data Protection Regulation (GDPR) for the processing activities described in this Privacy Notice is:
Sartorius Lab Instruments GmbH & Co. KG, Otto-Brenner-Strasse 20, 37079 Goettingen, Germany, e-mail: info@sartorius.com
Before you can install this App, you may need to enter into a usage agreement with an App Store operator (e.g. Google, Apple) to access its portal (e.g. Google Play, Apple App Store - "App Stores"). The App Store operator collects and processes data in connection with the use of the App Store, such as user name, email address and individual device identification number as the responsible party. We process the data only to the extent necessary to download the App to your device. We are not party to the usage agreement with the App Store operator and have no influence on its data processing. In this respect, the privacy policy of the respective App store operator applies.
When visiting and using the App, Sartorius processes the following personal data:
- 3.1 Information that is collected automatically
As part of your use of the App, we automatically collect certain data that is required for the use of the App. This includes: internal device ID, version of your operating system, time of access.
This data is automatically transmitted to us but is not stored in order to
- Provide you with the Service and related features;
- Improve the functions and performance features of the App and
- Prevent and eliminate misuse and malfunctions.
This data processing is justified on the grounds that (1) the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 (1) (b) GDPR for the use of the App, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service that is in line with the market and interests, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) GDPR.
- 3.2 Use of the App
Within the scope of the App, you can enter, manage, and edit various information, tasks (e.g. Service Request), and activities (e.g. Instrument Manager). This information includes, in particular, Contact Data (First Name, Last Name, E-mail Address, Phone Number) as well as Company Data (Company Name, Customer Number, Business Address) and Instrument Data (Instrument Name, Model No., Serial No. etc.)
The data you enter is initially only stored locally on your device. Only when you send us a request will this also be transmitted to us and used to
- Enforce the terms of use of the App and all rights and obligations associated therewith; and
- Contact you to send you technical or legal notices, updates, security messages, or other messages regarding, for example, the administration of the user account.
This data processing is justified on the grounds that (1) the processing is necessary for the performance of the contract between you as a data subject and us pursuant to Art. 6 (1) (b) GDPR for the use of the App, or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App, which here outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) GDPR.
Certain functions of this App can only be used if the corresponding permissions are granted. Permissions are interfaces to the operating system of your end device, through which the App can access data stored on your end device.
The App works with the following permissions:
- Internet access: to store your entries on our servers;
- Access to device's file manager and image gallery: to upload images use some functions of the App;
- Location: To record the geographical position of your device as part of your request;
- Access to device's camera: To capture images for problem messages
You can manage and disable permissions within the settings of your operating system. Please note that after deactivating a permission, you may no longer be able to use all of the App's features.
In addition to the cases explicitly mentioned in this Data Protection Notice, your personal data will only be transferred or disclosed without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.
Where the below list states that we rely on our legitimate interest for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity.
- Internal administrative purposes including customer service
The data provided by you during registration will be shared within our affiliated Sartorius companies for internal administrative purposes, including joint customer support, to the extent necessary.
Any disclosure of personal data is justified on the grounds that we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) GDPR are not overridden.
- Safeguarding of rights
If it is necessary to investigate illegal or improper use of the app or for legal prosecution, personal data will be disclosed to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.
Any disclosure of the personal data is justified on the grounds that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 (1) (f) GDPR in conjunction with. national legal requirements to disclose data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) GDPR do not override.
- Service providers
To provide our service, we also use contractually affiliated companies of the Sartorius Group as well as third-party companies and external service providers as service providers, so-called data processors, e.g. for hosting or IT maintenance and support services. These process the data on behalf of and according to the instructions of Sartorius and have been contractually obligated to comply with applicable data protection law.
Any disclosure of personal data is justified on the grounds that (1) we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) GDPR do not override and (2) we have carefully selected our third-party companies and external service providers as processors within the framework of Art. 28 (1) GDPR, regularly reviewed them and contractually obliged them to process all personal data exclusively in accordance with our instructions.
- Corporate transactions
As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Notice and applicable data protection law.
Any disclosure of personal data is justified on the grounds that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) (f) GDPR are not overridden.
If you are located within European Economic Area, please be aware that sometimes the recipients to whom Sartorius transfers or discloses your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country.
In such cases and if required by applicable law, Sartorius takes measures to implement appropriate and suitable safeguards for the protection of your personal data. Personal data will only be transferred to recipients in such countries if these recipients have:
- implemented Binding Corporate Rules ("BCR") for the protection of personal data;
- entered into EU Standard Contractual Clauses with Sartorius.
Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply with legal obligations.
Under European Union or European Economic Area law, you may have the right:
- Obtain from Sartorius confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
- Obtain from Sartorius the rectification of inaccurate personal data concerning you;
- Obtain from Sartorius the erasure of your personal data;
- Obtain from Sartorius restriction of processing regarding your personal data;
- Data portability concerning personal data, which you actively provided; and
- Object, on grounds relating to your particular situation, to processing of personal data concerning you.
- revoke your consent to the processing of your personal data with effect for the future at any time, i.e. the revocation does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation; and
- file a complaint with a state supervisory authority (e.g. the State Commissioner for Data Protection of Lower Saxony) about the processing of your data.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Art. 6 (1) (f) GDPR, in accordance with Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
If you have any questions or comments about our processing of your personal data, or if you wish to exercise the above rights as a data subject, please contact the Sartorius Data Protection Officer and the Sartorius Data Protection Organization at dataprotection@sartorius.com.
You also have the right to contact the competent data protection authority with your request or complaint. The competent data protection authority is:
State Commissioner for Data Protection of Lower Saxony (LfD), Prinzenstrasse 5, 30159 Hannover, Germany, +49 511 120 4500, poststelle@lfd.niedersachsen.de.
To use this App, you must be at least 16 years old.
This Privacy Notice is reviewed at regular intervals and updated as necessary. The date of the last update is indicated at the top of this Privacy Notice.