Privacy Policy for the “JUWEL Smart” platform by JUWEL Aquarium AG & Co. KG

JUWEL Aquarium AG & Co. KG undertakes to protect your privacy. This data protection statement outlines our practices with regard to confidentiality of personal data that we process based on your individual use of the “JUWEL SmartCam” underwater camera and the related mobile application “JUWEL Smart”.

1.    General information
The term “personal data” used in this data protection statement refers to information that can be used to identify a person, either based on this information alone or based on the information combined with other information that we have access to through the person. The term “smart devices” refers to non-standard computing devices made by hardware producers that are equipped with man-machine interfaces and are able to transmit data and to wirelessly connect to a network. Such devices include smart household devices, smart portable devices, smart air cleaning devices, etc. The term “apps” refers to mobile applications developed by JUWEL Aquarium that enable consumers to remotely control smart devices and to access the JUWEL Smart-IoT platform.

2.     Name and contact details of the data controller and data protection officer
This data protection information shall apply for data processing performed by JUWEL Aquarium AG & Co. KG, Karl-Göx Str. 1, 27356 Rotenburg, Germany (“data controller”) in the context of the JUWEL Smart app and the corresponding JUWEL SmartCam underwater camera. The data protection officer for JUWEL Aquarium is available via the address indicated above, for the attention of the Data Protection Division, or via privacy@juwel-aquarium.de.

3.    Types of personal data we collect
The following personal data is collected in the context of using the underwater camera and the corresponding JUWEL Smart app:
a)    Information that we collect automatically

• Device information: If you interact with our product, we will automatically collect device information, such as your devices’ MAC address, IP address, information about the WiFi connection, operating system type and version, version no. of the application, push notification settings, log files and information about the mobile network.
• Usage data: When you interact with our sites and services, we automatically collect usage data regarding visits, clicks, downloads, messages sent/received and other forms of use of our sites and services.
• Log data: System and exception handler logs may be uploaded if you use our app.
• Location information: We can collect information about your precise or approximate geo-position in real time if you use our app.

b)    Account or profile data
If you register an account with us, we will collect your email address or phone number. You may indicate a user name and upload a profile picture, but this is not mandatory. If you interact with our products, we will also register your country code, your language preference and your time zone to your account.

c)    Feedback / reporting a problem
When using the feedback and recommendation functions of our products, we will collect your email address, your mobile phone number and the content of your feedback, to allow us to handle your problems and to find solutions for device faults in a timely manner.

d)    Using the underwater camera
If you use our underwater camera with the JUWEL Smart app on an mobile device, images and videos are saved to the app’s gallery. For a duration of 30 days, these images / videos are also stored on an AWS server in Frankfurt.
JUWEL Aquarium does not have access to the camera and the stored recordings.

e)    Information about smart devices

• Basic information about smart devices: If you connect smart devices to our products or services, we may collect basic information about your smart devices, such as the device name, device ID, online status, activation period, firmware version and updating information.
• Information transmitted by smart devices: Depending on the respective smart devices that you use to access our products or services, we may collect different types of information that is transmitted by your smart devices.

4.    Purposes and legal bases for processing personal data
Your personal data is processed for the following purposes:
a)    Service provision
We process your account and profile data, device information, usage data, location information and information in relation to smart devices to provide our products or services that you have requested or purchased. The legal basis for this processing is the purpose to perform our contractual duties in line with our terms and conditions.

b)    Improving our services / statistical analyses
We process your device information, usage data, location information and information in relation to smart devices to ensure our products’ functionality and security, to further develop and improve our products and services, to analyse the effectiveness of our activities, and to avoid and monitor any fraudulent or improper use. The legal basis to cover such processing is our legitimate interest to improve our products and ensure their security.

c)    Non-commercial communication
We process your personal data in order to send you information about the services, any changes to our terms and conditions and guidelines, and/or other administrative information. Such information may be important, and you can therefore not reject to receive such communication. The legal basis for this processing is the purpose to perform our contractual duties in line with our terms and conditions.

5.    Forwarding of data to third parties
In general, your data is not transmitted to third parties, unless we are legally obliged to do so, forwarding of data is required to implement the contractual relationship, or you have previously given your explicit consent to the forwarding of your data.
External service providers and partner companies such as IT service providers will only receive your data if this is necessary to fulfil our contractual duties. In such cases, the scope of the data transmitted is restricted to the necessary minimum, however. Should our service providers come into contact with your personal data, we ensure within the scope of the order processing, and in accordance with Article 28 of the GDPR, that these providers observe the regulations contained in the data protection legislation in the same manner. Please also note the respective data protection information offered by the providers. The respective service provider is responsible for the content of external services, whereby within reason, we conduct a check of the services with regard to the observance of the statutory requirements.
It is important to us that your data is processed within the EU / EEA. However, it may occur that we use service providers who process data outside the EU /EEA. In such cases, we ensure that before your personal data is transferred, an adequate degree of data protection is provided at the recipient. This means that via EU standard contracts or an adequacy ruling, such as the EU Privacy Shield, a data protection level is achieved that is comparable to the standards within the EU.

6.    Your rights
a)     Overview
In addition to the right to withdraw any given consent, you have the following rights, provided that the respective legal requirements are met:

• The right to receive information about your personal data stored with us
• The right to have any incorrect data corrected or to have correct data completed
• The right to have your data stored with us erased, provided that no legal or contractual retention periods or any other legal duties or rights regarding further storage must be complied with
• The right to have the processing of your data restricted
• The right to data portability
• The right to file a complaint with a supervisory authority

b)     Right to object
Subject to the conditions outlined in Article 21, Section 1 GDPR, data subjects may object to processing of their data for reasons that arise due to the data subject’s particular situation.

The general right to object indicated above applies to all processing purposes described in this data protection information and any processing based on our legitimate interests. Pursuant to the GDPR and unlike in the case of the special right to object that refers to data processing for advertising purposes, we are only obliged to observe such general objection, if you state reasons of overriding importance.

7.    Security
We use financially reasonable physical, administrative and technical security measures to safeguard the integrity and safety of your personal data. Our service provider implements a range of security strategies in order to effectively ensure data security for users and devices. Regarding device access, JUWEL Aquarium is using its own algorithms to ensure data isolation, access authentication and applications for approval. Regarding data communication, communication is supported by security algorithms, transmission encryption logs and information encryption transmission on a commercial scale and based on dynamic keys. Regarding data processing, we are using strict data filtering and validation, as well as full data testing. Regarding the storage of data, all confidential user information is encrypted safely for storage.

8.    Data storage
We process your personal data for the minimum period required to fulfil the purposes indicated in this data protection statement, unless a specific legal provision applies, based on which we must retain the data for a longer period of time. We determine suitable retention periods based on the amount, origin and level of sensitivity of your personal data. We destroy your personal data after the end of the retention period. If we are unable to do so for technical reasons, we will ensure that suitable measures are in place to prevent a further use of your personal data.

9.    Changes to this statement
We will edit this data protection information if any changes are made to the app or if changes are required for any other reasons. The respective valid version is always available in the app.