Data privacy statement for the
Wurm Security Center
and the mobile device apps OneID and Serial2Key
Contents
We
are delighted at the interest you have shown in our company. Data privacy has
particularly high importance for Wurm GmbH und Co. KG Elektronische
Systeme. With this data protection declaration, our
company would like to inform the public about the type, scope, and purpose of
the personal data which is collected, used and processed by us. This data
protection declaration also explains what your related rights are. If we need
to process personal data and there is no legal basis for this in a particular case,
we generally ask for your consent first.
This data protection declaration applies to the
Wurm Security Center and the mobile device apps OneID and Serial2Key of Wurm GmbH & Co. KG Elektronische Systeme. We
also meet our information obligations as defined in the EU General Data
Protection Regulation (GDPR).
·
Responsible body
·
Note on the data protection office
·
Data processing on this website
·
Processing of personal
data
·
Transmission of data to third parties
·
Note concerning the use of cookies
·
Note concerning the security and confidentiality of personal data
·
Legal bases for the processing of personal data
·
Your rights
·
Standard
deadlines for the deletion of the data
·
Right of appeal to a supervisory authority
·
Note on topicality
Responsible body
Wurm GmbH & Co. KG
Electronic Systems
Morsbachtalstrasse 30
D-42857 Remscheid
Phone:
+49 (0) 2191 - 8847 300
Email:
info@wurm.de
Name
and address of the data protection officer
Wurm GmbH & Co. KG has
appointed an external data protection officer:
Mr. Arndt Halbach of GINDAT
GmbH
Wetterauer
Strasse 6
D-42897
Remscheid
Email:
datenschutz@wurm.de
Data processing on this website
Each time the website of Wurm GmbH und Co. KG Electronic Systems is accessed by a particular
person or an automated system, it collects a general set of data and
information about them. This general data and information is
stored in log files on the server. This information
can include the
·
types and versions of
browser used,
·
the operating system
running on the system accessing our website,
·
the website sub-pages
you have viewed,
·
the date and time of
access to the website,
·
the internet protocol
address (IP address),
·
other similar data
and information to be used for the purpose of security in case of attacks on
our IT systems.
In using this general
data and information, Wurm GmbH und Co. KG Electronic Systems draws no conclusions about the person
concerned. This information is in fact used for
·
presenting content
correctly on our website,
·
optimising the content on our
website,
·
ensuring the
long-term functionality of our IT systems and technology on our website, and
·
providing the law
enforcement authorities with the information necessary for prosecution in the
case of cyber attacks.
The collected data
and information are therefore evaluated by Wurm GmbH und Co. KG Electronic Systems primarily for the
purpose of increasing the data protection and data security in our company, and
finally ensuring an optimal level of protection for the personal data which is
processed by us.
The IP address of your computer is deleted after 30 days.
Processing of personal data
The subject matter of this
declaration is the collection, processing and usage (“Use”) of personal data
(“Data”) in the Security Center or in the mobile device apps of Wurm GmbH &
Co. KG Electronic Systems.
The personal data concerned are stored in the database of
the Security Center. Access to the authorization releases associated with this
data for all mobile device applications managed via the Security Center is handled
using pseudonymized and encrypted procedures.
This means that when using the corresponding mobile device
apps, there is no concrete personal reference (privacy by design). The data
required for the binding process of the app OneID is
not saved on the mobile device.
The data collected and processed by us when using the
security center can generally be divided into the following categories:
·
Contact information such as name, address, telephone number, email address,
title, place of work, company affiliation etc.
·
Profile information if you create a profile or account with us, including
username and password
·
Technical information such as technical data on use and display, including
IP addresses, when you visit our websites or applications, also on third-party
websites
·
Transaction information such as the
transfer of project access data by the querying authorized person
The administration of the users is carried out either
by employees of the company Wurm (after release of the operator) or by contact
persons of the service companies (hereinafter referred to as ADMIN). These
ADMINs receive by the provider of this on-line service ("portal")
Wurm GmbH & Co. KG Electronic Systems the
administration right for the establishment of the user access of the respective
accounts (service company). In the process,
personal data of the respective users are recorded, which are then processed
further. Only information required for
establishing the contractual relationship or for carrying out the services is
designated as mandatory information.
The use of
Wurm online services is possible i.a. with the login
via OneID. With OneID you can use your
mobile terminal for authentication for Frigodata, the
Infocenter and other applications. To use OneID, you need a unique, personally identifiable email
address or mobile phone number and a mobile device running the iOS or Android
operating system. Authentication is realized via an application (app) that has to be installed and set up on your mobile device. If the
installation was successful, you can bind the used device with your OneID access data and immediately log in to all
applications that have been activated for you.
When you start the OneID app for the first time
after installation, you will be asked if you want to grant the app the right to use push notifications. If you want to log in to the activated applications using a push message,
this right is required for communication with the Security Center.
Note: When using the push services, encrypted messages
are transmitted via Apple or Google servers without any personal reference.
Further note: All login attempts via OneID are
also logged in the Security Center.
The personal data of the user account include the user name of the user, his mobile number, his company, his
email address, an individual device identifier and optionally his full name. The mobile number is used for authentication and authorization
check by a request SMS sent by a mobile phone as well as a response with the
access data to the requested gateway. Through creating a user account the portal can optionally send an info SMS to the
user. The indication of the company of the user is needed for the connection or
legal assignment of the service company to the used gateways of the branches to
be supervised with refrigeration or technical building equipment. If it is
given an email address optionally information required by the employees of the
portal operator (e.g. Hotline) can also be sent by e-mail. The individual device identifier is used in the security center for the
logical assignment of user and device.
In addition, when push messages are activated in the
respective apps, a corresponding app identifier is stored in the security
Center to enable this push message dispatch. For more information, please refer
to the privacy policy of the respective app.
If you use this online service of "Wurm GmbH
& Co. KG Electronic
Systems", server logs automatically provide technical
information, which your browser or your app transmits, that is collected and
stored. This is in particular the address of the page
called and the IP address of your computer.
All activities are stored in an activity log to
monitor the portal for malfunction. In addition, the
portal operator uses this data for security reasons to monitor possible misuse
(request from a user for unauthorized systems). In the case of
accumulations of such requests, both the user in question and the responsible
ADMIN can be informed about this infringement. In addition, each
ADMIN can view the activities of users created by him.
In addition to the technical data of the requested
gateways and the service partners for refrigeration and building services, the
activity log records the following personal data: date of inquiry, user name and company in which the user is employed.
When using the Security Center with the mobile device
application Serial2Key, in addition to the serial number of the requested
gateways (=technical data) the following personal data will be automatically
stored on the portal server per use of the SMS request: the username, the
mobile phone number and the date of the SMS request.
The storage of a sent SMS happens according to the
mechanisms available in the mobile device. In addition to the app
settings, no personal data is stored on the mobile device.
You have the right to inspect, correct, supplement complete or delete the
personal data and settings of your customer account stored on your person at
any time.
If you get in contact with Wurm GmbH & Co. KG Elektronische Systeme by email, please note that we use the STARTTLS encryption process. If your
server supports this encryption process, this will ensure secure communication
between our email server and yours. Otherwise the data will usually be sent unencrypted.
In this case, the confidentiality of the transferred information cannot be
guaranteed. We have no
control over the path taken by your email over the public internet to our
company and cannot therefore guarantee the security of your data. Once your email
has reached our email server, we protect your data with highly technical and organisational measures.
Transmission
of data to third parties
Wurm GmbH & Co. KG Electronic Systems will not as
a matter of principle transmit your personal data to third parties outside the
company network, unless:
·
transmission is necessary for the purpose of carrying
out or billing services, if the service involves making use of the products or
services of an independent partner company or if the data is needed for the
purpose of carrying out the service for a partner company (if you are not
advised otherwise, such vicarious agents are only authorized to use the data
that is absolutely necessary for this service); an automatic email is generated
and sent to the relevant sales partner for the billing (personal user contract)
·
for sending SMS we use the service of Esendex.
·
you have given your consent to transmit the
information, or prosecuting authorities or courts demand information based on applicable
laws for the purpose of prosecution.
·
in order to carry out the processing and handling process, if we have to
make use of service providers in order to process the contract data, the contractual
relations are regulated as stipulated by Art. 28 GDPR, which contains the
legally required points relating to data privacy and data protection.
Note concerning the use of cookies
The websites also use a so-called cookie
("session cookie") when logging in so that the visiting customer
receives a unique session ID. Cookies are small text files that are normally
stored on the PC of the Internet user. Our session cookies are deleted
automatically on leaving the website.
A cookie is a little data file transferred by us to
your computer if you surf onto the website of Wurm GmbH und Co. KG Elektronische Systeme. A cookie
can only contain information that we place on your computer, it does not read
private data from it. When there is a visit to our website, we usually use cookies that are
technically necessary.
Technically
necessary cookies help allow you to move around the
website by ensuring essential functions such as navigation around the pages and
access to secure areas. Without these cookies, the website would not work
properly.
The cookies used by our website are deleted from your
hard disc at the end of your browser session (these are called session
cookies).
If you do
not want to have the advantages of cookies, you can change how cookies are
handled in the security settings in your browser. Setting options are mostly
found in the Tools menu, under Settings or Internet Options.
Note concerning the security and confidentiality of personal data
We guarantee the confidentiality and security of your
personal data as follows
·
we only use your
personal data for fulfilling the purpose described here,
·
we have obligated our
employees to duties of confidentiality,
·
our security provisions
correspond to the current state of the art to an appropriate extent,
·
our systems are checked
regularly for security so that we can effectively protect data retained
·
by us from any damage,
loss and access,
·
and our data protection
officer ensures compliance with the "data privacy statement".
Legal basis for the processing of personal data
Your rights
According to Art. 15-21 GDPR you can claim the following rights in relation
to the personal data processed by us.
The right
to access your personal information
You are entitled to information about the personal data concerning you that
are processed by us.
The
right to rectification
You may request the correction of incomplete or incorrectly processed personal data.
The right to erasure
You are entitled to have personal data concerning you deleted,
especially if one of the following reasons applies:
• The right to erasure does not exist, however, if if
is in conflict with the legitimate interests of the
responsible person. This can be, for example, if:
·
personal data are required to assert, exercise or defend legal claims.
·
deletion is not possible due to storage requirements
However, if data cannot be deleted, there may be a right to restrict
processing (see below).
Right to restriction of
processing
You have the right to require us to restrict the processing of your
personal data if
Right to data
portability
You have the right to receive the personal information that you have
provided us in a structured, common and machine-readable format and you have
the right to transfer this data to another person without hindrance from us,
provided the processing is based on your consent or a contract and processing
is done by us using automated procedures.
Withdrawal
The data subject shall have the right, at any time, to object to the
processing of personal data relating to him or her under Article 6 (1) lit. e
or f for reasons arising out of their particular situation; this also applies
to a profiling based on these provisions. If the processing of your personal
data is based on a consent, you have the right to revoke this consent at any
time.
Standard deadlines for the deletion of the data
Insofar as a statutory retention provision does not exist, the data will be
automatically deleted or destroyed if they are no longer necessary for
achieving the purpose of the data processing including billing (cf. regulations
regarding cookies). There is a legal retention period for data with tax
relevance, which is usually 10 years; other data according to commercial
regulations (business letters) are usually kept for 6 years. Finally, the
storage period can also be based on the statutory limitation periods, which may usually be three years, for example, according to §§ 195 ff. of
the German Civil Code (BGB), but also up to thirty years in some cases.
Right of appeal to
a supervisory authority
Each data subject has a
right of appeal to a supervisory authority under Article 77 GDPR if they
consider that the processing of personal data concerning them infringes the
GDPR.
The supervisory authority responsible for us is:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Nordrhein-Westfalen
Kavalleriestr. 2 - 4
40213 Düsseldorf
Note on changes and updates
Inasmuch as we roll out new
products or services, modify internet procedures or if internet and IT security
technology are enhanced, we reserve the right to update the data privacy
statement. Any changes will be published here. For that reason, please access
this website regularly to obtain information on the current status of the data privacy
statement.