PANTABOX Energy Manager Privacy Policy

1) Information on the collection of personal data and contact details of the controller

 

1.1 We are pleased that you are using our application (hereinafter "app"). In the following, we will inform you about how we handle your personal data when you use our app. Personal data is all data with which you can be personally identified.

 

1.2 The controller in charge of data processing for this app, within the meaning of the General Data Protection Regulation (GDPR), is INRO Elektrotechnik GmbH, Leiderer Straße 12, 63811 Stockstadt, Deutschland, Tel.: +49 6027 2085-200, Fax: +49 6027 2085-285, E-Mail: info@inro-et.de. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

 

1.3 The controller has appointed a data protection officer, who can be contacted as follows: "Jürgen Schuler, ITC-Team GmbH, Bayernstraße 5, 63762 Großostheim; Phone: +49 6026 994200; Email: j.schuler@itc-team.de"

 

1.4 This app uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller).

 

2) Purpose of the processing


Personal data is processed in connection with the use of your PANTABOX Energy Manager.

In detail:
The use of the PANTABOX Energy Manager app is required for the proper operation of your energy manager. In particular, access information, specifically Bluetooth and Wi-Fi connection information, is exchanged between the app and the PANTABOX Energy Manager. This data is not transmitted to us. The exchange of this information between the devices is technically necessary for the intended use of your energy manager.


Insofar as this involves the processing of personal data, this is necessary for the fulfilment of a contract to which the data subject is a party. The legal basis is Article 6(1)(b) GDPR.


For the purpose of product updates OTA, personal data is processed, in particular IP addresses, MAC addresses, CPU number and system UUIDs, which are stored in the update management system (currently Mender) for unique identification. This data is sent and synchronised to an update server hosted by INRO for the purpose of performing updates. The basis for data processing is Article 6(1)(a) GDPR.


In addition, we collect personal data when you initiate a support request via the Energy Manager app. Your first name, surname, email address, CPU ID and problem will be transmitted to INRO. You will be asked explicitly whether you agree to remote maintenance.
If you agree to remote maintenance, our service technicians can view the status of your INRO product with the help of remote service access (remote maintenance). The information read out includes the CPU number and other UUIDs that can be assigned to you. This information is stored together with your hardware-related machine data on one of our servers. Part of the maintenance service provided by a service technician may include network scans of the local network to find other devices or to find the cause if communication between the INRO product and third-party devices is faulty. In this case, no data is transferred for storage, but work is carried out directly on the INRO product using a remote console (remote terminal). The service technician will only formulate the problem for documentation purposes and store it in a ticket system for further internal processing. This data is automatically deleted within three months after the problem has been successfully resolved. The purpose of this storage is the proper provision of maintenance services as well as the documentation of the proper provision of services and error analysis. The legal basis for this is Article 6(1)(b) and (f) GDPR.

 

3) Log files when using our mobile app


If you download our mobile app via an app store, the necessary information is transferred to the app store, in particular your user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app to your mobile device.


When you use our mobile app, we collect the personal data described below to enable you to use the function conveniently. If you wish to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security:
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request
- Access status/ http status code
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Language and version of the browser software
- Operating system used and its interface
- IP address used (if applicable: in anonymised form)
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our app. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the aforementioned log files if there are concrete indications of unlawful use.
We also need your unique mobile device number (IMEI = International Mobile Equipment Identity), unique network subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), any MAC address for WLAN use and the name of your mobile device.

 

4) Making contact


Personal data is collected when you contact us. Which data is collected when a contact form is used can be seen from the respective contact form in the app. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your enquiry. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

 

5) Rights of the data subject


5.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

  • Right to information in accordance with Art. 15 GDPR: In particular, you have the right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR if your data is transferred to third countries;

 

  • Right to rectification pursuant to Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;

 

  • Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right does not apply in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

 

  • Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is checked, if you refuse to delete your data due to unauthorised data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;

 

  • Right to information in accordance with Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

 

  • Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;

 

  • Right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

 

  • Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

5.2 RIGHT OF OBJECTION


IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

 

6) Duration of storage of personal data


The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if applicable - additionally by the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfilment or contract initiation and/or we no longer have a legitimate interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object in accordance with Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data is deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

 

EN
DE EN
Scroll to Top