PRIVACY POLICY

GIGASET GRAPE-Server

Gigaset Technologies GmbH and our affiliated companies (“Gigaset”, “we”, “us”, “our”) understand how important the privacy of our customers is, and so are making every effort to explain clearly how we collect, use, disclose, pass on and save your personal details.

This Privacy Policy applies to the processing of data on the GRAPE server. The GRAPE server is used by Gigaset distributors or resellers to prepare or administer Gigaset devices for use by their customers. This privacy policy applies regardless of whether you access our services from a computer, (mobile) phone, tablet or another device.

We at Gigaset take the protection of our customers’ data very seriously. It is precisely for this reason that we are ensuring all our products feature "Privacy by Design" as standard. All data collected is used to provide our products and services in the best possible way. In the process, we ensure your details are protected and only used for the purposes of making available to you a product or service. We know which path your data takes through the company and ensure this happens in line with data protection specifications in a secure and protected manner.

Who is your contact?

Your point of contact responsible for the processing of your personal details as laid down in the EU General Data Privacy Regulation (GDPR) is

Gigaset Technologies GmbH

Frankenstr. 2

46395 Bocholt, Germany

Phone: +49 (0)2871 / 912 912 Email: datenschutz@gigaset.com or data-protection@gigaset.com


For all issues relating to data privacy in conjunction with our products, you can also contact our Data Privacy Officer at any time. This person can be contacted at the postal address and email address given above (reference: “Data Protection Officer”).

What information do we collect?

What is the purpose of processing your data?

We process your personal data in line with the provisions laid down in the EU General Data Protection Regulation (GDPR), national data protection law and all other authoritative laws.

Data processing first and foremost serves the purposes of conducting a mutual business relationship. In addition, your separate consents can be used as required as a legal data protection permission requirement. We also process your data to meet our legal obligations, in particular with regard to fiscal law. To protect the legitimate interests of ourselves and third parties (such as authorities), we also process your details as necessary on the basis of Art. 6, para. 1, lit. f) of the GDPR. We process your data for the following purposes:

Data when you use our devices

Device information Once the devices have been activated, they will connect to GRAPE, Gigaset's redirect and provisioning environment. Depending on the operating mode of the devices, a connection

to alternative provisioning servers is also possible. In these cases, the data protection responsibility for data processing lies with the provider of the according service.

As part of the use of our devices in connection with the GRAPE network we collect, for the purposes of rendering services and guaranteeing quality, different device information depending on the device type, such as your hardware model, device hardware information and other unique device IDs such as serial number, model, access registration, current software version, MAC address, operating system versions or settings of the device, with which you access the services. We also identify here personal details such as your IP address.

Using GRAPE

Gigaset provides an online service for assistance in the provisioning of Gigaset phones by the use of an online redirection server. The GRAPE server is hosted in Germany and administered exclusively by employees of Gigaset Technologies GmbH and its affiliate companies in the EU. To ensure the highest levels of data security, access to personal data is limited within Europe for the sole purpose of providing the service.

Maintenance & Support Your personal data is processed as part of maintenance services and support for your device (e.g. the provision of software updates). The legal basis is fulfillment of a contract (Article 6, para. 1.1, lit. b of the GDPR).


UtilizationPurposeData categories
MonitoringVerify the functionality and stability of the systemLogs: activity, provisioning, action Verify the audio quality Voice quality reports
Verify the audio qualityVoice quality reports
Redirect URL Download and install updates and patchesURL to customer provisioning server*

* = optional

Company and User information In order to optimize and fully use the functions of GRAPE, as well as to handle the project and ordering processes, it is necessary to create a user account in GRAPE. The legal basis is fulfillment of a contract (Article 6, para. 1.1, lit. b of the GDPR).

Reseller / Distributor / Service Provider

Utilization

Purpose

Data categories

Company-Account from Reseller, Distributor, Service Provider

Company-Account from End User (Company, where hardware is installed)

Registration, Authorizations: Access/Login

Name, email*, phone*, website*, country, city, street, postal code, users, register date

User-Account

Registration, Authorizations: Access/Login

Username, password, salutation, first/last name, email, phone, mobile, department, role, joined date, subscribe to email notification

Order processing

Invoicing and payment

Bank*, VAT*, IBAN*, BIC*

Shipping

Dispatch

Country, city, street, postal code



* = optional



Provisioning Personal data is processed as part of the provisioning of Gigaset devices. The legal basis is fulfillment of a contract (Article 6, para. 1.1, lit. b of the GDPR).

Utilization

Purpose

Data categories

Assigned products, Registration

Product administration

MAC address, name*, VPN, DM, type, warranty, register date, IP address

Monitoring

Verify the audio quality

Voice quality reports

Redirect URL

Preparation of the products automatic configuration

URL to customer provisioning server*

Settings

Preparation of the products for use by the distributor's customer / reseller's customer

Desktop*: FAQ Desktop - Settings



* = Optional


Registration As standard procedure, the activation of your Gigaset products in the network are reported to the GRAPE server. This enables us to provide you with new software versions and the latest security patches. The legal basis is fulfillment of a contract (Article 6, para. 1.1, lit. b of the GDPR)

Product orders Your personal data is processed during the product provision process (such as when you place orders in the e Shop). This is to send order confirmations for example. The legal basis is fulfillment of a contract (Article 6, para. 1.1, lit. b of the GDPR).

Data when you use our customer service When you contact our customer service for queries, complaints or other matters, we collect details from you. This can be personal details such as name, first name, private address, phone number, email address and device identification details.

Information services Our products render information services that (in your interests) are extended in the future. These apps might also process personal data depending on the services used. The legal basis is fulfillment of a contract (Article 6, para. 1.1, lit. b of the GDPR)

Customer surveys Whilst collecting your opinions about our products, we process information for statistics purposes. This is used to improve our products. The legal basis is your consent (Article 6, para. 1.1, lit. a of the GDPR).

Sending of promotional material We process personal data from you when sending promotional material or special offers pertaining to our products. The legal basis is your consent (Article 6, para. 1.1, lit. a of the GDPR).

Dissemination of your data?

Within our company group, your data is sent to certain companies when they centrally assume data processing tasks for the companies affiliated in the group (e.g. Logistics, Production, SW-Maintenance).

We might also disclose your data to the following companies, but only to the extent required to render the services:

- Business partners. We communicate your data to retailers and distribution partners to make available services you require. If you provide separate consent to the business partners, the business partners can use your data to make predictions about your interests, and send you promotional literature, ads and other material.

- Service providers. We can pass on your details to carefully selected companies that make available services on our behalf, such as companies helping us with repairs, acting as customer contact centers, working in customer support activities, for advertising, for conducting customer satisfaction surveys and invoicing, and for sending emails on our behalf. Contractual regulations dictate that these companies can only use your details for the services requested by us.

Furthermore, we can communicate your personal details to other recipients outside the company provided this is necessary to satisfy legal obligations. These can be authorities for example (financial authorities, courts of law, government agencies with investigation authorization).

Safekeeping of your data?

We take the protection of your data seriously and have taken appropriate physical and technical measures to protect data we collect in conjunction with the services. Even though speedy technological advances mean there can never be end-to-end security of websites, Internet communication, computer systems and wireless links, we immediately adapt our systems in the light of such developments and always take appropriate steps to protect your data.

Which data privacy rights can you assert as a person affected?

Contact the above address to request information on the data stored about yourself. Also, you can under certain circumstances request your data to be corrected or erased. Furthermore, you can be entitled to the right for processing of your data to be restricted and the right for data provided by you to be disclosed in a structured, established and machine-readable format.

Right of objection

You have the right to object to the processing of your personal data for the purposes of direct advertising without specifying reasons. If we process your data for the protection of legitimate interests, you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or processing serves the purposes of enforcing, exercising or defending legal claims.

Where can you object?

You are able to contact the aforementioned Data Protection Officer or a Data Protection Supervisory Authority about an objection.

How long is your data stored?

We erase your personal data as soon as it is no longer required for the aforementioned purposes. Once the business relationship comes to an end, your personal details are stored as long as we are required to do so by law. This is a regular process on account of the statutory obligations for producing supporting documents and compulsory safe custody, regulated by the commercial code and the general tax code for example. Maximum storage periods are then up to 10 years. It might also be the case that personal data is stored for the period during which claims can be asserted against us (statutory limitation period of three or up to 30 years)

Is your personal data transfer outside European Economic Area?

We assure you that we do not transfer personal data collected from European customers to service providers or group companies outside the European Economic Area (EEA).

Where is GRAPE hosted?

Gigaset hosts its service in the Frankfurt AWS region, Germany, and complies of course with the both the strict German data protection law and the European General Data Protection Regulation (GDPR).