Notes on data protection when using the Luminaire Start app

Use of personal data

We are pleased about your interest in this app and want you to feel safe with us regarding the protection of your personal data.
Our employees as well as the service companies commissioned by us are obliged by us to maintain secrecy and to comply with the provisions of the EU Data Protection Basic Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other relevant data protection regulations.
We take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws.
For clarification: "Personal Data" (pbData) is any information relating to an identified or identifiable natural person (data subject), e.g. name, address, contact details, user ID, IP address, photo and video recordings, location data, pseudonyms, IMEI numbers, etc.

The following declaration gives you an overview of how we intend to ensure this protection.

Principles regarding the use and disclosure of personal data

Data that is collected and, if applicable, transferred in the course of using this app is processed and stored by Phoenix Contact GmbH & Co KG and its affiliated companies (hereinafter jointly referred to as "Phoenix Contact"). This data is used exclusively for the processing of the services offered in the App.

If necessary, we will also pass on information to service providers or other third parties. This may be necessary to ensure the functionality of the App or to provide a service or transaction you have requested. When we share personal information with third parties, we limit the information we disclose to only that which is necessary to provide our respective services. The respective third-party provider may only use this personal information to provide the requested service or to complete the necessary transaction on our behalf. In doing so, the service providers are obliged by us to comply with the data protection laws in writing, usually by means of a contract for order processing. Your personal data collected by us will never be passed on, sold or otherwise made available to third parties for external marketing purposes.

Registration in the app for use

Our app contains services that you can only use if you have previously logged in (registered) with your data on the Smart Lighting website. To register there, at least your name and a valid email address are required. This registration data is then used to log in within this app. The connection is then maintained exclusively via a security token, so that no personal data is stored in the app itself.

Processing of personal data of specific functions of the app

Data processed in the context of using this app will be used for the purpose of the service provided.
When using the app, a secure, encrypted connection to servers of a service provider of Phoenix Contact is established. The service provider's servers are operated exclusively in countries of the European Union (EU). The provision of services for Phoenix Contact is also subject to German and European data protection law and its internationally recognized high standards. The service provider has been committed by us in writing to comply with European/German data protection law (contract for order processing).

When using this app the following data is processed:

• Temporary token (pseudonym)
• Current location data used exclusively to determine the location of the wireless module (smart interface) used
• Technical data of the terminal device (e.g., screen resolution)
• System log data

App analysis

No tracking tools are used in this app and no other analysis data is collected.

Cookies

Only session cookies required for the operation of the app are used in this app.

Additional information on the use and disclosure of personal data

Phoenix Contact may be forced to disclose your data and associated information by court or governmental order. We also reserve the right to use your data to assert or defend against legal claims. In accordance with applicable law, we also reserve the right to store and forward personal and other data for specific occasions in order to detect and combat illegal activities, attempts at fraud or a violation of the Phoenix Contact Terms of Use.

Updating this privacy policy

If Phoenix Contact changes this app or if legal requirements or the Internet and IT security technologies develop further, this data protection statement will be updated. We therefore reserve the right to change or supplement the declaration as required. We will publish the respective current version here.

Right of information / Amendment and deletion of personal data Information in accordance with Article 13 or 14 DSGVO

The information required by law to collect your personal data (in accordance with Articles 13 and 14 of the DSGVO) is shown in the following table.
If you have any questions which this data protection declaration could not answer or if you wish to receive more detailed information on any point, please do not hesitate to contact us.

If you no longer agree to the storage of your personal data or if it has become incorrect, we will correct, block or delete your data on your instructions, within the framework of the legal provisions. Upon request, you will receive information about the personal data we have stored about you. Please contact us for this purpose:

Phoenix Contact GmbH & Co. KG
Flachsmarktstraße 8
32825 Blomberg
Germany
Phone +49 5235 3-00
info@phoenixcontact.com

Please understand that we require proof of identity if you wish to obtain information about your data stored with us.

Name and contact details of the data controller:
Phoenix Contact GmbH & Co. KG
Flachsmarktstr. 8
32825 Blomberg
Germany
Phone: +49 5235 3-00
info@phoenixcontact.com

Contact details of the data protection officer:
Phoenix Contact GmbH & Co. KG
At hand Data Protection Officer
Flachsmarktstr. 8
32825 Blomberg
Germany
datenschutz@phoenixcontact.com

The purposes for which the personal data are to be processed:
The personal data processed serve exclusively to register the user with the service used and to ensure an authorization check.

Legal basis for the processing:
Art. 6 (1) lit. b DSGVO
(Required to use the function of the App)
Art 6(1) lit. f DSGVO
(legitimate interest)
System logs are carried with every interaction with the cloud services to ensure
high-performance and secure IT operations.

Categories of personal data processed:
See above under "Processing of personal data for specific functions of the app".

Source (origin) of the data:
By the person concerned (user of the app)

Recipient(s) of the data:
Within the scope of the administration of the system, affiliated companies of
Phoenix Contact GmbH & Co KG may access data of the App.
Service providers who support us in the administration and operation of the
apps may have access to your data. However, these service providers are
obliged by contracts that comply with data protection law (contract for order
processing) not to use this data for their own purposes.

Transfer of the data to a third country or an international organisation and the associated guarantees for the protection of the data:
No transfer of the data to third countries is envisaged.

Data storage duration:
When using the app:

• Personal data is not stored in the app
• System log data that accumulates on the web servers when using the app
• is usually deleted after 6 months at the latest.

Rights of data subjects:

• upon information
• to rectification, erasure or limitation of processing
• on opposition to processing
• on data transferability

If the respective legal requirements are met, you are entitled to the following rights: Right to information about your data stored with us; correction, deletion, restriction of the processing of your data or objection to the processing, as well as to data transferability.

Right to withdraw consent to processing:
Not applicable, as the data processing is not based on the legal basis of consent.

Right of appeal:
If you believe that your personal data is being processed unlawfully, you have
the right to complain to a competent data protection supervisory authority.

Legal or contractual necessity of the provision of the data, and possible consequences of not providing the data:
The processing of the above-mentioned data is necessary for the contractual
use of the services. Without the provision of this data, the use of the services is not possible.

Automated decision making / profiling:
No automated decision making or profile building is carried out on the basis of
your collected data

Responsible in terms of the EU Data Protection Basic Regulation (DSGVO) or the Federal Data Protection Act (BDSG)

Phoenix Contact GmbH & Co. KG
Flachsmarktstraße 8
32825 Blomberg
Tel. +49 5235 3-00
info@phoenixcontact.com

Supplementary, general information on data protection at Phoenix Contact can be found in the data protection declaration on our website.
Status: February 2021