Data Protection Declaration for the use of the “mySpreader ”
Data Protection Declaration for the use of the “mySpreader” App by AMAZONEN‑WERKE H. DREYER SE & Co. KG
Through their use of the mySpreader App, the customer has entered into a business relationship with us, in which, we collect and record data – including personal data – that we intend to use within the framework of the following agreement. With our data protection declaration, we inform the customer about the use of their personal data when using the mySpreader App. The customer is aware that we process their data in accordance with the relevant data protection regulations. The legal basis for data processing is the necessity of data processing for contract performance, within the meaning of Article 6 Para. 1 lit. b) GDPR, or our legitimate interest in data processing Article 6 lit. f) GDPR. The customer confirms that they have read our data protection declaration.
1. Controller for data processing
The responsible body for the processing of your personal data is AMAZONEN-WERKE H. DREYER SE & Co. KG, represented by HD International SE (Societas Europaea), in turn represented by Ludger Braunsmann, Dr. Stephan Evers, Andreas Hermeyer and Dr. Rainer Resch.
Our customers may contact us at the following address:
AMAZONEN-WERKE H. DREYER SE & Co. KG
Am Amazonenwerk 9-13
49205 Hasbergen, Germany
Telephone: +49 (0)5405 501-0
Fax: +49 (0)5405 501-147
Email: [email protected]
2. Data Protection Officer
Our data protection officer, as the contact person for all matters concerning data protection and the exercising of rights in this regard, would be happy to answer any of your questions.
Our customers can contact our data protection officer at the following address:
Data Protection Officer AMAZONEN-WERKE H. DREYER SE & Co. KG
Am Amazonenwerk 9-13
49205 Hasbergen, Germany
Telephone: +49 (0)5405 501-0
Email: [email protected]
3. Affected data
3.1 Personal data
We process data within the framework of use of the mySpreader App. This includes master data, work data and machine data (please see below for the definition), which may represent and/or contain personal data. Personal data refers to all information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online ID, or with one or several special features reflecting the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person. The personal data processed by us (master data, work data, machine data) can represent personal data in isolation or as an overview.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, reading out, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. For more information on how we and why we process the different data (master data, work data, machine data) in individual cases, please see sections 4 and 5.
4. Data processing for the purpose of fulfilling contractual obligations within the framework of the use of the mySpreader App (Article 6 Para. 1 lit. b) GDPR)
4.1 In order to establish, fulfil and terminate the contract between you and us regarding the use of the mySpreader App, we process, in accordance with Article 6 Para. 1 lit. b) GDPR, the following information, which - where applicable - may represent personal data:
4.2 Master data, i.e. all basic information that is necessary for the execution of the contract and is usually stored in a customer account that we have created. This includes, inter alia, customer data (name, contact details, legal form, commercial register number, responsibilities, etc.), field data (name, location, limits and agronomic data), as well as possibly orders placed to date.
4.3 Work data, i.e. all data related to the use of the machine purchased from us. This includes location data in particular. We also need your work data so we can provide you with all of the functions of the mySpreader App. We process the data in order to document spreading processes and settings, and to be able to provide you with recommendations for optimising processes based on this data. We need locations, routes and sensor data to visualise the spreading process for you.
4.4 Machine data, i.e. all information pertaining to the machine purchased from us. This includes the machine number (which we need to activate your machine to use the mySpreader App), the serial numbers of the control units belonging to the machine, as well as the software version on the respective control unit, permanent data such as the machine name, the chassis number and the year of construction; configuration details and equipment features; routes, locations, times of use, occupancy rate, performance and maintenance data; and internal machine data, e.g. values of different sensors.
5. Data processing on the basis of our legitimate interest (Article 6 Para. 1 lit. f) GDPR
5.1 Beyond the fulfilment of our contractual obligations, we process information that can also constitute personal data in order to improve our products for you, to develop them further, and to design new products for our customers. We, therefore, have a legitimate interest, within the sense of Article 6 Para. 1 lit. f) GDPR, to process data to further optimise our products and to develop new products. For this purpose, we may process the following data we have on you:
5.2 Work data, i.e. all data related to the use of the machine purchased from us. This includes, for example, the means used (fertiliser, seeds) as well as the applied quantities and the setting parameters used during the application, including the application results and pictures taken from the process.
5.3 Machine data, i.e. all information pertaining to the machine purchased from us. This includes the machine number, the serial numbers of the control units belonging to the machine, as well as the software version on the respective control unit, permanent data such as the machine name, the chassis number and the year of construction; configuration details and equipment features; routes, locations, times of use, occupancy rate, performance and maintenance data; and internal machine data, e.g. values of different sensors.
5.4 In order to continuously improve our offering for you and, therefore, the quality of our products, we also create a crash report when a fault occurs, and it contains the following information:
5.4.1 Temporal information such as date and time of the start of the App, date and time of the incidence of failure, and the associated time zone;
5.4.2 Device information, i.e. the operating system (Android or iOS), the version of the operating system, the manufacturer and the model;
5.4.3 User information, such as the language set in the operating system, the display size of the device, a unique installation ID, which is generated randomly when the App is installed, and which we do not use anywhere else;
5.4.4 Network information, i.e. the name of the mobile network provider and the country of the mobile network provider;
5.4.5 App information, particularly the version and build number.
5.5 Master data, i.e. all basic information that is required to process the contract, can also be processed by us in order to inform the customer, i.e. to inform you specifically about detected errors or optimisation options. In this case, we process, in particular, the information that we need to contact you.
6. Form and duration of data storage
6.1 Personal data is stored in a form which permits identification of the data subject only for as long as is necessary for the purposes for which it is processed.
6.2 We store our customers’ personal data, at the most, up until the end of a year after the business contact has ended; financial transactions are deleted after ten years, within the scope of the statutory provisions.
7. The data recipients
We save the data on our servers.
8. Data subject rights
According to the GDPR, you have the following rights, as the data subject, with us:
8.1 The right to information (Article 15 GDPR): You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have the right to information about this personal data and the following information:
- the processing purposes;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been, or are still being, disclosed, in particular, recipients in third countries or international organisations;
- if possible, the length of time during which the personal data will be stored or, if this is not possible, the criteria for determining this period;
- the existence of a right to have the personal data on you corrected or deleted or your right to restrict processing or to object to processing;
- the existence of a right to object and to lodge a complaint with a supervisory authority;
- where the personal data is not collected from you, all available information as to its source;
- whether automated decision-making, including profiling, takes place in accordance with Article 22 paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the consequence and intended effects of such processing on you.
You can request a free copy of your data from us. If you request additional copies, we reserve the right to charge you for them.
8.2 The right to rectification (Article 16 GDPR): You have the right to ask us to correct your personal data, if it is incorrect or incomplete.
8.3 The right to erasure (Article 17 GDPR): You have the right to demand the immediate deletion of your personal data if one of the following reasons applies:
- your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you revoke your consent on which the data processing was based, and there is no other legal basis for the data processing;
- You have lodged a complaint about the processing, in accordance with Article 21 Para. 1, and there are no overriding legitimate grounds for the processing, or you have objected to the processing, in accordance with Article 21 Para. 2;
- The personal data has been processed unlawfully;
if the processing is not necessary,
- to ensure that we comply with legal obligations that require us to process your data (especially with statutory retention periods);
- to assert legal claims, to exercise or to defend legal claims against us.
8.4 The right to restriction of processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal data if
- you dispute the accuracy of the data for the period of time we need to verify the accuracy of the data;
- the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use of personal data;
- we no longer need the personal data for the purposes of processing, but you need it for the enforcement, assertion or defence of legal claims, or
- you have lodged a complaint about the processing of your data, whilst it is not yet clear whether our legitimate grounds outweigh yours.
8.5 The right to data transfer (Article 20 GDPR): At your request, we will maintain your personal data in a structured, standard and machine-readable format, and transmit it to another data processor, provided that the data processing is based on your consent, or for the purpose of fulfilling the contract and this is done using an automated process.
8.6 The right to object (Article 21 GDPR): You have the right to object at any time to the processing of personal data concerning you, on the basis of Article 6 Para. 1 letter e or f GDPR, for reasons arising from your particular situation, including profiling based on these provisions. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms; or the processing serves to assert, exercise or defend our legal claims.
8.7 Right to object: Irrespective of other administrative or judicial remedies, you have the right to complain to a supervisory authority, in particular, in the Member State of your residence, your place of work or the place of the alleged violation, if you believe that the processing of your data violates the General Data Protection Regulation.
AMAZONEN-WERKE H. DREYER SE & Co. KG, 2021