I. General information
We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this data protection declaration. This data protection declaration applies to our mobile apps (hereinafter referred to as “APP”). It explains the type, purpose and scope of data collection in the context of using the APP. We would like to point out that data transmission on the Internet can have security gaps. Complete protection of the data against access by third parties is not possible.
Responsible entity
The responsible entity for data processing within the scope of this APP can be found in the imprint. There you will also find contact details for getting in touch with the person responsible.
The "responsible entity" is the body that collects, processes or uses personal data (e.g. names, e-mail addresses, etc.).
Data protection officer
At the present time, we are not obliged to appoint a data protection officer. However, if you have any questions regarding data protection, please contact us at privacy@egger.com .
General storage period of personal data
Unless otherwise stated or specified in this data protection declaration, the personal data collected by this APP will be stored until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. If there is a legal obligation to store the data or another legally recognised reason for storing the data (e.g. legitimate interest), the personal data in question will not be deleted until the respective reason for storing the data no longer applies.
Legal basis for the storage of personal data
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Article 25 para. 1 TTDSG (German Telecommunications-Telemedia Data Protection Act) [or in Austria Article 96 para. 3 TKG (Austrian Telecommunications Act)]. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c GDPR. In addition, data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.
Note on data transfer to the USA
Our APP includes tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.
Downloading the APP
Our APP is available for download in Apple’s App Store, Google’s Play Store, Huawei’s App Gallery, Tencent (hereinafter referred to as “Stores”). When users download the APP, the required information is transferred to the Stores, in particular the user name, e-mail address and customer number of the account, time of download, payment information and the individual device code. We have no influence over this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile APP to the user's terminal device.
Hosting
Our APP (back-end) is hosted by Netural GmbH, Peter-Behrens-Platz 2, 4020 Linz, Austria. The provider processes the personal data transmitted via the APP as our processor, with whom we have concluded a so-called order processing agreement in accordance with Art. 28 GDPR.
Encryption
This APP uses encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the APP operator or the communication of APP users among each other. The encryption prevents the data you transmit from being read by unauthorised third parties.
Change of this data protection declaration
We reserve the right to change this data protection regulations at any time in compliance with legal requirements.
II. Your rights
The GDPR grants certain rights to data subjects whose personal data is processed by us, which we would like to inform you about here:
Revocation of your consent to data processing
Many data processing operations are only possible with your consent. We will explicitly obtain this from you before starting data processing. You can revoke this consent at any time. An informal message to us by e-mail is sufficient for this purpose. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
RIGHT TO OBJECT TO THE COLLECTION OF DATA IN SPECIFIC CASES AND TO DIRECT MARKETING (ART. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS THE PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING.
Right of appeal to a supervisory authority
In the event of breaches of the GDPR, data subjects have a right of appeal to a supervisory authority. The right of appeal is without prejudice to any other administrative or judicial remedy.
Information, deletion and correction
You have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and a right to correction or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data held by us, we will usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have appealed pursuant to Art. 21 para. 1 GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
III. Access rights of the APP
In order to provide our services via the APP, we require the access rights listed below, which allow us to access certain functions of your device.
- Location data
- Pictures, videos
- Camera
- App Tracking Transparency identifier permission
Access to the device functions is necessary to ensure the functionalities of the APP. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b GDPR).
The personal data collected during access are only collected for the duration of the fulfilment of the purpose. We do not store any data beyond this period.
IV. Collection of personal data during the use of the APP
General information
When you use our APP, we collect the following personal data from you:
- Usage data (e.g. search terms, used filters, etc.)
- IP address
- Device identification (device ID)
- Metadata (e.g. country, language, etc.)
- Internet connection at start-up (online, offline
- E-mail address
- Company affiliation
- Industry
- User type (guest, myEgger)
The processing of this personal data is necessary to ensure the functionalities of the APP or to send you corresponding samples. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, your consent within the meaning of Art. 6 para. 1 lit. a GDPR and/or - if a contract has been concluded - the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b GDPR).
The storage period for the data collected in this way is regulated as follows:
Data that you provided when registering in the Store will be stored for the duration of your account. The corresponding storage periods can be found in the respective data protection declaration. Beyond that, EGGER only stores your data until the purpose is fulfilled or within the scope of the contract implementation. For the use of possible analysis tools, please note the respective storage period in the corresponding sub-chapter of this data protection declaration.
Registration in the EGGER customer portal – Use of the myEGGER login
You can register on our website www.egger.com . The corresponding login can be used in our APP to activate additional functions. We use the data entered for this purpose only for the use of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse the registration.
For important changes, for example to the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you of them.
The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b GDPR). The data collected during registration will be stored by us for as long as you are registered and will then be deleted. Statutory retention periods remain unaffected.
The myEGGER login is part of the website, not the APP. Further data protection information regarding the processing of your data within the scope of myEGGER and the related data subject rights can be found in the data protection declaration: www.egger.com/data-protection-declaration
By e-mail, telephone or fax
If you contact us (e.g. by e-mail, telephone or fax), your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the requests addressed to us. The data you send to us via contact enquiries will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. We do not pass on your data without your consent.
V. Data analysis
When you access our APP, your behaviour may be statistically evaluated with the help of certain analysis tools and analysed for advertising and market research purposes or to improve our offers. When using such tools, we ensure compliance with the statutory data protection provisions. When using external service providers (processors), we ensure through appropriate contracts with the service providers that the data processing complies with German and European data protection standards.
Google Analytics Firebase
We use Google Analytics Firebase (hereinafter referred to as Google Firebase) to analyse user behaviour. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Firebase includes various functions that allow us to analyse your in-APP behaviour. In this way, we can, for example, analyse your screen views, button presses, In-APP purchases or the effectiveness of advertising measures. We can also determine which functions within our APP are frequently or rarely used. For these purposes, Google Firebase stores, among other things, the number and duration of sessions, operating systems, device models, region and a range of other data. A detailed overview of the data collected by Google Firebase can be found at:
https://support.google.com/firebase/answer/6318039?hl=en
This data does not provide us with any information about the specific user. We do not carry out any personalisation. We process this summarised data to analyse and optimise user behaviour, such as by evaluating crash reports.
Google also uses the advertising ID of the terminal device for Firebase Analytics. You can restrict the use of the advertising ID in the device settings of your mobile device
For Android: Settings > Google > Ads > Reset advertising ID
For iOS: Settings > Privacy & Security > Apple Advertising > No ad tracking.
The data is processed by Google within the EU/EEA. However, a transfer of data by Google Ireland to the USA cannot be ruled out. For this purpose, Google has concluded so-called standard contractual clauses between its companies. Through these and other technical and organisational measures, an appropriate level of protection is achieved. In addition, an order processing agreement has been concluded with Google.
The legal basis for the processing is your consent to tracking when you first start the APP, pursuant to Art. 6 para. 1 lit. a. GDPR and Art. 25 para. 1 TTDSG [or in Austria Art. 96 para. 3 TKG]. The storage period of the collected data is 14 months.
For more information on Google Firebase, see: https://firebase.google.com/
You may revoke your consent to the use of the analysis tool at any time. You can do this in the account settings.
For more information on Google Firebase, see:
https://firebase.google.com/support/privacy?hl=en
Frontstage
In our APP, we use the service Frontstage. The service is offered by Netural GmbH, Peter-Behrens-Platz 2, A-1020 Linz. The service is integrated in the APP for data retrieval of our product catalogue, for the "Digital Availability Guide", as well as for storing the collections. In order to be able to display your saved collections, it is necessary to transmit a pseudonymised code. An order processing agreement has been concluded with the service provider.
The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to display the saved collections to you and, in the case of an order, pre-contractual measures (Art. 6 para. 1 lit. b GDPR) for which data processing is necessary.
The APP generates a random number (ID) that is stored in the APP data. This ID is the only way to access your saved collection. If the ID can no longer be found by the APP, e.g. by reinstalling or deleting the APP data, a reference to you or the device is no longer possible.
Facebook SDK
Our APP uses the so-called Facebook Software Development Kit (Facebook SDK).
Facebook SDK is provided by Meta Platform Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour Dublin, Ireland. The following data is used:
- APP-ID,
- Version of the APP,
- Information that the APP has been started.
Facebook SDK helps us to increase the advertising success of mobile app advertising campaigns placed via Facebook - for example, by not displaying ads for the corresponding app on devices on which it is already installed. Facebook SDK also enables various evaluations of the installation of our APP and the success of our advertising campaigns.
With the help of Facebook SDK, it is also possible for us to analyse individual activities of a user within the APP, for example, in order to be able to define the target group for advertising campaigns more precisely and better.
Only this pseudonymised data is transmitted to Meta. The advertising ID provided by the operating system of the terminal device serves as the pseudonym (the name may differ depending on the operating system). The APP ID can be newly created by the user when the APP is reinstalled.
The data is processed by Meta within the EU/EEA. However, a transfer of the data by Meta in Ireland to Meta in the USA cannot be ruled out. So-called standard contractual clauses have been concluded for this purpose. Through these and other technical and organisational measures, an appropriate level of protection is achieved. In addition, an order processing agreement has been concluded with Meta.
The purpose of collecting and using this data is to analyse our target group and to optimise the advertising campaigns and product information. The legal basis is your consent when you first start the APP in accordance with Art. 6 para. 1 lit. a. GDPR and Art. 25 para. 1 TTDSG [or in Austria Art. 96 para. 3 TKG].
You can revoke the consent to this use at any time. You can do this in the account settings.