Data protection declaration
We, Liebherr-Components Biberach GmbH, are pleased that you are visiting our
BCM-App (hereinafter also referred to collectively as “App”) and that you have
thereby expressed an interest in the Liebherr Group.
We attach great importance to the protection and security of your personal data.
Therefore, we consider it vital to inform you in the following about which of your
personal data we process for what purpose and what rights you have in respect of
your personal data.
General Information
What is personal data and what does processing mean?
-
“Personal data” (hereinafter also referred to as “data”) are all the
details that make a statement about a natural person. Personal data are not just
details that allow a direct conclusion to be drawn about a certain person (such
as the name or e-mail address of a person), but also information with which with
suitable additional knowledge a connection can be made with a certain person.
-
“Processing” means any action taken with your personal data (such as
collection, recording, organisation, structuring, storage, use or erasure of
data).
Who is the controller for the processing of your data?
The controller for the processing of your data is:
Liebherr-Components Biberach GmbH
Hans-Liebherr-Straße 45
88386 Biberach an der Riss Deutschland
Telephone: +49 7351 41 0
E-mail: info.cob@liebherr.com
How can you reach our data protection officer?
Our data protection officer can be reached at the following contact details:
Corporate Privacy
Liebherr-IT Services GmbH
St. Vitus 1
88457 Kirchdorf an der Iller
Germany
E-Mail: datenschutz@liebherr.com
What rights do you have as a data subject?
As a data subject, you have the right, within the legal scope, to:
- Information about your data;
- Rectification of inaccurate data and completion of incomplete data;
-
Erasure of your data, particularly if (1) they are no longer necessary for the
purposes stated in this Data Protection Declaration, (2) you have withdrawn your
consent and there is no other legal ground for the processing, (3) your data
have been unlawfully processed, or (4) you have objected to the processing and
there are no overriding legitimate grounds for the processing;
-
Restriction of the processing of your data, particularly if the accuracy of the
data is contested by you or the processing of your data is unlawful and instead
of deletion you demand restriction of use;
-
Object to processing of your data based on legitimate interests, on grounds
relating to your particular situation, or, without specific justification, to
processing of your data carried out for direct marketing purposes; unless it is
an objection to direct marketing, we ask that you explain the reasons why we
should not process your data as we may do, when you lodge an objection. In the
event of your reasoned objection, we will examine the merits of the case and
cease processing unless we can demonstrate compelling legitimate grounds for the
processing which override your interests, rights and freedoms or for the
establishment, exercise or defence of legal claims;
-
Receive your data in a structured, commonly used and machine-readable format and
to have your data transmitted from us directly to another controller;
-
Withdraw consent, if you have given us consent for processing. Please note that
the lawfulness of processing based on consent before its withdrawal will not be
affected by your withdrawal.
If you assert any of the above-stated rights, please understand that we may
require you to provide evidence showing that you are the person you claim to
be.
Furthermore, you have the right to lodge a complaint with a
supervisory authority if you consider that the processing of your data infringes
the GDPR.
Links to other websites
Our website may contain links to and from websites of other providers not
affiliated with us (“third parties”). After clicking on the link, we no longer
have any influence on the processing of any data transmitted to the third party
when the link is clicked (such as the IP address or the URL on which the link is
located), as the behaviour of third parties is naturally beyond our control.
Therefore, we cannot assume any responsibility for the processing of such data by
third parties.
Data processing
Authorisation
After successful authentication with a Liebherr account at Liebherr-IT Services
GmbH, St. Vitus 1, 88457 Kirchdorf an der Iller, Germany, the authorisation takes
place in the App.
What data do we process and for what purposes?
We process the following data:
-
Access token
Note: This information is transmitted to us by
Liebherr-IT Services GmbH upon successful authentication with a Liebherr
account.
In principle, we only process this data for the purpose of authorisation
with our app.
Processing for other purposes may only be considered if the necessary legal
requirements pursuant to Article 6 para. 4 GDPR are met. In that case, we will of
course comply with any information obligations pursuant to Article 13 para. 3 GDPR
and Article 14 para. 4 GDPR.
On what legal basis do we process your data?
The processing of your data is carried out for the performance of a contract or in
order to take steps prior to entering into a contract pursuant to Article 6 para.
1 point b GDPR.
Update of the hardware in use via app
To maintain the hardware you use and to provide you with required firmware update,
the app communicates with our IT infrastructure
What data do we process and for what purposes?
We process the following data:
- Timestamp
- IP Address
- User ID
- ID of the mobile device and its attributes (SW version, HW version, etc)
- Log data
These data are in principle processed by us solely for the following
purposes:
- Update of hardware used
- Support and product developement
Processing for other purposes may only be considered if the necessary legal
requirements pursuant to Article 6 para. 4 GDPR are met. In that case, we will of
course comply with any information obligations pursuant to Article 13 para. 3 GDPR
and Article 14 para. 4 GDPR.
On what legal basis do we process your data?
The processing of your data is carried out for the performance of a contract or in
order to take steps prior to entering into a contract pursuant to Article 6 para.
1 point b GDPR.
Data recipients
We may transmit your data to:
-
Other companies of the Liebherr Group, provided this is necessary to initiate,
perform or terminate a contract, or for our part we have a legitimate interest
in the transmission and your predominant legitimate interest is not opposed to
this;
-
Our service providers that we use in order to achieve the above-stated purposes;
-
Courts of law, courts of arbitration, authorities or legal advisers, if this is
necessary to comply with current law or for the establishment, exercise or
defence of legal claims.
Data transfers to third countries
The transfer of data to bodies in countries outside the European Union or the
European Economic Area (so-called third countries) or to international
organisations is only permissible (1) if you have given us your consent or (2) if
the European Commission has decided that an adequate level of protection exists in
a third country (Article 45 GDPR). If the Commission has not made such a decision,
we may only transfer your data to recipients located in a third country if
appropriate safeguards are in place (e.g., standard data protection clauses
adopted by the Commission or the supervisory authority following a specific
procedure) and the enforcement of your data subject rights is ensured or the
transfer is permissible in individual cases on the grounds of other legal bases
(Article 49 GDPR).
Where we transfer your data to third countries, we will inform you of the
respective details of the transfer at the relevant points in this data protection
declaration.
Data erasure and storage period
We will process your data as long as this is necessary for the respective purpose,
unless you have effectively objected to the processing of your data or effectively
withdrawn any consent you may have given.
Insofar as statutory retention obligations exist, we will be bound to store the
data in question for the duration of the retention obligation. Upon expiry of the
retention obligation, we will check whether there is any further necessity for the
processing. If there is no longer such a necessity, your data will be deleted.
Data security
We use technical and organisational security measures to ensure that your data is
protected against loss, inaccurate alteration or unauthorised access by third
parties. Moreover, for our part in every case, only authorised persons have access
to your data, and this only insofar as it is necessary within the scope of the
above-stated purposes. The transmission of all data is encrypted.
Status August 2022