Data protection declaration
We, Liebherr-Components Biberach GmbH, are pleased that you are
visiting our BCM-App (hereinafter also referred to collectively
as “App”) and that you have thereby expressed an interest in the
Liebherr Group.
We attach great importance to the protection and security of
your personal data. Therefore, we consider it vital to inform
you in the following about which of your personal data we
process for what purpose and what rights you have in respect of
your personal data.
General Information
What is personal data and what does processing mean?
-
“Personal data” (hereinafter also referred to as
“data”) are all the details that make a statement about a
natural person. Personal data are not just details that
allow a direct conclusion to be drawn about a certain person
(such as the name or e-mail address of a person), but also
information with which with suitable additional knowledge a
connection can be made with a certain person.
-
“Processing” means any action taken with your
personal data (such as collection, recording, organisation,
structuring, storage, use or erasure of data).
Who is the controller for the processing of your data?
The controller for the processing of your data is:
Liebherr-Components Biberach GmbH
Hans-Liebherr-Straße 45
88386 Biberach an der Riss Deutschland
Telephone: +49 7351 41 0
E-mail: info.cob@liebherr.com
How can you reach our data protection officer?
Our data protection officer can be reached at the following
contact details:
Corporate Privacy
Liebherr-IT Services GmbH
St. Vitus 1
88457 Kirchdorf an der Iller
Germany
E-Mail: datenschutz@liebherr.com
What rights do you have as a data subject?
As a data subject, you have the right, within the legal scope,
to:
- Information about your data;
-
Rectification of inaccurate data and completion of
incomplete data;
-
Erasure of your data, particularly if (1) they are no longer
necessary for the purposes stated in this Data Protection
Declaration, (2) you have withdrawn your consent and there
is no other legal ground for the processing, (3) your data
have been unlawfully processed, or (4) you have objected to
the processing and there are no overriding legitimate
grounds for the processing;
-
Restriction of the processing of your data, particularly if
the accuracy of the data is contested by you or the
processing of your data is unlawful and instead of deletion
you demand restriction of use;
-
Object to processing of your data based on legitimate
interests, on grounds relating to your particular situation,
or, without specific justification, to processing of your
data carried out for direct marketing purposes; unless it is
an objection to direct marketing, we ask that you explain
the reasons why we should not process your data as we may
do, when you lodge an objection. In the event of your
reasoned objection, we will examine the merits of the case
and cease processing unless we can demonstrate compelling
legitimate grounds for the processing which override your
interests, rights and freedoms or for the establishment,
exercise or defence of legal claims;
-
Receive your data in a structured, commonly used and
machine-readable format and to have your data transmitted
from us directly to another controller;
-
Withdraw consent, if you have given us consent for
processing. Please note that the lawfulness of processing
based on consent before its withdrawal will not be affected
by your withdrawal.
If you assert any of the above-stated rights, please
understand that we may require you to provide evidence showing
that you are the person you claim to be.
Furthermore,
you have the right to lodge a complaint with a supervisory
authority if you consider that the processing of your data
infringes the GDPR.
Links to other websites
Our website may contain links to and from websites of other
providers not affiliated with us (“third parties”). After
clicking on the link, we no longer have any influence on the
processing of any data transmitted to the third party when the
link is clicked (such as the IP address or the URL on which the
link is located), as the behaviour of third parties is naturally
beyond our control. Therefore, we cannot assume any
responsibility for the processing of such data by third parties.
Data processing
Authorisation
After successful authentication with a Liebherr account at
Liebherr-IT Services GmbH, St. Vitus 1, 88457 Kirchdorf an der
Iller, Germany, the authorisation takes place in the App.
What data do we process and for what purposes?
We process the following data:
-
Access token
Note: This information is
transmitted to us by Liebherr-IT Services GmbH upon
successful authentication with a Liebherr account.
In principle, we only process this data for the purpose of
authorisation with our app.
Processing for other purposes may only be considered if the
necessary legal requirements pursuant to Article 6 para. 4 GDPR
are met. In that case, we will of course comply with any
information obligations pursuant to Article 13 para. 3 GDPR and
Article 14 para. 4 GDPR.
On what legal basis do we process your data?
The processing of your data is carried out for the performance
of a contract or in order to take steps prior to entering into a
contract pursuant to Article 6 para. 1 point b GDPR.
Update of the hardware in use via app
To maintain the hardware you use and to provide you with
required firmware update, the app communicates with our IT
infrastructure
What data do we process and for what purposes?
We process the following data:
- Timestamp
- IP Address
- User ID
-
ID of the mobile device and its attributes (SW version, HW
version, etc)
- Log data
These data are in principle processed by us solely for the
following purposes:
- Update of hardware used
- Support and product developement
Processing for other purposes may only be considered if the
necessary legal requirements pursuant to Article 6 para. 4 GDPR are
met. In that case, we will of course comply with any information
obligations pursuant to Article 13 para. 3 GDPR and Article 14 para.
4 GDPR.
On what legal basis do we process your data?
The processing of your data is carried out for the performance
of a contract or in order to take steps prior to entering into a
contract pursuant to Article 6 para. 1 point b GDPR.
Data recipients
We may transmit your data to:
-
Other companies of the Liebherr Group, provided this is
necessary to initiate, perform or terminate a contract, or
for our part we have a legitimate interest in the
transmission and your predominant legitimate interest is not
opposed to this;
-
Our service providers that we use in order to achieve the
above-stated purposes;
-
Courts of law, courts of arbitration, authorities or legal
advisers, if this is necessary to comply with current law or
for the establishment, exercise or defence of legal claims.
Data transfers to third countries
The transfer of data to bodies in countries outside the European
Union or the European Economic Area (so-called third countries)
or to international organisations is only permissible (1) if you
have given us your consent or (2) if the European Commission has
decided that an adequate level of protection exists in a third
country (Article 45 GDPR). If the Commission has not made such a
decision, we may only transfer your data to recipients located
in a third country if appropriate safeguards are in place (e.g.,
standard data protection clauses adopted by the Commission or
the supervisory authority following a specific procedure) and
the enforcement of your data subject rights is ensured or the
transfer is permissible in individual cases on the grounds of
other legal bases (Article 49 GDPR).
Where we transfer your data to third countries, we will inform
you of the respective details of the transfer at the relevant
points in this data protection declaration.
Data erasure and storage period
We will process your data as long as this is necessary for the
respective purpose, unless you have effectively objected to the
processing of your data or effectively withdrawn any consent you
may have given.
Insofar as statutory retention obligations exist, we will be
bound to store the data in question for the duration of the
retention obligation. Upon expiry of the retention obligation,
we will check whether there is any further necessity for the
processing. If there is no longer such a necessity, your data
will be deleted.
Data security
We use technical and organisational security measures to ensure
that your data is protected against loss, inaccurate alteration
or unauthorised access by third parties. Moreover, for our part
in every case, only authorised persons have access to your data,
and this only insofar as it is necessary within the scope of the
above-stated purposes. The transmission of all data is
encrypted.
Status August 2022