Privacy Policy
1. General Information
This Privacy Policy applies to data processing when using our websites www.luada.de or www.hybrid-smartwatch.shop. The following information provides an overview of what happens to your personal data when you visit our websites. Personal data refers to all data that can be used to identify you personally. Detailed information on the subject of data protection can be found in the Privacy Policy set out below. It explains how, for what purpose, and on what legal basis we collect your data. Please note that data transmission over the internet (for example, when communicating by email) can have security gaps. Complete protection of your data from third-party access is not possible.
2. Controller for Data Processing
Data processing is carried out by LUADA eHealth Solutions GmbH, legally represented by the Managing Directors Jonah Sandmann and Tim Schoemaker, Enschedestraße 14, 48529 Nordhorn, Germany, email: kontakt@luada.de.
3. Collection and Storage of Personal Data, Nature and Purpose of Data Processing, and Relevant Legal Bases
We hereby inform you about which personal data we process when you visit our websites and/or use our services. Insofar as the processing of personal data is based on Article 6(1) sentence 1 point (f) of the GDPR, the purposes listed here represent our legitimate interests. Some of your data is collected when you provide it to us. For example, this can be data you enter in a contact form or our login area. If you order a watch from us via our websites, we collect the following data from you:
- First and last name
- Address
- Email address
- Phone number
- Your payment method and payment details
We process this data in order to fulfill the purchase contract for our products. The legal basis for this data processing is Article 6(1)(b) GDPR.
If you order an emergency watch with a built-in SIM card, we also request emergency contacts and health data for the operation and use of the watch. Processing the emergency contacts is based on Article 6(1)(b) GDPR, as it serves to fulfill the contract with you by allowing designated contacts to be notified when an alarm is triggered on the emergency watch. Regarding the storage of their data on the emergency watch, the emergency contacts have the data subject rights outlined in Section 7 of this Privacy Policy.
Health data is processed only on the basis of explicit consent in accordance with Article 9(2)(a) and Article 6(1)(a) GDPR. You may withdraw your consent at any time.
Furthermore, use of the watch requires GPS tracking in emergency situations. The location data generated in this way is collected and processed on the basis of explicit consent in accordance with Article 6(1)(a) GDPR. In addition, processing these data is solely for the purpose of determining your location in an emergency and is necessary under Article 6(1)(b) GDPR to fulfill the contract concluded with you.
Other data is collected automatically by our IT systems when you visit our websites. This primarily includes technical data (e.g. internet browser, operating system, or time of page access). This data is collected automatically as soon as you visit our websites. Part of the data is collected to ensure the error-free provision, stability, and security of the websites. Other data may be used to analyze your user behavior. Processing is based on a balancing of interests in accordance with Article 6(1) sentence 1 point (f) GDPR, which also takes your interests into consideration.
When you visit our websites, your browsing behavior may be statistically analyzed. This happens primarily with cookies and so-called analysis programs. The analysis of your browsing behavior is generally anonymous; the browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in this Privacy Policy.
4. Data Deletion and Storage Period
Personal data is deleted or blocked as soon as it is no longer required for the purposes for which it was originally collected. Independently of this, we store any data processed during the purchase of our products or use of our services until the expiry of the statutory or potential contractual warranty rights. Further storage may occur if required by European or national legislation in EU regulations, laws, or other provisions to which we are subject. Data is also blocked or deleted if a storage period stipulated by these regulations expires, unless it is necessary to continue storing the data for concluding or fulfilling a contract.
5. Data Collection on Our Websites
Cookies
Our websites sometimes use cookies. Cookies do not harm your computer and do not contain viruses. They serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are placed on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain on your end device until you delete them. These cookies enable us to recognize your browser when you next visit our site. You can set your browser so that you are informed about the placement of cookies, allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, or activate the automatic deletion of cookies when closing your browser. If cookies are disabled, the functionality of this website may be limited. Cookies that are necessary for the electronic communication process or to provide certain functions you request (e.g. shopping cart functions) are stored based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your browsing behavior) are stored, these are addressed separately in this Privacy Policy.
Server Log Files
The provider of the websites automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. The basis for this data processing is Article 6(1)(b) GDPR, which permits data processing to fulfill a contract or for pre-contractual measures.
Newsletter
If you sign up for our newsletter, we use the data you provide for this purpose or data you separately share with us to regularly send you our email newsletter based on your consent in accordance with Article 6(1) sentence 1 point (a) GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact details listed in Section 2 or by clicking a link intended for that purpose in the newsletter. After you unsubscribe, we delete your email address unless you have explicitly consented to further use of your data or we reserve the right to use your data for purposes permitted by law, about which we inform you in this notice.
Analytics Tools and Advertising
We have activated IP anonymization on our websites. This means that Google will shorten your IP address within member states of the European Union or other contracting states to the Agreement on the European Economic Area before transmitting it to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of these websites, Google will use this information to analyze your use of the websites, compile reports on website activity, and provide additional services related to website usage and internet usage to the website operator. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of our websites in full. You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being captured by Google and processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected during future visits to this website: Prohibit Google Analytics from tracking me. For more information on how Google Analytics handles user data, please refer to Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.
6. Plugins and Tools
YouTube
Our websites use plugins from the YouTube page operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages that contains a YouTube plugin, a connection is established to YouTube’s servers, informing the YouTube server which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of presenting our online offerings in an appealing way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Further information on handling user data can be found in YouTube’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
Our websites use so-called web fonts provided by Google to ensure a uniform presentation of fonts. When you access a page, your browser loads the required web fonts into its cache so that text and fonts are displayed correctly. For this purpose, your browser must connect to Google’s servers. Through this, Google becomes aware that our websites were accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If your browser does not support web fonts, a default font from your computer is used. For more information on Google Web Fonts, please refer to https://developers.google.com/fonts/faq and Google’s Privacy Policy at: https://www.google.com/policies/privacy/.
7. Transfer of Data to Third Parties
All-Inkl.COM Neue Medien Münnich
Our websites are hosted on the internet by an external service provider. We use the service of ALL-INKL.COM Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. The personal data collected on the website is stored on the host’s servers. This may include server log files, automatically gathered when the websites are accessed via your browser on the internet, as well as contract data, contact data, names, website visits, and other data generated via the website. We have concluded a data processing agreement pursuant to Article 28 GDPR with ALL-INKL.COM. Your personal data is processed according to our instructions and is stored exclusively on servers in Germany, meaning it is not transferred to data recipients outside the European Union. More information on data protection at ALL-INKL.COM can be found at https://all-inkl.com/datenschutzinformationen.
The legal basis for this is our legitimate interest according to Article 6(1)(f) GDPR in providing and using our websites on the internet, as well as the statutory permission to store data within the framework of initiating a contract pursuant to Article 6(1)(b) GDPR.
Netcup GmbH
When setting up the emergency watch, the order number, email address, phone numbers of the emergency contacts, as well as phone numbers and names stored in the address book are saved on the server of Netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany (https://www.netcup.de) so that they can then be sent to the LUADA emergency watch via SMS. We have concluded a data processing agreement pursuant to Article 28 GDPR with Netcup GmbH. Your personal data is processed under our instructions and is stored exclusively on servers in Germany, meaning it is not transferred to data recipients outside the European Union. Data is deleted from the server after the setup is completed, at the latest after 30 days. Data processing takes place to fulfill the contract concluded with you in accordance with Article 6(1)(b) GDPR.
Heyflow GmbH
On our websites, we use the online form provided by Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg (hereinafter Heyflow), where you can enter personal details such as your name and contact information. All inquiries are processed in Heyflow’s systems on our behalf. We have concluded a data processing agreement with Heyflow. This agreement ensures that Heyflow processes the data in compliance with the GDPR and solely on the basis of our instructions. For more details, please refer to Heyflow’s Privacy Policy at https://heyflow.app/de/datenschutz. Processing of this data with Heyflow is based on our legitimate interest in an interactive and user-friendly way of communicating with inquirers (Article 6(1)(f) GDPR). The inquiry data itself is processed based on Article 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for implementing pre-contractual measures.
Telefónica Germany GmbH & Co. OHG
In order for the LUADA emergency watch to communicate with the specified emergency contacts, it contains an integrated SIM card from the telecommunications provider Telefónica Germany GmbH & Co. OHG, Georg-Brauchle-Ring 50, 80992 Munich (https://www.telefonica.de/datenschutz-kontakt). Data transmission to the emergency watch is carried out via SMS commands, so Telefónica Germany GmbH & Co. OHG can access this data. This data processing is carried out to fulfill the contract concluded with you pursuant to Article 6(1)(b) GDPR.
PayPal
We offer the option to carry out the payment process via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg). This reflects our legitimate interest in providing an efficient and secure payment method (Article 6(1)(f) GDPR). In this context, we transfer the following data to PayPal, insofar as it is necessary to fulfill the contract (Article 6(1)(b) GDPR):
- First name
- Last name
- Address
- Email address
- Phone number
The processing of the data specified in this section is neither legally nor contractually required. Without transmitting your personal data, we cannot process a payment via PayPal. You have the option to choose another payment method.
For certain services, such as payment by direct debit, PayPal carries out a credit check to ensure your willingness and ability to pay. This is in PayPal’s legitimate interest (Article 6(1)(f) GDPR) and serves to fulfill the contract (Article 6(1)(b) GDPR). For this purpose, your data (name, address, date of birth, bank account details) is passed on to credit agencies. We have no influence on this process and only receive information as to whether the payment is carried out or declined or if verification is pending. For more information on ways to object and remove data in relation to PayPal, please visit https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Your data is stored until the completion of the payment process. This also includes the time required for processing refunds, handling receivables, and preventing fraud.
8. Information About Your Rights
You have the following rights, free of charge, in relation to our processing of your personal data:
8.1. Right to Information According to Article 15 GDPR
You have the right to obtain information from us about whether and which data we process about you. This includes information on how long and for what purpose we process the data, from which source it originates, and to which recipients or categories of recipients we disclose it. You can also request a copy of this data.
8.2. Right to Rectification According to Article 16 GDPR
You have the right to have any incomplete or incorrect information about you corrected without delay. You may also request that we complete any of your incomplete personal data. Where legally required, we will inform any third parties to whom we have disclosed your personal data about the correction.
8.3. Right to Erasure According to Article 17 GDPR
You have the right to request that we delete your personal data immediately if one of the following applies:
- Your data is no longer necessary for the purposes for which it was collected or otherwise processed, or the purpose has been achieved.
- You withdraw your consent and there is no other legal basis for processing.
- You object to the processing and there are no overriding legitimate grounds for continuing to process the data.
- In the case of personal data being used for direct marketing, your objection to processing is sufficient.
- Your personal data has been unlawfully processed.
- The erasure of your personal data is necessary to fulfill a legal obligation under EU or Member State law to which we are subject.
Your right to erasure may be restricted by legal provisions. These include, in particular, the restrictions set out in Article 17 GDPR and Section 35 of the Federal Data Protection Act (BDSG).
8.4. Right to Restrict Processing According to Article 18 GDPR
You have the right to request a restriction on the processing of your personal data if one of the following conditions applies:
You dispute the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead.
- We no longer need your personal data for the purposes of processing, but you need it to establish, exercise, or defend legal claims.
- You have objected to the processing, pending verification of whether our legitimate grounds override yours.
If processing has been restricted as set out above, we will inform you before lifting that restriction.
8.5. Right to Data Portability According to Article 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit this data to others. Exercising this right does not affect your right to erasure.
8.6. Right to Object According to Article 21 GDPR
Pursuant to Article 21 GDPR, you have the right to object to the processing of your data at any time for reasons arising from your particular situation if we base this processing on legitimate interests in accordance with Article 6(1)(f) GDPR. If you object, we will no longer process your personal data unless one of the following applies: • we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or • the processing serves to establish, exercise, or defend legal claims. In particular, if we process your personal data for direct marketing purposes, you have the right to object at any time to such processing. If you object to the processing of your data for direct marketing purposes, we will no longer use your personal data for this purpose.
8.7. Right to Withdraw Consent According to Article 7 GDPR
You may withdraw any consent you have given us at any time with future effect. This withdrawal can be made in the form of an informal message to us using the contact details provided in Section 2. If you withdraw your consent, the lawfulness of the data processing carried out until the withdrawal remains unaffected.
8.8. Right to Lodge a Complaint with a Supervisory Authority
If you believe that our processing of your data violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities. The supervisory authority responsible for us in matters of data protection is the Data Protection Officer of the federal state in which our company is headquartered. You can also submit a complaint to the data protection supervisory authority in the place of your residence. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.