In the following provisions, we, i.e. Hemro International AG ("Hemro/we"), inform you about the type, scope and purpose of the collection and use of your personal data in the context of the Mahlkönig Sync App (hereinafter: "App") within the use of this website. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name, address and email address.
1. Controller and Data Protection Officer
The controller of the App and the responsible party in terms of data protection law is the
Hemro International AG
Board of Directors with power of representation: Dr. Marcel Lehmann, Adrian Schürmann, Ziya Boro
Tel.: +41 44 864 18 00
Data Protection Officer:
Data Protection Officer
2. Data processing to enable website usage
Every time you access content on our website, connection data is transferred to our web server. This connection data includes:
- the IP address (Internet Protocol address) of the respective users
- the date and time of the query
- the referrer URL
- device numbers such as your unique device identifier (UDID) and comparable device numbers, device information (e.g., device type)
- the browser type/version
This connection data is neither used to determine a user’s identity nor is it combined with data from other sources. Rather, it serves to make the website available. The legal basis for processing your data is Art. 6 (1) (1) (f) GDPR.
3. Data processing and purpose
Depending on the specific use of the App, personal data is processed for the purposes stated below. Unless otherwise stated, the legal basis for data processing is Art. 6 (1) sentence 1 lit. b GDPR.
3.1 Initial registration
To use the App, you must first register. For the initial registration, you must enter your email address and will receive a confirmation link via email. Once you click on the link the email, you will be re-directed to the App and must enter a company name, your name and choose your password ("login data"). A password must be at least 8 characters long and preferably always consist of a combination of upper and lower case letters, numbers and special characters. Trivial words such as "ABC" or keyboard sequences (e.g. "qwert" or "asdfgh"), all kinds of names (e.g. of friends, colleagues, family members, pets), names of cities and buildings, comic characters, car brands, car registration plates, terms, dates of birth, telephone numbers, common abbreviations, etc. are problematic.
Login data must be kept strictly secret. If a password is nevertheless passed on, for example to enable access to certain data by third parties in an emergency, the password must be changed immediately. For your own protection, it is prohibited to reuse passwords that have already been used.
In addition, your IP address and the time of registration are stored by us as part of the initial registration. This is necessary to ensure the security of our information technology systems. The legal basis for the processing of your data in this case is Art. 6 (1) sentence 1 lit. f GDPR.
3.2 Login data - regular login
In order to be able to log in to the App in the future after the successful initial registration (sec. 3.1), it is regularly necessary to enter your login data. Your login data is encrypted for transmission to the server and cannot be viewed by third parties. You do not have to enter your login data every time you use the App. Instead, your login data is temporarily stored on the end device through the use of a refresh token. However, to prevent unauthorized use of the App by third parties, we recommend that you log out after use and re-enter your access data each time you use the App.
3.3 Use of the App
It is not necessary to enter personal data to use the App. When using the App, only device data of the end device for the grinding process, e.g. coffee used, degree of grinding and grinding time, are transmitted to our servers.
4. Device data in connection with the use of the grinder
You can connect the grinder to our server (cloud) via your own internet connection. As soon as the grinder has been connected to the cloud and the grinder has an internet connection, the grinder sends device data to the cloud (e.g. grinder status, grind events). The data is provided either on an event-driven basis or at specific intervals (e.g. every hour), depending on the settings. The device data is used by Hemro for statistical purposes and will be visualized in analytics charts and tables. Hemro and Hemro's customers have access to this data, whereby Hemro's customers only have access to the data of the devices in their company.
Please note: Device data is technical data that is generated during the operation of a machine. As such, it is generally not personal data and therefore the GDPR does not apply. However, a personal reference can arise through combination with other data from a source outside of our server if a connection between the grinder and a person can be identified, e.g. through individual use of the grinder by a person at a certain time. The combination and thus the "creation" of a personal reference is the sole responsibility of the specific grinder-user. However, if the user can derive a personal reference from the data from the specific use, this data still has no personal reference for Hemro. If at all, it would then be pseudonymous data for Hemro, the processing of which would be permissible on the basis of a legitimate interest in accordance to Art. 6 (1) sentence 1 lit. f GDPR.
5. Data transmission
We only disclose your personal data to third parties or other recipients if this is necessary for the provision of services, you have given your consent, there is a legal obligation or the disclosure of data or it is permitted on the basis of another legal basis. Where necessary, we have concluded agreements with the recipients of your data on commissioned processing in accordance with Art. 28 GDPR. We will only disclose your data to government bodies within the scope of legal obligations or on the basis of an official order or court decision.
6. Data transfer to countries outside the EU
As a general rule, we do not transfer your data to recipients outside the EU. However, if it is necessary for our purposes, we will only transfer your data if it is ensured that the recipient of the data guarantees an adequate level of data protection and no other interests worthy of protection speak against the transfer of data.
7. Duration for which personal data are stored / criteria for determining the duration
We will store your personal data for as long as this is necessary for the aforementioned processing purposes or in case of an objection that no compelling reasons worthy of protection exist for Hemro or in case of a withdrawal of consent if no other legal basis for data processing exists. However, in certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately but will first be blocked.
8. Security measures to protect your personal data
We use technical and organizational measures to protect your data from unauthorized access, loss, or destruction. Our security measures are continuously adapted in line with technical developments. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to treat personal data confidentially. Our employees are trained accordingly.
To protect your personal data on this website, we use a secure online transmission procedure known as “Secure Socket Layer” (SSL) transmission. This can be recognized by the closed lock symbol displayed on the https:// address. Click on this symbol for details of the SSL certificate used. Display of this symbol depends on the browser version used. SSL encryption guarantees the encrypted and complete transmission of your data.
9. Your rights
Within the framework of the legal requirements, you are in principle entitled to request from Hemro:
- confirmation of whether Hemro is processing your personal data,
- information about this data and the circumstances of the processing,
- correction, insofar as this data is incorrect,
- deletion, insofar as there is no justification for the processing and no (longer) obligation to retain,
- restriction of processing in specific cases determined by law,
- objection in the event of data processing on the basis of Art. 6 (1) sentence 1 lit. f GDPR and
- transfer of your personal data - insofar as you have provided it - to you or a third party in a structured, common and machine-readable format.
If you have given your consent to the processing of your personal data, you have the right to withdraw your consent again at any time. Processing of your personal data will then not be allowed in the future. However, this will not affect the lawfulness of the processing carried out with your consent before you withdrew your consent.
Please address your specific request to our data protection officer in writing or via email, clearly identifying your person:
Data Protection Officer
Finally, we would like to inform you of your right to complain to the supervisory authority.
10. No automated individual decision
We do not use your personal data for automated individual decisions.