Data protection statement

Controller
Beurer GmbH
Söflinger Straße 218
89077 Ulm
Germany
Tel.: +49 (0)731-3989-0
E-mail: datenschutz@beurer.de
Website: www.beurer.com

Company Data Protection Officer
Data Protection Officer
Beurer GmbH
Söflinger Straße 218
89077 Ulm
Germany
Tel.: +49 (0)731-3989-0
E-mail: datenschutz@beurer.de
Website: www.beurer.com

You can only use the app if you are logged in with your Beurer account, if you have completed registration, including confirmation that you have read the contraindications, and if you have consented to cloud storage and the processing of health data. In addition, your smartphone must be able to use the app and Bluetooth® must be switched on and functional.

The availability of the app may be interrupted for necessary maintenance and repair measures.

Apps may notify you of events via push notification on your mobile device. Beurer uses push notifications from Apple or Google to send messages to your mobile device. Beurer can only transmit these messages if it is ensured that:

• the app has been installed in accordance with the instructions,
• your Internet access and the Beurer cloud which your system is communicating with are functioning without any issues,
• you have allowed messages from the app on your mobile device and in the app and
• your mobile device has an active data connection.

The following authorisations are required, depending on the functions used:

a) Android – Google

• Camera
This authorisation is required to scan the barcodes of the garments so that they can be registered in the app. Alternatively, the code can be entered manually.

• Find and pair nearby Bluetooth® devices
This authorisation is required to find and pair nearby Bluetooth® devices such as the Antelope Booster from Android 12.

• Access precise location only when the app is running in the foreground
This authorisation is required for Bluetooth® communication from Android 11.

• Access approximate location only when the app is running in the foreground
This authorisation is required for Bluetooth® communication from Android 11.

• Access location in the background
This authorisation is required for Bluetooth® communication from Android 11, but is not collected or used by Beurer.

• Access precise location (GPS and network-based)
This authorisation is required for Bluetooth® communication up to and including Android 11.

• Full network access
This authorisation is required in order to synchronise the data with the cloud.

• Access network connections
This authorisation is needed for checking the Internet connection.

• Pairing with Bluetooth® devices
This authorisation is required for Bluetooth® communication with the connected devices.

• Connect to paired devices
This authorisation is required to connect to paired Bluetooth® devices.

• Send content to nearby Bluetooth® devices
This authorisation is required for Bluetooth® communication with the connected devices.

• Access Bluetooth® settings
This authorisation is required for Bluetooth® communication with the connected devices.

• Access active apps
This authorisation is required to show messages in the status bar, e.g. an active connection with a device.

• Deactivate idle mode
This authorisation is required so that the idle mode is not automatically activated during training.

If the respective Android version provides for this, you will be asked to grant your consent for certain rights either during installation of the app or immediately before using the respective function for the first time, meaning you can make a decision directly in this case.

b) iOS – Apple

• Camera
This authorisation is required to scan the barcodes of the garments so that they can be registered in the app. Alternatively, the code can be entered manually.

• Mobile data
This authorisation is required in order to synchronise the data with the cloud.

• Access Bluetooth® settings
This authorisation is required for Bluetooth® communication with the connected devices.

For iOS, you are explicitly asked for your approval for certain rights, meaning you can make a decision directly in this case.

1.1.1 Registration and login in the Antelope Go app

You are required to enter your e-mail address (user ID) and a password to register for a Beurer account. The e-mail address you are using for the request is not stored at this point in time. When registering, you must enter other data, such as your first name, last name and gender. We also store the date of your registration.

The legal basis for the described data processing is Article 6(1)(a) GDPR. The purpose of data processing is your consent to create a user account when you register. You can delete your account at any time by logging in via Beurer AccountManager: https://appsso.beurer.de/login

1.1.2 Use of the app with registration

When using the app, the following data is processed both locally on your mobile device and in the Beurer cloud:

• E-mail address
• Password
• First name, surname and gender
• Age (18 years)
• Date of registration and last login
• IP address
• App settings
• Registered Antelope products

The IP address is required to establish communication between the location where the data is stored and the device used. The IP address is not stored.

The data generated or entered by you when using the app will always be synchronised with the Beurer Cloud for the purpose of data backup if a suitable data connection is available and to ensure cross-platform availability of the data generated, especially in the event a device is changed or several devices are used simultaneously, e.g. for evaluation purposes.

We require your first name, last name and gender for secure customer service, e.g. in order to be able to grant you access to your account again if you lose access by means of identification.

The legal basis for the described data processing is your consent pursuant to Article 6(1)(a) GDPR.

In addition, the following data as well as personal and health data are processed if you enter them or have deliberately activated synchronisation with other data sources:

• (Biological) sex
• Body weight and body muscle percentage, body fat percentage and body water percentage
• Date and time of the respective measurement entry
• Manually input measurements
• Antelope Booster settings and training parameters
• Training history: For example date, time, program settings, duration & intensities and equipment used

You can delete the measurements you have entered (weight as well as muscle percentage, body fat percentage, water percentage, date and time) at any time in the app. You can delete the data transmitted by means of synchronisation with other data sources and/or your own measurement entries individually in the Antelope Go app. The measurement entries synchronised with the Antelope Go app can be deleted by ending the synchronisation.

The legal basis for the data processing is Article 9(2)(a) in conjunction with Article 6(1)(a) GDPR. The purpose of data processing is to support your personal training plan and monitoring as well as your health management with Antelope products.

As a general rule, the data is stored until the user uninstalls the app and deletes the user account in the Beurer Cloud. Users who have not logged into the app for more than 30 days are automatically logged out. Tokens are stored locally for recognition purposes; the access token stores the e-mail address, first name, surname and gender. The refresh token only stores a random string of characters and is used to create the access token.

You can also log out of the app at any time, with the effect that the access details for the respective account must be entered again when the app is called up again.

1.1.3 Processing of functionally necessary data when using the app

Information is automatically sent to the server when the app is used. This information is stored temporarily in what is known as a log file. The following information is collected without any action on your part, and stored until it is automatically erased:

• Requests (for login, Firebase or Bluetooth®)
• Crash report from the app incl. the control system
• Timestamp (date and time of access)
• Status code indicating whether the request was made successfully

We process this data for the following purposes:

• to ensure that a seamless connection to the app can be established
• to ensure convenient use of our app
• to evaluate system security and stability

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes outlined above for data collection and ensuring the functional reliability of the app. Under no circumstances will we use the data collected for the purposes of drawing any conclusions about you. The data will be stored for 14 days. In accordance with Article 21 GDPR, you can object to this data processing at any time (see section 5 of this data protection statement).

1.1.4 Use of the app functionality for body measurements

If you have saved data in the "beurer HealthManager Pro" app, you can synchronise it in the Antelope Go app after granting your consent. Granting this consent is voluntary and can be withdrawn at any time in the app. If you do not grant your consent or withdraw it, the weight cannot be automatically synchronised from the “beurer HealthManager Pro” app and you may have to enter it manually.
The legal basis for the data processing is your consent pursuant to Article 9(2)(a) in conjunction with Article 6(1)(a) GDPR.

1.1.5 Contact form

You may contact us to submit an enquiry. Should you do so, the following data will be collected:

• E-mail address
• Content of the message you are sending us
• Extended password-protected log file

You can voluntarily share the extended, password-protected log file with us so that we can offer you even better customer service and support for your enquiry. However, please only send these to us at the request of our employees.

The legal basis for data processing is Article 6(1)(a) GDPR (Consent). The purpose of the data processing is to respond adequately to your enquiry.

Entities within Beurer GmbH that require access to data in order to fulfil contractual and legal obligations receive access to the data.

Beurer GmbH’s external service providers may also receive this data. These service providers may be:

• Affiliated companies, where these are required for the fulfilment of the contract

• Service providers for processing customer service enquiries

• IT service providers, hosting service providers, and service providers for operating the IT system

We use Firebase for crash detection. User data is transmitted to Firebase in anonymised form. In addition, other Firebase functions are also used which enable better user navigation or an evaluation of the causes of errors in the apps as well as push notifications. Firebase is a real-time database that allows you to embed real-time information into your website. Firebase is a subsidiary of Google and is based in San Francisco (CA), USA. You can find Firebase’s privacy policy at https://www.firebase.com/terms/privacy-policy.html. The legal basis for the processing of your data is Article 6(1)(f) GDPR. In accordance with Article 21 GDPR, you can object to this data processing at any time (see section 5 of this data protection statement).

You have the right:

• Pursuant to Article 15 GDPR, to request information about your personal data that we process. In particular, you may request information about the purposes of processing, category of personal data, categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data if we did not collect it ourselves, and about the existence of automated decision-making including profiling, and, where applicable, meaningful information about the details thereof;

• Pursuant to Article 16 GDPR to immediately request the rectification of inaccurate or incomplete personal data relating to you stored by us;

• Pursuant to Article 17 GDPR to request the erasure of personal data relating to you stored by us, unless processing is required for the exercising of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of the public interest, or for the establishment, exercise, or defence of legal claims;

• Pursuant to Article 18 GDPR to request the restriction of processing of your personal data insofar as you dispute the accuracy of the data, or processing is unlawful and you decline its erasure and we no longer need the data but you require it for the establishment, exercise, or defence of legal claims, or you have submitted an objection to processing pursuant to Article 21 GDPR;

• Pursuant to Article 20 GDPR to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, or to request the transfer of the same to another controller;

• Pursuant to Article 7(3) GDPR to at any time withdraw any consent you have granted us. This will result in us no longer being permitted to continue the data processing that this consent relates to in the future. Withdrawing your consent does not affect the lawfulness of the processing that was carried out on the basis of the consent until the consent was withdrawn.

• Pursuant to Article 77 GDPR to lodge a complaint to a supervisory authority. Generally, you can contact the supervisory authority for your usual place of residence or the registered headquarters of our company for this purpose.

If your personal data is processed based on legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to submit an objection to the processing of your personal data pursuant to Article 21 GDPR, provided that there are reasons to do so arising from your particular situation, or if the objection relates to direct advertising. In the latter case, you have a general right to object, which we will implement without requiring a particular situation to be stated.

If you would like to exercise your right of withdrawal or to object, please contact us via the communication methods specified at the top of this data protection statement.

We use the popular SSL (Secure Socket Layer) process in conjunction with the highest level of encryption supported by your mobile device. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or full loss, destruction, or unauthorised access by third parties. Our security measures are continually being improved in line with technological developments.

All data collected, processed and stored in the app or on the central systems remains the responsibility of Beurer GmbH. Forwarding may take place within the Beurer Group for the processing of enquiries as well as to service providers committed to data protection for providing the services. Forwarding to any other third parties is excluded.

In the context of using the app, you are required to make available personal data that is essential for service provision. Without this data, we are not able to provide the service.