This post is also available in: Deutsch (German)
(as of March 30th 2023)
Note – if you have come here due to an app update: We’ve removed several services that transfer data to 3rd parties, we also updated the list and details of 3rd party services we’re using.
OVERVIEW
In this document we (see our Imprint) inform you as controller according to art. 4 para 7 GDPR about the collection and use of personal data when using
- Our websites (“Website”) available on iconnecthue.com, iconnecthue.app and iconnect.de; and
- Our mobile “iConnectHue” app available in the App Store for iOS for iOS.
“Personal Data” are all data relating to you as an individual (cp. art. 4 para 1GDPR).
Quick access
WEBSITE VISITS
Website Server Functions in General
When using the Website merely for information purposes, meaning when you do not register or transmit to us information another way, we collect only the personal data that your browser transmits to our server. When you want to peruse our Website, we collect the following data that is technically necessary to display the Website and to ensure stability and security (legal basis is our legitimate interest in the flawless functionality of the Website according to art. 6 para 1 S. 1 lit. f GDPR):
- IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Content of the request (concrete web page);
- Access status/HTTP status code;
- Respectively transmitted data volume;
- Website from which the request originates;
- Used browser incl. language and version;
- Operating system (OS) of the used device and its surface.
We erase server logs usually after eight days, in specific cases later when concrete evidence leads to justified suspicion that the Website has been or is being used illegally or that an event has occurred which endangers the security or stability of the Website. In a case of this paragraph (2), the data will be erased 90 days after the moment in which they are no longer required for the clarification of the presumably occurred event.
Cookies
In addition to the above-mentioned data, cookies are stored on the terminal device you use when you use the Website. The Website uses both transient and persistent cookies, the scope and function of which are explained below.
Among the transient cookies used are in particular the session cookies, which store a session ID with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to the Website. The session cookies are erased when you log out or close the browser.
The following transient cookies are used:
JSESSIONID | |
Content: | Session ID |
Purpose(s): | Recognition and assignment of the user during his current session on the Website |
Expiry/Erasure: | Session: This cookie is deleted upon closing the browser. |
euCookie | |
Content: | Indicator that the mandatory cookies notification has been acknowledged |
Purpose(s): | Compliance with Art. 5 para 3 ePrivacy Directive |
Expiry/Erasure: | Session: This cookie is deleted upon closing the browser. |
The persistent cookies are automatically erased after a specified period of time, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time. No persistent cookies are used on the Website.
You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website if you refuse cookies.
Contact Form
When you contact us (e.g. through a contact form or via e-mail), indicating any of your data is voluntary as far as we do not need it to fulfill or answer your request. We store your said data to handle your request and potential follow-up questions.
When contacting us, depending on your given data, different data categories are collected. The legal basis for using this service is, depending on your type of inquiry, art. 6 para 1 lit. a (your consent) or lit. b (our having to process your data to fulfill our duties towards you) GDPR.
YouTube Videos
The Website embeds YouTube videos that are managed and hosted by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, a subsidiary of Google, Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The videos are embedded in the so-called Enhanced-Privacy Mode (for more information, please visit https://support.google.com/youtube/answer/171780?hl=de). In this mode, cookies are only set on your end device and personal data is only collected from you if you actively click on the video. Upon this click, Google processes various categories of data (including device-related information, log data, location-based information, application numbers, visits to websites that use Google advertising services) to, among other things, to provide and maintain its services, develop new services and display customized content (advertising, search results). This data is generally transferred to a Google server in the USA and processed there.
When or how Google deletes your information depends on several factors (e.g., settings in your Google Account) over which we have no control. Use of the YouTube video feature is voluntary. If you do not want the embedding of YouTube videos to result in the aforementioned processing of personal information about you, please do not click on YouTube videos on the Website.
The transfer of your data to YouTube takes place without an adequacy decision and without appropriate guarantees regarding data protection. YouTube may be subject to the obligations of the California Consumer Privacy Act (CCPA). However, the EU Commission has not assessed whether the existing laws are sufficient to provide an adequate level of data protection in the United States of America and the State of California. Legal protection against the recipient can usually only be sought under the national law of the United States of America. This notice does not replace legal advice and cannot take into account individual cases of private international law.
The legal basis for the data processing mentioned here is your consent (Art. 6 para. 1 s. 1 lit. a GDPR). Google transmits data to third parties if consent has been granted if this is necessary for legal reasons or if third parties process this data on behalf of Google.
You can prevent the storage of the Google cookies by making the appropriate setting in your browser. This may limit the functionality of YouTube videos and Google services. You can find further information in the Google Privacy Policy.
Affiliate Partner Advertising Network
We participate in several partner network programs (“Affiliate Networks”) that work as described here. We display links to our network partners’ products or other offers, and when clicking on any of them, information is added to the link and transferred to our respective partner that you clicked on one of our links to said product. When you subsequently buy anything from our network partner we receive a small remuneration for advertising their products. This way we finance a part of our services, for example to purchase further products we review and display in this context. In the following we provide details on how the system works, and enumerate our network partners.
Our affiliate links’ clearly show their targets and network partners. They are named, e.g., „Amazon US/CA: Philips Hue Motion Sensor“, which means they lead to Amazon US/CA. When you click on an affiliate link our webserver stores a cookie on your device that contains the following types of data and transmits them to our network partner:
-
- Referrer ID, meaning the ID of the linking partner (in this case us); and
- IP address.
The legal basis for the processing of your data in the networks described here is our interest in financing and optimizing the content of our offer in accordance with Art. 6 para 1 s. 1 lit. f GDPR.
The mentioned data is, as the case may be with the respective network, processed either exclusively in the EU or, when a network stores and processes the tracking data also outside of the EU, said networks fulfill the requirements of the EU-US Privacy Shield or have concluded contracts with the advertising network providers (e.g. Standard Contractual Clauses) that ensure a GDPR-equivalent data protection level.
- Amazon PartnerNet (Germany) or, as the case may be, Amazon Affiliate (outside of Germany) of the Amazon.com, Inc. and its subsidiaries. For these networks, as an exception to the other networks, we process your IP address to determine the country associated to your IP address and, upon clicking on the respective link, transfer you to the Amazon store that matches your country.
- eBay Partner Network (eBay Partner Network, Inc. residing in 2145 Hamilton Ave., San Jose, CA 95125, USA): no particularities.
- Tradedoubler (Tradedoubler AB, 556575-7423, Birger Jarlsgatan 57A, 113 56 Stockholm, Sweden): no particularities.
- AWIN (AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany): no particularities.
- If you do not want the mentioned data categories to be collected and processed, please do not click on the described links. All details on our advertising partners are available here––
- Amazon Affiliate US: https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496e:%20%E2%80%A6
Amazon Affiliate Canada: https://www.amazon.ca/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=918814
Amazon Affiliate UK: https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=502584
Amazon Partenaires France: https://www.amazon.fr/gp/help/customer/display.html?nodeId=201909010
Amazon PartnerNet: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401
Amazon Affiliate Spain:
https://www.amazon.es/gp/help/customer/display.html?nodeId=201909010 - eBay Partner Network: https://partnernetwork.ebay.com/legal#privacy-notice
- Amazon Affiliate US: https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496e:%20%E2%80%A6
USE OF THE MOBILE APP
The following information relates to your use of the Mobile Apps.
Collection of Personal Data When Using the App
When downloading the Mobile App the necessary information is transmitted to the respective app store provider, i.e. username, e-mail address and customer number of your account, time of download, payment information and the individual device identifier. We have no influence on and are not responsible for said data transfer, and do not have access to it.
When using the Mobile App we collect the following types of personal data technically necessary to provide the Mobile App’s functions and ensure their stability and security (legal basis is our legitimate interest in providing a stabile app according to art. 6 para 1 S. 1 lit. f GDPR):
- IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Content of the request (concrete web page);
- Access status/HTTP status code;
- Respectively transmitted data volume.
When you open websites through the Mobile App, e.g. YouTube video pages, cookies are stored on the device in addition to the previously mentioned data. Among these cookies are i.e. session cookies that store a so-called Session ID with which the various requests of the Mobile App are allocable. The session cookies are – just like any other cookies that are, as the case may be, set – deleted when you close the respective window.
Geolocation for Location-Based App Functions
When you use certain functions in the Mobile App, such as “Automation on arrival and leaving” or “Daylight dependent actions”, the Mobile App collects and processes the geolocation of your device. This data is stored locally on your used device and bridge(s) only.
Legal basis of these processes is art. 6 para 1 s. 1 lit. b GDPR. If you do not want your geolocation to be collected for the mentioned purposes, please do not use the mentioned functions.
Audio Recordings („Discotainment“)
When you use the function “Discotainment“, audio is recorded and automatically analyzed for certain patterns by the Mobile App through the device’s microphone to control lights, and deleted immediately after the analysis.
Legal basis of this process is art. 6 para 1 s. 1 lit. b GDPR. Should you not want said audio recording, please do not use the function “Discotainment”.
Contact Function
When you contact us through the contact function in the Mobile App because of a problem or with a question, your current IP address, your bridge and app settings, and the last activities in the Mobile App are collected and transmitted to us along with your contact to allow us to solve your problem and localize and prevent system crashes in the future. Legal basis of this process is art. 6 para 1 s. 1 lit. b GDPR.
You can remove said data prior to sending of the e-mail. In that case it probably will not be possible for us to help you with the Mobile App though.
YouTube Videos
The App embeds YouTube videos that are managed and hosted by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, a subsidiary of Google, Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Provided that you have enabled the “Show YouTube Videos” menu option in your user preferences when viewing YouTube videos and viewing pages with embedded YouTube videos, Google processes various categories of data (including device information, log data, location information, application numbers, visits to web pages that use Google advertising services) to, among other things, provide and maintain its services, develop new services and display customized content (advertising, search results). This data is generally transferred to a Google server in the USA and processed there.
When or how Google deletes your information depends several factors (e.g., settings in your Google Account) over which we have no control. The use of the YouTube video feature is voluntary. If you do not want the embedding of YouTube videos to result in the aforementioned processing of personal information about you, do not click or tap YouTube videos in the App.
The transfer of your data to YouTube takes place without an adequacy decision and without appropriate guarantees regarding data protection. YouTube may be subject to the obligations of the California Consumer Privacy Act (CCPA). However, the EU Commission has not assessed whether the existing laws are sufficient to provide an adequate level of data protection in the United States of America and the State of California. Legal protection against the recipient can usually only be sought under the national law of the United States of America. This notice does not replace legal advice and cannot take into account individual cases of private international law.
The legal basis for the data processing mentioned here is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).
All details on which data is collected and processed when using YouTube is available at https://www.google.de/intl/de/policies/privacy.
Microsoft AppCenter Analytics
The App uses the “AppCenter Analytics” service operated by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA (“Microsoft”) to effectively localize errors in the App. If the App crashes on your computer or produces unexpected errors, the following information is collected and sent to Microsoft:
- Type of the mobile device in use;
- operating system version;
- date and time of the error;
- Country where the query originated;
- Language set for the operating system.
For full details on AppCenter Analytics’ privacy policy, please visit https://docs.microsoft.com/en-us/appcenter/sdk/data-collected
The transfer of your data to Microsoft takes place without an adequacy decision and without appropriate guarantees regarding data protection. Microsoft may be subject to the obligations of the California Consumer Privacy Act (CCPA). However, the EU Commission has not assessed whether the existing laws are sufficient to provide an adequate level of data protection in the United States of America and the State of California. Legal protection against the recipient can usually only be sought under the national law of the United States of America. This notice does not replace legal advice and cannot take into account individual cases of private international law.
The basis for the use of AppCenter Analytics is your consent according to Art. 6 para. 1 s. 1 lit. a GDPR.
Use of AI in Functions and in Support
When using the App, artificial intelligence (“AI”, e.g., ChatGPT) is used in two scenarios. First, you can let AI help you create and manage content in the app (e.g., scenes). Second, for support requests in languages other than English and German, we use KI to translate the requests.
When using AI, it is possible that the respective AI used can use all your input for all kinds of purposes, e.g., for its own training. This means that your input could be displayed to other users in their queries in the future. Therefore, when using AI features, please act as if your input were processed and published anywhere in the world. If you are not comfortable with that, please don’t use the AI-powered features! The App offers you the same functions without AI as with AI, just maybe not quite as conveniently.
The basis for processing your data in the context of AI is your consent in the case of AI-supported management of your App content (Art. 6 para. 1 sentence 1 lit. a GDPR), in the case of your support requests in languages other than English and German the necessity for processing your requests (Art. 6 para. 1 sentence 1 lit. b GDPR).
YOUR RIGHTS
You have the following rights regarding your personal data collected by and/or stored with us. You may request:
- Access to your personal data;
- Rectification or erasure of your wrong personal data; and
- Restriction of processing.
- You may object to processing, and
- Have the right to data portability.
To exercise any of the above-mentioned rights please use the contact form on https://iconnecthue.com/contact.
You may furthermore lodge a complaint about our processing your personal data with a supervisory authority.
EU Platform for Online Dispute Resolution
ec.europa.eu/consumers/odr
Notice pursuant to Section 36 of the Consumer Dispute Resolution Act (VSBG): We are not obliged and generally not willing to participate in dispute resolution proceedings before a consumer arbitration board.