For emz-Hanauer GmbH & Co. KgaA, Ernst-Hanauer-Strasse 1, 92507 Nabburg, Germany, ("emz", "we" or "us") the protection of your privacy is an important concern. In the following, we explain what data we process as part of the App.
Our App allows you to digitally open the recycling system assigned to you ("recycling system") using Bluetooth and location services. Following your use of the recycling system (e.g. inserting a bag), your disposal data and disposal data not yet transmitted at the time of use by users who used the recycling system before you without an internet connection are transmitted to us via your device in encrypted form.
We do not use your data for any other purpose than to administer your use of the recycling system and to fix bugs in the App. The data about your use of the recycling system does not leave the EU.
Provided that the respective legal requirements are met, you have the following rights under the GDPR regarding your personal data processed by us:
You may ask us to tell you whether we are processing your personal data and, if so, to provide you with a copy of that data (together with any other relevant information).
If personal data we process about you is incorrect or incomplete, you have the right to request that it will be corrected or completed.
In certain circumstances, you may request that we delete your personal data.
In certain circumstances, you may request that we restrict the processing of your personal data.
You can ask us to stop processing your personal data if we:
Process your data on the basis of a legitimate interest and cannot provide compelling legal grounds for further processing or use your personal data for direct marketing.
In certain circumstances, you have the right to request that we provide your personal data provided to us in a structured, commonly used, electronically readable format.
If we process your personal data on the basis of your consent, you have the right to revoke your consent at any time for the future. The processing of your personal data prior to granting the revocation remains lawful.
You have the right to lodge a complaint with the competent data protection authority at any time if you believe that the processing of personal data by us violates applicable data protection law.
No automated decision making within the meaning of Art. 22 GDPR takes place in the App.
We process your personal data in connection with your use of the App and the Recycling Systems as follows:
When the App is downloaded, the required information is transmitted to the App Store, in particular the time of the download and the individual ID of the device. We have no influence on this data collection and are not responsible for it. When registering your account, we process the email address, the activation code.
In order to register and manage the user relationship with you and to provide the App, we process your following personal data: name, user name, password, activation code of your disposal company, address, allocation to specific disposal company and associated disposal authorisations, time of registration, verification of your e-mail address and use of the App (authentication and times of authentication).
The legal basis for this processing is Art. 6 (1) (a) GDPR (fulfilment of the User Agreement between you and us).
We process this data for the above-mentioned purpose as long as your user relationship with us has not ended. Thereafter, we process your personal data only to the extent necessary to assert or defend legal claims or to comply with statutory retention obligations.
We and your disposal company are jointly responsible for processing this data. Your disposal company processes the data to provide you with the recycling system. We will be happy to provide you with details of joint control on request.
When you use a recycling system for which you are eligible and connect your App to that recycling system, we process your following personal data: transaction Data: date, time, email address, user device type and operating system used, container, presence of a data connection; container data: functional status, bookings, location of the recycling system; customer data: user name and email address.
We process this data for the following purposes: transmission or access by your assigned local waste disposal contract partner for billing purposes; and, in aggregated form, for analysis purposes to ensure the proper operation and further development of the system, to process service requests and notifications, and to block and activate access in accordance with the contractual agreements with the contract partners assigned to the users ("user" is used here for male, female or diverse).
This data is forwarded by the recycling system to us (the egate Web Portal) in encrypted form (asymmetric; ECDSA with P-256 and SHA256). If you use the recycling system with a transmitter (token) instead of the App, or if you do not have an internet connection when using the container, the recycling system stores the data (in encrypted form) and only transmits it to us when the next user with an internet connection uses the recycling system.
The legal basis for this processing is Art. 6 (1) (a) GDPR (fulfilment of the User Agreement between you and us).
We process this data for the above-mentioned purpose for as long as we need this data to achieve the purpose, for a maximum of one year after the data is created. Thereafter, we process your personal data only to the extent necessary to assert or defend legal claims or to comply with statutory retention obligations. Transaction data is deleted from the recycling system immediately after it has been successfully transferred to us.
We and your disposal company are jointly responsible for processing this data. Your disposal company processes the data to provide you with the recycling system. We will be happy to provide you with details of joint control on request.
We use the Sentry.io tool in this App to document errors when the App crashes. For this purpose, in the event of an error message, real-time crash reports are sent via an interface in the App (SDK) with precise details of code locations in the App and device information (device state, device type, operating system, App version, time of the crash), which are intended to simplify maintenance and improve the resulting stability of the App. The information transmitted does not include the IP address or any other personal or relatable data, nor is it associated with your username or any other mobile device data.
The legal basis for this processing is Art. 6 (1) (f) GDPR (legitimate interest) and Sec. 25 (1) TTDSG. Our legitimate interest is to provide you with a functioning App.
We process this data for the above-mentioned purpose for as long as we need this data to achieve the purpose, for a maximum of 90 days. After that, we process your personal data only to the extent necessary to assert or defend legal claims or to comply with statutory retention obligations.
When you send us a contact request or other communication, we process your following personal data: name, contact details (depending on the information provided: e-mail address, telephone number or other) and other information you provide to us, correspondence with us and information to respond to your request. We process information about your request on an anonymous basis for statistical purposes.
The legal basis for processing to respond to your request is Art. 6 (1) (b) GDPR (fulfilment of the User Agreement for the App between you and us). The legal basis for our anonymisation of data for statistical purposes is Art. 6 (1) (f) GDPR (legitimate interest; our interest: Improvement of our service and statistics).
We process this data for the above-mentioned purpose until we have answered your enquiry or communication. Thereafter, we process your personal data only to the extent necessary to assert or defend legal claims or to comply with statutory retention obligations.
For unrestricted use of the App functions, the App requires access to the following Android authorisation groups.
Bluetooth allows the App to connect to the recycling system.
The location data provided by the mobile phone is used to determine the location of the recycling system as accurately as possible and to check your access rights. The location data is not data that is assigned to you, but to the recycling system. If you are using Android, enabling location services is also required for the Bluetooth connection to the recycling system to work.
The use of Bluetooth and location detection must be explicitly enabled by you for the respective operating system. If location tracking or Bluetooth is deactivated, the App cannot be used.
The App needs access to the networks to be able to determine whether a mobile network or WIFI is available. In this way, the App can send data to the egate Web Portal via the user's data connection. In addition, the App needs this function to load map data and display the location on a map.
You can also use the App without releasing this authorisation. Your transaction data will then be transferred to us by the next user who uses the disposal system.
If you want to use image transmission within the Service Reports function, the App needs access to the camera and the image memory.
We have taken technical and administrative measures to protect your personal data against loss, destruction, manipulation and unauthorised access. Among other things, we use updated firewalls and browser certification technology. The security measures are subject to a continuous improvement process.
However, you should be aware that the use of the Internet is never completely secure and therefore there is no guarantee for the security or completeness of the personal data transmitted by you or via the Internet. Please therefore ensure that you update the operating system you are using.
The transaction data is encrypted with an asymmetric key (ECDSA with P-256 and SHA256) when it is stored in the recycling system and when it is transmitted from the recycling system to us. The decryption key is only kept by us and is not available to third parties.
6. Data recipient categories
In this section, we describe to which recipients, for which purposes and on which legal basis your personal data is transferred - if and insofar as we have not already specifically explained this else-where:
In addition to the corresponding service providers mentioned, we also use other so-called data processors who act exclusively on the basis of our instructions. This is the case, for example, for the administration of customer data and the technical provision of the App.
In individual cases, we may disclose your personal data to public authorities, law enforcement agencies, courts, legal advisors and auditors, insofar as we are legally obliged to do so (Art. 6 (1) (c) GDPR) or this is necessary to protect our legitimate interests, in particular to defend, enforce or exercise legal claims (Art. 6 (1) (f) GDPR).
We store your personal data on secure servers in the EU for the processing purposes described in this Privacy Policy, except for the processing of error reports by Sentrio.io (see section 3d above). . Your personal data will not be transferred to countries outside the EU (third countries, such as the US).
Your personal data will be retained in accordance with applicable laws as set out in this Privacy Policy for as long as is necessary for us to fulfil our obligations and achieve the purposes set out in this Privacy Policy. Thereafter, we will remove such personal data from our systems and records or take steps so that such data can no longer be attributed to an individual, unless we need to retain your personal data to comply with legal retention obligations. The master data stored in the App (e.g. name, email address, etc.), will be stored in the App, i.e. on the mobile phone, until you delete the App or manually delete all App data. Information on the transaction and container data is automatically deleted after transfer to the Web Portal.
If new technologies make it necessary, we reserve the right to change our privacy policy. Please ensure that you have the latest version and check the privacy policy each time you log in.
All users of our App can reach us for data protection issues at:
Data Protection Officer(s) Emz-Hanauer GmbH & Co KGaA
Ernst-Hanauer-Strasse 1
92507 Nabburg
Telefon : +49 9433 898-122
Fax : +49 9433 898-5122
E-mail : datenschutzbeauftragter@emz-hanauer.com
Version January 2024