Data Privacy statement (“Statement”)

The controller for data processing is CYBEX Retail GmbH with registered office in Bayreuth. Our contact details are as follows:

CYBEX GmbH
Riedingerstraße 18
95448 Bayreuth
Germany
Tel. +49 (0)92178511-0
E-Mail: info@cybex-online.com

Data protection officer:

This Privacy Policy governs the use of the CYBEX software application e-Priam (“Application”) for mobile devices.
e-Priam is a mobile application designed to control the rocking & support mode functions of the e-PRIAM stroller. It also can perform firmware updates, monitor the e-PRIAMs battery level and contains helpful information such as user guides, customer support information and FAQ’s.

1. Obtained information and purpose

Generally, you can use the Application without providing any personal information.

Collected Information

Application will store the following data:
• Country
• Unique identifier of added strollers;
• Voluntarily added names of strollers.
The collected and stored information is mandatory for a proper functioning of the Application.

2. Legal basis for data processing

At all times we process your data in accordance with the relevant legislation and only to the extent permitted by an applicable legal provision. Depending on the respective purpose of the data processing, the processing of your data may be based on the following legal principles:

- Consent (Article 6 (1) (a), Article 7 GDPR): We only process certain data if you have given us your express and voluntary consent to do so. You may revoke your consent at any time with effect for the future.

- Performance of a contract or pre-contractual measures (Article 6 (1) (b) GDPR): We process certain data where this is necessary for the performance of a contract (e.g., usage of the Application).

- Compliance with legal obligations (Article 6 (1) (c) GDPR): We need to process some of your data for compliance with our own legal obligations, for example to comply with tax obligations.

- Protection of vital interests (Article 6 (1) (d) GDPR): We process certain data in cases where processing is necessary to protect the vital interests of you or of another natural person.

- Protection of legitimate interests (Article 6 (1) (f) GDPR): We process certain data in cases where processing is necessary to protect legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests which require protection of personal data.

3. Purposes of the data processing

a. Provision of our Application

Where we process personal data as part of your usage of our Application, this is done to ensure problem-free operation of the Application and to improve our offerings and services.

The legal basis for this data processing is Article 6 (1) (b) GDPR, as the processing is necessary to ensure the functionality of our Application and to deliver their contents correctly. In addition, the data serve to optimize our Application and to ensure the security of our IT systems; in this respect, the data processing is based on Article 6 (1) (f) GDPR.

b. Contact

If you contact us by telephone, email or via an online form, we process the data provided by you on the basis of Article 6 (1) (b) GDPR to the extent necessary to process your request and to be able to prove that you have contacted us in accordance with legal requirements.

4. Access permissions

The application will require following system permissions:
● Bluetooth
● Coarse location - required for Android devices to use Bluetooth
● Push Notifications - iOS only
● Internet

The collected data will be used only for purposes mentioned above.
If you do not want us to have the access rights, you can revoke your permission in the settings of your mobile device. Please be informed, by revoking your permission, the functionality of the Application will be restricted or disabled.

5. Data transfer to third parties

Your data will only be transferred to our carefully selected service providers and partner companies who are contractually obligated to comply with requirements of data protection laws. Otherwise, your data will only be transmitted in the event of an existing legal obligation. In the following you will find information about the companies to which we transfer data.
.
a. Transfer within affiliated companies

We may transfer your data to our affiliated companies for storage in central databases and administrative purposes in connection with the provision of the Application. The legal basis for this data processing is either Article 6 (1) (f) GDPR.

b. Transfer to third countries

Data are only transferred to bodies in states outside the European Union or the European Economic Area where
- you have consented thereto,
- this is necessary to provide the Application,
- this is required by law, or
- this occurs as part of order processing.

In the case of order processing, the service providers are contractually bound to our instructions and obligated to guarantee the strict technical and organizational measures. The processors are located both in countries that are the subject of an adequacy decision by the European Commission and in countries that protect personal data to an extent not comparable with the EU. In the latter cases, we ensure a level of data protection comparable to that of the EU by way of contractual agreements and by agreeing the EU standard data protection clauses.

c. Transfer to other third parties

Otherwise, we only transfer your data to third parties or to official authorities if we are legally obligated to do so under existing data protection laws, such as due to official or court orders, or if we are entitled to do so, e.g., because it is necessary for the prosecution of criminal offences or for the exercise or enforcement of our rights or claims. The legal basis for the respective data processing in these cases is Article 6 (1) (c) GDPR or Article 6 (1) (f) GDPR.

6. Period of data storage; data erasure

We only store your data for the period required to serve the purpose of storage or where provided for by law or regulations. We will erase or block your data once the purpose has been served or has ceased to apply. In the case of blockage, the data will be erased as soon as there are no legal or contractual retention periods, there is no reason to expect that erasure would impair your legitimate interests and erasure would not cause disproportionately high costs due to the special type of storage.

7. Your data protection rights

As a visitor of our web pages and as a customer in our CYBEX Online Shop, you are entitled to various rights granted by the Community legislature. Please use the information in the Contact section to assert your rights against us and make sure that we are able to clearly identify your person.

In the following we explain your essential rights as a data subject.

Rights of confirmation, access, to rectification or erasure of data

In accordance with the GDPR, as a data subject you may obtain information in writing upon request and free of charge about which data about your person (e.g., name, address) have been stored. In addition, as a data subject, you have the right to have these data corrected or erased as granted by the Community legislature, provided that the legal requirements are met. Excluded from the right to erasure are, for example, stored data relating to business processes that are subject to the legal obligation to retain data.

In detail:

Right of confirmation and access: A data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed; where that is the case, the data subject has a right of access to the personal data and to further information to the extent provided for by law.

Right to rectification: A data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. In this respect, taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (“right to be forgotten”): A data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay; the controller has the obligation to erase personal data without undue delay where one of the grounds provided for by law applies and where the processing is not necessary.

Right to restriction of data processing: As a data subject, you have the right to obtain from the controller restriction of processing where one of the conditions provided by law is met.

Right to object: As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you by us as controller; we will then no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject or for the establishment, exercise or defense of legal claims.

Right to data portability: As a data subject, you have the right to receive the personal data concerning you which you have provided to us as controller in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us as controller to which the personal data have been provided, subject to the conditions provided for by law.

Revocation of consent: Where you may have given us your consent to process your data within the scope of your use of our Application, you may withdraw such consent at any time with effect for the future. The lawfulness of the processing of your data before your withdrawal remains unaffected.

8. Complaints to supervisory authorities

In the event of complaints regarding the processing of your data, you have the right to contact the competent supervisory authorities. You may do so by contacting the data protection authority responsible for your place or state of residence or the data protection authority responsible for us, which is:

The Bavarian Data Protection Commissioner (Bavarian DPC)
PO Box 22 12 19
80502 Munich, Germany
Email: poststelle@datenschutz-bayern.de

9. Security

We have taken technical and organizational security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. Connections between the server and Application are protected by employing HTTPS protocol using the SSL/TLS layer. The identity of the server can be verified with the provided X.509 certificate. Data streams are encrypted using Datagram Transport Layer Security (DTLS), and media streams are encrypted using Secure Real-time Transport Protocol (SRTP). For this purpose, only authorized persons have access to the user’s provided data. All our employees and all individuals involved in information processing are under an obligation to observe user privacy and to ensure the confidential use of personal data.

10. Contact information

If you have any questions regarding using the Application, Service or these Policy, please email us at info@cybex-online.com or contact us via post to the address given below.

Last update: April 2021