We, meteocontrol GmbH, are the party responsible for the VCOM O&M App (hereinafter “App”), which we make available to you. We would first like to inform you about the nature, scope and purposes of the collection and use of personal data in a precise, transparent, understandable and easily accessible form and in clear and simple language. You must be able to access the content of that notification at all times. We are therefore obligated to inform you as to what personal data is collected or used. Personal data denotes any information concerning an identified or identifiable natural person.

We attach the utmost importance to the security of your data and to compliance with data privacy regulations. The collection, processing and use of personal data are subject to the provisions of prevailing European and national law.

Because the protection of your privacy when using the App is important to us, we would like to provide you with the following information about which personal data we process when you use the App and how we handle this data. In addition, we will inform you about the legal basis for processing your data and, if the processing is necessary to protect our legitimate interests, also about our legitimate interests.

You can access this privacy policy at any time within the App.

In the following Privacy Policy, we wish to present how we handle your personal data and how you can contact us

 

Contact details of the body responsible

meteocontrol GmbH
Pröllstrasse 28
86157 Augsburg, Germany
Commercial register No.: HRB 16415
Managing directors: Chris Liu, Stijn Stevens
Telephone: +49 821-346660
E-mail: info@meteocontrol.de

Our Data Protection Officer can be reached at the following contact details:

Sven Lenz
Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstrasse 50
87435 Kempten, Germany
E-mail: lenz@deutsche-datenschutzkanzlei.de

 

1. Information on the processing of your data

When using the App, you have the option of requesting support for O&M tasks for solar installations. You can use your VCOM access data to log into your customer area via the App.

Certain information is already processed automatically as soon as you use the App. We have listed exactly which personal data is processed for you below:

 

1.1     Information collected during download

When you download the App, certain required information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store), in particular your first and last name, the e-mail address, the device ID (app-scoped), and the time of the download may be processed. This data is processed solely by the respective app store and is outside of our control.

 

1.2     Information that is collected automatically

When you use the App, we automatically collect certain data that is required for the use of the App. This includes:

• internal device ID
• version of your operating system
• time of access

This data is automatically transmitted to us, but not stored, in order to

1. provide you with the service and the associated functions,
2. improve the functions and features of the App, and
3. prevent and eliminate misuse and malfunctions.

This data processing is justified by the fact that

1. processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App, or
2. we have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service in line with the market and your interests, which override your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR.

 

1.3     Registration and login

It is not necessary to create a user account. This is a registration to be able to use the App. It requires the user data for the VCOM login:

• First and last name
• E-mail address
• Password

We use the information you provide to authenticate you.

This data processing is justified by the fact that

1. processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App, or
2. we have a legitimate interest in ensuring the functionality and error-free operation of the App and in being able to offer a service in line with the market and your interests, which override your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR.

 

1.4     Using the App

You can enter, manage and edit various information, tasks and activities in the App. This information includes in particular the following:

• Storage of app configuration data such as search filters.

The App does not require any authorizations to access your device other than access to the Internet.

Usage data is processed and used to provide the service. This data processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b) GDPR for the use of the App.

 

2. Disclosure and transfer of data

Your personal data will only be passed on without your prior express consent in addition to the cases explicitly mentioned in this privacy policy if it is permitted or required by law. This may be the case, for example, if processing is necessary in order to protect the vital interests of the user or another natural person.

If necessary for the investigation of unlawful or improper use of the App, or for legal prosecution, personal data will be forwarded to law enforcement authorities or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. Disclosure may also take place if this serves to enforce terms of use or other legal claims. Any disclosure of personal data is justified by the fact that

1. the processing is necessary to fulfill a legal obligation to which we are subject pursuant to Art. 6 (1) (f) GDPR in conjunction with national legal requirements for the disclosure of data to law enforcement authorities, or
2. we have a legitimate interest in disclosing the data to the aforementioned third parties in the event of indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not prevail.

 

3. Data transfers to third countries

The use of Google Firebase may result in data being transferred to the USA. The following applies to data transfer to the USA: Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA.

Google Inc. is certified under the Data Privacy Framework.

 

4. Changes of purpose

Your personal data will only be processed for purposes other than those described if this is permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.

 

5. Data storage period

We abide by the principles of data economy and data reduction. That means we store your data provided to us only for as long as required to fulfill the above purposes or as defined by the various retention periods prescribed by law. As a rule, we store your personal data for the duration of the usage or contractual relationship via the App plus a period of seven days, during which we keep backup copies after erasure, provided this data is no longer required for criminal prosecution or to secure, pursue or enforce legal claims.

Legal requirements for the retention and erasure of personal data, in particular data that we are required to retain for tax reasons, remain unaffected.

 

6. Your rights as a data subject

You have the right to receive information from us about the personal data processed by meteocontrol GmbH (Art. 15 GDPR). In addition, you can demand that we rectify incorrect personal data about you (Art. 16 GDPR). If relevant, you can demand that the personal data processed be erased (Art. 17 GDPR) or that the processing be restricted (Art. 18 GDPR). In addition, you have a right in certain cases to data portability (Art. 20 GDPR). You can also object to the processing under certain circumstances (Art. 21 GDPR).

 

7. Right to lodge complaints with a supervisory authority

You can lodge complaints with one of the data protection supervisory authorities.

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA = Bavarian Data Protection Authority)
Promenade 27, 91522 Ansbach, Germany
Telephone: +49 981 53-1300
Fax: +49 981 53-981300

You can open the form for submitting complaints to the Bayerisches Landesamt für Datenschutzaufsicht at: https://www.lda.bayern.de/en/complaint.html

 

8. Right to object

You can object to use of your data for internal purposes at any time with effect for the future. You merely need to send an e-mail to that effect to datenschutz@meteocontrol.de. However, such withdrawal of consent does not affect the lawfulness of the processing activities conducted up to that point. Processing of data on all other legal grounds, such as in steps prior to entering into a contract (see above), shall not be affected by that.

 

9. Protection of your personal data

We take state-of-the-art contractual, organizational and technical security measures to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

The security measures include in particular encrypted transfer of data between your browser and our server. 256-bit SSL (AES 256) encryption technology is used for this.

 

10. Use of Google Firebase

We use Google Firebase, a service of Google Inc., based in the USA, for cloud messaging, in other words, for sending notification messages to users’ mobile devices. This is necessary as part of the O&M App if the support involves assigning a ticket to the user. We transmit pseudonymized data to Google Firebase during use. This data is not linked to the actual user data. We use the data and crash report collected in this way for troubleshooting and hence improving the App.

We have not activated the Analytics module from Firebase.

The retention period for the data is limited to 24 months.

You can find more information on data privacy by clicking on https://www.firebase.com/terms/privacy-policy.html.

 

11. Amendments to our Privacy Policy

We reserve the right to adapt our Privacy Policy from time to time so that it always complies with the latest statutory requirements or to reflect changes to our services in the Privacy Policy. That may be the case, for example, if new services are launched. The new Privacy Policy will then apply when you next use the App. The current version of the Privacy Policy can always be accessed within the App.