Declaration of Data Privacy Concerning the "SmartCatalogApp"
The present declaration of data privacy applies to the SmartCatalog App, as well as to the “SmartCatalog website” by Plasser & Theurer, Export von Bahnbaumaschinen, Gesellschaft m.b.H. (hereinafter referred to as “Plasser & Theurer”).
The protection and safety of your data is a matter of great concern to us. Plasser & Theurer have taken organisational and technical measures in order to ensure data privacy. The following information explains how we handle your personal data.
1. Use of personal data
If you have made your personal data available to us, we will only use it according to the law. The acquisition and processing of your personal data by Plasser & Theurer is subject to your prior voluntary and explicit consent.
Our web server logs the following data in order to ensure the safety of the system, as well as for statistical purposes:
- Name and date of files called up
- Transferred data and downloads
- IP address
- User name
- User interaction within the App with time tagging
Your mobile terminal will store log-in data, downloaded files and query logs in order to enable you to use the App in the off-line mode.
In addition to that, Plasser & Theurer acquire and process the following:
- First and last name
- E-mail address
- Phone number
- Employer
- Job position
- Operating system of the device
- Current App version installed on the device
- Language settings
- Encrypted passwords (under no circumstances can Plasser & Theurer read the clear text)
Plasser & Theurer use this personal data for the following purposes:
- App registration and verification of the data indicated by the user concerning their employer and user rights.
- Supply of electronic spare parts catalogues
- Creation of personal profiles to be used for product improvement
- Storage of the IP address in order to obtain knowledge of any illicit use of the App
- Inquiries for spare parts and list of inquiries
- Requests for catalogues
2. Data transmission
Authorized customers of Plasser & Theurer, as well as employees of customers or representatives Plasser & Theurer can use the App to request digital catalogues for their machines.
Thus, the App enables them to quickly identify Plasser & Theurer spare parts. Their authorisation will be verified by sending a registration inquiry. Plasser & Theurer use this registration inquiry to verify employment and user rights by sending the first and last name, the e-mail address, the phone number, the name of the employer and the job position of the user to the employer indicated by them, or to the service partner in charge of the respective geographical area or the Plasser & Theurer representative.
Plasser & Theurer on their own assign the user to the service partner in charge of the geographical region or to one of their representatives. The assignment to a geographical region is carried out based on the employer indicated by the user upon registration, as well as their collaboration with Plasser & Theurer or one of their service partners. After this assignment, Plasser & Theurer or, respectively, their service partner or representative, exclusively obtain and / or control all requests for spare parts.
In order to prevent the App from being used without authorisation, annual checks will be carried out to verify that the user is still employed by the company (i. e., Plasser & Theurer customer, service partner or representative) indicated upon registration. For this verification, Plasser & Theurer or the service partner in charge of the respective geographical area, will send an inquiry to the employer indicated by the user. The following user data will be transmitted: name, e-mail address and employer. The customer informs Plasser & Theurer or the service partner or representative in charge of the respective geographical area, whether or not the user is still their employee. If the result of this check is that the user is no longer employed by the customer or is no longer authorised to use the App for other reasons, their access will be deactivated. They will not be able to continue to use the App.
Beyond that, data will only be made accessible to third parties, if Plasser & Theurer is obliged to do so based on legal or official orders or court decisions.
Customers and / or service partners may be located in countries outside of the European Union (“Third-Party Countries”), where the applicable legislation does not ensure the same level of data privacy as do member countries of the European Union. In that event, data will only be transmitted according to legislative stipulations, if the European Commission has adopted an “Adequacy Decision” for this Third-Party Country, if adequate guarantees have been agreed upon with the customer, service partner or representative (such as EU standard contract provisions), if the customer, the service partner or representative participate in an approved system of certification (such as the EU-US Privacy Shield), if binding internal data privacy regulations according to Article 47 of the General Data Protection Regulation or an exception according to Article 49 of the GDPR exists. Such an exception exists, for example, if express consent to data transmission has been obtained after instruction has been given on possible risks of such data transmissions without the existence of an adequacy decision and without suitable guarantees.
An overview of the recipients in third-party countries, as well as a photocopy of the specific regulations agreed upon for the purpose of ensuring an appropriate data privacy level, can be obtained.
3. Duration of storage
Once a user has been deactivated, the corresponding data will be anonymized.