Privacy Policy

BEGA Connect Web App

The protection and security of your personal data is our top priority. Accordingly, we comply with the statutory regulations in order to offer your data the best possible protection. 

When using the BEGA Connect Web App (hereinafter also referred to as the "Web App") and your BEGA connectors, as little personal data or device data as possible is processed. Nevertheless, individual functions or services cannot be used or can only be used to a limited extent without the processing of personal data. 

In the following, we would like to inform you about the type, scope and purpose of data collection and its use. 


I. General information

1. Function

The BEGA Connect Web App enables the user to control and configure BEGA components. 

2. Contact details of the person responsible

is responsible for the operation of the app and thus for the processing of personal data:  BEGA Gantenbrink-Leuchten KG P.O. Box 3160 D-58689 Menden [email protected] (hereinafter referred to as "we" or "BEGA"). 

3. Contact details of the Data Protection Officer

The data protection officer responsible for BEGA is Mr M. Helling c/o BEGA Gantenbrink-Leuchten KG P.O. Box 3160 D-58689 Menden [email protected]

4. Definitions

General terms: This privacy policy uses terms according to the way they are defined in the GDPR. The definitions (Art. 4 GDPR) can be viewed here, for example: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679

BEGA ID is the assigned individual identification number (ID) using which BEGA customers may register in the customer portal. The app does not access plain data on the basis of which the customer could be identified from the app; instead, it only accesses the ID (pseudonymisation)

Cookies are text files that are stored on or read from your device by a website or a mobile application connected to the internet. They contain combinations of letters and numbers in order for example to recognise the user and the user's settings when reconnecting to the service placing the cookie, to make it possible to remain logged in to a customer account, or to statistically analyse a particular user behaviour.

Categories of data that we mention in this privacy policy particularly include

  • BEGA ID;
  • Usage data (e.g. activity in the app, use of specific content, log data about accesses);
  • Location data (data that is collected or used in a telecommunications network or by a telecommunications service and which indicates the location of an end device for the user of a publicly accessible telecommunications service);
  • Traffic data (connection data such as IP addresses, device information, information about the operating system, application detection).

Personal data (Art. 4 (1) GDPR) means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

5. Storage period

Personal data will be deleted as soon as the purpose of the processing no longer applies or the BEGA ID is deleted, or a prescribed storage period expires, unless further storage of the personal data is necessary to fulfil another contractual or general legal obligation towards the user. 

6. Categories of data recipients

Recipients of personal data are employees of BEGA who, according to a graduated authorisation concept, must process data for the purposes listed below if necessary in order to be able to implement the desired services and functions of the app. In addition, so-called processors in accordance with Art. 28 GDPR may receive data in the course of a service provider function, such as our IT service providers. Our service providers process personal data in accordance with instructions within the European Union or the European Economic Area or in a third country if this is permitted under an adequacy decision or other suitable guarantees (Art. 44 et seq. GDPR). We contractually oblige our service providers to take appropriate technical and organisational measures to ensure data protection and to maintain data secrecy. Data processing in a so-called third country does not take place unless expressly indicated in this privacy policy. With regard to the transfer of data to other recipients, we only pass on information about users if this is required by law, if the user has consented or if we are authorised to do so. 

7. Data protection rights

As a data subject within the meaning of the GDPR, users of the app have various rights to ensure the protection of their privacy. These are: the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure. 

The user also has the right to revoke consent once given (Art. 6 para. 1 lit. a GDPR) (Art. 7 para. 3 GDPR). The proper revocation of consent does not affect the legality of the data collection carried out up to that point. 

In addition, the user has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, Article 21 GDPR. 

You also have the right to lodge a complaint with a data protection supervisory authority (Art 77 GDPR in conjunction with Section 19 BDSG). The data protection supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf, e-mail: [email protected]. Data subjects are free to contact any other data protection supervisory authority. 

8. No automated individual decision-making in individual cases / profiling

We do not use automated decision-making in individual cases, including profiling, to reach such a decision in accordance with Art. 22 (1) and (4) GDPR. 

II. Individual processing operations of the BEGA Connect Web App

The following explanations relate to the processing of personal data by the BEGA Connect app. 

1. Recording log data (calling up the web app)

(a) Description and purposes of the processing 

When the web app is activated or called up, data is regularly transmitted, such as the IP address and further information about the end device used (smartphone, tablet, computer, etc.), the operating system used (iOS, Android with the respective version number), log files about the time of access to the web app, the so-called referrer URL and the amount of data transferred. We cannot identify individual users based on this data. The information helps us to determine the attractiveness of our offer and, if necessary, to improve its performance or content and make it even more interesting, but also to maintain an appropriate level of data and IT security by being able to understand whether our web app is being accessed legally. This is our legitimate interest. 

(b) Legal basis 

Legitimate interests, Art. 6 para. 1 letter f GDPR 

(c) Data categories covered 

Usage data, traffic data 

(d) Recipients of the data outside the app 

No 

(e) Transfer to a third country outside the EU / EEA 

No 

(f) Storage period 

Until the account is deactivated or deleted. 

2. Registration / BEGA ID

(a) Description and purposes of the processing 

No registration is required to access the web app. However, registration with the BEGA ID is technically necessary to use the functions of the web app, e.g. to transfer a Connect system to another end device (smartphone, tablet, laptop, PC, etc.) or to another user, as well as for the (shared) use of a Connect system by one or more users via the Internet (web browser). 

For these types of use, the user registers via the BEGA website. After registration, only the BEGA ID is recorded within the web app. The BEGA ID is the only identifier within the app. It is not merged with customer data outside the app, e.g. for profiling or personalised advertising purposes. 

(b) Legal basis 

Performance of the contractual services, Art. 6 para. 1 letter b GDPR 

(c) Data categories covered 

BEGA-ID 

(d) Recipients of the data outside the app 

Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany; hosting provider (MS Azure Cloud) ("Microsoft"). 

(e) Transfer to a third country outside the EU / EEA 

Not provided for. However, there is an order processing contract with Microsoft (Art. 28 GDPR), which also covers so-called EU standard contractual clauses. As additional protective measures, data is only transmitted in encrypted form and is highly pseudonymised, i.e. only a so-called token ID (sequence of numbers) is stored, which is not personally identifiable for third parties. 

(f) Storage period 

Until the account is deactivated or deleted. 

3. Use of the closed area via the BEGA ID

(a) Description and purposes of data processing  

Registered users with a BEGA ID can use the closed area to manage products and services.  

BEGA also uses functionally required session ID cookies within the closed area. As soon as the user has logged into the closed area, the session ID cookies store the link to the website that was open at the time of login, the language selected at the time of login and the value as to whether the user should be shown the privacy policy. In addition, the remote user ID, the user ID and the email address are also recorded as part of the BEGA ID. The session ID cookies used by BEGA are only stored in the user's web browser for the current session and are automatically deleted when the browser is closed. 

The use of the closed user area requires that the user authorises the session ID cookies used by BEGA and the storage of data using session storage.  

(b) Legal basis 

Art. 6 para. 1 lit. b, f GDPR 

(c) Data categories covered 

Usage data, BEGA-ID 

(d) Recipients of the data outside the app 

None.  

(e) Transfer to a third country outside the EU / EEA 

Not provided.  

(f) Storage period 

Until the session cookies or the entire account are deactivated or deleted.

4. Fault diagnosis by Sentry

(a) Description and purposes of the processing 

An error diagnosis service is used as part of the BEGA Connect web app to ensure the stability and reliability of the web app and to constantly improve it. To do this, we rely on anonymised crash reports. For this purpose, we have installed on our server the software of the "Sentry" analysis service from the provider Functional Software, Inc. dba Sentry, 45 Fremont St, San Francisco, California 94105, US. (https://sentry.io) is installed. Sentry uses cookies and similar technologies to log and monitor errors that can be recognised in the source code and to improve the technical functionality and performance of our web app. In order to respond to error messages and possible speed deficits, we transmit anonymised error/log data about the use of the web app to our Sentry software, within which this data is evaluated. This is so-called metadata, such as information about the operating system and browser used, the programming language used, possible causes of errors and the server used. We delete the stored data ("events") after 90 days at the latest. In addition, back-ups are stored for a further 90 days and then automatically deleted.  

We have implemented the cloud version of Sentry. Data transfer to the USA cannot be ruled out. We have therefore concluded additional data protection agreements with Sentry in the form of so-called EU standard contractual clauses, which ensure an appropriate level of data protection.  

Further information on Sentry's terms of use and data protection can be found at https://sentry.io/terms/ and https://sentry.io/privacy/. 

(b) Legal basis 

Legitimate interest, Art. 6 para. 1 letter f GDPR 

(c) Data categories covered 

Traffic data, usage data 

(d) Recipients of the data outside the web app 

None. 

(e) Transfer to a third country outside the EU / EEA 

Yes (USA). EU standard contractual clauses have been agreed.  

(f) Storage period 

Maximum 90 days plus 90 days back-up. 

III. Individual processing operations of the BEGA connector

The following explanations relate to the software-supported processing of data through the initialisation and use of the BEGA Connector. 

1. Recording log data

(a) Description and purposes of the processing 

When using the software implemented in the Connector, data is regularly transmitted, such as the device ID and log files. In the event of serious system errors (crashes, etc.), this data may be shared with our software service provider. The information is required to ensure the functionality and optimisation of the software and to guarantee the security of our information technology systems. We cannot identify individual users on the basis of this data. Should such data be personally identifiable in individual cases, the data processing serves our legitimate interest. 

(b) Legal basis 

Legitimate interests, Art. 6 para. 1 letter f GDPR 

(c) Data categories covered 

Usage data, traffic data 

(d) Recipients of the data outside the app 

IT service provider (Art. 28 GDPR). 

(e) Transfer to a third country outside the EU / EEA 

No 

(f) Storage period 

Until the app is deactivated or deleted 

2. Setting up the connector for remote access

(a) Description and purposes of the processing 

The BEGA ID token is registered in our cloud database as part of the initialisation of the connector for remote access to BEGA luminaires. This transmission takes place automatically. 

Only the BEGA ID is recorded after transmission. Merging with customer data, e.g. for the purposes of profiling or personalised advertising, is excluded. 

(b) Legal basis 

Performance of the contractual services, Art. 6 para. 1 letter b GDPR. 

(c) Data categories covered 

BEGA-ID 

(d) Recipients of the data outside the app 

Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany; hosting provider (MS Azure Cloud) ("Microsoft"). 

(e) Transfer to a third country outside the EU / EEA 

Not provided for. However, there is an order processing contract with Microsoft (Art. 28 GDPR), which also covers so-called EU standard contractual clauses. As additional protective measures, data is only transmitted in encrypted form and is highly pseudonymised, i.e. only a so-called token ID (sequence of numbers) is stored, which is not personally identifiable for third parties. 

(f) Storage period 

Until the account is deactivated or deleted.


Disclaimer This privacy policy applies to the BEGA Connect web app and the BEGA Connector. If interfaces to third-party services are integrated within the web app, we are not responsible for any data processing that takes place there. We are not obliged to check whether content from third parties that can be accessed via the Web App is compliant with data protection regulations or not, nor do we carry out any such checks. We reserve the right to change or adapt the privacy policy at any time. We therefore ask our users to keep themselves regularly informed about possible changes to the privacy policy at this point. Changes may be made in particular if we expand or change functions.