Data protection declaration
for tepcon products

The responsible body for data processing is:

tepcon GmbH
Obere Wiesen 9
78166 Donaueschingen
Phone: +49 771 8983 260
Mail: info@tepcon.de

We have appointed a data protection officer for our company:

bbcom secure Deutschland Gmbh
Wolfgang Homann
Reichenaustraße 11
78467 Konstanz
Phone: 07531 584 799 0
E-mail: datenschutz.tepcon@bbcomsecure.de

When you browse the website, order or use tepcon products or contact us, we receive personal data from you. In principle, we process data:

If you give us your express consent (Art. 6 I lit. a GDPR), e.g. you would like us to contact you directly, subscribe to newsletters or receive promotional offers. Measures in accordance with Art. 7 III UWG remain unaffected by this, see GTC.

To fulfill contractual obligations (Art. 6 I lit. b GDPR), e.g. if you purchase and use our product.

If we are subject to a legal obligation (Art. 6 I lit. c GDPR). For example, we are obliged to retain certain documents under tax and commercial law.

On the basis of a legitimate interest of us or third parties (Art. 6 I lit. f GDPR). This includes data processing for the purposes of direct advertising, sales promotion, IT security and fraud prevention, as well as the creation of pseudonymous user profiles for the analysis and needs-based design of the website. You can object to this in accordance with Art. 21 I 1 GDPR.

Further information can be found here: Data protection on our website

In order to properly fulfill the contractual objectives, it is necessary to collect and evaluate data of the users of the tepcon products. The use of tepcon products can only be realized via the link with the respective user access. The legal basis is Art. 6 I lit. b GDPR.

Data collection

The data obtained from the use of tepcon products can be categorized as follows:

Data provided by you
This is the data that you enter yourself when you use our websites, products or services. This includes your name, your e-mail address, your address and your telephone number.

Data collected via sensors (e.g. telematics data)
Some of our products are equipped with sensors or use the sensors of the devices on which they are installed. Examples of sensors are GPS, Wi-Fi or Bluetooth receivers. These sensors collect data automatically when they are activated. Depending on the purpose of the data collection, the data may be sent to tepcon and third parties for further use in conjunction with other data that can be used to identify you or your device.

Metadata
This is all data that is automatically generated when you use tepcon products. Metadata is often collected or generated as part of the use of a computer or the transmission of data via computer networks, such as the Internet. This data includes user interface and device usage events, IP addresses, unique device identifiers, Wi-Fi and Bluetooth MAC addresses, cookies and computer activity records.

This data is transmitted to our IoT portal in encrypted and pseudonymized form. For the purpose of fulfilling the contractual objectives, this data is then processed by tepcon processed further. Personal data is only accessed with the user’s consent, for example as part of service measures.

The data collected by the tepcon products is listed below, with allocation to the respective apps and their intended use:

augmented instructor

Online communication
– For uploading/downloading digital instructions
– Download tools and shapes for creating instructions
– Upload logs of completed instructions
– Upload user behavior / where-used lists

Camera
– For scanning QR codes / barcodes to identify the user, the assets and the linked instructions
– For overlaying work steps on 3D models in augmented reality

augmented presenter

Online communication
– For the download of 3D models
– Upload of user behavior / proof of use

Camera
– For scanning QR codes / barcodes to identify the user and the 3D models
– For displaying the 3D models in augmented reality

chat board

The data determined and functions used in the APP are heavily dependent on the workflows.

Online communication
– For downloading the workflows and uploading the data recorded in the workflow
– Depending on the respective workflow, this can contain text, image/video data and location data

Camera
– For scanning QR codes / barcodes to identify the user, the assets and the linked workflows
– For capturing the image and video data associated with a workflow

NFC
– For scanning NFC transponders to identify assets and the associated workflows

Bluetooth
– For the local positioning of assets equipped with Bluetooth beacons

Location-based data / telematics / GPS
– For the real-time location and disposition of assets such as vehicles.
– For track recording for the creation of logbooks
– As a trigger for location-based workflows

Users can deactivate/activate the above settings at any time via the settings on their smart device.

Hosting and data storage

All data is permanently stored on the servers of Host Europe GmbH (Hansestrasse 111, 51149 Cologne, Germany) as part of order processing. The exclusive server location is datadock Strasbourg in France.

Use of tepcon products

We use various services for the purposes of analysis, optimization and to increase the user-friendliness of our software applications and mobile apps. For example, we can analyze which functionalities are most in demand or how long users spend in certain areas of the applications.

You can ask us questions and send us messages via the contact form, our e-mail addresses, the software applications or by telephone. We only process your data in order to contact you in the desired way and to process your request. The legal basis is Art. 6 I lit. a or b GDPR, depending on the customer’s request.

In order for tepcon to be able to process your data in accordance with the purposes described above, it may be necessary for other recipients in addition to tepcon to be able to view and process your data.

External service providers (processors)

Your data will be passed on to service partners if they work on our behalf and support tepcon in the provision of their services. The processing of your personal data by contracted service providers takes place within the framework of order processing in accordance with Art. 28 GDPR.

Other service providers, partners and third parties

tepcon may also work with third parties if this is necessary to fulfill our service offerings or if we are legally obliged to disclose data. This may involve the following:

• Bodies that carry out credit checks
• Public bodies
• or a court order.

We attach great importance to processing your data within the EU. However, we may use service providers that operate outside the EU. In these cases, we ensure that these service providers have an adequate level of data protection before transferring the personal data. This means that a level of data protection comparable to the general principles of data transfer within the EU is achieved via EU standard contracts, an adequacy decision in accordance with Art. 45 GDPR, suitable guarantees in accordance with Art. 46 GDPR or binding internal data protection regulations in accordance with Art. 47 GDPR (cf. Art. 44 ff. GDPR).

If no explicit storage period is specified in the information provided above or at the time of collection, your personal data will be deleted as soon as the purpose of storage no longer applies and statutory retention periods such as § 147 I AO, § 357 HGB and §§ 195, 199 BGB do not prevent deletion. In these cases, the data will be blocked or deleted after the retention periods have expired, unless there is a need for further storage of the data in order to conclude or fulfill a contract or to assert our rights.

You have the following rights vis-à-vis us with regard to your personal data:

General rights

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR) and erasure (Art. 17 GDPR). You also have the right to data portability (Art. 20 GDPR) and restriction of processing (Art. 18 GDPR). If the processing of the data is based on your consent, you can revoke it at any time with future effect (Art. 21 GDPR).

As a rule, you can assert your rights informally and without giving reasons. In individual cases, a copy of an identity document may be requested in order to clearly assign the data to your person and to prevent abusive requests for information. Information that is not necessary to establish your identity should be blacked out by you. You will be informed of this separately. The data on the copy of the ID card or passport is subject to strict purpose limitation. They are used exclusively to verify your identity, but are not included in our database. Once your identity has been established, the proof will be deleted.

Further information can be found here: BfDI – Data protection – My rights

Rights in data processing according to the legitimate interest

In accordance with Art. 21 I GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 I lit. e GDPR (data processing in the public interest) or Article 6 I lit. f GDPR (data processing for the purposes of a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. Please note that if you object, you may no longer be able to use our products, as the data processing is necessary for their use.

Rights in direct advertising

If we process your personal data for the purpose of direct marketing, you have the right under Art. 21 II GDPR to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.

Right to lodge a complaint with a supervisory authority

In accordance with Art. 77 I GDPR, you have the right to lodge a complaint about the processing of your data with a data protection supervisory authority (competent authority: Friedrichstr. 219, 10969 Berlin)

This data protection declaration is continuously adapted in the course of the further development of the Internet or our offer. Please check this statement regularly for any changes. We will inform you of any significant changes in good time.

Our websites and tepcon products or software applications and mobile apps may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the websites and products or software applications and mobile apps hosted by tepcon. We do not monitor compliance with the applicable data protection regulations by other providers and have no influence on this.