Dear App-User,
We take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
This data protection statement applies to the app „@Home for Homematic“ (hereinafter „App“). Whenever you use this App, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Gerald Klunker
Privacy Policy
Updated: November 16, 2024
General information and mandatory information
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
Gerald Klunker
Gräsiger Weg 11 T
65719 Hofheim
Telephone: +49 6122 7054917
email: info@athomeapp.de
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).
Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
General information on the legal basis for the data processing in the app
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
Recipients of personal data
In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.
Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
Information about, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data instead of demanding the eradication of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
- If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.
Data collection in the App
Locally stored data
The following information is required to use the application:
- Configuration (e.g., connection parameters, users, passwords)
- Homematic data (e.g., devices, rooms, functions, favorites, messages)
Depending on your Homematic configuration, this data may contain personal information. The data is only stored on your iOS device. It is not shared with the developer or third parties.
CCU Push Notifications
When using the ‚CCU push notifications‘ feature, the application sends data to the developer’s push server. The server is responsible for sending push notifications. The data sent may contain personal information.
When the ‚CCU push notifications‘ feature is enabled, the following data is stored on the push server. It is deleted when the function is deactivated in the application. The data is not shared with third parties.
- Activation date and time
- ID of the @Home app on your iOS device
- ID of your CCU
When a push notification is sent from the CCU, the following data is first transmitted to the push server and from there to Apple Inc.’s Push Notification Service. Immediately after the data transfer, the data is deleted from the push server.
- ID of the @Home app on your iOS device
- Text of the push notification
The data cannot be linked to a specific person.
The data is transmitted in encrypted form. An exception is the unencrypted transmission of CCU push notifications by the 1st generation CCU.
You can stop the ‚CCU push notifications‘ feature and the associated processing of your data via the app by disabling notifications and deleting the notification logic from the CCU.
Access to the camera
If the ‘smart’ mode is selected in the ‘General settings’, the app needs access to the camera of the iOS device. This access is only used to measure the ambient brightness. The recordings are not stored or shared with the developer or third parties.
You can prevent access to the camera by deselecting ‘smart’ mode in the app and/or denying access to the camera in the app’s iOS settings.
Access to location data
If geofencing is enabled in the settings, the application will need access to the iOS location service. The geofencing feature needs this permission to control your CCU based on your location. This data is not stored by @Home and is not shared with the developer or third parties.
You can prevent access to location data by disabling the geofencing feature in the application, deleting any previously configured regions, and/or denying access to location data in the application’s iOS settings.
Contact the Developer
You can use the application’s help function to send an email to the developer from within the application.
The developer will only use the personal and other information you provide to respond to and process your request or provide information directly related to your request.
In particular, your information will not be shared with third parties.
Depending on your email settings, the email may be sent unencrypted.
For contact requests via the ‚Facebook‘ platform, the terms of use and privacy policy of Facebook Inc. apply.
For contact requests via the ‚HomeMatic Forum‘ platform, the terms of use and privacy policy of the forum operator apply.
Statistical analysis
When you access the application, the following data may be automatically recorded and statistically analysed by the developer’s web server
- IP address
- Time of the server request
- ID of the @Home application on your iOS device
- Version number of the application
- iOS version number
- iOS device type
This data is not combined with other data sources.
The basis for data processing is Art. 6 par. 1 lit. F GDPR. The developer has a legitimate interest in the analysis in order to optimise its application. The developer receives information about the frequency of use and the distribution of the app.
The data cannot be attributed to specific individuals by the developer. The data will be encrypted and deleted after 15 days at the latest. The data will not be shared with third parties.
In-App Purchases
You have the option to make in-app purchases within the application. These purchases are processed exclusively through Apple Inc.’s (‚Apple‘) App Store distribution platform and are subject to Apple’s privacy policy. We do not have access to your payment information (e.g. credit card details) as this is processed directly by Apple. You can find out more about Apple’s privacy policy at https://www.apple.com/de/legal/privacy/.
To validate in-app purchases, the digital receipt is sent to the developer’s validation server for verification. The developer cannot associate the information in the receipt with any specific individual. It is transmitted in encrypted form and deleted immediately after validation.
Analysis tools and advertising
The App uses Google AdMob and the Google Mobile Ads SDP, a service for the integration of ads. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the assistance of Google AdMob, we are in a position to place targeted ads by third parties on our site. The contents of the ads are based on your interests, which Google determines based on your past user patterns. Moreover, when choosing compatible ads, context information, such as your location, the content of the visited website or Google search terms you have entered, will be taken into account.
Google AdMob uses Cookies, Web Beacons (invisible graphics) and comparable recognition technologies. As a result, it is possible to analyze information, such as visitor traffic data, on these sites.
The usage information for this app (including your IP address) recorded by Google AdMob and delivery of advertising formats are transferred to a Google server in the United States, where the information is stored. Google may share this information with one of its contracting partners. However, Google will not link your IP address with any other of your stored information.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Before the first ad is shown, you will be asked to consent to the processing of your personal data by TCF-compliant advertising technology providers (Transparency & Consent Framework). You can revoke this consent at any time in the app under the menu item ‚Legal notice / Privacy settings‘.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
Hosting
Parts of the ‘CCU push notifications’, ‘in-app purchases’ and ‘statistical analysis’ functions are hosted externally. The personal data collected for these functions are stored on the servers of the host. These may include, but are not limited to, IP addresses, App access, CCU push notifications and in-app purchase receipts.
The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
We are using the following host:
OVH GmbH
Oskar-Jäger-Str. 173/K6
50825 Köln
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that the app user’s personal data will only be processed in accordance with our instructions and in compliance with the GDPR.
State and Changes to this Privacy Policy
Due to the further development of the app or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration on the website at http://www.athomeapp.de/privacy.