Lokato GmbH, Seitzstrasse 16, 80538 Munich, Germany (hereinafter referred to as “Lokato“) attaches great importance to the protection of your personal data. Please read the following information carefully to learn more about the protection of your personal data. Lokato is the data controller within the meaning of applicable data protection law.
Declarations of consent regarding data protection
By clicking on the button “I agree” I grant permission to Lokato GmbH, Seitzstrasse 16, 80538 Munich, Germany (hereinafter referred to as “Lokato”),
- to collect, process and use my personal data and those of the persons for whom I use Lokato’s services exclusively for the provision of Lokato’s services, and
- in case of an emergency call, to pass on the geolocation data (GPS data) of the respective Lokato product to emergency organizations (e.g. emergency calls, police, fire brigade, security services) together with the name of the person to whom the device is assigned in the Lokato database.
I give my consent to the collection and processing of my personal data voluntarily and can revoke it at any time. If I revoke my consent, data processing will remain lawful for the past, but my revocation will take effect for the future.
Minors must have this declaration of consent made by their parent or legal guardian.
A. Data protection regulations in detail
The collection, processing and use of your data takes place exclusively in compliance with the applicable data protection regulations (GDPR and BDSG). In the following you will find further details.
I. Name and address of the responsible person and data protection officer
You can reach us as the responsible person and our data protection officer at the following address by mail and email.
II. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?
In order to use Lokato’s services, you must agree that Lokato may collect, process and use personal data from you and parties you register to use the services, e.g. your children or relatives.
Personal data is information relating to an identified or identifiable person (see Art. 4 No. 1 GDPR).
The personal data that Lokato collects from you, processes and uses are:
- From you, i.e. the person registering: first name, surname, address, email address, telephone numbers, language, location, password, your agreement to Lokato’s terms and conditions and data protection regulations, your declarations of consent and – if relevant – your other communication with Lokato (including chat messages, voice messages), ID, IMEI, address book of the watch, IP address. If you make use of paid services or order products: Credit card data (credit card number (PAN), full name on which the card is issued, security code). In the following we will refer to this data as “Registration Data“
- From the persons for whom you want to use the services: Pseudonym or first name and surname, telephone number of the Lokato product, geolocation data in case an emergency call is triggered, ID, IMEI, address book of the watch, IP address. This data is referred to in the following as “User Data“.
- Of the persons or organizations to be notified in case of emergency: Telephone number, whether this is a mobile phone to which we can also send an SMS and, if applicable, email address for additional emergency notifications. In the following we will refer to these data as “Notification data“.
- Analysis data“:we collect the following data
- GoogleAnalytics: user behaviour in apps, user-id only and clicked controls
(anonymized data collection for general improvement of the app)
- Intercom: Support chat logs, e-mail address, name, language
(Only relevant if the support is contacted. Data is used for problem solving or as contact details)
- Crashlytics, Fabric: Crash-logs in case of an app crash (personal data will NOT be transmitted)
- Mapbox: Retrieved maps, search entries at Safezone search (map sections are retrieved, coordinates are NOT transmitted)
- Unwired Labs: Visible radio towers, wlan networks and GPS coordinates (anonymous, only if a watch with GPS chip was purchased)
- manitu: Server hosting
- ActiveCampaign, Mailchimp: E-mail Address, Name
- Maxmind: IP address
III. Purposes for which we process the personal data
1. Registration details
We need the order data to process your order and registration, to send you confirmations and, if necessary, to process payment transactions and to send you products and invoices.
2. User data
User data are used to enable you to assign individual Lokato products to persons in order to be able to differentiate between their display on our website and software for mobile devices when you have registered there. Furthermore, we need the user data in order to be able to provide emergency services with the correct information about who needs help and where.
3. Notification data
If you leave notification data on our website, the relevant information will be sent to the persons specified by you in the event of an emergency call being triggered.
4. Analysis data
We collect the analysis data to constantly improve our services and to get in contact with you.
IV. Legal basis for the processing of your personal data
- The legal basis for the processing is your declaration of consent (see above, see Art. 6 para. 1 letter a GDPR).
- Art. 6 para. 1 letter b GDPR is the legal basis for the execution of the contract between you and us. This is also the legal basis insofar as the contract is made at the request of the person concerned.
- In the event of an emergency, the legal basis is Art. 6 Para. 1 Letter d GDPR.
- Insofar as we use your personal data to improve our services, this includes the analysis of the use of our services by you, the legal basis is Art. 6 Para. 1 Letter f GDPR. Our legitimate interest in this is the continuous improvement of our services to our customers.
The registration data, user data and notification data are stored and processed during the entire term of the contract. If we are obliged by law to store this data after termination of the contract, we will continue to store this data until the end of the corresponding storage obligation. We delete all other data within 30 working days (Monday to Friday, with the exception of public holidays at our location) after termination of the contract. In concrete terms this means: If you delete the account, we assume that the contract will be terminated and the deadline will expire. If you have registered several watches under one account, we delete the data for one watch, i.e. the user data and associated notification data, when you delete the watch from the system.
Irrespective of this, we chat messages, voice messages, text messages, and geolocation data after 30 days after it has been transmitted to us.
VI. Your entitlement of representation
VII. Where your data will be processed
All your data will be stored and processed on protected servers in Germany. Access to it is only permitted to specially authorised persons who are involved in the technical or commercial support of the services.
VIII. Transmission of personal data
The personal data will be passed on to third parties when an emergency call is triggered, this is on the one hand emergency organization and on the other hand the persons indicated by you in our system. As far as the passing on of personal data is necessary for the provision of Lokato’s services, this takes place (e.g. use of your IP address to enable the use of our website or our software for mobile devices).
2. Other forwarding
We use an external contractor in Germany to provide services and – see analysis data – use various other external contractors to improve our services and to contact you.
IX. Source of personal data
All personal data is collected from you as the person concerned and from the user.
X. Automated decision making
We make the pre-selection for the country based on the language you choose, the IP address and the location. We filter the geo-coordinates to determine the location more precisely.
XII. Third party websites
If our websites or our software for mobile devices contain links to third-party websites or content, Lokato has no influence on the collection, processing and use of personal data by these third parties and Lokato assumes no responsibility for them.
B. Rights of the individual concerned
You as the applicant, the person who uses our service and the persons whose personal data we use in the context of the notification data are entitled in particular to the following rights of the persons concerned according to GDPR:
I. Right to obtain information
You may request confirmation from us as to whether personal data relating to you is being processed by us.
In the event of such processing, you may request the following information from us:
- The categories of personal data to be processed;
- The recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
- The planned duration of the retention of the personal data relating to you or, if it is not possible to provide specific information in this regard, criteria for determining the retention period;
- All available information about the origin of the data, if the personal data are not collected from the affected person;
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this connection, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer. We fulfil all other rights to information in this data protection declaration.
II. Right to rectification
. You have the right to have your personal data corrected and/or completed by us if the processed personal data concerning you is incorrect or incomplete. We have the obligation to rectify this immediately.
III. Right to limit the processing
Under the following conditions, you may request that the processing of your personal data be restricted:
- if you dispute the accuracy of the personal data concerning you for a period of time which allows the data controller to verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
- if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.
Where the processing of personal data concerning you has been restricted, such data may be processed only with your consent or for the purpose of asserting, exercising or defending legal rights or for the protection of the rights of another person or entity or for reasons of an important public interest of the Union or of a Member State, with the exception of their storage. If the processing restriction has been limited in accordance with the above conditions, you will be informed by us before the restriction is withdrawn.
IV. Right to removal
7. Removal Obligation
You may request us to delete your personal data immediately and we are obliged to delete such data immediately if one of the following reasons applies:
- The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal justification for the processing.
- You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the responsable personr is subject.
- The personal data relating to you have been collected in relation to information society services offered pursuant to Article 8(1) GDPR.
In the event that we have made the personal data relating to you public and we are obliged to delete such data pursuant to Art. 17 (1) GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other persons responsible for processing the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.
The right to deletion does not exist insofar as the processing is necessary.
- The exercise of freedom of expression and information;
- to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority entrusted to the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
- for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
- for the prosecution, exercise or defence of legal claims.
Further exceptions may arise from European law, the laws of the Federal Republic of Germany and the State of Hamburg.
V. Right to information
In the event that you have asserted the right to correction, deletion or limitation of processing against us, we are obliged to notify all recipients to whom we have disclosed the personal data concerning you of such correction, deletion or limitation of processing, unless this proves to be impossible or involves disproportionate effort. You have the right to be informed of such recipients.
VI. Right to data transferability
You have the right to receive the personal data concerning you that you have provided in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another data controller without being hindered by the controller to whom the personal data was provided, insofar that
- the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
- processing is carried out using automated procedures.
In execution of this right, you also have the right to request that the personal data relating to you are transmitted directly by us to another responsible person, as far as this is technically feasible. This must not affect liberties and rights of other persons.
The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted in us.
II. Right of objection
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
We will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection, which outweigh your interests, rights and liberties, or the processing serves the assertion, exercise or defence of legal claims.
If the personal data concerning you are processed for the purpose of direct advertising, you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.
In case you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right to object in relation to the use of Information Society services, independently of Directive 2002/58/EC, by means of automated procedures using technical specifications.
III. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.
IV. Automated decision in individual cases including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or that significantly affects you in a similar manner. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the person responsible,
- is authorised by legislation of the Union or of the Member States to which the person responsible is subject and contains appropriate measures to safeguard your rights and liberties and your legitimate interests; or
- with your explicit consent.
However, these decisions from this provision (1) to (3) may not be based on special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in this provision (1) and (3), we have taken appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state his own position and to challenge the decision.
V. Right to appeal to a supervising authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervising authority, in particular in the Member State where you are located, at your place of work or at the place where the alleged infringement is alleged, if you consider that the processing of your personal data is contrary to the GDPR.
The supervising authority to which the complaint was submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
VI. Exercise of your rights
To exercise your rights towards us, please send an e-mail to email@example.com
This data protection declaration is dated May 2018 and is the currently valid version. Due to further development of our website, our offers, our apps for mobile devices, due to changed legal or official requirements or due to legal further development, it may become necessary to change this data protection declaration. You can call up and print out the current data protection declaration on our website.
D. General provisions
As far as these data protection regulations do not contain a regulation, the general terms and conditions of Lokato apply.
Status: May 2018
Questions about your order?