Privacy Policy of nobilé AG for the Use of the Smartmatic 2.0 App

Thank you for using our Smartmatic 2.0 Devices (hereinafter: "Smartmatic 2.0 Devices") and Smartmatic 2.0 App (hereinafter: "Smartmatic 2.0 App") and your interest in our Privacy Policy. When using our Smartmatic 2.0 Devices and Smartmatic 2.0 App, we want you to feel comfortable and secure and see our implementation of data protection as a customer-oriented quality feature.

The following privacy policy informs you about the nature and extent of the processing of your personal data by nobilé AG (also referred to as "nobilé", "we" or "us" in the context of this privacy policy). Personal data is information that can be directly or indirectly assigned to your person. The legal basis for data protection is in particular the General Data Protection Regulation (DSGVO).

1. overview

Data processing by nobilé in the context of using our Smartmatic 2.0 Devices and Smartmatic 2.0 App can essentially be divided into five categories:

· When downloading our Smartmatic 2.0 App, the required information is transferred to the respective Smartmatic 2.0 App Store.

· To use the Smartmatic 2.0 App and subsequently connect and control the Smartmatic 2.0 Devices, registration in the Smartmatic 2.0 App is required. Certain information is required for registration.

· It is possible to connect our Smartmatic 2.0 App with the Smartmatic 2.0 Devices and to use and control these Smartmatic 2.0 Devices via the Smartmatic 2.0 App. Personal data is collected and processed in the Smartmatic 2.0 Devices and the Smartmatic 2.0 App in order to prepare the data and make the functions of the Smartmatic 2.0 Devices available.

· In order to provide you with a variety of features, e.g. the easy use of the feedback function, our Smartmatic 2.0 App requires access to various functions and sensors of your mobile device.

· With the use of our Smartmatic 2.0 App and the Smartmatic 2.0 Devices, various information is exchanged between your end device on which you operate the Smartmatic 2.0 App, as well as the Smartmatic 2.0 Devices on the one hand and our server on the other hand. This may also involve personal data. The information collected in this way is used, among other things, to.

· facilitate your use of the Smartmatic 2.0 Devices and their functionalities;

· optimize our Smartmatic 2.0 App and Smartmatic 2.0 Devices; and

· display advertisements in the browser of your terminal device or by means of so-called push messages.

2 Downloading our Smartmatic 2.0 App in the respective App Store

When downloading our Smartmatic 2.0 App, the following data in particular is automatically processed by the respective operator of the App Store (Apple App Store or Google Play Store):

· User name in the App Store

· the e-mail address stored in the App Store,

· customer number of your App Store account,

· time of the download,

· payment information, and

· the individual device identification number.

We have no influence on this data collection and are not responsible for it. For more information on this data processing, please refer to the privacy policies of the respective App Store operators:

· Google Play Store: https://policies.google.com/privacy?hl=de&gl=de

· Apple App Store: https://www.apple.com/legal/privacy/de-ww/

3. registration in our Smartmatic 2.0 App

3.1 Purposes of data processing/legal basis:

In order to use the functions in our Smartmatic 2.0 App, prior registration with the creation of a user account is required.

The following data will be collected from you or created by you in any case as part of the registration process:

· e-mail address or (if this option is offered in your version) the cell phone number, which is also your user and login name

· a user ID assigned by us

· country code

· a password created by you according to the technical specifications (stored in encrypted form)

· The following data is also stored at the time of registration:

· P address of the user

· Time zone of the user

· date and time of registration

We process your registration data to authenticate you when you log in and to follow up on requests to reset your password. We process the other data you enter during registration or a login (1) to verify your authorization to manage the user account, (2) to be able to exercise the terms of use of the Smartmatic 2.0 App and all related rights and obligations, and (3) to contact you, for example to send you technical or legal notices, updates, security messages or other messages relating to the management of the user account.

Insofar as you have provided personal data when registering in our Smartmatic 2.0 App, we process this data on the basis of Art. 6 (1) b DSGVO, as this data is necessary for the performance of the contract for the use of the Smartmatic 2.0 App.

3.2 Storage period/ criteria for determining the storage period

The registration data will remain stored until you deactivate the Smartmatic 2.0 App, delete it or otherwise inform us that you will no longer use this Smartmatic 2.0 App via your established user account.

4. use of our Smartmatic 2.0 app

4.1 Purposes of data processing/legal basis:

When you use our Smartmatic 2.0 App, the following data is automatically processed by us without your intervention

· The IP address of your mobile end device,

· the country code of the number of the mobile end device,

· the date and time of access,

· the client's request and its content

· the http response code and

· the amount of data transferred

are transmitted to our servers and temporarily stored in a so-called log file for the following purposes:

· Protection of our systems,

· error analysis

· Prevention of abusive or fraudulent behavior.

The legal basis for the processing of the IP address is Article 6(1)(f) DSGVO. Our legitimate interest follows from the purposes of data processing listed above.

4.2 Storage period/ criteria for determining the storage period:

The data will be stored for a period of fourteen days and then automatically deleted, unless you have consented to the use of your data for a longer period.

5. Connection of the Smartmatic 2.0 App with Smartmatic 2.0 Devices.

When you connect our Smartmatic 2.0 App with Smartmatic 2.0 Devices of your choice, additional personal data will be collected. You decide which Smartmatic 2.0 Devices you want to connect to our Smartmatic 2.0 App and you have to set up this connection individually for each Smartmatic 2.0 Device you want to use via the Smartmatic 2.0 App. These can be, for example, LED lamps, LED light bulbs, lights, systems for opening windows and doors, motion detectors, alarm systems, smoke detectors, routers, robots, consumer electronics devices (such as voice recognition systems), thermostats, other services, such as via weather information, and any other future products with Smartmatic 2.0 (Smart Home) functions.

5.1 Your profile data

On a voluntary basis, after registering in the Smartmatic 2.0 app, you can initially create various profiles, i.e. your user profile, your home, other device users as well as device groups. This information is stored and kept available in the Smartmatic 2.0 App, but is then required for the use and control of the Smartmatic 2.0 Devices and is therefore processed in each case as necessary when using the Smartmatic 2.0 Devices:

· Under the personal settings, you can give yourself a nickname, upload a freely selectable image (which appears as the user's avatar), and provide contact information (e.g., to receive notifications).

· To assign the Smartmatic 2.0 Devices you have to create one, but you can also create several homes, for which we process the names of the house/apartment (Home) and individual rooms (Rooms) in which the Smartmatic 2.0 Devices are to be used, a location identifier (if necessary with your address), an identifier assigned by us (Home-ID or Room-ID), a list of the devices.

· You can release your devices for yourself and other device users and define their releases, for which the user names of the other users (who receive this during their registration of the Smartmatic 2.0 App) as well as their user ID, the device identifiers and, if applicable, the freely selectable user name are processed. Insofar as the functions of the Smartmatic 2.0 Devices allow user-specific settings, further device user data such as gender, birthday, height, weight and contact information will be processed.

· You can then create device groups, i.e. enable the uniform control of several Smartmatic 2.0 Devices in each case, for which data about the respective device users authorized for use is set up and managed and processed with their user ID, user name, country identifier and the administrator property.

This is a processing according to Art. 6 para. 1 letter b DSG-VO, as these data are necessary for the provision of the services requested by you.

You can manage the profile data in our Smartmatic 2.0 app and delete it if necessary. We store your data until you delete the data in our Smartmatic 2.0 App. Even if you disconnect the connection to the respective Smartmatic 2.0 Device in your Smartmatic 2.0 App, your data related to this Smartmatic 2.0 Device will be deleted seven (7) days after the disconnection with the Smartmatic 2.0 App.

5.2 Your usage data

Via our Smartmatic 2.0 App, we then process further personal data depending on what is required for the specific functions and the configuration you have chosen for the respective Smartmatic 2.0 Devices. In particular, this may be the following categories of data:  

It is not intended that special categories of personal data (i.e., data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data uniquely identifying a natural person, health data, data concerning sex life or sexual orientation) are collected and processed. However, we cannot guarantee that sensors such as cameras etc. will process such data, among other things, or that indirect conclusions about behavior may be possible from usage data. We will not process such data for our purposes or draw such conclusions. If such data is made available to you as content of a Smartmatic 2.0 Device, you will decide on its use yourself.

When connecting and setting up the Smartmatic 2.0 Devices supported by the Smartmatic 2.0 App, you will be additionally informed about the functions available in each case and, if necessary, about the specific data to be processed for this purpose in order to provide these functions.

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we will inform you of this by means of the e-mail address provided during registration and/or via our Smartmatic 2.0 App.

You can manage the data of your Smartmatic 2.0 Devices in our Smartmatic 2.0 App and delete them if necessary. We store your data until you delete the data in our Smartmatic 2.0 App. If you disconnect the connection to the respective Smartmatic 2.0 Device in your Smartmatic 2.0 App, your data relating to this Smartmatic 2.0 Device will be deleted seven (7) days after the disconnection with the Smartmatic

2.0 App.5.3 Voice control via Google Assistant

You have the option to control your Smartmatic 2.0 Devices using voice commands via your Google Assistant. To do this, you must connect the Smartmatic 2.0 Devices with your Google Assistant. If you control your Smartmatic 2.0 Product via Google Assistant, it is necessary that personal data is transferred via Google to your Smartmatic 2.0 Device or from your Smartmatic 2.0 Device to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 ("Google") for output via Google Assistant and we exchange the necessary data with Google for this purpose.

If you set up voice commands to control Smartmatic 2.0 Devices or to retrieve information from your Smartmatic 2.0 Device in your Google Assistant, then data (esp. data from your Smartmatic 2.0 Device and voice data) will be transmitted to our servers, processed and subsequently the necessary data will be shared with Google and used by Google to provide the Service. This data may be personal. By connecting your Google Assistant account and the Smartmatic 2.0 App and activating Google Actions in the user menu of the Smartmatic 2.0 App, you make it clear and instruct us that the Smartmatic 2.0 Device installed on your computer is to be controlled via Google Assistant and that information is to be output via Google Assistant. You or Google are responsible for the associated data processing by Google. For information on how Google handles your personal data, please visit Google's privacy policy at the following address: https://support.google.com/googlenest/answer/7072285?hl=de and https://policies.google.com/privacy. We have no influence on the data processing by Google.

The processing of your personal data by us is based on your consent (Art. 6 para. 1 p. 1 letter a DSGVO) and for the performance of the contract for the use of our Smartmatic 2.0 app including voice assistant (Art. 6 para. 1 p. 1 letter b DSGVO) and exclusively for processing the requests you have made.

6. access to functions and sensors of your mobile terminal

6.1 Purposes of data processing/legal basis:

6.1.1 Location data

Our Smartmatic 2.0 App enables the operation of Smartmatic 2.0 Devices in part also with functions tailored to the respective location of your mobile end device (e.g., starting up a heating system or switching on the light, provided you are at a distance from your Home defined by you).

In order for us to be able to offer you individual services based on your current location, you must have agreed to a so-called geolocation via your settings (e.g. under "Location services") in the settings of the operating system of your mobile end device as part of the use of our Smartmatic 2.0 app. You can choose there whether you want to allow a location determination for the Smartmatic 2.0 app generally, only when used or only individually.

If you want to use such a function of the Smartmatic 2.0 app, but have not released the location data, we will show you in a pop-up so that you can adjust your settings if necessary.

You can change or revoke the function in the settings of your cell phone operating system at any time.

The legal basis for the processing of your location data is your consent pursuant to Article 6(1)(a) DSGVO.

6.1.2 Photos/ media/ files of your mobile device/ USB memory contents (read, change, delete)

If you create content from the use of Smartmatic 2.0 Devices via our Smartmatic 2.0 App, e.g. photos and videos, these will be stored directly in the memory of your mobile end device or on a connected storage medium, depending on the installation location of the Smartmatic 2.0 App and the available storage space.

This is a processing according to Art. 6 para. 1 letter b DSGVO, as these data are necessary to provide the services you have requested.

6.1.3 Microphones

In some cases, you can control functions of the Smartmatic 2.0 Devices using the microphone in your cell phone (e.g., a colored light to the rhythm of your music). To use such functions, you must first allow the Smartmatic 2.0 App to access your microphone once in the settings of your operating system on your cell phone. If you want to use such functions for the first time, you will be notified. Your microphone will then only be active as long as you use the corresponding function in the Smartmatic 2.0 app. If you change or exit the function, the microphone is automatically deactivated until you want to use the function again. You will not be asked or requested to activate the microphone again if you have initially allowed the Smartmatic 2.0 app to access the microphone. You can disable access to the microphone at any time in the settings of your cell phone.

Accordingly, while the microphone is activated, we process the sound sequences recorded via the microphone, but only for the purposes of the functions you have activated. The corresponding recordings are not stored permanently and are deleted immediately.

This is a processing according to Art. 6 (1) lit. (b) DSGVO, as this data is necessary to provide the services you have requested.

6.1.4 WLAN connection information

Our Smartmatic 2.0 app uses the WLAN connection of your mobile device to connect to the Internet.

This is a processing according to Art. 6 para. 1 letter b DSGVO, as this data is necessary to provide the services you have requested.

6.1.5 Other device functions or device sensors

Access to the other device functions and device sensors of your mobile end device enables our Smartmatic 2.0 app in particular to retrieve data from the Internet and process error messages. In addition, this also enables our Smartmatic 2.0 App to run at startup and to deactivate the hibernation state of the device.

This is a processing according to Art. 6 (1) b DSGVO, as this data is necessary to provide the services you have requested.

6.2 Storage period/ criteria for determining the storage period:

Your location data as well as other data mentioned in clause 6 will be deleted after seven (7) days, unless you have consented to the use of your data for a longer period.

Microphone recordings will be deleted immediately.

7 Device Security, Usage Analysis and nobilé Smartmatic 2.0 Newsletter

7.1 Device security and troubleshooting

We process technical device data such as device type (reference number), serial number, error logs, software version of the Smartmatic 2.0 Device and your Smartmatic 2.0 App to enable cross-generational assurance of Smartmatic 2.0 Device operation and compatibility with future features. This is to ensure and monitor that the Smartmatic 2.0 App is compatible with the connected Smartmatic 2.0 Devices and that the Smartmatic 2.0 Devices are fully functional without incompatible version issues. Processing for these purposes may also include the identification, usage and sensor data mentioned in section 5.1.

As far as possible, this data is evaluated pseudonymously or anonymously.

Insofar as this enables us to ensure the functionality of the Smartmatic 2.0 App and Smartmatic 2.0 Devices used by you, this is processing pursuant to Art. 6 (1) letter b DSGVO, as this data is necessary to provide the services requested by you. The evaluation of the device data for general quality improvement (and product development) is also a legitimate interest of ours under Art. 6 (1) (f) DSGVO.

After anonymization of your personal data, it is no longer possible to draw conclusions about your person. Furthermore, we store the data for five years to ensure the compatibility of the devices over a longer period.

7.2 Usage analysis and range expansion

If you have given us your consent (via the relevant sliders and settings in the Smartmatic 2.0 App), we will analyze the use of the Smartmatic 2.0 App, the Smartmatic 2.0 Devices and, if applicable, other devices used by you in order to further develop our existing products and new products, and to understand which products are in demand, when and where (range expansion and planning). We also want to develop general recommendations, across all or groups of our customers, as to which additions are useful and popular.

Therefore, we evaluate registered devices to make deductions about popularity of products in certain customer segments and locations. We also want to compare the number, type and extent of actual usage with the devices sold.

The data processed for this purpose includes, in particular, the identification and usage data mentioned in section 5.1, general device data, location data (location).

The aforementioned data will be processed in anonymized form after the relevant data has been merged.

This is a processing according to Art. 6 para. 1 letter a DSGVO based on your explicit consent. This consent can be revoked at any time with effect for the future. You can revoke your consent by changing the slider in the Smartmatic 2.0 app menu under Settings/Optins. From this point on, your data will no longer be processed; however, data that has already been evaluated previously will continue to be used, primarily because it will then only be available in anonymized form.

As far as we anonymize your personal data, it is no longer possible to draw conclusions about your person. We store this data for seven years to allow for the usual product development cycles.

7.3 Personalized nobilé newsletter

With your express consent, we will send you the nobilé newsletter by email, which contains, among other things, product recommendations tailored to you. Our product recommendations are based on which Smartmatic 2.0 Devices you use and which products are therefore suitable due to their nature (e.g. if you use a lamp, you will receive suggestions for suitable LEDs). On the other hand, we evaluate the purchasing and usage behavior of all customers who have already purchased a certain item (if other customers who use similar devices, for example, frequently use other devices). In contrast, we do not process any personal data for ads for nobilé products displayed in the Smartmatic 2.0 app (via push messages), if applicable (these are displayed to all users of the Smartmatic 2.0 app).

The data processed for this purpose includes, in particular, the identification and usage data mentioned in section 5.1, general device data, location data (location). In contrast, we do not process any personal data for ads for nobilé products displayed in the Smartmatic 2.0 app (via push messages) (these are displayed to all users of the Smartmatic 2.0 app).

The legal basis for this data processing is your consent pursuant to Article 6(1)(a) DSGVO.

You can revoke your consent to receive personalized nobilé newsletters at any time via the Smartmatic 2.0 app with effect for the future. Alternatively, you can also click on the "Unsubscribe" link in the corresponding newsletter when you receive an email. We store the aforementioned data for these purposes for one year at a time in order to understand your current use of our products. If you revoke your consent to receive the nobilé newsletter, your personal data stored for these purposes will be deleted.

8. other functions

If you select special offers via our Smartmatic 2.0 app, which are described in more detail on the nobilé homepage, for example, you will be taken to the corresponding subpages of our website www.nobile.de via the in-app browser (iOS: Safari/ Android: Chrome). Our Smartmatic 2.0 app offer and our online content that can be accessed via the in-app browser may also contain links to other websites.

If you access websites via the in-app browser (e.g., via links), your personal data will be processed on these websites in deviation from this privacy policy. These data protection provisions only apply to our Smartmatic 2.0 app. We ask you to observe the data protection provisions of the linked websites. We assume no responsibility for third-party content that is made available for use via links and is specially marked, and we do not adopt their content as our own. For illegal, incorrect or incomplete content, as well as for damages resulting from the use or non-use of the information, only the provider of the website referred to is liable.

9. recipients of the data

In the following, we would like to inform you about recipients of your data.

9.1 Transfer of data to processors

In some cases, we use service providers in compliance with legal requirements by way of commissioned processing, i.e. on the basis of a contract on our behalf, in accordance with our instructions and under our control.

Processors are in particular

· technical service providers that we use to provide the Smartmatic 2.0 App, e.g. service providers for maintenance, data center operation and hosting and

· technical service providers we use to provide functionalities, e.g. technically necessary cookies

· Tuya GmbH

· Hangzhou Tuya Information Technology Co, Ltd

· Nexmo Inc.

· The WeatherBit LLC

· Apple Inc

· Google LLC

In these cases, we remain responsible for the data processing; the transfer and processing of personal data to or by our processors is based on the legal basis that allows us to process the data in each case. A separate legal basis is not required.

9.2 Disclosure to third parties

As described above, we may transfer your data to Google LLC. when you use the voice assistants (section 5.3).

In addition, the data provided by you during registration will be shared within nobilé AG for internal administrative purposes, including joint customer support, to the extent necessary. Any disclosure of personal data is justified by the fact that we have a legitimate interest in disclosing the data for administrative purposes within the nobilé group of companies and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) DSGVO are not overridden.

If it is necessary for the clarification of an illegal or abusive use of the Smartmatic 2.0 app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities, as well as to injured third parties or legal advisors, if applicable. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities. Any disclosure of the personal data is justified by the fact that (1) the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. f) DSGVO in conjunction with. national legal requirements to disclose data to law enforcement authorities, or (2) we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims and your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) DSGVO do not override.

As part of the further development of our business, the structure of our company may change by changing its legal form, establishing, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information may be transferred along with the part of the business being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law. Any transfer of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) f) DSGVO are not overridden.

10. recipients outside the EU

The technical service providers as processors or third parties (see item 10) are partly located in China and the USA. We will ensure an appropriate level of data protection in each case, e.g., the standard data protection clauses of the EU Commission will be agreed with the processors pursuant to Art. 46 para. 2 lit. c DSGVO are agreed upon. To assert your further rights under Article 13(1)(f) DSGVO, please contact us using the contact details provided in Section 14.

11. your data subject rights

11.1 Overview

In addition to the right to revoke the consent you have given to us, you have the following additional rights if the respective legal requirements are met:

· Right to information about your personal data stored by us in accordance with Article 15 DSGVO and Section 34 BDSG,

· Right to correct incorrect data or to complete incomplete data in accordance with Article 16 DSGVO,

· Right to have your data stored by us deleted in accordance with Article 17 DSGVO and § 35 BDSG,

· Right to restriction of the processing of your data in accordance with Article 18 DSGVO.

· Right to data portability in accordance with Article 20 DSGVO,

· Right of objection according to Article 21 DSGVO.

11.2 Right to information pursuant to Article 15 DSGVO.

Pursuant to Article 15(1) DSGVO, you have the right to receive, upon request and free of charge, information about the personal data we have stored about you. This includes in particular:

· the purposes for which the personal data are processed;

· the categories of personal data which are processed;

· the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

· the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

· the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

· the existence of a right of appeal to a supervisory authority;

· any available information on the origin of the data, if the personal data are not collected from the data subject;

· the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

If personal data are transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

11.3 Right to rectification pursuant to Article 16 DSGVO

You have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

11.4 Right to erasure pursuant to Article 17 DSGVO

You have the right to request that we erase personal data concerning you without undue delay, provided that one of the following reasons applies:

· the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

· You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing;

· you object to the processing pursuant to Article 21(1) or (2) of the GDPR and there are no overriding legitimate grounds for the processing in the case of Article 21(1) of the GDPR;

· the personal data have been processed unlawfully;

· erasure of the personal data is necessary for compliance with a legal obligation;

· the personal data has been collected in relation to information society services offered pursuant to Article 8(1) DSGVO.

Where we have made the personal data public and are obliged to erase it, we will take reasonable steps, taking into account the available technology and implementation costs, to inform the third parties processing your data that you also require them to erase all links to, or copies or replications of, that personal data.

11.5 Right to restriction of processing pursuant to Article 18 DSGVO

You have the right to request us to restrict processing if one of the following conditions is met:

· the accuracy of the personal data is disputed by you;

· the processing is unlawful and you request the restriction of the use of the personal data instead of erasure;

· the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defense of legal claims; or

· you have objected to the processing pursuant to Article 21(1) of the GDPR, as long as it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

11.6 Right to data portability pursuant to Article 20 DSGVO

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that

· the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) DSGVO and

· the processing is carried out with the aid of automated procedures.

When exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, where this is technically feasible.

11.7 Right of objection pursuant to Article 21 DSGVO

Under the conditions of Article 21(1) DSGVO, you may object to data processing on grounds relating to your particular situation.

The above general right to object applies to all processing purposes described in this Privacy Policy that are processed on the basis of Article 6(1)(f) DSGVO. Unlike the specific right to object directed at data processing for promotional purposes, under the GDPR we are only obliged to implement such a general right to object if you provide us with reasons of overriding importance for doing so, such as a possible risk to life or health. In addition, you have the option of contacting the supervisory authority responsible for nobilé AG or the data protection officer of nobilé AG.

12. contact person

12.1 Name and contact details of the data controller and contact details of the company data protection officer

These data protection provisions apply to data processing by nobilé AG and the nobilé Smartmatic 2.0 app. The data controller pursuant to Article 4(7) DSGVO is nobilé AG, represented by Mr. Wolf Neuhäuser, Wächtersbacher Straße 78, 60386 Frankfurt am Main, Germany.

If you have any questions about the app, about exercising your rights regarding the processing of your data (data protection rights), you can contact our customer service: smartmatic@nobilé.de

12.2 Right to complain to the data protection supervisory authority

You have the right to complain to a supervisory authority about our data processing of your personal data if, in your view, there has been a violation of the law.

The supervisory authority responsible for nobilé AG can be reached at:

The Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, phone: 06 11/140 80, fax: 06 11/14 08-900, e-mail: poststel-le@datenschutz.hessen.de, homepage: http://www.datenschutz.hessen.de.