Privacy Policy for Apps from Leica Camera Group Companies
We (the companies of the Leica Camera Group) provide our users with mobile apps and services (hereinafter referred to as “Leica apps”). When you use our Leica apps, we process your personal data. As the privacy of our users is important to us, below we would like to inform you which personal data (hereinafter also referred to simply as “data”) we collect in connection with the provision of the Leica apps and how we handle this data.
1. Contact Details of the Controller and the Data Protection Officer
The list below shows which Leica Camera Group companies are responsible for providing the Leica app you use and for the associated processing of your personal data. If the responsible company has appointed a data protection officer, you will also find the corresponding contact details in the list.
The controller for the Leica apps Leica FOTOS, Leica 2Hunt, Leica Ballistics, Leica Hunting, Leica Calonox Sight, Leica Calonox View, Leitz-Park and Leica LUX is:
Leica Camera AG
Am Leitz-Park 5
35578 Wetzlar
Germany
Email: data-protection@leica-camera.com
The data protection officer of Leica Camera AG can be contacted at DPO@leica-camera.com.
Should you have any questions or suggestions regarding data protection or this Privacy Policy, or if you would like to contact us to assert your rights, please use the above contact details of the responsible company when submitting your query.
2. Personal Data We Process on Your Behalf
We process the following categories of personal data in connection with your use of our Leica apps:
- Account and identification data: This is information used to identify or authenticate you in connection with use of the Leica Apps.
It includes your name (first and last name, user name), your email address, your telephone or cell phone number, unique customer or user ID numbers (such as your customer or account number), your login information (user name and password), your date of birth and/or your address (including your delivery and invoice address).
- Contact details: This is information that we can use to contact you.
It includes your email address, your telephone or cell phone number, your delivery and invoice address or other contact information that you have provided to us.
- Payment and transaction data: This is information that we use in connection with a purchase (e.g., an in-app purchase) for billing, to complete your payment profile or your purchase and order history, and for fraud prevention.
This can include payment information (such as your credit cards, account details or information on the payment service provider you use), payment risk profiles, shopping cart or purchase data (e.g., purchased products or booked events, price), delivery and order information (e.g., your delivery and invoice address, order confirmation and order tracking information) and unique ID numbers (such as transaction, invoice and product IDs).
- Profile data: This is all data you provide to us in your profile.
It includes your name (first and last name, user name), your email address, your telephone or cell phone number, your address (including your delivery and invoice address), your profile picture and your date of birth.
- Device data: All information relating to your mobile end device (cell phone or tablet) with which you use the Leica apps.
This includes unique ID numbers (device IDs, UUIDs, advertising IDs, analysis app IDs, installation IDs), device specifications (such as the operating system and version, device type and version) and log and access information (e.g., when you grant Leica apps access to your mobile end device, such as the camera or the internal storage).
- Technical app data, usage and connection data: This includes data that is required for the provision of the Leica apps and the associated services and functions, including the error-free operation of the Leica apps.
This includes error and crash reports, your IP address, cookie IDs, connection status (online/offline), the date and time of use, app version data (such as the name, specifications and version of the specific Leica apps used by you) and your Leica app settings (such as the selected language or the data privacy settings).
- Analysis data and information on your interests and preferences: This includes all information that we collect in connection with your use of the Leica apps and that allows conclusions to be drawn regarding your actual or probable interests and preferences, irrespective of whether you provided information.
This can be details of your interests that you have disclosed in your profile or during other interactions with the Leica apps (such as details of your photography-related or leisure interests, the Leica products you use, your location preferences, product categories, brands, events) or that we have derived from your usage behavior of the Leica apps. This includes information on the functions you use (e.g., how often, when and how you use the Leica apps and their functions, how you interact with the Leica apps and navigate within the Leica apps, which links you click on, which files, lists and content you access, information about the functions you request, scrolls and touches) as well as additional information that helps us analyze and better understand our users’ experiences with the Leica apps, usage behavior and interests.
- Communication data and correspondence content: This is all information arising from the correspondence between you and us.
For example, this can be details in connection with your (support) queries, feedback and survey information, including metadata (e.g., the time and date of the correspondence) and your chosen communication channel.
- Location data: This includes all information that can enable us to determine or estimate your precise or approximate location.
For example, this can be your address (including your delivery and invoice address), the current location (e.g., via the IP address or real-time information on the device location through device sensors and signals, including via GPS, if you have activated these settings on your end device or a product connected to the Leica app) or geo-localization data contained in the metadata of video, audio and image files (including geotags).
- Content provided including video, audio and image data: We use the content you provide to us via the Leica apps.
In particular, this includes image, video and audio recordings, including live streams, which you process, manage and save via our Leica apps; it also includes the associated metadata (e.g., the date and time of the recordings, technical recording data such as aperture, exposure time and ISO values).
- Product and accessory data: This is all information that we collect about or in connection with products or accessories used with our Leica apps (e.g., cameras from Leica or another manufacturer, sport optics equipment).
This data encompasses the product or accessory type, version and name and other device specifications; manufacturer information, product and accessory IDs and product registration, setting, sensor and environmental data (e.g., the chosen camera or accessory settings such as contrast, brightness or color mode, remote control settings, sensor sensitivity and scope, wind speed and temperature or topography details); and pairing information.
- Health data: This is data we can use to draw conclusions as to your health condition.
It includes specifications on your diopter values or conclusions regarding possible visual impairments we can draw based on the settings you make in the Leica apps or in connection with the associated products and accessories.
3. Sources of Personal Data
We collect this data from you directly, either because you specify or generate this data when using the Leica apps (possibly in connection with the associated products and accessories), or due to findings or conclusions we can draw on the basis of the data provided or generated by you. If you log in to a Leica app with your Leica account or by means of a third-party service (e.g., from a single sign-on provider), we collect the data necessary for the login from these services. If you make a payment via a credit card and payment service platform, we collect the personal data required to conduct the payment from the respective payment service provider.
If you are not a user of a Leica app and can be seen or heard on video, audio and image data, we collect your data from the respective user of the Leica apps that created and provided us with this video, audio and image data.
4. Purposes and Legal Basis for Processing Your Data
Below we provide information about the purposes for which we process your personal data and the legal basis for the processing. Additional information on the purposes and legal bases for processing in connection with cookies and similar technologies, as well as your right to withdraw consent and your right to object regarding this, can be found in sections 5.2 and 5.1.
1.Processing for the purpose of providing and administrating the Leica apps and the related functions and services, including:
- Managing your user profile and user account
- Providing and administrating functions and services related to the Leica apps
- Processing and answering support and user queries
- Sending out contractually relevant (i.e., non-promotional) information, e.g., via email, SMS or push notification
- Providing and managing a consent management system
Categories of personal data: Account and identification data; contact details; payment and transaction data; profile data; device data; technical app data, usage and connection data; communication data and correspondence content; location data; provided content including video, audio and image data; product and accessory data; health data
Legal basis for processing:
- Performing the contract with you (Art. 6 para. 1(b) GDPR)
- Protecting our legitimate interests in the provision of the functions and services expressly requested by you in connection with the Leica apps, as well as managing user data, consent management and ensuring efficient support (Art. 6 para. 1(f) GDPR)
- Your consent, if we request your consent and you grant it to us (Art. 6 para. 1(a) GDPR; or for health data Art. 9 para. 2(a) GDPR)
You can withdraw your consent at any time with effect for the future. You can find additional information in section 10.7.
2. Processing for the purpose of executing purchase transactions (e.g., in-app purchases), including:
- Authorizing, processing and tracking payments via credit card and payment service platforms of payment service providers
- Billing and receivables management
- Complaint management and reversing transactions, including refunds
- Preventing, identifying and tracing fraud and abuse
Categories of personal data: Account and identification data; contact details; payment and transaction data; device data; technical app data, usage and connection data; location data
Legal basis for processing:
- Performing the contract with you (Art. 6 para. 1(b) GDPR)
- Protecting our legitimate interests in asserting, exercising or defending legal claims, in particular in asserting our contractual claims, as well as our legitimate interests and the legitimate interests of the payment service providers in preventing, identifying and tracing fraudulent or improper behavior (Art. 6 para. 1(f) GDPR)
- Complying with a legal obligation to which we are subject (Art. 6 para. 1(c) GDPR)
3. Processing for the purpose of guaranteeing the security and proper functioning of the Leica apps, including:
- Analyzing and eliminating errors
- Optimizing the functions, stability and security of our Leica apps and the related functions and services
- Detecting and intercepting bots and intrusions
Categories of personal data: Device data; technical app data, usage and connection data; product and accessory data
Legal basis for processing:
- Protecting our legitimate interests in the security and proper functioning of our Leica apps and the related functions and services of our IT systems, including identifying, intercepting and tracing attacks (Art. 6 para. 1(f) GDPR)
- Your consent, if we request your consent and you grant it to us (Art. 6 para. 1(a) GDPR)
You can withdraw your consent at any time with effect for the future. You can find additional information in section 10.7.
4. Processing for the purpose of identifying and authenticating users and the associated products and/or accessories, including guarantee:
- A secure process for login and password recovery
- A secure process for password breach detection
- Secure pairing processes
Categories of personal data: Device data; technical app data, usage and connection data; product and accessory data
Legal basis for processing:
Protecting our legitimate interests in the security and proper operation of our Leica apps and the related functions and services, and of our IT systems, including identifying, intercepting and tracing attacks and securely identifying and authenticating our users (Art. 6 para. 1(f) GDPR)
5. Processing for the purpose of needs-based design and optimization of our Leica apps and the related functions and economic analyses, including:
- Aggregated reach analyses
- Person-related and aggregated analyses of user interests
- Person-related tracking and evaluation of user behavior
- Compiling and evaluating reports on user interests and usage analyses
- Efficiency and business model analyses
Categories of personal data: Account and identification data; contact details; profile data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; communication data and correspondence content; location data; provided content including video, audio and image data; product and accessory data; health data
Legal basis for processing:
- Your consent, if we request your consent and you grant it to us (Art. 6 para. 1(a) GDPR; or for health data Art. 9 para. 2(a) GDPR)
You can withdraw your consent at any time with effect for the future. You can find additional information in section 10.7.
- Protecting our legitimate interests in the needs-based design and optimization of our Leica apps and the related functions and in checking the efficiency of our services (Art. 6 para. 1(f) GDPR)
6. Processing for the purpose of providing advanced functions and personalization of the Leica apps based on your usage behavior
- Person-related and aggregated analyses of user interests
- Person-related tracking and evaluation of user behavior
- Creating and evaluating reports on user interests and usage analyses
Categories of personal data: Account and identification data; contact details; profile data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; communication data and correspondence content; location data; provided content including video, audio and image data; product and accessory data; health data
Legal basis for processing:
- Your consent, if we request your consent and you grant it to us (Art. 6 para. 1(a) GDPR; or for health data Art. 9 para. 2(a) GDPR)
You can withdraw your consent at any time with effect for the future. You can find additional information in section 10.7.
- Protecting our legitimate interests in providing advanced functions and personalization in the Leica apps and within the scope of the related functions and services (Art. 6 para. 1(f) GDPR)
7. Processing for the purpose of displaying advertising in line with your interests within and outside the Leica apps, including:
- Person-related and aggregated analyses of user interests
- Person-related tracking and evaluation of user behavior
- Creating and evaluating reports on user interests and usage analyses
Categories of personal data: Account and identification data; contact details; profile data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; communication data and correspondence content; location data; provided content including video, audio and image data; product and accessory data; health data
Legal basis for processing:
Your consent, if we request your consent and you grant it to us (Art. 6 para. 1(a) GDPR; or for health data Art. 9 para. 2(a) GDPR)
You can withdraw your consent at any time with effect for the future. You can find additional information in section 10.7.
8. Processing for the purpose of sending out promotional communication (e.g., via email, SMS or push notification), including information on events, products and services of the Leica Camera Group; surveys and prompts to rate our Leica apps or products and services of the Leica Camera Group
Categories of personal data: Contact details; communication data and correspondence content; location data
Legal basis for processing:
- Your consent, if we request your consent and you grant it to us (Art. 6 para. 1(a) GDPR)
You can withdraw your consent at any time with effect for the future. You can find additional information in section 10.7.
- Protecting our legitimate interests in approaching our existing customers for promotional purposes regarding similar products and services by electronic means, including sending out information, surveys or prompts to provide ratings (Art. 6 para. 1(f) GDPR; Sec. 7 para. 3 of the German Act against Unfair Competition (UWG))
9. Processing for the purpose of providing proof and asserting, exercising or defending against claims (e.g., in the event of a violation of our terms of use or other improper behavior, including causing damage to third parties), and for criminal proceedings, hazard prevention or prosecution where there is specific evidence of criminal acts
Categories of personal data: All data categories
Legal basis for processing:
- Protecting our legitimate interests and the legitimate interests of injured third parties in asserting, exercising or defending against claims, preventing hazards and in prosecution (Art. 6 para. 1(f) GDPR; for health data Art. 9 para. 2(f) GDPR and Art. 9 para. 2(g) in conjunction with Sec. 24 para. 1 no. 2 of the German Federal Data Protection Act (BDSG))
- Complying with a legal obligation to which we are subject (Art. 6 para. 1(c) GDPR; for health data Art. 9 para. 2(f) GDPR and Art. 9 para. 2(g) in conjunction with Sec. 24 para. 1 no. 1 and 2 of the German Federal Data Protection Act (BDSG))
10. Processing for the purpose of organizing our business and for our internal administrative purposes as well as the administrative purposes of the Leica Camera Group
Categories of personal data: All data categories
Legal basis for processing:
- Your consent, if we request your consent and you grant it to us (Art. 6 para. 1(a) GDPR; or for health data Art. 9 para. 2(a) GDPR)
You can withdraw your consent at any time with effect for the future. You can find additional information in section 10.7.
- Protecting our legitimate interests and the legitimate interests of companies of the Leica Camera Group in the efficient organization of their business and their internal and intra-Group processes (Art. 6 para. 1(f) GDPR)
11. Processing for the purpose of complying with our statutory obligations, in particular the obligation to provide documentation and evidence, e.g., in accordance with the GDPR or commercial and tax law
Categories of personal data: All data categories
Legal basis for processing:
- Complying with a legal obligation to which we are subject (Art. 6 para. 1(c) GDPR; for health data Art. 9 para. 2(f) GDPR and Art. 9 para. 2(g) in conjunction with the respective statutory obligation)
- Protecting our legitimate interests in asserting, exercising or defending against claims and in meeting our statutory obligations (Art. 6 para. 1(f) GDPR)
5. Cookies and Similar Technologies
We use cookies and similar technologies (hereinafter also uniformly referred to as “cookies”) to save information on your end device or to read information already stored there. Cookies are used in order to enhance the functionality of the Leica apps (strictly necessary cookies), to count visits and traffic sources so that we can measure and improve the performance of our Leica apps (performance cookies), to analyze your use of our Leica apps and to provide advanced functions and personalization options (functional cookies), and to show you advertisements tailored to your interests within and outside the Leica apps (cookies for marketing purposes).
Cookies are text files that contain information. They are saved on your end devices (e.g., cell phone or tablet) when you use our Leica apps or the related services and functions. Similar technologies include scripts or SDKs (software development kits) for setting measuring points.
5.1 Cookie settings (withdrawal of consent and objection to the processing of your personal data)
Strictly necessary cookies are always active; storing and accessing such information via these cookies does not require your consent. Performance cookies, functional cookies and cookies for marketing purposes can only be used on the basis of your consent. Accordingly, information can only be stored and accessed on your end device with your consent.
You can withdraw your consent for the use of performance cookies, functional cookies and cookies for marketing purposes and the associated processing of your data for the purposes described below with effect for the future at any time by:
- Making the corresponding changes to your cookie settings in the respective Leica apps; or
- Disabling the respective services in your app settings. You can find further information on your withdrawal options in the descriptions of the services used below.
The withdrawal of your consent does not affect the lawfulness of the processing performed on the basis of your consent prior to its withdrawal.
5.2 Categories of cookies
We use the following categories of cookies for the services listed below:
5.2.1 Strictly necessary cookies
These cookies are necessary for the functioning of the Leica apps and are already activated in the basic settings of the Leica apps. As a rule, these cookies are used only in response to service request actions made by you, such as configuring your data protection settings, logging in or completing forms. These cookies are also used to ensure the security and functioning of the Leica apps.
Service: Currently not used
This service is used in the following Leica apps: Currently not used
Categories of personal data: Account and identification data; device data; technical app data, usage and connection data
Purposes of processing:
- To provide and administrate the Leica apps and the related functions and services
- To execute purchase transactions (e.g., in-app purchases)
- To guarantee the security and proper functioning of the Leica apps
- To identify and authenticate users and the associated products and accessories
More detailed information on the purposes of processing can be found in the description of the services.
Storage duration for the personal data: N/A, as currently not used
Legal basis for processing: Protecting our legitimate interests specified here, including our legitimate interests in providing the functions and services expressly requested by you in connection with the Leica apps (Art. 6 para. 1(f) GDPR)
Right to object: N/A, as currently not used
5.2.2 Performance cookies
These cookies enable us to count visits and traffic sources, so that we can measure and enhance the performance of our Leica apps. They help us to find out which Leica apps, functions and services are the most popular, which are used the least and how Leica app users navigate within and interact with the Leica apps.
1.Service: We use the Google Analytics service for mobile applications in order to analyze the use of our Leica apps and to adapt them to the needs of our users based on the resulting findings. This service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google processes your personal data on our behalf and in accordance with our instructions (see Art. 4 no. 8 and Art. 28 GDPR).
Google Analytics uses SDKs (software development kits) to set and save measuring points in the Leica apps. Based on these measuring points we can, for example, track how many users use our Leica apps and categorize our users according to certain criteria (e.g., language settings and location). We can also track how our users interact with the Leica apps and the related services and functions and how they navigate within the Leica apps, as well as whether the users make in-app purchases and which ones they make, for example.
Google uses this information to analyze your use of our Leica apps, to compile reports on your activities in the Leica apps, and to generate other analyses and evaluations relating to the use of the Leica apps. Google may also combine this information with other information about you, such as your search history, your personal account, usage data from other devices and other information that Google has stored about you. Google may also pass this information on to third parties if this is required by law (e.g., by government authorities) or when third parties process this data on behalf of Google.
This service is used in the following Leica apps: Leica FOTOS, Leica Ballistics, Leitz-Park, Leica Calonox Sight, Leica Calonox View and Leica Hunting
Categories of personal data: Account and identification data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; location data; product and accessory data
Purposes of processing: Needs-based design and optimization of our Leica apps and the related functions and economic analyses – more detailed information on the purposes of processing can be found in the description of the respective service.
Storage duration for the personal data: 14 months
Legal basis for processing: Your consent (Art. 6 para. 1(a) GDPR)
Withdrawal of consent: You can withdraw your consent with effect for the future at any time by disabling “Camera usage reports” in your app settings
2. Service: We use Google Firebase Crashlytics with Google Analytics integration to track, analyze and remedy stability problems in the Leica apps. This service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google processes your personal data on our behalf and in accordance with our instructions (see Art. 4 no. 8 and Art. 28 GDPR).
Google Firebase Crashlytics with Google Analytics integration uses SDKs (software development kits) to set and save measuring points in the Leica apps. These measuring points enable us to track, analyze, prioritize and remedy stability problems of the Leica apps (such as app crashes) through real-time alerts. For this purpose, Google provides us with error reports that help us to analyze and remedy the sources of the errors. Google Analytics integration allows us to track errors in the Leica apps as “events” and thus to gain a better understanding of which interactions with the Leica apps caused the stability problems.
This service is used in the following Leica apps: Leica FOTOS, Leica Ballistics, Leitz-Park, Leica Calonox Sight, Leica Calonox View, Leitz-Park, Leica Hunting and Leica Calonox View
Categories of personal data: Account and identification data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; location data; product and accessory data
Purposes of processing: Guaranteeing the security and proper functioning of the Leica apps – more detailed information on the purposes of processing can be found in the description of the respective service
Storage duration for the personal data: 14 months
Legal basis for processing: Your consent (Art. 6 para. 1(a) GDPR)
Withdrawal of consent: You can withdraw your consent with effect for the future at any time by disabling “App usage reports” in your app settings.
3. Service: We use the Amplitude analytics service to analyze and better understand the behavior of the users of our Leica apps and to optimize our Leica apps and the related services and functions on the basis of the findings.
Amplitude is a service of Amplitude Inc., 201 3rd Street, Suite 200, San Francisco, USA (“Amplitude”). Amplitude is certified according to the EU-US Data Privacy Framework. The EU-US Data Privacy Framework is an adequacy decision of the European Commission according to which an adequate level of data protection is guaranteed for personal data processed in the United States by companies that can demonstrate certification to the EU-US Data Privacy Framework. Information on Amplitude’s EU-US Data Privacy Framework certification can be found at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001XZAAY&status=Active.
Amplitude uses SDKs (software development kits) to set and save measuring points in the Leica apps. Using these measuring points, we can track how you interact with the Leica apps and the related services and functions and how you navigate within the Leica apps.
This service is used in the following Leica apps: Leica FOTOS, Leica Ballistics, Leitz-Park, Leica Calonox Sight, Leica Calonox View
Categories of personal data: Account and identification data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; location data; product and accessory data
Purposes of processing: Needs-based design and optimization of our Leica apps and the related functions and economic analyses – more detailed information on the purposes of processing can be found in the description of the respective service.
Storage duration for the personal data: Until withdrawal of your consent
Legal basis for processing: Your consent (Art. 6 para. 1(a) GDPR)
Withdrawal of consent: You can withdraw your consent with effect for the future at any time by disabling “Camera usage reports” in your app settings.
5.2.3 Functional cookies
These cookies enable Leica apps to provide additional functions and personalization. They can be set by us or by third parties whose services we use in our apps.
Service: Currently not used
This service is used in the following Leica apps: Currently not used
Categories of personal data: Account and identification data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; location data; product and accessory data
Purposes of processing: Providing advanced functions and personalization of the Leica apps based on your usage behavior – more detailed information on the purposes of processing can be found in the description of the respective service.
Storage duration for the personal data: N/A, as currently not used
Legal basis for processing: Your consent (Art. 6 para. 1(a) GDPR)
Withdrawal of consent: N/A, as currently not used
5.2.4 Cookies for marketing purposes
These cookies can be set in our Leica apps or by our advertising partners. They can then be used by these companies to create a profile of your interests and display relevant advertisements to you on websites. They do not store personal data, but are based on a unique identifier for your browser and end device.
Service: Currently not used
This service is used in the following Leica apps: Currently not used
Categories of personal data: Account and identification data; device data; technical app data, usage and connection data; analysis data and information on your interests and preferences; location data; product and accessory data
Purposes of processing: Displaying advertising in line with your interests within and outside the Leica apps – more detailed information on the purposes of processing can be found in the description of the respective service.
Storage duration for the personal data: N/A, as currently not used
Legal basis for processing: Your consent (Art. 6 para. 1(a) GDPR)
Withdrawal of consent: N/A, as currently not used
6. Disclosure of Your Data
You are neither contractually nor legally obliged to disclose your personal data. However, the provision of personal data is necessary so that, in particular:
- We can provide you with the Leica apps and the related services and functions and you can log into our Leica apps
- We can process transactions made by you
You will not be able to conclude a contract if you do not provide your data.
Moreover, disclosing your data is required so that, in particular:
- We can accept and process your queries
- You can use the functions and services provided in connection with our Leica apps in the intended manner
- We can guarantee the security and functionality of our Leica apps and the associated services and functions
If you need to provide your data, we will alert you to this by designating the appropriate fields as mandatory during input. Additional data is provided on a voluntary basis. Where providing your data is mandatory, failing to do so will result in our being unable to provide the aforementioned functions and services to you.
In other cases, failing to provide your data may result in our not being able to provide the respective functions and services at all, or not to the usual extent.
7. Forwarding Your Data
Alongside the cases mentioned in this Privacy Policy, your personal data can be forwarded without your prior consent only in the following cases:
- Where it is necessary in order to fulfill the contract with you or to provide the services or functions requested by you, we transfer your personal data to payment service providers, telecommunications service providers, identity providers (e.g., single sign-on providers) and the respective providers of the third-party services utilized by you, including companies of the Leica Camera Group. The legal basis for this is Art. 6 para. 1(b) GDPR. The transfer is required to fulfill the contractual relationship with you. Moreover, we have a legitimate interest in the transfer in order to provide or enable the use of the services and functions requested by you, Art. 6 para. 1(f) GDPR.
- If it is necessary in order to clarify unlawful or improper use of our Leica apps and the associated functions and services or for the purpose of prosecution, your personal data will be forwarded to external advisors (e.g., attorneys), the law enforcement authorities and, if necessary, to injured third parties. However, this only takes place if there are specific indications of unlawful or improper behavior. Your personal data may also be forwarded to these parties, including collection agencies, where this is required for asserting terms of use or contract terms or for asserting, enforcing or defending claims. Furthermore, we are legally obliged to provide information to certain public bodies upon request. These bodies are law enforcement authorities, authorities that pursue offenses that entail fines, and the financial authorities.
Your personal data can also be forwarded if we are subject to other claims from third parties that include access to your data. In particular, these can be claims of data subjects within the scope of the exercise of your rights in accordance with Chapter III GDPR.
The forwarding of this personal data is based on our legitimate interest in combating misuse, prosecuting criminal acts and asserting, exercising or defending against claims (Art. 6 para. 1(f) GDPR) or on a statutory obligation (Art. 6 para. 1(c) GDPR).
- In connection with our Leica apps and the associated services, we use contractually bound third-party companies and external service providers, which are known as processors (see Art. 4 no. 8, Art. 28 GDPR). In such cases, personal data is forwarded to these processors in order to enable further processing. The processors process personal data on our behalf and in accordance with our instructions.
We use the following categories of processors:
- IT service providers
- Cloud service providers
- Software service providers
- Analytics, evaluation and survey service providers
- Service providers for communication platforms
- Within the framework of administrative processes and the organization of our business, financial accounting and adherence to statutory obligations such as archiving, we disclose or forward your data to financial authorities, consultants (e.g., tax advisors or auditors) and payment service providers, postal and transport companies and similar bodies. Data is also transferred to other Leica Camera Group companies for these purposes.
The forwarding of this data is based on our legitimate interest in maintaining our business activities and the efficient organization of the business and internal and intra-Group processes, performing our tasks, asserting, exercising or defending against claims (Art. 6 para 1(f) GDPR) or on a statutory obligation (Art. 6 para 1(c) GDPR).
- During the development of our business it is possible that the structure of our company is altered through a change of legal structure or the foundation, acquisition or sale of subsidiaries, business units or components. For transactions of this nature, information is passed on together with the part of the company that is to be transferred. Each time that personal data is forwarded to third parties to the extent described above, we will ensure that this takes place in accordance with the relevant data protection laws.
The forwarding of personal data is justified by the fact that we have a legitimate interest in adapting our corporate structure to the economic and legal circumstances, Art. 6 para. 1(f) GDPR.
8. Transfers to Third Countries
We also process personal data in third countries or transfer this data to recipients in third countries. All countries outside the European Economic Area (EEA) are considered third countries. Please note that there is currently no adequacy decision by the European Commission certifying that these third countries generally have an adequate level of data protection.
When we transfer personal data to third countries, we guarantee that one of the following prerequisites is met:
- There is an adequacy decision of the European Commission in accordance with Art. 45 GDPR, according to which there is an adequate level of data protection in a third country.
- We have agreed standard data protection clauses approved by the European Commission pursuant to Art. 46 para. 2(c) GDPR and, to the extent necessary, have implemented supplemental measures in line with the criteria set forth by the Court of Justice of the European Union (decision on Schrems II).
- There are other appropriate safeguards in the meaning of Art. 46 para. 1 GDPR that are appropriate for ensuring that an adequate level of data protection is in place.
- There is a derogation in accordance with Art. 49 GDPR; i.e., when you have consented to the transfer (Art. 49 para. 1(a) GDPR), the transfer is necessary for the performance of a contract with you (Art. 49 para. 1(b) GDPR) or for asserting, exercising or defending legal claims (Art. 49 para. 1(e) GDPR).
You can request additional information via the contact details listed under item 1. Here, you can also query information on the appropriate safeguards we have implemented to protect your personal data, including a copy of any concluded standard data protection clauses.
9. Erasing Your Data
We erase or anonymize your data as soon as it is no longer required for the purposes for which we collected or otherwise processed it in line with this Privacy Policy. We generally save your personal data on the respective Leica apps and the associated services for the duration of the usage or contractual relationship plus a period of 30 days during which we keep backup copies following erasure. Data processed on the basis of your consent will be deleted when you withdraw your consent, or at an earlier point in time when the data we collect is no longer required for the purpose for which it was collected.
Your data will only be stored beyond the period specified in this Privacy Policy in the following cases:
- When we are obliged to do so for legal reasons, Art. 6 para 1(c) GDPR. Where we are legally obliged to do so, we will store your data for the period prescribed by law. In particular, legal provisions on the storage of data can be derived from the retention periods stipulated in the German Commercial Code (HGB) or German Fiscal Code (AO). The retention period specified by these provisions is generally between six and ten years as of the end of the year during which the corresponding transaction was finalized, e.g., when we completed the processing of your query.
- If your data is relevant for initiating or fulfilling contracts, it is stored for the purpose of initiating and fulfilling the respective contractual relationship, Art. 6 para. 1(b) GDPR.
- When the data is required for longer due to criminal proceedings or for asserting, exercising or defending legal claims. This also constitutes our legitimate interest as per Art. 6 para. 1(f) GDPR. In this case, your data is stored until the corresponding transaction is complete, plus the statutory period of limitation.
Should it be necessary to store data for legal reasons, its processing will be restricted. The data will then no longer be available for further use.
10. Your Rights
You have the rights described below in relation to the processing of your personal data. In addition to the options described above, you can assert your rights by sending a request by post or email to the addresses specified in item Fehler! Verweisquelle konnte nicht gefunden werden.1 above.
10.1 Right of access
You have the right to access the personal data concerning you that we process at any time upon request within the scope of Art. 15 GDPR as well as Section 34 of the German Federal Data Protection Act (BDSG).
10.2 Right to rectification
As stipulated in Art. 16 GDPR, you have the right to request that we rectify personal data about you where this data is inaccurate. Furthermore, you have the right to request the completion of incomplete personal data by us.
10.3 Right to erasure
In the circumstances described in Art. 17 GDPR and Sec. 35 BDSG, you have the right to request that we erase personal data concerning you.
10.4 Right to restriction of processing
You have the right to request that we restrict processing as per Art. 18 GDPR.
10.5 Right to data portability
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format pursuant to Art. 20 GDPR.
10.6 Right to object
According to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you based on Art. 6 para. 1(f) GDPR at any time on grounds relating to your particular situation. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for asserting, exercising or defending legal claims.
If we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for these purposes, including any profiling, at any time. Following your objection, we will no longer process your personal data.
10.7 Right of withdrawal
You have the right to withdraw your consent at any time in accordance with Art. 7 para. 3 sentence 1 GDPR. Withdrawal of your consent does not affect the lawfulness of the processing performed on the basis of your consent prior to its withdrawal.
You can change your consent regarding the permissions of the Leica apps on your end device at any time (e.g., access to location data or the camera), or withdraw the corresponding permission on your end device in the Settings menu at app level.
11. Right to Complain
You have the right to lodge a complaint with a supervisory authority of your choice if you believe that the processing of your data breaches applicable data protection law.
12. Data Processing When Exercising Your Rights
Lastly, we would like to point out that in the event that you exercise your rights as per Art. 7 para. 3 sentence 1 GDPR and Art. 15 to 22 GDPR, we will process the personal data provided by you for the purpose of implementing these rights and providing verification thereof as well as for the purpose of defending any legal positions.
In this context, we will store your data for three years as of the complete processing of your rights as a data subject. Your data will only be stored for a longer period where we still require this data for the purpose of legal defense. In this case, erasure will take place once the transaction is completed plus the statutory periods of limitation.
The legal basis for this processing for the purpose of implementation and for verifying that implementation was legally compliant is Art. 6 para. 1(c) GDPR in conjunction with Art. 7, para. 3 sentence 1 GDPR and Art. 15 to 22 GDPR as well as Sec. 34 para. 2 BDSG. If we process the personal data for purposes relating to legal defense, this also constitutes our legitimate interest as per Art. 6 para. 1(f) GDPR.
You are neither contractually nor legally obliged to provide your personal data; however, we can reject your request to exercise your rights as a data subject as per Art. 12 para. 2 sentence 2 GDPR if you do not provide the data required to identify you uniquely (after being requested to do so, if applicable).
13. Links to Websites and Online Services
Leica apps may contain links to the websites or online services of Leica Camera Group companies or other providers that are not covered by this Privacy Policy. If you click one of these links, you will be automatically directed to the linked external website or to the corresponding online service. Information on the processing of your personal data is available in the corresponding privacy policies for the respective websites and online services.
14. Changes to This Privacy Policy
The latest version of this Privacy Policy is available at any time via the Leica Apps in the Apple Store and Google Play.
Version: November 2023