1. Overview

1.1 General information

The following information provides a simple overview of what happens to your personal data when you visit this website or use our cloud service. Personal data is any data that can be used to identify you personally. For detailed information, please refer to the following privacy policy.

1.2 Data collection

Data processing is carried out by the operator of this website (see section 2.2).

We process data that you actively provide to us (for example via the contact form or when creating a cloud account), as well as technical data that is automatically generated when you visit the website (for example date and time of access).

You have the right of access, rectification, erasure, and restriction of processing of your data at any time. Any consent you have given can be withdrawn at any time. If you have any questions, please feel free to contact us.

2. General information and mandatory information

2.1 Data protection

The protection of your personal data is important to us. We only process your data to the extent that is required for the respective purpose, and on the basis of statutory provisions.

2.2 Information on the data controller

The controller for data processing is:

Juergen Tauschl
c/o flexdienst – #12183
Kurt-Schumacher-Straße 76
67663 Kaiserslautern
Germany

E-mail: ppa.t1779898610s-ero1779898610cne@r1779898610etsam1779898610bew1779898610
Tel.: 00884177989861032 17177989861018 941779898610+1779898610

The data controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2.3 TLS encryption

This website and the cloud service use TLS encryption to protect the transmission of your data between your devices and our servers.

2.4 Retention period

Unless a more specific retention period is specified in this privacy policy, we erase your data as soon as the purpose of processing no longer applies. Statutory retention obligations remain unaffected.

2.5 Transfer to third countries

No transfer of your data to third countries outside the European Union takes place.

3. General data processing

3.1 Hosting and data backup (IONOS SE)

We use virtual private servers (VPS) from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, to host this website and our cloud service.

IONOS processes technical connection data that is unavoidably generated when providing the server and network infrastructure. For backing up our website and database content we use IONOS SE’s cloud object storage. Backups are encrypted in transit and at rest; storage is restricted to servers within the European Union. Backups are rotated regularly and automatically deleted after no more than three months.

A data processing agreement under Art. 28 GDPR is in place with IONOS. The use of the IONOS infrastructure is based on Art. 6(1)(f) GDPR. We have a legitimate interest in providing this website in a stable and secure manner and in ensuring recovery in the event of failure.

3.2 Content Delivery Network (BunnyWay d.o.o.)

We use the content delivery network (CDN) Bunny.net from BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia, for the fast provision of static content on this website.

When such content is accessed, BunnyWay processes the IP address of the requesting device for technical reasons. The IP address is only processed briefly in working memory and is not stored permanently. Processing takes place exclusively within the European Union.

The processing is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the secure and efficient provision of this website.

3.3 Server log files

When you access our servers, technical log files are generated for troubleshooting and to fend off automated attacks. They contain:

• IP address — truncated before archiving: for IPv4 the last octet is set to 0, for IPv6 the last hex group
• date and time of access
• page or file accessed
• browser and operating system
• HTTP status code
• amount of data transferred

The logs are automatically deleted after 7 days. This data is not merged with other sources.

The processing is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the stable and secure provision of our services as well as in detecting and preventing automated attacks.

3.4 Cookies

This website does not use cookies for analytics, tracking or advertising purposes. Technically required session information may be stored locally in your browser to the extent necessary for sign-in and use of the cloud service.

3.5 Enquiries via contact form, e-mail or telephone

When you contact us, we process the data you provide (name, e-mail address, message) exclusively for the purpose of processing your enquiry. The data will not be passed on to third parties.

The processing is based on Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. We have a legitimate interest in the efficient processing of enquiries.

The data will be deleted as soon as the purpose no longer applies or you request us to delete it. Statutory retention periods remain unaffected.

4. Encore ST cloud service

4.1 Account and sign-in data

When you sign in to our cloud service, we process your e-mail address for account creation and sign-in links, a display name chosen freely by you, and a session token that identifies your signed-in app session.

Providing your e-mail address is required in order to create an account. Session tokens become invalid after at most 30 days.

The processing is based on Art. 6(1)(b) GDPR for the provision of the service you have requested.

4.2 Device linking

So that you can control your speakers through the Encore ST app, we store the devices linked to your account and their latest online status. No history is retained.

The processing is based on Art. 6(1)(b) GDPR and is required for the operation of the service.

4.3 Security and activity log

To safeguard the service we log sign-ins and security-relevant actions with a timestamp and a truncated IP address. The log is automatically deleted after 60 days. For failed sign-in attempts the full IP address is stored temporarily to fend off automated attacks; it is automatically deleted after approximately one hour.

The processing is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the security and availability of the service.

4.4 Processor (IONOS SE)

The server infrastructure of the cloud service and the dispatch of sign-in e-mails are provided by IONOS SE (see section 3.1). A data processing agreement under Art. 28 GDPR is in place with IONOS. No data is shared with further third parties.

The processing is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the stable and secure provision of the cloud service.

4.5 Data export

You can download the data stored for your account at any time, either through the account web or directly in the Encore ST app (“Download my data”). The export is provided in a machine-readable format in accordance with Art. 20 GDPR.

4.6 Account deletion

You can delete your account at any time, either through the account web or directly in the Encore ST app (“Delete account”). The data stored for your account is removed immediately. Residual data in backups and the activity log is automatically deleted within the retention periods stated above. Previously connected speakers can then no longer be controlled through the app and should be reset to factory settings.

5. Rights of data subjects

5.1 Withdrawal of your consent

If processing is based on your consent, you can withdraw it at any time. The lawfulness of the processing until withdrawal remains unaffected.

5.2 Right to object to Art. 21 GDPR

If your personal data is processed on the basis of Art. 6(1)(f) GDPR, you have the right to object on grounds relating to your particular situation.

In the event of an objection, we will no longer process this data unless there are compelling legitimate grounds for doing so or it serves to assert legal claims.

5.3 Right to lodge a complaint

You have the right to lodge a complaint with a data-protection supervisory authority — in particular with the authority of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR).

5.4 Right to data portability

You have the right to have data that we process automatically transferred to you or to a third party in a common, machine-readable format. For Encore ST cloud service accounts you can trigger this export yourself (see section 4.5).

5.5 Right to information, correction, deletion or restriction

You have the right to obtain information about your personal data stored by us at any time, as well as the right to have it corrected, deleted, or restricted. For Encore ST cloud service accounts you can trigger deletion yourself (see section 4.6).