Data privacy statement for the Miele 3rd Party API service

This data privacy statement aims to provide you with information on data processing in relation to the Miele 3rd-party API service. Personal data is processed exclusively in accordance with applicable statutory data protection provisions, in particular the General Data Protection Regulation (“GDPR”).

1. General information

1.1 Personal data

In accordance with Art. 4 (1) of the GDPR, “personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2 Data controller

The data controller within the meaning of Art. 4 (7) of the GDPR is
Miele & Cie. KG
Carl-Miele-Straße 29
33332 Gütersloh, Germany
Tel.: +49 5241 89-0
Fax: +49 5241 892090
Email: info@miele.de

1.3 Data protection officer

You can contact our data protection officer at the postal address listed under section 1.2 or via email at: datenschutz@miele.de

2. Data processing in connection with the use of the Miele 3rd-party API service

  • Registration data (of the Miele@mobile account and for the Miele 3rd-party API)
  • Miele customer number
  • Machine number of appliance(s)
  • Appliance features
  • Personal identification features for telecommunication purposes
  • Status of Miele household appliance
  • Internet service provider and IP address of user, date and time of use (“logfiles data”)

The processing of data is necessary to enable the Miele 3rd-party API service to be provided. The legal basis for the processing of the data is Art. 6, para. 1(b) of the GDPR.

We process your data for the following purposes:
  • To provide you access to the Miele 3rd-party API service
  • To give you the opportunity to access your Miele appliances via the 3rd-party API
  • To offer you the relevant services in relation to the Miele 3rd-party API

Any personal data collected will be stored by us only for as long as it is required to fulfil the relevant purpose.
We evaluate logfiles data anonymously in order to continually improve the service, adapt the service to the interests of our users and to resolve any errors more quickly. For such purposes, we also have a legitimate interest to process your data in accordance with Art. 6, para. 1(f) of the GDPR.

In non-anonymised form, the logfiles data is used exclusively to determine malfunctions and to guarantee system security; this includes the detection and tracking of inadmissible access attempts as well as attempts to misuse the service and to commit fraud. Data is stored for such purposes for 7 to 10 days and is then deleted. Logfiles data which needs to be retained for a longer period of time for evidentiary purposes is excluded from the erasure procedure until the particular case has been fully resolved and may be passed on to investigation authorities in specific cases.

3. Collection and processing in relation to the Miele 3rd-party API website

3.1 Data that is processed automatically when visiting the website

Each time you access the Miele 3rd-party API website, your browser will automatically transfer data which is stored in the logfiles of the server. This concerns the following data (“logfiles data”):

  • Information on the browser type and browser version used
  • The user's operating system
  • Internet service provider and IP address of user
  • Date and time of access

We evaluate logfiles data anonymously in order to continually improve the website, adapt the website to the interests of our users and to resolve any errors more quickly. For such purposes, we also have a legitimate interest to process your data in accordance with Art. 6, para. 1(f) of the GDPR.

In non-anonymised form, the logfiles data is used exclusively to determine malfunctions and to guarantee system security; this includes the detection and tracking of inadmissible access attempts as well as attempts to misuse the service and to commit fraud. Data is stored for such purposes for 7 to 10 days and is then deleted. Logfiles data which needs to be retained for a longer period of time for evidentiary purposes is excluded from the erasure procedure until the particular case has been fully resolved and may be passed on to investigation authorities in specific cases.

4. Contacting us

Our Miele 3rd-party API website includes various ways of contacting us. If you use these and contact us via email, for example, we process the data you provide to us as part of this contact in order to respond to your enquiry.

We have a legitimate interest to respond to enquiries submitted to us. The legal basis for the processing of the data is Art. 6, para. 1(f) of the GDPR. Should your enquiry relate to the conclusion of a contract, the legal basis is Art. 6, para. 1(b) of the GDPR.

Any data provided to us when you contact us is deleted upon the closure of your enquiry unless we are required to retain the data for commercial or taxation purposes.

5. Cookies

We also use cookies or similar technologies such as pixels (hereinafter referred to using the umbrella term “cookies”) on the Miele 3rd-party API website. Cookies are small text files or image files such as pixels which are stored on your device by your browser. The next time you access our website with the same device, the information stored in cookies is either sent back to our website (first-party cookie) or to another website (3rd-party cookie).

The information stored in the cookies enables the website in question to identify that you have visited it before. It enables you to view the website in a manner that best fits your preferences. In doing so, only the cookie itself is identified on your device. Furthermore, personal data is only processed with your explicit consent or if it is absolutely necessary to enable you to make appropriate use of the offered service you have accessed.

You can also disable certain cookies on our cookie settings page. In addition, you can block cookie storage entirely by configuring the settings in your browser. However, this may prevent you from making full use of some of the functions of our website.

6. Rights of the data subject

The data subject has various rights in accordance with the GDPR. These include in particular:

  • Right of access: in accordance with Art. 15 of the GDPR, you may request confirmation as to whether or not personal data concerning you is being processed by us. If we are processing your personal data, you may also request further information regarding the processing of this data.
  • Right to rectification: in accordance with Art. 16 of the GDPR, you have the right to have your data rectified or completed if the personal data concerning you that is being processed is inaccurate or incomplete.
  • Right to restriction of processing: in accordance with Art. 18 of the GDPR, you may request that the processing of personal data concerning you is restricted.
  • Right to erasure: in accordance with Art. 17 of the GDPR, you also have the right – under certain conditions – to request that we erase personal data that we have stored about you.
  • Right to data portability: in accordance with Art. 20 of the GDPR, you also have the right to receive personal data concerning you, which you have provided, in a structured, commonly used and machine-readable format, and have the right to transmit this data to another data controller without hindrance from us.

7. Right to lodge a complaint

You have the right to lodge a complaint regarding the handling of your personal data with the data protection authority who is responsible for you or us.

8. Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6, para. 1(f) of the GDPR, you have the right, in accordance with Art. 21 of the GDPR, to object to the processing of your personal data, provided that there are grounds relating to your particular situation, or the objection is related to direct marketing. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation.