Privacy Policy
The protection of personal data and the responsible handling of information that you entrust to us is an important and special concern for us. Chirp processes personal data only in accordance with the statutory regulations, in particular Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and the German Federal Data Protection Act (BDSG).
Below you will find the legally required information in accordance with Art. 13 GDPR as well as explanations of your rights as a data subject of such data processing in accordance with Art. 12 et seq. GDPR in conjunction with §§ 32ff. BDSG. We also inform you here about the protection of your privacy on the terminal equipment you use within the meaning of Section 25 TTDSG.
1. General information
a) Responsible person
Responsible for the data processing described below is the
Chirp USA LLC 336 E. College Ave, Suite 301 Tallahassee, FL 32301 USA
Phone: xxx E-Mail: xxx
b) Data Protection Officer
is the data protection officer of our company:
PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH Jungfernstieg 1 20095 Hamburg E-Mail: xxx
c) Your rights as a data subject
As a data subject of data processing by our company, you have a right to confirmation as to whether we process data relating to your person and, if this is the case, the right to information about this personal data (Art. 15 GDPR), a right to correction of your incorrect data (Art. 16 GDPR), a right to deletion (Art. 17 GDPR) and a right to restriction (blocking) of your data (Art. 18 GDPR) under the respective legal requirements.
If your personal data is processed on the basis of Art. 6 para. 1 lit. e or f GDPR, you can object to this processing under the conditions of Art. 21 para. 1 GDPR for reasons arising from your particular situation.
You can object to the processing of your personal data for direct marketing purposes at any time and without giving reasons with effect for the future (Art. 21 (2) GDPR). If you have provided us with personal data, you can request the transfer of the data under the legal requirements (Art. 20 GDPR).
If the processing is based on consent within the meaning of Art. 6 sentence 1 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, you can revoke your consent at any time for the future (Art. 7 para. 3 GDPR).
You have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about data protection at of Chirp, you can contact our external data protection officer at any time using the contact details given above.
d) Storage period and deletion of your personal data
We delete your personal data,
as soon as they are no longer required for the processing purposes explained below,
in the event of an objection pursuant to Art. 21 (1) GDPR, there are no compelling legitimate grounds on the part of our company to prevent erasure
or in the event of withdrawal of consent, there is no other legal basis for the processing.
If and as long as statutory retention obligations prevent deletion, we restrict the processing of your data to this archiving purpose (so-called data blocking) and delete your data when the retention period expires. Typical retention periods under German commercial and tax law are six years to the end of the year for business letters (including emails) and ten years to the end of the year for accounting-related transactions.
e) Categories of recipients of your data
We may transfer your personal data for the purposes explained in sections 2 et seq. of this privacy policy to service providers that we commission with specific, earmarked data processing (e.g. hosting) on the basis of order processing contracts in accordance with Art. 28 GDPR.
f) Automated decision making
We do not process your personal data for automated decision-making which produces legal effects concerning you or similarly significantly affects you.
2. Data processing when using our gateway, our IoT devices and our ecosystem
a) Gateway
The gateway forwards information about the status of IoT devices connected to our ecosystem via the internet connection to which it is connected. Our system processes the information. This is the device identifier of the gateway, the IoT device and the status of the gateway and the IoT device. The transmitted information is end-to-end encrypted and therefore cannot be viewed during transmission.
We also process the IP address that the gateway installed on your computer automatically transmits to our server. We need this information to enable you to use our services.
The legal basis for this data processing is the fulfillment of the contract for our services, Art. 6 para. 1 lit. b GDPR. We store the personal data in question for a period of six months.
b) Trackers and devices that transmit GPS coordinates
Trackers transmit the device ID and current GPS coordinates. We process this information and store it in the account to which the tracker is linked. The legal basis for this data processing is the fulfillment of the contract for our services, Art. 6 para. 1 lit. b GDPR. We store the relevant personal data permanently until new GPS coordinates are received. They are automatically deleted after a period of six months.
c) Smartphones
Smartphones transmit the device ID and current GPS coordinates via our app. We process this information and store it in the account to which the smartphone is linked. We also process the IP address that the gateway installed on your device automatically transmits to our server. We need this information to enable you to use our services.
The customer also grants the installed Chirp app access to the smartphone's BLE functionality. BLE is used to form a BLE mesh network that relays information about BLE devices that are registered on the Chirp network and are within signal range. If a device is within range of a smartphone, it will use that smartphone to transmit information about that device to the customer. Only the customer of the device can see the information; the smartphone that forwards the data has no information about the device.
The legal basis for this data processing is the fulfillment of the contract for our services, Art. 6 para. 1 lit. b GDPR. We store the relevant personal data permanently until new GPS coordinates are received. They are automatically deleted after a period of six months.
Status: April 2024
Last updated