Privacy Policy

Gigaset Technologies GmbH (“we” or “us” or “our”) can send out system updates or new firmware to Gigaset smartphones by means of firmware over-the-air (FOTA). That is done in compliance with the stringent principles of the European General Data Protection Regulation. Only files that have been tested and approved by Gigaset are used. If, for serious security reasons, updates have to be installed without the user’s influence, Gigaset can do so in justified exceptional cases where absolutely necessary to fulfill the contractual services we have promised you. 

We respect our users’ privacy. This Privacy Policy explains how we as the controller collect, use, disclose and protect your information, including your personal data. Please read this Privacy Policy carefully. 

Information we collect

We may collect information from your end-user device to ensure that the update processes work effectively and deliver the best results for you. We will not record any personal data concerning you above and beyond that, unless you provide us with it voluntarily when you decide to participate in various activities in connection with other services.   

The information we collect to ensure update processes can be regarded as “personal data” (i.e. information concerning a specific or identifiable natural person) under EU data protection law. This information may include: 

Data on mobile devices and networks: We may collect data on your device and network connectivity. These data records include the type of device, its manufacturer, the platform, the device model, the software version, the language setting, the size of the device’s memory and the SD card, as well as further technical device data; the International Mobile Equipment Identity (“IMEI”) for the first and, if applicable, second SIM card slot and the serial number as unique identifiers of your device; the MAC address; the IP address; the service provider and the type of network (e.g. WiFi®, mobile) you use for the update service.

Above and beyond that, we will not read any personal data such as e-mail addresses, address books, phone numbers, image files and the like, nor will we transmit it to our servers.

Push notifications: You are informed about new updates by means of a push notification in the status bar and can then download them and yourself define when they are to be installed, unless by way of exception they are a security update that it is absolutely necessary to install (see above).   

What we do with the information we record

We require this information to be able to ensure update processes tailored to your device settings and your device’s software versions and to carry out these processes efficiently.

In particular, we collect this information for the following purposes:

• To provide firmware over-the-air (FOTA) services to enable wireless updating of the operating software on your device.
• To provide the FOTA application, including adaptation of it to your preferences and ensuring its compatibility with your device.
• To diagnose application problems.
• To fulfill our responsibilities.
• To update and improve the application and FOTA services.

Legal basis for processing your data

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), national data protection law and all other applicable legislation. The data is processed primary to conduct the mutual business relationship. Apart from that, your separate consent may be used as permission under data privacy law for your use of the device or to handle special services. We also process your data so that we can fulfill our legal obligations. 

We process data on your use of your device so that we can optimize our products, maintenance services or support, such as the provision of software updates and patches. The legal basis for that is performance of a contract in accordance with Article 6 (1) sentence 1 point (b) GDPR or a legitimate interest in accordance with Article 6 (1) sentence 1 point (f) GDPR.

Our data storage principles

We store personal data we collect from you if we also need to do so for legitimate business reasons, for example to provide you with a service you have requested or to comply with prevailing statutory, tax or accounting requirements. If there is no longer a legitimate business need for us to process your data, we will either erase or anonymize it or, if that is not possible (for example because your data has been stored in backup archives), we will store your data securely and exclude it from any further processing until it is erased.  

Disclosure, transfer and storage of the data we record

We do not pass on your personal data we collect to unaffiliated third parties (including government authorities), unless that is required by prevailing law or otherwise specified in this Privacy Policy. 

We may pass on aggregated and anonymized information to our trusted business partners – such as content delivery networks, Internet data centers and device manufacturers – in order to improve the applications and our services. We may pass your data on to content delivery networks so that your device can download updates.  Your data may be passed on to Internet data centers that host our servers as part of provision of the service.

As is customary in the industry, we engage service providers to distribute updates. If we transmit personal data to them or other service providers or group companies outside the European Economic Area (EEA), we do so only if the EU Commission has confirmed that the third country has an adequate level of data protection or if there are other adequate safeguards that the data will be protected (such as binding internal data protection regulations at a company or EU standard contractual clauses). 

We may also pass on aggregated information (i.e. information concerning our users which we combine to that it can no longer be used to identify or reference an individual user) and other anonymized information to ensure compliance with statutory requirements and for industry and market analyses, demographic profiling, marketing and other legitimate business purposes.

Our security measures to protect your data

We take the protection of your data seriously and have implemented appropriate physical and technical measures to protect the data we collect in connection with the services. Even though it is never fully possible to ensure the security of websites, transmission of data over the Internet, computer systems or mobile connections due to the rapid pace of technological change, we adapt our systems as soon as new threats become known and always take appropriate steps to protect your data.

Your data protection rights

As a data subject, you have the following data protection rights under the EU GDPR: 

You can demand access to and information on data stored concerning you by contacting the address below. You can also demand that your data be erased or rectified if certain requirements are met. You have the right to demand restriction to processing of your data and a right to receive the data you have provided in a structured, commonly used machine-readable format. If your personal data is processed on the basis of your consent, you can withdraw your consent at any time by notifying us at data-protection(at)gigaset.com.

We will handle your request(s) as soon as possible. If you are not satisfied with our response, you can contact the competent data protection authorities in the country of your residence.

Our contact data

You can contact on by going to our homepage www.gigaset.com, where we offer you various means submitting requests to us under the “Contact” link in the footer.

We have appointed a Data Protection Officer to supervise our data privacy practices and ensure compliance with the EU GDPR.  You can contact our Data Protection Officer at any time with any questions, comments or suggestions you have about this Privacy Policy at data-protection(at)gigaset.com.