Updated: December 13, 2019

WEBER STEPHEN PRIVACY POLICY FOR

THE “WEBER CONNECT APP”​

For Weber-Stephen the protection of your personal data according to Art 4 No. 1 GDPR (referred to hereinafter as “Personal Data”) is a key concern. In the following, we would like to inform you which data we collect and process while you are using the Weber Connect App (referred to hereinafter as the "App"). In this Privacy Policy you will find all information regarding the processing of your data in the App and in connection with it.

Please note that this Privacy Policy may be updated from time to time due to technical progress and the appropriate implementation of new technologies and/or due to changes to the law.

A. Controller, Controller’s representative, Data Protection Officer

In order to download the App, personal data is transferred to the App Store/Play Store, in particular user name, e-mail address and customer number of your account, time of download and the individual device ID. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the app to your device.

Weber-Stephen Products LLC, 1415 Roselle Road, Palatine, IL 60067, USA (“Weber LLC”) and Weber-Stephen Products (EMEA) GmbH Franklinstraße 28/29, 10587 Berlin (“Weber EMEA”) and the relevant Weber-Stephen entity responsible for the relevant country (“Weber Country”) are Joint Controllers for the processing in the App. The relevant Weber Country entity can be found on www.weber.com Weber-Stephen Products (EMEA) GmbH is Weber-Stephen Products LLC’s representative in the EU according to Art. 27 GDPR. The Joint Controllers have defined the following responsibilities:

Weber LLC is responsible for the technical setup, administration and distribution of the App. In this role Weber LLC has the responsibility to conclude and administer all relevant contractual documents with any technical service providers in use for the App as well as auditing their compliance with the agreed legal requirements. This includes any Data Processing Agreements with data processors who will handle or have access to European Data.

Weber EMEA and Weber Country handle Weber-ID registrations, Analytics, Marketing and communication with users in Europe jointly with regard to the individual country of the Weber Country.

Information obligations according to Art 13, 14 GDPR are fulfilled by Weber LLC for the App and technical infrastructure and by Weber EMEA for account and marketing related information.

If you have any questions or remarks regarding this Privacy Policy, please contact our Data Protection Officer (Weber EMEA and Weber-Stephen Deutschland GmbH) at:

privacy.emea@weberstephen.com

B. Data Processing for use of the App

While using the App we will process different sets of data; some data is processed automatically by the App to ensure the correct and uninterrupted service of the App (1). For other sets of data the processing is different for users that do not have a registered Weber-ID (2) and for users that already have a Weber ID or register a Weber ID during use of the App (3).

The use of the App does not require the registration of a Weber-ID.

The legal basis for processing is Art. 6 (1) lit. b of the GDPR, if no other legal basis is provided.

(1) App-Usage Data

To ensure trouble-free use of the App, the App needs to collect, process and store (see Data Storage) automatically the following personal data:

  • General
  • Country
  • Language
  • Consent, where applicable (e.g., marketing opt-in).
  • Mobile operating system
  • Unique device ID
  • IP Address
  • Mobile App
  • Usage data (time, temperature, type of meat)

(2) Non-registered use

We do not collect or process any Personal Data from non-registered users during the use of the App. All data that is processed for the use of the App is processed in connection with the serial number of the Weber Connect device (“Device ID”) in use. The following data is stored for the user under the Device ID:

  • Guided Cooking Programme (Including Target Temperature/Doneness Level)
  • Start Date/Time
  • End Date/Time
  • Session Name (optional)
  • Graph Data (temperate point for each second of the session collected from the Connect Device)
  • Device ID
  • Probe placement

We have no knowledge of the identity of a non-registered user and have no possibility to identify him/her. The above-mentioned anonymous data is stored in the cloud for access by the App in future uses so the App can access information about prior use, settings and user-generated information without registering an account.

In case the user registers a Weber-ID at a later point, any data stored under the Device ID will be merged into the Weber-ID.

The data according to App Usage Data is used for identifying the respective user and connecting him/her to the Device ID resp. his/her Weber-ID (if logged in) while he/she is using the App.

Also, the anonymous data stored under the Device ID might be connected to your Personal Data in case you register the barbecue with its serial number to claim a warranty case with Weber.

June Life, Inc. (“June”) handles the maintenance of the Connect device software and has therefore access to the device's serial number and will support Weber with technical problems in connection with the device software. June acts as processor for Weber according to Art. 28 GDPR.

(3) Registered use Weber ID/ Weber ID Registration

You may also register a new or log-in to an existing Weber ID within the App. In that case any data stored under the Device ID (see (2)) will be connected with the Weber ID. That way your complete barbecuing session history will also be available in the App and any further cooking sessions will be available in your Weber ID as well.

The Weber-ID features a central user account where all your data is collected in one place in order to constantly improve your experience of the Weber world and to tailor it to your specific interests. You may create a Weber-ID Account free of charge. Data in your Weber-ID may come from the Weber Connect App, the weber.com website, the iGrill App, the Weber-App or any other digital Weber product/offering.

When you create a Weber-ID account within the App, we collect the following information

  • First Name
  • Last Name
  • Date of birth*
  • Email address
  • Password
  • Physical Address
  • Orders and cart
  • Saved products
  • Email list status
  • Registered products*
  • User service/online consumer care claim information
  • Children*
  • Houshold size*
  • Household type*
  • Interests*
  • Favourite barbecue categories*
  • Favourite recipes*

*optional

Legal Basis for the processing is Art 6 (1) b of the GDPR, as the data is necessary for providing you with the services and functionalities of the Weber-ID.

The Weber-ID offers additional features such as a centralised user account on our website; please refer to the privacy policy on our website for further information in that regard.

This will give you access to exclusive contents of the web page (recipes, tips and tricks, etc.), you can register your barbecue/barbecues, receive all important information (warranty periods, operating instructions, etc.) and have central access to all data and services Weber-Stephen has on offer for you. You can also easily log into our shop at any time to check your order status or place additional orders without having to register again. A Weber ID will also allow you to use features such as notepad and wish list.

We are also entitled to keep your IP addresses, times of registration and confirmation times on the basis of our legitimate interest to verify your registration and to appropriately clarify any possible misuse of your personal data. The legal basis for this is Art. 6 (1) Sentence 1 lit. c) and f) GDPR.

If you wish to delete your Weber-ID, please contact us at privacy.emea@weberstephen.com.

(4) Location Data

You may connect your Weber Connect device with the App via WiFi or via Bluetooth. Please note that under certain versions of, e.g., Android OS, location data is also processed by default when Bluetooth is activated. For this, the publisher of your operating system is controller. If desired, you can deactivate the transfer of your location via your operating system’s settings.

The processing of such data is based on Art. 6 (1) lit. b) GDPR.

C. Analytics

(1) Firebase

We use a service called Firebase Analytics by Google, Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google") for analysing the use of the App by non-registered and Weber-ID users for marketing purposes. Such analytics services are deactivated in the App by default and must be activated by the user thereby providing consent in the use of such services. The user can activate and deactivate the service in the settings of the App. These processes are based on the user's consent in accordance with Art 6 (1) a of the GDPR.

The service collects and transmits data about the user’s behaviour for the purposes of analysis and improvement of our marketing measures and offers. The tool captures the use of the app by monitoring the user manoeuvring through the different screens, screen time and other information on use also using the IP-address of the user.

The tool “Audiences” enables us to develop user groups on the basis of such usage data and optimise our marketing measures individually for the defined groups.

Data collected by Firebase Analytics will be transferred into the BigQuery database which is also operated by Google and is able to analyse high volumes of data in a short time.

Google acts as data processor for Weber and agreements are in place between the parties according to Art 28 GDPR. Google is Privacy-Shield enlisted.

(2) Firebase Crashlytics

We use the tool Firebase Crashlytics to analyse and identify bugs and other errors in the App. Whenever an error occurs in the App, we would like to receive technical data from the App (Installation UUID and Crash Traces), to analyse the cause of the error which enables us to further improve the App for all users.

Firebase Crashlytics will ask for your consent before any data is transferred for the above-stated purposes.

The legal basis for this is Art 6 I a) and f) as we have a legitimate interest in improving our App and eliminating any errors in the App.

(3) Instabug / Feedback

Instabug is a service which helps us understand bugs and errors in the App and offers the user a possibility to provide us with feedback on the App.

To enable us to identify a bug and/or an error and understand what exactly led to it, we require some information about the in-App situation when the bug occurred. Therefore, Instabug will track certain sets of data and some of the user’s behaviour automatically. Such data will be transferred to us only when you consent to the transfer within the app by sending us feedback.

The following data is automatically collected: screenshots and extra attachments, logs (user steps, gestures, network requests), Session profile (memory load, battery state, CPU, Connectivity).

If you want to provide us with feedback we also require your email address so we can get back to you with comments, questions or other information and will process any comments you add to your feedback report. You can edit which screenshots and attachments shall be included in the report from Instabug. Additionally, the data will automatically be transferred from Instabug into Zendesk, our internal ticket system, when a user has activated the feature or provides Weber with feedback.

The legal basis for this process is consent from the data subject according to Art 6 I a).

D. Newsletter

Your data will only be used for promotional use with your explicit prior consent. We will use your data to introduce new products and events from the barbecue sector associated with Weber-Stephen that are tailored to your interests. This includes information on current or future ranges of products (e.g., barbecues, attachments, accessories, consumables, lifestyle) as well as functions and events with participation of Weber-Stephen (e.g., Grill Academy, seminars, trade fairs, one-off functions). This includes both digital advertising via email and print media.

You can use the Double Opt-in feature to subscribe to our email newsletter. After registration we will send you an email to the specified email address asking you to confirm that you wish to receive the newsletter. This is done by clicking on a hyperlink included. If the confirmation by hyperlink is not provided within a period of 24 hours, your information will be blocked and deleted after one month. We are also entitled to keep your IP addresses, and times of registration and confirmation in order to verify your registration and to appropriately clarify any possible misuse of your personal data. The legal basis for this is Art. 6 (1) Sentence 1 lit. a) and lit. c) GDPR.

You can revoke your consent at any time by sending an email to privacy.emea@weberstephen.com or by following the instructions at the end of a promotional email.

Weber-Stephen Products LLC has access to data from the data processing procedures described in this section. The transmission of data to the United States of America is protected by standard contractual clauses ("EU model clauses").

E. Push Notifications

We use so called push-notifications in the App. These are notifications that pop up on your device with news, recipes and interesting information about Weber. The legal basis is Art 6 (1) a of the GDPR.

By default such notifications are deactivated; you can activate the notifications in the App's settings. When you activate push notifications, you thereby consent to our sending you these marketing-related notifications. You can deactivate the service at any time in the App's settings.

F. Facebook

On the basis of your consent (Art. 6 I a) GDPR) we will place a pixel of the social network Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”) on your device. This allows us to track your behaviour when you click on an advertisement in Facebook and are then redirected to our web page. The service helps to analyse and evaluate the effectiveness of Facebook advertisements in order to optimise future advertising measures. The data will remain completely anonymous to us and cannot be traced back to the respective person. However, Facebook will store and process the data and hence establish a connection between the data and the user's Facebook profile. For more information about Facebook's data processing, please visit: https://www.facebook.com/about/privacy/

Additionally, we use the data from the Facebook pixel to categorise users for targeted marketing measures on Facebook.

G. Contact Us / User service conversations

You can get in contact with our user service from the App. Please provide your name and e-mail address in order to initiate such user service conversation.

We use local partners (local Weber-Stephen entities) as Processors according to Art 4 No. 8 GDPR bound by data processing agreements according to Art 28 GDPR to process such enquiries and support users in their local language. We use the Zendesk ticket management system, a platform of Zendesk Inc, 1019 Market Street, San Francisco, CA 94103, using a data centre located in the EU, to process user enquiries by email. Zendesk is also acting as a Processor based on a Data Processing Agreement according to Art 28 GDPR. Zendesk is Privacy-Shield enlisted. No data will be transferred to third countries. Further information can be found at https://www.zendesk.com/company/customers-partners/eu-data-protection/

Depending on the content of your request, the data entered when initiating a user service conversation will be processed on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR or pursuant to Art. 6 (1) lit. b GDPR insofar as contractual performance obligations or the implementation of pre-contractual measures exist.

H. Service Providers

For the purposes and processes as described above, we use different service providers that act as our Data Processors as listed below.

Service Provider

Purpose/Process

Google Ireland Limited

Gordon House, Barrow Street, Dublin 4, Irland

Google Inc.

1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Firebase

Firebase Crashlytics Error Analysis

Big Query

Demandware/Salesforce Commerce Cloud

Salesforce Tower

415 Mission Street, 3rd Floor

San Francisco, CA 94105, USA

Cloud-based Database for customer data

Emarsys Interactive Services GmbH

Stralauer Allee 6

10245 Berlin

Deutschland

Database for newsletter data

Mize Inc.

12802 Tampa Oaks Blvd,

Suite #320

Temple Terrace, FL 33637, USA

Database for product registration

Zendesk Inc.

1019 Market Street, San Francisco, CA 94103, USA

Ticket system for enquiries

Instabug, Inc.

855 El Camino Real St.

Suite 13A-111

Palo Alto, CA. 94301, USA

Feedback and Bug reporting

June Life Inc.

649 Front Street San Francisco, CA 94111 USA

Maintenance of Connect device software and technical support

I. Retention periods

We will delete data processed by us or restrict processing in compliance with the statutory provisions, in particular in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, we will delete stored data as soon as it is no longer required for its intended purpose. Data will only be kept after no longer being of use, if this is required for other and legally permissible purposes, or if the data must be retained due to statutory retention obligations. In these cases, processing is restricted, viz. blocked and not processed for other purposes.

J. Your rights

You may assert the following gratuitous rights in regard to the data controller in accordance with legal requirements:

  • Right to withdraw your consent (Art. 7 III GDPR);
  • Right to access by the data subject (Art. 15 GDPR);
  • Right to rectification and erasure (Art. 16 and Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to object (Art. 21 GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by the data controller. The competent supervisory authority in accordance with Art. 55 GDPR is Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, mailbox@datenschutz-berlin.de.