Data privacy information and disclaimer

§ 1 Information on the collection of personal data and service provider identification

(1) In the following, we inform you about the collection of personal data when using the GROHE ONDUS smart home app. Personal data is any data that can be referred to you personally, such as name, address, e-mail addresses, user behaviour.

(2) The service provider and responsible party for the processing of your personal data, i.e. the data controller in the sense of Article 4 n. 7 General Data Protection Regulation is GROHE AG, P.O. Box 1361, Hemer, Germany, cf. the GROHE AG imprint under www.grohe.com. The data protection officer of GROHE AG can be contacted via dataprotection@grohe.com.

§ 2 Data security

We maintain up-to-date technical measures to safeguard data security, in particular to protect your personal information from threats when transferring data and from prior knowledge gained by third parties. These measures are constantly adapted to the latest state of the art.

§ 3 Collection of personal data when using our app

(1) Downloading our app
When downloading the app the necessary information is transferred to the app store used by you, in particular user name, e-mail address and customer number of your account, the time of the download, payment information and the individual device identification number. The data controller for this data collection is your respective app store provider. GROHE will only process such information for the purpose of downloading the app to your mobile device and is not subject to further processing by GROHE.

Your login data and usage of devices, as listed below, also applies to the GROHE ONDUS Professional Dashboard (URL), which is an extension of the ONDUS app for professional businesses. The usage of the GROHE ONDUS Professional Dashboard and data collected within does not apply to you, if you are not using GROHE devices for a professional business.

(2) User account data

(a) To use the features of our app, it is necessary to create a Grohe user account. When you create an account at the first launch of the app after the installation, the data provided by you there will be stored and processed to create your account. We use the so-called double-opt-in procedure for registration, which means that your registration is not finalised until you have previously confirmed your registration by sending a confirmation e-mail for this purpose by clicking on the link contained therein. In case your confirmation is not received promptly, your application will be automatically deleted from our database within 10 days. The processing of your personal data for this purposes is necessary to perform our contract with you, the use of the app and therefore based on the legal justification of Article 6 para 1 lit b) General Data Protection Regulation.

(b) At any time, you can request us to delete the account. For this purpose, please contact us at ondus_de@grohe.com. Even when registering a Grohe user account, you will not receive any promotional e-mails from us unless having consented separately to the use of your e-mail address for advertising purposes.

(c) In order to prevent unauthorised access by third parties to your personal data, the connection is encrypted using SSL technology.

(3) Using the features of our app and the GROHE ONDUS professional Dashboard

(a) To be able to use our app, you must provide us with certain personal data that is required by us in order to provide you with the respective services. The purposes and legal basis for the relevant data processing is described below. You can also provide us with additional information, in allocated areas in the app which will be highlighted accordingly.

(b) When you contact us by e-mail or via the contact form, your e-mail as well as any other details provided by you will be processed by us in order to best answer any questions or issues you may have. This data processing is based on the interest balance justification in our favour in accordance with Article 6 para 1 lit f) General Data Protection Regulation. Our justified interest is the offering of good customer care and in contacting us, we can assume that it is in your interest that we answer your request and process your personal data.

(c) With your prior consent, we collect the following additional personal data to enable the full functionality of the devices and combine it with the personal data in my GROHE user account:

(i) When using GROHE Sense Guard and GROHE Sense Guard professional devices (as a protection system to avoid volume and time-based leakages and micro leakages and to alert the user):
- Usage information over time (water pressure, water temperature and water flow measured by the device, type, time and frequency of alarm, valve status, timestamps, home address provided by user for emergency cases)
- Technical information (device-ID and serial no., firmware version, battery status, WLAN settings, IP address, time zone related data)
- User and emergency contact details (e-mail address, phone number, first name, last name)
- Integrating/listing a GROHE Sense Guard installer from the GROHE database of water security experts in the GROHE ONDUS app. As an app user, you may also list an installer of your choosing including the full name, address, phone number and email address. These installers will only be added to the GROHE database after first asking the installer explicitly for permission.

This data will be processed in particular in the following circumstances and for the following purposes:
• The system detects a leakage (drop leakage or pipe break), sends a message to the cloud & the cloud informs you.
• You remotely shut off the system / open the system - via APP or via Dashboard.
• The Cloud algorithm detects a leakage due to a pattern and warns you.
• You not respond, or there is no acknowledge to sending signals, therefore a chain of your emergency contacts is contacted.
• The Sense Guard updates consumption data and pressure/flow/temperature and sends its state.
• You poll via the app or the dashboard if the system is still alive, the system responds with a status message.
• You can monitor, print and send the consumption and statistical data in the dashboard.
• The Sense Guard or you contact an installer to service the house via the app.
• The Sense Guard loses its connectivity to WIFI or network shuts off, but continues for several days. You are informed on this because as the cloud sends on a regular base a heartbeat signal.
• The Sense Guard detects spare battery almost empty, sends a signal to the cloud, you are informed (or battery auto ordered).
• You can remotely open the valve.
• The system detects water is freezing cold and warns you.

(ii) When using GROHE Sense and GROHE Sense prefessional devices (as a protection system for the detection of unwanted water or other liquids on surfaces and to alert the user in case of an emergency):
- Usage information over time (ambient temperature, humidity level and flooding status measured by the device, type, time zone related data and frequency of alarms, home address provided by user for emergency cases)
- Technical information (device-ID and serial no., firmware version, battery status, WLAN settings, time stamps, IP address)
- User and emergency contact details (e-mail address, telephone number, first name, last name)

This data will be processed in particular in the following circumstances and for the following purposes:
• The sensor is detecting flood / leakage and signals this by and alarm to a chain of connects in consecutive way (e.g. sms, email, call, WhatsApp).
• The device measures regularly humidity, temperature, battery life and uploads it.
• You update specific settings in the app or in the dashboard – data is stored and pushed to the device (all settings possible) – e.g. switch to vacation mode with shorter communication intervals.
• Cloud sees that the humidity is over / under threshold and warns you.
• If too high temperature is detected cloud sends you an alarm.
• Cloud detects increasing/decreasing humidity over time and sends out warning/info.
• The cloud informs you that it did not receive signal of in a certain time.
• In case you have water sensors and a waterstop, the alarm triggered could also ask you to close the waterstop.

(iii) When using GROHE Blue Home and GROHE BLUE Professional devices (as a faucet to provide you with filtered potable water with or without carbonation or as a faucet to provide you with unfiltered tap water):
- Usage information over time (carbonation preference / water temperature / flow rate to create individual settings, use statistics, time zone related data)
- Technical information (filter capacity levels, CO2 capacity, control settings, device-ID and serial no., firmware version, projected reorder times, battery status, automated run times, WLAN settings, timestamps, IP address)
- User contact details (e-mail address, telephone number)

This data will be processed in particular in the following circumstances and for the following purposes:
• The sensor is detecting flood / leakage and signals this by and alarm to a chain of connects in consecutive way (e.g. sms, email, call, WhatsApp).
• The device measures regularly humidity, temperature, battery life and uploads it.
• You update specific settings in the app or in the dashboard – data is stored and pushed to the device (all settings possible) – e.g. switch to vacation mode with shorter communication intervals.
• Cloud sees that the humidity is over / under threshold and warns you.
• If too high temperature is detected cloud sends you an alarm.
• Cloud detects increasing/decreasing humidity over time and sends out warning/info.
• The cloud informs you that it did not receive signal of in a certain time.
• In case you have water sensors and a waterstop, the alarm triggered could also ask you to close the waterstop.

(4) The legal basis for the processing of such data collected according to § 4 para. 3 (a) – (c) is your consent in accordance with Article 6 para 1 lit a) General Data Protection Regulation. You can withdraw your consent at any time with effect for the future. We will then not continue to process your relevant personal data.

(5) If and to the extent you have named third persons in your user account for notification by GROHE AG, you confirm that you have informed them and they have consented to be named and contacted by us as an emergency contact.

(6) In order to improve its products and services and to provide additional services to you, GROHE processes certain collected data (e.g. consumption data or humidity data of a specific location (e.g. the kitchen)) in an aggregated anonymized form.

§ 4 Communication for marketing purposes
With your prior consent, we will process your personal data covered by such consent (e.g. e-mail, telephone number) to provide you with market specific products from GROHE AG or an affiliated company of GROHE AG.

§ 5 Data transfer to third parties
(1) We sometimes use external service providers in particular in connection with account management, security reviews and algorithm testing to process your data. These were carefully selected by us and assigned in writing. They are bound by our instructions and are regularly checked by us. The external service providers will not pass this data on to third parties.
(2) With your consent, in case of a malfunction or damage reported by the GROHE devices used by you or reported by you directly, the GROHE support team may access your personal data for analysing and solving the malfunction or damage reported and for the purpose of contacting you.

Your contact details and required information with regard to the specific incident, and if necessary also the contact details of your emergency contact, may – to guarantee optimal support and service and to reach out to you – be transferred to the regionally competent GROHE group service company located in your country of residence (""Regional Support Entity""). In case service requests require on-site visits, your contact details may also be transferred to an external service provider serving as Regional Support Entity on behalf of GROHE.

The legal basis for this transfer is your consent in accordance with Article 6 para 1 lit a) General Data Protection Regulation. You can withdraw your consent at any time with effect for the future. We will then not continue to process your relevant personal data for this purpose.

(3) Also only with your consent, we transfer certain personal data to affiliated local companies of LIXIL GROUP (i.e. the mother company of GROHE and other companies belonging to the LIXIL Group) to send you marketing information.
(4) If you consented, we transfer transactional device data (e.g. device ID, usage information over time time zone related data, frequency of alarms, location) and data generated by Google Analytics to the Regional Support Entity for the purpose of offering you additional services, optimising the product functionality and troubleshooting in case of product malfunction or customer-driven support requests.


You may use features of third party providers through the ONDUS app. These are connected through an interface. In such a case, some or all of the following information may be transferred to these providers initially:
- House name
- Room name
- Device name
Recurring information transfers may contain the following:
- ONDUS Sense: frost alarms, flooding alarms
- ONDUS Sense Guard: frost alarms, pipe breaks, maximum water outflow, exceeding flow limit
The transfer of data to third parties will only take place after you have explicitly allowed this through the ONDUS app and have authenticated yourself on the registration page.
The legal document concerning the transger of data is Art. 6 par. 1 b) DSGVO

§ 6 Data transfer to parties outside the European Economic Area
The relevant competent GROHE service company that contacts you in case of a malfunction or damage (as set out in § 4 above) might be located in a country outside the European Economic Area. For these cases, GROHE has – where required – implemented safeguarding measures in accordance with Article 46 General Data Protection Regulation in particular standard data protection clauses to protect your personal data. You can request further information and a copy of the relevant documentation at the contact details set out in § 1 para. 3 above.

§ 7 Data retention
We will your personal data only as long as necessary for providing you with our services. We will delete all data, with the exception of your contact data for which you gave us your consent to use for marketing purposes, immediately after deletion of your account or after two years of inactivity of your account. We will delete your contact details for which you gave us your consent to use for marketing purposes within one year after deletion of your account.

§ 8 Your rights

(1) You have the right:

(a) to be provided with copies of personal information that we hold about you at any time;

(b) to ask us to update, correct or delete any out-of-date or incorrect personal information held about you;

(c) to request the restriction of our processing of your personal information;

(d) to receive the personal information that you have provided to us in a structured, commonly used and machine-readable format and to transmit that information to another service provider.

(2) You also have the right to object to our processing of your personal information in relation to the purposes set out in § 3 para. 2 on grounds relating to your particular situation, at any time. Upon receipt of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests.

(3) You may revoke your consent to the processing of your personal data for the purposes set out in § 3 para 3, § 4 and § 5 para 2 and 3 at any time with future effect.

(4) If you wish to exercise any of the above rights, please contact us at the contact details set out in § 1 para. 2, in particular, by e-mail to ondus_de@grohe.com. It would be helpful to facilitate the processing of your request, if you could indicate in your communication information on where you were in contact with us (e.g. in which country and under which circumstances). In order you protect your data, we may require you to present proof of identity to verify the eligibility of your rights execution.

(5) You can also raise complaints or concerns about our use or other processing of your personal information with the data protection authorities. Details are available at https://www.bfdi.bund.de/DE/Home/home_node.html or directly at Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Husarenstr. 30 53117 Bonn, +49 (0)228-997799-0, poststelle@bfdi.bund.de.

§ 9 Limitation of liability

(1) We bear unlimited liability
- in the case of intent or gross negligence, and
- for material damages according to provisions of the German Product Liability Act.
For loss of life, physical injury or damage to health, the legal liability limit applies according to Article 10 of the German Product Liability Act.

(2) For slight negligence of an obligation that is essential for achieving the purpose of the contract (cardinal obligation), our liability is limited to the damage which is foreseeable and typical for the type of business concerned.

(3) There is no further liability on our part.

(4) The above limitation of liability also applies to the personal liability of our general staff, representatives and bodies.

(5) Our liability is excluded for such damages which do not stem from a product fault, but which are caused by circumstances and risks outside the sphere of influence of the manufacturer, in particular if:
- there is no electrical power, e.g. because of a power cut or flat batteries;
- there is no internet connection at the place of use, e.g. because the router is defective or the router does not allow the communication intended by the technical product information;
- messages are not delivered to the user for other reasons, e.g. because of lack of functionality of the mobile telephone;
- cloud storage services provided by third parties are not available;
- the app is either not used on a mobile phone or on one which is incompatible with the app;
- the latest version of the app isn't used;
- the product is not registered in the app as intended;
- the user signs out of the app or does not respond in time to app messages;
- third parties gain unauthorised access electronically to the devices or servers (hacker attack);
- there is wilful or negligent damage to the product by the end customer or a third party;
- replacement parts other than Original GROHE have been used for repairing or maintaining the product;
- the error has been caused by transport, improper installation or a potential test operation of the product;
- installation, care, maintenance or repairs of the product have been carried out improperly, in particular not in accordance with installation instructions and technical product information; or
- there are operating errors or false handling.

§ 10 Tracking - Google Analytics
This GROHE ONDUS app uses Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies, which are text files placed on your smartphone, to help the website analyse how users use the app. The information generated by the cookie about your use of the app will be transmitted to and stored by Google on servers in the United States. If IP anonymization is activated on the app, Google will truncate/anonymise the last octet of the IP address for member states of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website provider and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings in your app. However, please note that if you do this, you may not be able to use the full functionality of the app. Furthermore, you can prevent Google's collection and use of data (cookies and IP address) by deactivating the tracking function under settings in the app menu.

Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/.

Please note that on this app, Google Analytics code is supplemented by anonymizeIp to ensure an anonymised collection of IP addresses (so called IP masking).


25/05/2018