Data protection information concerning the GRIMME Service App

The responsible person/company within the meaning of the General Data Protection Regulation is the:

GRIMME Landmaschinenfabrik GmbH & Co. KG
Hunteburger Str. 32
D-49401 Damme
E-Mail: grimme@grimme.de

Impressum: https://grimme.com/imprint

(hereinafter referred to as "GRIMME Landmaschinenfabrik GmbH & Co. KG" or "we")

If you have any questions about this data protection information or about the protection of your data by GRIMME Landmaschinenfabrik GmbH & Co. KG, you can also contact our data protection officer at any time:

Carla Holterhus

E‑Mail: datenschutz@grimme.de

We process personal data of the user that the user enters when registering and using the app, data on the device that the user has authorised for processing, and data in connection with the use of the app (All myGrimme apps:  camera, photos, FaceID, TouchID, location, phone, device-, configuration- and network operator data (such as operating system/version, country/language, network operator); All myGrimme apps:  for support enquiries, contact details and optional app function data for error analysis of the last three days; myGrimme:  Calendar; myGrimme Service: Calendar; myGrimme: telemetric data).

The provision of such data is not required by law or contract or necessary for the conclusion of a contract. The user is not obliged to provide such data. However, if such data is not provided, this may mean that the app does not work or can only be used to a limited extent.

If the app accesses functions on your end device (e.g. Camera, microphone, location or biometric sensors such as FaceID), this access takes place exclusively on the basis of your express consent in accordance with Section 25 (1) German Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz, TTDSG). This consent is actively requested in the app before the respective function is used.

3.1 Purposes of data processing

We process the data described above in accordance with the applicable data protection laws. Data processing is carried out for the following purposes:

Contract execution

We process personal data to the extent necessary to fulfil the contract with you for the use of the app (provision of the app and its functionalities).

We generally delete personal data as soon as further processing is no longer required for the purposes of contract fulfilment. Further storage or processing will only take place in accordance with the section "When will your data be deleted?".

Consent to data processing

Consent is obtained when certain functions are used for the first time (e.g. Location access, camera, analysis) are actively obtained via the app interface. You can revoke your consent at any time in the app settings. A cancellation has no effect on the legality of the processing until the cancellation. If you have given us your consent to process personal data for other purposes (e.g. to analyse usage data, see section "Analysis of usage data"), this data processing is based on this consent. Consent is always voluntary and can be freely revoked at any time. As a rule, the user can also revoke consent given in the app there; otherwise, the user can revoke consent via the e-mail address stated in the provider information. Your revocation does not affect the legality of the data processing carried out on the basis of the consent until the revocation.

Consents that are required for certain access to functions of your device (e.g. Camera, location data, telemetry or analysis functions) are required are based on Section 25 (1) TTDSG. These are to be considered separately from the consents in accordance with the GDPR and are requested separately via the app.

Further processing of this data on another legal basis, for example to fulfil legal obligations (see section "Fulfilment of legal requirements"), also remains unaffected.

Pursuit of legitimate interests

Where necessary, we process your personal data beyond the fulfilment of the contract to protect the legitimate interests of the publisher or third parties. Maintaining the functionality and security of our IT systems are such legitimate interests.

We generally delete this personal data as soon as further processing or storage is no longer necessary to safeguard the legitimate interest pursued in each case. Further storage or processing will only take place in accordance with the section "When will your data be deleted?".

Fulfilment of legal requirements

As a company, we are subject to legal obligations and requirements, such as retention obligations under commercial and tax law. We therefore also process the user's personal data insofar as this is necessary to fulfil legal obligations. We only disclose a user's personal data to regulatory and law enforcement authorities if there is a legal obligation to do so.

Legal basis

The aforementioned purposes of data processing are based on the following legal bases:

• Data processing for contract execution: Art. 6 para. 1 lit. b GDPR
• Data processing on the basis of your consent: Art. 6 para. 1 lit. a GDPR
• Data processing to protect legitimate interests: Art. 6 para. 1 lit. f GDPR
• Data processing to fulfil legal requirements: Art. 6 para. 1 lit. c GDPR

3.2 Analysis of user data

We collect and analyse usage data of the app on a pseudonymous basis with your consent in order to recognise preferences and further develop the app. This allows the app to be customised more specifically to the needs of users and thus improve the offering.

Usage data is only analysed using tools such as Google Analytics with your consent in accordance with § 25 TTDSG. Consent is given in the app before this function is used for the first time and can be revoked at any time in the app settings.

3.3 Processing of data as part of machine maintenance

The GRIMME Service App is used, among other things, to carry out and document machine maintenance on agricultural machinery. This involves the processing of customers' personal data, in particular contact details, machine location data and maintenance histories. This processing is necessary for the fulfilment of the respective maintenance order and the documentation of services performed.

Use of the app by partners and retailers

In addition to employees of GRIMME Landmaschinenfabrik GmbH & Co. KG, authorised dealers and service partners also use the app to service GRIMME machines. Personal data collected in the course of maintenance may also be processed by these partners. The partners are contractually obliged to comply with data protection regulations.

Divisibility (of labour) for machine checks

In future, machine checks created by employees or partners in the app can be shared by them within the existing user groups (GRIMME employees and authorised dealers/partners). Sharing is only possible with people who already have access to the app. The purpose of divisibility is to divide the workload when carrying out maintenance, to optimise internal processes and to ensure consistent maintenance documentation.

Digital delivery declarations

In future, delivery declarations can be recorded digitally via the app. The customer confirms to the dealer that the machine has been properly handed over. The collection and storage of this declaration serves as proof of the proper fulfilment of the contract by the retailer and as security for both contracting parties.

Processing of data as part of myGRIMME

The app is linked to the central myGrimme platform. Data collected via the app can be transferred to other GRIMME applications within the "myGrimme ecosystem" for further processing. This includes machine and maintenance data, utilisation information and customer-specific settings.

Machine history

The app makes it possible to keep a customised history of the serviced machines. This involves documenting personal data in connection with previous maintenance measures in order to improve service quality and traceability. This history can only be viewed by authorised users.

The user's personal data is passed on as part of the app by utilising the services of service providers and other third parties, in particular in the case of myGrimme apps as follows:

Google Analytics

The Google Analytics software development kit (SDK) is used to collect information about the use of the app. It covers in particular:

• Device information (e.g. model, operating system)
• Interactions within the app (e.g. which functions are used and how often)
• approximate location data (e.g. region based on the IP address)

This data is transmitted to Google servers in pseudonymised form and evaluated there in order to compile reports on app usage. Google may also combine this information with other data. The data is transferred to the USA. The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Art. 6 para. 1 lit. f GDPR. § Section 25 (1) TTDSG.

Youtube LLC

The YouTube SDK is used to display videos directly in the app. When playing a YouTube video, personal data such as:

• IP address
• Usage of data / Log files
• google or YouTube account information (if logged in) may be transmitted to Google LLC.

The use is exclusively based on your express consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG. Data transfer to the USA cannot be ruled out. Further information can be found in Google's privacy policy: https://policies.google.com/privacy

Agrirouter

The Agrirouter SDK enables the secure transmission of machine data (e.g. Maintenance data, telemetry data) between the app and agricultural devices and connected platforms. Data collected include:

• Machine data and maintenance information
• Informations concerning the location of the machines
• User-related device data (e.g. user-ID)

The processing of this data serves the contractual use of the app and is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Data will only be passed on to authorised recipients (e.g. Service partner) The data remains within the scope of the GDPR.

Apple

Apple provides various SDKs, for example for:

• Camera and location access
• TouchID/FaceID for biometric authentication
• Device information (e.g. model, iOS-version)

These SDKs enable basic functionalities of the app. Data processing takes place locally on the device, but can also be transmitted to Apple as part of Apple services. The use is exclusively based on your express consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG.

Further information on data protection at Apple can be found here: https://www.apple.com/de/legal/privacy/Inc. SDK

Azure; Microsoft Corporation

For the provision of cloud services, storage and processing of app data (e.g. Maintenance history, user accounts), the Microsoft Azure SDK is used. The following data may be processed:

• Device and connection data
• User IDs
• Utilisation protocols
• Machine and maintenance data

Data processing is carried out on the basis of Art. 6 para. 1 lit. b and f GDPR. Microsoft primarily stores data in the EU; a third country transfer (e.g. to the USA) cannot be ruled out. Microsoft offers standard contractual clauses in accordance with Art. 46 GDPR as guarantees.

Data privacy statement of Microsoft: https://privacy.microsoft.com/de-de/privacystatement

This will only take place if it is necessary for the provision and use of the app and its functionalities, to pursue the legitimate interests of the publisher or third parties or if you have previously consented to the transfer (see section "Purposes of data processing"). The service providers have been carefully selected by us and are regularly monitored, in particular with regard to the careful handling and protection of the personal data accessible to them. All service providers are obliged by us to maintain confidentiality and to comply with legal requirements. Further information can be found in the respective data protection notices.

We only store and process your personal data for as long as this is necessary for the respective purpose (see section "Purposes of data processing"). Beyond this, data will only be stored and processed if this is permitted for another purpose (see section "Purposes of data processing"), for example to fulfil legal requirements (e.g. retention obligations under tax or commercial law). In this case, we will restrict further data processing to this purpose and the legal basis for further processing.

We transmit the user's personal data to recipients in countries outside the EU/EEA as follows: USA. Despite the use of standard data protection clauses, a level of data protection comparable to that in the EU cannot be guaranteed in the USA. US authorities could access personal data without you as an EU citizen having effective legal remedies against this.

Personal data is only transferred to state institutions and authorities within the framework of mandatory legal provisions (see section "Purposes of data processing").

Protection for service providers in third countries

Suitable guarantees within the meaning of Art. 46 GDPR when using service providers, as described in the section "Who receives your data?", are standard data protection clauses approved or issued by the European Commission, binding internal data protection regulations or similar instruments. You will receive an electronic copy of the relevant extracts upon request to the data protection officer.

Data from visits to this website are NOT used for automated decision-making within the meaning of Art. 22 GDPR.

Unless otherwise stipulated in our respective data protection notices, you are neither legally nor contractually obliged to provide your data.

As a data subject affected by data processing, you have the right to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).

Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) (data processing on the basis of a balancing of interests). If you file an objection, we will only continue to process your personal data if we can demonstrate compelling legitimate grounds for doing so that outweigh your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

If you believe that the processing of your personal data violates legal requirements, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

If you have any questions regarding the processing of personal data in the app, you can contact our data protection officer, who is also available with her team in the event of requests for information, suggestions or complaints:

Carla Holterhus

E‑Mail: datenschutz@grimme.de

When you use our app, we access certain functions of your end device (e.g. Camera, microphone, location, calendar, telemetry data, FaceID/TouchID). Such access is technically realised via so-called SDKs (Software Development Kits).

This access is only permitted if you give us your express consent to do so (Section 25 (1) TTDSG). Consent is given directly via the app and is linked to the respective function call. No access-related processing takes place without your consent.

You can revoke your consent at any time via the app settings or by uninstalling the app. The data processing remains lawful until the time of cancellation.

Access that does not require consent (e.g. if it is technically absolutely necessary in order to provide the app) is carried out on the basis of Section 25 (2) TTDSG.

When you use our app, we access certain functions of your end device (e.g. Camera, microphone, location, calendar, telemetry data, FaceID/TouchID). Such access is technically realised via so-called SDKs (Software Development Kits).

This access is only permitted if you give us your express consent to do so (Section 25 (1) TTDSG). Consent is given directly via the app and is linked to the respective function call. No access-related processing takes place without your consent.

You can revoke your consent at any time via the app settings or by uninstalling the app. The data processing remains lawful until the time of cancellation.

Access that does not require consent (e.g. if it is technically absolutely necessary in order to provide the app) is carried out on the basis of Section 25 (2) TTDSG.

We reserve the right to amend this data protection notice from time to time as appropriate with effect for the future, for example to reflect changes in circumstances and technical developments. We will inform you in an appropriate manner in advance of any not merely insignificant changes with reasonable notice and draw your attention to your rights in connection with the change.

If we provide addresses and contact information of companies and organisations in this data protection notice, please note that the addresses may change over time and please check the information before contacting us.

When downloading and using the app via Google Play or the Apple App Store, the data protection provisions of the respective platform operator also apply. We have no influence on their data processing.

Version: 2025-04-01