Skip to main content
 
How It Works

EU Data Act information - Data Act (Regulation (EU) 2023/2854)

Grover Deutschland GmbH (or Grover or We), as part of the contract for the rental or purchase of new and/or used goods, may provide you products that are considered as connected products, as per the definition of Art. 2.5 of the EU Data Act, manufactured by third parties (Third-party connected products or Products).


In compliance with Article 3(2) of the EU Data Act, Grover would like to inform you about the product data of the third-party connected products and the related services associated to it, in the framework of the Rental Agreement and Purchase Agreement (Agreements) and in its capacity of Lessor or seller. This Annex is an integral part of the Agreements. Because Grover is not the manufacturer of the Products, we will refer to the information from the manufactures in a separate document, normally linked at “View Document” in the product page.



1. Product Data and related services data

Product data is any data that a connected product produces while it is being used, as long as the manufacturer built the product in a way that allows that data to be retrieved. Retrieval can happen through a digital interface, a physical connection, or directly on the device. The data can be accessed by the user, the data holder, or an authorised third party, and may also cover data the manufacturer can access when relevant. Related service data is data that arises when someone uses a service linked to a connected product. It covers data the user deliberately records and data the system automatically generates as part of delivering the service.


For example: A smart washing machine logs each wash cycle: selected program, water temperature, duration, energy use, and error codes. Those logs, as designed by the manufacturer, can be retrieved by using the App of the product. This data is product data. If you use the troubleshooting chat in the App, you can describe your issue. This written input is intentionally recorded by the App and becomes related service data.


The manufacturer has the obligation to provide information to the users, in relation to product data and related services data. Manufacturers should inform about:


what types of data the product can generate, in what format and volume, whether it produces data continuously or in real time, where that data is stored and for how long, and how the user can access, retrieve or erase it, including the technical means, terms of use and service quality. Additionally, information should be provided on: what product data the manufacturer will receive, in what volume and frequency, how the user can access or retrieve it, how that data will be stored and for how long, what related service data will be created, whether the provider will use the data itself and for what purposes, whether third parties will be allowed to use it, who the provider is and where it is established, how the provider can be contacted, how the user can request or end data sharing with third parties, the user’s right to lodge a complaint with the competent authority, whether trade secrets are contained in the data and who holds them, and the duration and termination terms of the contract.


Specific information is made available by the manufacturers, per each connected product. The information from manufacturers on product data and related services data is available link “View Document” in the product page or on the manufacturer´s website.



2. Use of the data and sharing of data to third-parties

The manufacturer discloses the details on the purposes of use of the data in their documentation. In principle, the manufacturers make use of the data for their own specific purposes, such as product development and monitoring, support, resolution of issues and other purposes that may be relevant under the contracts. In the last one, manufacturers have the right to disclose data to third parties, subject to specific conditions and provided that appropriate safeguards are implemented and by virtue of specific contractual obligations. It is a requirement for the manufacturers to inform about use and disclosure of data.



3. Access to Data

Users must receive timely, secure and free access to all non-personal data generated by a connected product, in a usable and machine-readable format, except in specific circumstances. Contractual limits are permitted only to prevent serious adverse effects, and refusals must be notified to the competent authority and subject to complaint or dispute resolution. Data holders must avoid any interface or procedural design that makes exercising these rights difficult and may collect only the minimal information needed to verify the requester and execute the access. Trade secrets can be shared only with agreed safeguards, and data holders may suspend or refuse sharing where confidentiality is not protected or where disclosure would cause demonstrable serious economic harm. The further processing by the users of the data obtain must be performed in compliance with the applicable laws.


The manufactures facilitate the access to data and related service data and other users’ rights by appropriate means.


The information from manufacturers on product data and related services data is available link “View Document” in the product page or on the manufacturer´s website.



4. Right to lodge a complaint

If you suspect a breach of the Data Act provisions, you have the right to lodge a complaint to the competent authority. The competent authority in Germany is the Bundesnetzagentur (BNetzA) or Federal Network Agency:



Tulpenfeld 4

53113 Bonn, Germany

Telephone: +49 228 14-0

Fax: +49 228 14-8872

Email: [email protected]



Additional details on complaints addressed to the manufactures shall be specified by the single manufacturer. Please visit the website of the manufacturers.



5. Personal Data

Whenever personal data is involved (any information that can directly or indirectly identify a person), your rights are granted by different applicable legislations, mainly Regulations (EU) 2016/679 (GDPR), Directive 2002/58/EC (ePrivacy Directive) and data protection laws of the EU member states. Companies processing personal data, irrespective of their role in the context of a connected product must comply with such legislations and your rights under personal data protection remain valid.