Privacy Policy for Smart365
Controller: Enetec SpA, with its legal address in Italy, 39057 Frangarto (BZ), Pillhof 89. Enetec Spa is the provider of the technical (hardware) and IT solutions around the Smart365.
*****************
General information
The protection of your personal data is of particular concern to us. Your data are therefore processed exclusively on the basis of the EU General Data Protection Regulation No. 679/2016 (hereinafter "Regulation" or GDPR ), as well as the national legislation as amended.
In this privacy policy, we inform you about the most important aspects of processing data of the users of the app Smart365.
All terms used in this privacy policy have the meaning defined in the aforementioned legal sources.
Your data will not be transferred outside the European Economic Area ("EEA").
Four (4) types of personal data of the app user are processed:
Contact data (name, e-mail, address);
Historical app use data;
Background fine location data;
Correspondence with user.
In compliance with GDPR, the Smart365 app has been carefully designed in a way that user data are pseudonymized, meaning that the serial number of the Smart365 device is separated from the name of the user that uses such device. As a consequence, personal data collected cannot be attributed to a specific person. Only in case a user opens a technical support ticket, it may be necessary for the support staff to combine the data in order to handle the support request.
Bearing that pseudonymization data security measure in mind, above-mentioned data are collected in the following circumstances:
| What data? | In what circumstance? | For what purpose? | On what legal grounds? |
|---|---|---|---|
| Contact data (name, e-mail, address) | When the user opens a user account and associates the app to his Smart365 | To associate the app with the Smart365 | Contract |
| Contact data (name, e-mail) | When the user associates the app to his Smart365 | To inform the user about product innovations | Legitimate interest* |
| Historical app use data | Ongoing | To improve the app. | Legitimate interest** |
| Background fine location data | When the user enables the Geofencing feature. | Energy efficiency (to check if the user is within or outside the range of 500 meter from the Smart365 thermostat) | Consent of user |
| Correspondence with user | When the user contacts us | To handle a user request | Contract |
*The legitimate interest with regard to the processing purpose "To inform about product innovations" lies in the fact that such information are addressed to users that use the Smart365. Furthermore, such information are provided with an opt-out function by means of which the user can object to the receipt of future marketing information at any time with just a few clicks. Finally, there is no invasive direct advertising (approx. 6 issues per year).
**In order to stay always on the edge of technological development, it is crucial to continuously aim at improving products. Historical use data are indispensable for that purpose.
Personal data are stored for as long as it is necessary depending on the purpose of the processing:
| Purpose of processing | Type of personal data | Period | Start of period |
|---|---|---|---|
| To associate the app with the Smart365 | Contact data (name, e-mail, address) | 10 years | From deactivation / unsubscription / account termination |
| To inform the user about product innovations | Contact data (name, e-mail) | Till opt-out | Immediately |
| To improve the app. | Historical app use data | Historical use data will be preserved until the terms of service are effective. | When the terms of service are not effective anymore, data will be anonymized. |
| Energy efficiency | Yes/no information on whether the user is inside or outside the range of 500 meters from his Smart365 (through geo-localization technology) | Opt-out (till user withdraws its consent) | Immediately |
| To handle a user request | Correspondence with user | 10 years | From deactivation / unsubscription / account termination |
According to art. 26 of GDPR, the user is hereby informed that alongside Enetec SpA there may be a so-called joint-controller, who is involved in determining the purpose and means of processing of the above-mentioned user s personal data. Such joint-controller is responsible among others for first level support relating to the Smart365.
If the user is interested to have further information about the joint-controller, he can contact Enetec SpA at any time.
For data processing there are two (2) processors involved, that have been carefully scrutinized in respect of their data security measures in place.
i. External app developer
First of all, there is an external app developer entrusted with second level technical support activities.
ii. Cloud provider
Secondly, Google Inc, Google LLC, Google Ireland Limited or their successors and Amazon Web Services - AWS, or their successors, do provide cloud services.
For more detailed information the controller can be contacted at any time.
The user has the right to dispose of his data at any time within the framework of the law. In principle, the user has the rights to have complete information about the processing of his data, to have processed correct data, to ask for deletion of data, to restrict the processing of his data, data portability, revocation and objection in accordance with art. 15-22 GDPR.
In particular, the user can object to direct marketing at any time (e.g. via the opt-out function in the newsletter).
Furthermore, the user can withdraw its consent for the processing through geo-localization technology.
For any questions regarding the exercise of user rights in relation to the processing of personal data, the controller can be contacted as follows:
Controller: Enetec SpA, Italy
Pillhof 89
39057 Frangarto (BZ)
Contact: privacy@mysmart365.app
Finally, the user is hereby reminded that he has the right to appeal to the national data protection authority where he uses the Smart365.