Data Privacy Policy for VELUX ACTIVE with NETATMO

1 Purpose of document

Collecting, processing and storing data is essential to deliver the key benefits of VELUX ACTIVE, namely indoor climate control. We continuously aim to improve the VELUX ACTIVE products and services for a relevant and safe up-to-date user experience (hereinafter "the products and services").

It is fundamental to us that your personal data is protected and that you as the customer can easily understand what personal data we collect, process and store and for what purposes. We are completely open and informative about how we handle your data and we go to great lengths to keep your personal data safe. The purpose of this document is to clearly inform you about how we collect, process and store your personal data.

2 Our promise

Based on our corporate principles, as well as our commitment to comply with the European Data Protection Regulation (2016/679 of 27 April 2016), "GDPR", we promise the user the following:

  • VELUX A/S will only collect the personal data outlined in table 3. Only selected, trusted employees at VELUX A/S (hereinafter referred to as "VELUX"), NETATMO and the VELUX sales companies (the data processors) have access to your personal data and will treat it confidentially.
  • To be transparent and open about our collection, processing and use of personal data.

3 What personal data are we collecting and for what purposes?

Reference

Category

Data type

Directly/indirectly identifiable personal data

What we are using it for (processing & purpose)

Who has access?

3.1

Contact information

Location, user name and email provided by the user through account registration in the application.

Your email, location and user name are considered as information that can directly identify a user. This information is thus directly identifiable data fields.

Contact information is needed to enable you to use the products and services, send you account notifications, product and service updates, software updates and upgrades.

In case you sign up for receiving information and marketing material from VELUX (separate consent), we will use your contact information for this purpose as well.

If you agree to receive information and marketing material, your acceptance hereof and your email account will be forwarded to the VELUX sales company established in your home country. In the period, where you receive information and marketing material, the personal data will be stored at NETATMO's data centre and in VELUX.

3.2

User data

User data relates to your activity in the application, the settings in the app, and has a unique ID attached to you as a user.

When tracking movements in the app, we cannot see who is using the app. However, in the rare case of an app continuously crashing, we have the option of taking the unique ID of the user ID in the app analytics system and look for the user email in another system. User data is hence indirect personal data.

User data enables us to improve the product functionalities and services and to ensure that the product functionalities are continuously up-to-date with new technologies etc.

Examples of user data are: how frequent certain functions or buttons in the app are used to interact with the VELUX products (for example a manual "open window"), frequency of manual interventions in the algorithms and how many times the functions are executed.

VELUX & NETATMO

3.3

Product status data, information & sensor data

Information about the user's VELUX ACTIVE software version, IP address, product IDs, hardware version and installation.

Further, the sensor values measured, the number of rooms & houses and actuator movements.

Unique identifiers such as the IP address and the MAC address of your devices are considered directly identifiable personal information. Hardware version, software version and sensor values are considered as indirectly identifiable, as they, if isolated, cannot lead to anyone identifying a person.

The product information and sensor data enable the algorithms to provide you with the core services of VELUX ACTIVE to ventilate and automatically regulate your indoor climate. Further, it enables us to improve our software and hardware, and understand and respect your preferences for a better service experience.

VELUX and selected individuals within the VELUX sales companies as listed below will have access to this data for support purposes. The data is collected and stored by NETATMO & VELUX.

3.4

Service history

Service history is the accumulation of service calls or requests, visits and other online support. Further, when provided by the user in tickets, it includes name, phone number, email address and home address.

The accumulated service history is both directly and indirectly personal information. When requesting support online, you are asked to fill in personal information, for us to contact you. When filling in this information and sending it to us, you agree that we may contact you concerning the request and save your information for this purpose.

Service history enables us to provide you with service on the product. Further, it enables us to support you concerning questions on guarantee and troubleshooting. In the unlikely event of a more general problem occurring on several products, we can quickly rectify and remedy the issue.

VELUX and selected individuals within the VELUX sales companies as listed below will have access to this data for support purposes. The data is collected and stored by VELUX.

4 Erasure of personal data

We store your personal data for the entire period you use your products and services and until you disconnect the products from the server plus one year. Hereafter, we either delete your personal data or anonymise/aggregate it so that you can no longer be identified on the basis of your personal data.

In case you have signed up for VELUX information and marketing material, we store your contact information until you unsubscribe from VELUX information and marketing material.

5 Limitations

The privacy policy governs the data retrieved by VELUX through own products and services. If the user employs other smarthome control systems (for example Apple Homekit) to execute functions with VELUX products and services, these systems or kits may collect, process and share personal data, for which VELUX cannot be held responsible and/or liable. Please make sure to read the privacy policies from such third-party providers.

6 The right to be forgotten and access to personal data

The user of the products and services has the right to be forgotten, meaning that the user can request to have his or her account closed and have all direct personal data information deleted. When the direct personal data has been deleted, you will no longer be identifiable on the basis of the indirect personal data.

The user can at any point in time contact VELUX to get an overview of the personal data stored and processed on the user by VELUX and request a transcript of the personal data stored by VELUX.

Moreover, you may request your personal data to be rectified in the event of e.g. a name change. Contact us via the mobile application or at active-support@velux.com for the above-mentioned requests.

If you have given your consent to receive VELUX information and marketing material, and you no longer wish to receive it, you can always revoke your consent at the end of information and marketing emails or by contacting the above email address or follow the link in the marketing email.

In case you want to file a complaint about VELUX processing of your personal data, you may address your complaint to:

Datainspektionen

Box 8114

104 20 Stockholm, Sweden

Phone: +468 657 61 00

datainspektionen@datainspektionen.se

7 The users, homes and guests

One user of the products and services can have several homes, in which case the same privacy policy applies to all the user's homes and to the entire setup.

The user of a home can also invite up to 20 guests to operate the products and services. In case of the latter, the guest accounts are governed by the same privacy policy, and with the same data and operational setup as the host.

8 Governing legislation

The GDPR applies to personal data from which an individual is identifiable, whether directly or indirectly.

VELUX and the VELUX sales companies comply with the GDPR entering into force on 25 May 2018, and all relevant national laws in force from time to time.

9 Server

Personal information will be stored on a server located in the European Union. VELUX instructs the data processor responsible for the server to have technical and safety measures in place to keep your personal data safe.

10 Updates

It is the responsibility of the user of the product to stay updated on the privacy policy relating to the products and services. We recommend that you read the privacy policy from time to time to keep yourself updated.

11 The parties

The role of the provider(s) of the products and services is:

Data controller: VELUX A/S, Ådalsvej 99, 2970 Hørsholm, Denmark - CVR 46 91 14 15, is accountable for collecting, processing and storing your personal data.

Data processor 1: VELUX sales companies, which are owned 100 % by VELUX. VELUX sales companies in each country are responsible for the sales and services of VELUX ACTIVE products to end-users in the country where they are located. Please see the list of VELUX sales companies at the end of this privacy policy.

Data processor 2: NETATMO SAS, 93 Rue Nationale, 92100 Boulogne-Billancourt, France, Reg no. 532501848, is responsible for developing the VELUX ACTIVE products and for transferring personal data to VELUX. VELUX instructs NETATMO SAS to have technical and safety measures in place to keep your personal data safe.

See appendix 1 for VELUX affiliates.

12 Legal requirements for data sharing

We will not share personal data with any third-party company, except from the listed parties in section 11. We will under no circumstances sell your personal data.

From time to time, we use third-party IT consultants to service and maintain the products and IT systems, but such third-party IT consultants will be under confidentiality obligations and instructions from VELUX.

In certain cases, we are required by law or legal processes to share specifically required data with the relevant legislative body requesting access to the personal data. This is relevant only under strict legal requirements, such as by request of a court order, and will be treated with due care. If we must share your personal data with the above-mentioned legal entities, we will do our best to provide you with notice in advance by email or by other means, unless we are prohibited by a court order from doing so or where the request or legal process is directly related to a regulatory investigation. In the latter case, we will ensure that your disclosed personal data is treated as confidential.

13 Contact

Feel free to contact us for further details here: active-support@velux.com

14 Appendix 1 - VELUX Sales Companies

UE VELUX Roof Windows, Str. L. Bedi 31 Minsk, Belarus - Reg.no. 800013811

VELUX (CHINA) Co., Ltd., No. 21 Baihe Road Hebei Province, China - Reg. no. 131000400004111

VELUX America LLC, 104 Ben Casey Drive Fort Mill, United States of America - Reg. no. 04-2559488

VELUX Argentina S.A., Colectora Panamericana Buenos Aires, Argentina - Reg. no. 10.928, of Book 122, Volume "A"

VELUX Australia Pty. Ltd., 78 Henderson Road New South Wales, Australia - ACN 001 841 541

VELUX Belgium, Boulevard de lEurope 121 Bierges, Belgium - BE 0412.621.370 (VAT)

VELUX Bosna i Hercegovina d.o.o., Dzemala Bijedica 295 Ilidza, Bosnia and Herzegovina - Reg.no. 1-18783

VELUX Bulgaria EOOD, Pelister 6 Sofia, Bulgaria - 121745393 (REG) /BG121745393 (VAT)

VELUX Canada Inc., 2740 Sherwood Heights Dr. Oakville Ontario, Canada - 016617-1 (Co. No.)/10550434RC0001 (BN - Business No.)

VELUX Çati Pencereleri Ticaret Limited Sirketi, Girne Mah. Girne Cad.Istanbul, Turkey - 9240119663 Erenkoy (REG)

VELUX Ceská, republika, s.r.o. Sokolova 654/1d, Horní Heršpice, 619 00 Brno, Czech Republic - 00532592 (IC)/ CZ00532592 (VAT)

VELUX Chile Limitada, San Patricio 4099 Santiago, Chile - Reg. on page 6926 No. 3787, year 1983

VELUX Company Ltd., Woodside Way Fife, United Kingdom - SC070286 (REG)

VELUX Danmark A/S, Breeltevej 18 Hørsholm, Denmark - DK 46911415 (VAT)/4911415 (CVR)

VELUX Deutschland GmbH, Gazellenkamp 168 Hamburg, Germany - 10042086 (REG)/EE100272657 (VAT)

VELUX Eesti OÜ, Peterburi tee 2 A Tallinn, Estonia - DE118585357 (VAT)

VELUX France, 1 rue Paul Cézanne Morangis, France - 970200044 0083 (SIREN/SIRET)/FR05 97020044 (VAT)

VELUX Hrvatska d.o.o., Avenija Veceslava Holjevca 40 Zagreb, Croatia - 17798323753 (OIB)

VELUX Italia s.p.a., Via Strà 152 Colognola ai Colli, Italy - 03726650157 (CF - Codice Fiscale)

VELUX Japan Ltd., 1-23-14 Sendagaya Tokyo, Japan - Reg.no. 018011

VELUX Latvia SIA, Liepajas iela 34 Riga, Latvia - 40003279195 (Co. REG)/40003279195 (VAT)

VELUX Lietuva, UAB, S.Žukausko 49 - 8A Vilnius, Lithuania - 111543443 (Co. REG/Valst.reg.Nr.)

VELUX Magyarország Kft., Zsófia utca 1-3 Budapest, Hungary - 10192207208 (VAT)

VELUX Nederland B.V., Molensteijn 2 De Meern, Netherlands - 30090412 (KvK Nummer)/NL001763775B01 (VAT)

VELUX New Zealand Ltd., 62B Princes Street Auckland, New Zealand - 649329 (REG)/9429000070706 (NZBN -Business no.)

VELUX Norge AS, Gjerdrumsvei 10D Oslo, Norway - NO917170967MVA (VAT)

VELUX Polska Sp. z o.o., ul. Krakowiaków 34 Warszawa, Poland - 006228649 (REGON)/KRS 0000018788 /PL5210091891 (VAT)

VELUX Portugal, Lda., Travessa das Pedras Negras Lisboa, Portugal - 507564138 (Fiscal No.)/PT507564138 (VAT)

VELUX Romania S.R.L., Aurel Vlaicu 40 Brasov, Romania - RO9434380 (Registry of commerce/VAT)

VELUX Schweiz AG, Industriestrasse 7 Trimbach, Switzerland - CHE-105.915.054 (Handelsregister-Nr.)/CHE-105.915.054 MwSt (VAT)

VELUX Slovenija d.o.o., Ljubljanska cesta 51A Trzin, Slovenia - 5933951 (Company ID)/SI88149161 (VAT)

VELUX Slovensko, s.r.o., Galvaniho 7/A Bratislava, Slovakia - Sri 4901/B (Co. Reg. No.)/31348611 (ID No.)/SK1010191460 (VAT)

VELUX Spain, S.A., Calle Chile 8 Madrid, Spain - A82477571 (CIF)/ESA82477571 (VAT)

VELUX Srbija d.o.o., dr Ive Popovica Ðanija 3 Beograd, Serbia - Reg. no. BD 62807

VELUX Suomi Oy, Lämmittäjänkatu 6 Helsink, Finland - FI 03983401 (VAT)

VELUX Svenska AB, Karbingatan 22 Helsingborg, Sweden - SE556221330501 (VAT)

VELUX Ukraina TOV, Revutskoho 44 Kiev, Ukraine - 31662199 (REG)

VELUX Österreich GmbH, Veluxstrasse 1 Wolkersdorf, Austria - ATU19046100 (VAT)

ZAO VELUX ul., Nizhnyaya Syromyatnicheskaya 10 Moscow, Russian Federation - MPII 007.058