You have
the right to object, on grounds relating to your situation, to the processing
of your personal data at any time when we process your data based on our
legitimate interests. Please see sections 3 and 7.6 of this privacy policy for
further information.
iSLa mobile application privacy policy
SUMMARY
We are committed to protecting your privacy. Your
trust is important to us.
We process your personal data mainly based on your consent,
but also based on the terms of use concerning the application, to comply with
legal obligations, and based on our legitimate interests.
The data we process about you can be categorized as (i) data you
have consciously provided us, (ii) observed data of e.g., your application use,
(iii) derived data built on data we have about you, and (iv) data inferred
through probability-based analytic processes.
We use personal data to deliver and
personalize the Enervent app, to provide customer service, to
develop our products and services, and to facilitate troubleshooting,
maintenance, and reminders thereof as well as spare part purchases.
We only use your data as long as necessary to fulfil
the purposes mentioned above. If you delete the iSLa
app from your device or otherwise withdraw your consent for critical processing
of your personal data, i.e., for the purposes of delivery and operation of the
App, development of the App and our ventilation products, and for analytics
covering App usage, you as an App user and your mobile device, we will delete
your personally identifiable data without undue delay.
We want to give you control and choice over the
processing of your personal data. We have listed different means that can be
used to manage and control data processing in section 7.
CONTENTS OF THIS
PRIVACY POLICY
1. Introduction
2. Our
information as the controller of your personal data
3. Purposes
for the collection of your personal data and their legal bases
4. What
data we collect and how long do we store them
5. Sources
of personal data
6. Third
parties who receive your personal data
7. Your
rights
8. How
to contact us
Enervent Zehnder Oy (“Enervent”) is committed to
protecting the privacy and security of your personal information. This privacy
policy describes how we collect and use personal information about you when you
download and use the iSLa mobile application (“App”).
We are continuously developing the App and our
services, and therefore reserve the right to change this privacy policy by
informing you of such changes in the App. Changes may also be based on changes
in legislation. We recommend that you read this privacy policy on a regular
basis to keep track of any changes. In case the processing of your personal
data is based on your consent, we will ask for your renewed consent prior to
processing your data based on changes in our privacy policy.
You may download the App through Apple’s App Store or
Google Play. The privacy policies of these providers apply in addition to our
privacy policy. You should familiarize yourself with the terms and privacy
policies provided by device platforms. Apple terms are available here and
Google terms here.
Please note that this privacy policy is for
information purposes only and does not establish any obligation for Enervent to
provide services to you.
|
Controller’s name |
Enervent Zehnder Oy |
|
Address |
Kipinätie
1, 06150 Porvoo |
|
Telephone |
+358 207 528 800 |
|
Contact person |
Sonja Häggman, sonja.haggman@enervent.com |
|
Purpose |
Legal basis |
|
Delivery and operation of the App |
Your consent |
|
Development of the App and our ventilation products |
Your consent |
|
App usage, App user and mobile device analytics |
Your consent |
|
Ventilation equipment analytics |
Your consent |
|
Facilitation of spare part purchases and ventilation
equipment maintenance |
Your consent |
|
Ventilation equipment troubleshooting |
Your consent |
|
Ventilation equipment maintenance reminders |
Your consent |
|
Complying with our obligations in the App’s terms of
use |
Processing is necessary for the performance of the
App’s terms of use to which you are subject |
|
Crisis communication in case of product recalls or
data security breaches |
Processing is necessary for compliance with a legal
obligation to which we are subject |
|
Complying with legal obligations and responding to
legal processes or requests for information issued by government authorities
or other third parties |
Processing is necessary for compliance with a legal
obligation to which we are subject |
|
Mergers and acquisitions and asset sales where we
are involved |
Processing is necessary for the purposes of our
legitimate interests to develop and manage our business |
|
Supporting and maintaining network and system
security |
Processing is necessary for compliance with a legal
obligation to which we are subject; and |
|
Processing is necessary for the performance of the
App’s terms of use to which you are subject; and |
|
|
Processing is necessary for the purposes of the
legitimate interest pursued by the controller; such legitimate interest being
addressing data security issues |
With respect to data, we have processed based on your
consent, we will delete your personal information within undue delay upon the
withdrawal of your consent. With respect to personal data, we have processed
under other legal grounds (see above), we will only retain your data for as
long as necessary to fulfil the purposes we collected it for. To determine the
appropriate retention period for personal data, we consider the amount, nature,
and sensitivity of the personal data, the potential risk of harm from
unauthorized use or disclosure of your personal data, the purposes for which we
process your personal data and whether we can achieve those purposes through
other means, and the applicable legal requirements.
Details of standard retention periods for different
aspects of your personal information are available below. In case your right to
erasure is exercised (see section 7.3), any personally identifiable information
will be deleted without undue delay.
In some circumstances we may anonymize your personal
information so that it can no longer be associated with you, in which case we
may use such information without further notice to you.
Please note that in case of data security breaches or
other incidents involving law enforcement or other official proceedings or
investigations, we may be required to store your data until such proceedings or
investigation is completed.
|
Category of data |
Retention period |
|
|
Data provided by you |
Contact information: name, email address, address,
phone number |
Deleted within 30 days from the deletion of the App
from your device or from the withdrawal of your consent |
|
Consents |
Deleted within 30 days from the deletion of the App
from your device or from the withdrawal of your consent |
|
|
Observed data |
Equipment data: ventilation equipment’s
identification number, serial number, settings, equipment failures,
maintenance information and needs and sensor measurement data |
Ventilation equipment’s identification number and
serial number will be deleted within 30 days from the deletion of the App
from your device or from the withdrawal of your consent, thereafter other
information will not be personally identifiable |
|
Device information: the type of device you use,
operating system and its version, and the device identifiers |
Device identifiers will be deleted within 30 days from
the deletion of the App from your device or from the withdrawal of your
consent, thereafter other information will not be personally identifiable |
|
|
Log data: data that is collected in a case of an
error in the App. Such data are your device internet protocol address, device
name, operating system version, the configuration of the App, and the time
and date of your use of the App |
Device internet protocol address and device name are
deleted within 30 days from the deletion of the App from your device or from
the withdrawal of your consent, thereafter other information will not be
personally identifiable |
|
|
Mobile analytics: how often you use the App, the
events that occur within the App, aggregated usage, performance data and
where the App was downloaded |
Any personally identifiable information will be
deleted within 30 days from the deletion of the App from your device or from
the withdrawal of your consent, other data is anonymized upon deletion of
your contact information and device identifier |
|
|
Derived data |
Data that is created by us from data provided by you
and observed data, by building on such data and aggregating App user data,
such as segmenting you to a specific group of users or calculating possible
interests |
Any personally identifiable information will be
deleted within 30 days from the deletion of the App from your device or from
the withdrawal of your consent, other data is anonymized upon deletion of
your contact information and device identifier |
|
Inferred data |
Data that created by us and it is the product of
probability-based analytic processes and used to make predictions about
equipment maintenance needs |
Any personally identifiable information will be
deleted within 30 days from the deletion of the App from your device or from
the withdrawal of your consent, other data is anonymized upon deletion of
your contact information and device identifier |
We collect your contact information and consents mainly
directly from you. Equipment data is collected mainly from you via your
ventilation equipment. Please note that equipment data will only be collected
in case you have connected your ventilation equipment to the internet via your
WLAN network and provided your consent to such processing – otherwise the App
will only function locally between your mobile device and your ventilation
equipment. Log data, device data, and mobile analytics are collected from you
via your phone. Derived and inferred data are generated by us.
With your consent, equipment data may also be
collected from a professional rendering repair and maintenance services on your
ventilation equipment.
The provision of your contact information, relevant
consents, device information and mobile analytics data are required for you to
use the App. In case you do not provide us the data we require; you will not be
able to use the App. The provision of equipment data is not required but
improves the App user experience and allows us to develop our products and
services and allows a professional to offer and render ventilation system
rendering repair and maintenance services to you via remote access.
|
Our third-party service
providers |
|
Law enforcement agencies, government authorities, courts of law, or
third parties as may be required by law |
|
Advisors, potential
transactional partners or other third parties in connection with the
consideration, negotiation, or completion of a transaction in which we are
acquired by or merged with another company or we sell, liquidate, or transfer
all or a portion of our assets |
We may also
share your personal data including equipment data with authorized Enervent service and maintenance partners
in case you have given your consent for such disclosure.
We will not transfer your personal data outside the EU
or EEA.
You have the right to receive a confirmation from us
as to whether we process your personal data. When we do process such data, you
have the right to gain access to your personal data and the following
information (which are provided in this privacy policy):
|
the purposes of processing; |
|
the categories of personal data concerned; |
|
the recipients or
categories of recipients to whom personal data have been or will be
disclosed; |
|
where possible, the envisaged period for which personal data will be
stored or, if not possible the criteria used to determine that period; |
|
the existence of your right
to request the rectification or erasure of personal data or restriction of
processing of personal data concerning you, or to object such processing; |
|
the right to lodge a complaint with a supervisory authority; |
|
where personal data is not
collected from you, any available information as to their source; and |
|
the existence of automated decision-making. |
You have the right to receive a copy of the personal
data undergoing processing if giving such copy does not adversely affect the
rights and freedoms of others. For any further copies requested by you, we may
charge a reasonable fee based on administrative costs.
It is important that the personal information we hold
about you is accurate and current. Please keep us informed if your contact
information changes.
You have the right to have your inaccurate personal
data rectified by us without undue delay. You also have the right to have
incomplete personal data completed.
We will communicate any rectification of your personal
data to each recipient to whom we have disclosed your personal information
unless this proves impossible or involves disproportionate effort. We will
inform you about those recipients upon your request.
You have the right to have your personal data erased
by us without undue delay where one of the following grounds applies:
|
the personal data is no
longer necessary in relation to the purposes for which they were collected or
otherwise processed; |
|
you withdraw your consent on which the processing is based and there
is no other legal ground for the processing; |
|
you object to the
processing and there are no overriding legitimate grounds for the processing; |
|
your personal data has been unlawfully processed; or |
|
the personal data has to be
erased for compliance with a legal obligation to which we are subject. |
Please note that the General Data
Protection Regulation 679/2016 (“GDPR”) recognizes
situations where processing may be necessary regardless of the applicability of
the abovementioned grounds. We will always inform you separately of such
circumstances and our grounds for processing.
We will communicate any erasure of your personal data
to each recipient to whom we have disclosed your personal information unless
this proves impossible or involves disproportionate effort. We will inform you
about those recipients upon your request.
You have the right to restrict the processing of your
data in the following situations:
|
you contest the accuracy of
the personal data we process and as a result processing is restricted while
the accuracy is verified; |
|
the processing is unlawful, but you oppose to the erasure of the
personal data and instead request us to restrict their use; |
|
we no longer need the
personal data for the purposes of the processing presented in this document,
but the data is required by you for the establishment, exercise, or defence
of legal claims; or |
|
you have objected to processing on grounds relating to your particular
situation and such processing is legally based on our legitimate interests as
presented in this document, and as a result processing is restricted while it
is verified whether our legitimate grounds override those of yours. |
If your processing has been restricted, we will inform
you before the restriction is lifted.
We will communicate any restriction of processing to
each recipient to whom we have disclosed your personal information unless this
proves impossible or involves disproportionate effort. We will inform you about
those recipients upon your request.
You have the right to receive your personal data that
you have provided to us, in a structured, commonly used, and machine-readable
format, and you have the right to transmit such data to another controller,
when:
|
we process your personal
data based on your consent; or |
|
we process your personal data because it is necessary for the
performance of a contract to which you are a party; and |
|
we process such personal
data by automated means; and |
|
this right does not adversely affect the rights and freedoms of
others. |
In the above situation, you also have the right to
have your personal data transmitted directly from us to another controller,
where that is technically feasible.
Please note that this right does not apply to derived
or inferred data.
You have the right to object to processing of your personal
data at any time on grounds relating to your situation, if we process your
personal data based on our legitimate interests as presented in this document.
After such objection, we will no longer process your personal data unless we
demonstrate compelling legitimate grounds for the processing and these grounds
override your interests, rights, and freedoms, or unless we need them for the
establishment, exercise or defense of legal claims.
You have the right, at any time, to refuse the storing
of information or accessing to information stored on your mobile device where
you have downloaded the App.
When we process your personal data based on your
consent, you have the right to withdraw such consent at any time either by choosing
different settings in the App, by deleting the App, or via email at
sonja.haggman@enervent.com. Once you have withdrawn your consent, we will no
longer process your information for the purpose or purposes you originally
agreed to and will delete such data, unless otherwise required by law.
In case you find that we do not comply with the GDPR,
you have the right to lodge a complaint with a supervisory authority in the EU
Member State of your habitual residence, place of work or of an alleged
infringement of the GDPR. Please note that the Finnish supervisory authority is
the Data Protection Office.
We are happy to assist you in case you have any
questions or concerns over the processing of your personal data or the exercise
of your rights. For us to provide you with sufficient information and pragmatic
advice, we ask you to send your requests, questions, or comments in writing to
the contact person indicated above in section 2.
We may need to request specific information from you
or ask you to visit our premises to help us confirm your identity. This is a
security measure to ensure that personal information is not disclosed to any
person who has no right to receive it.