Data
controller of your personal data are companies:
· ConnectLife,
data technologies, LLC Partizanska cesta 12, 3320 Velenje,
Slovenia, acting
as core data controller of companies producing and/or trading appliances of the
brands within companies of Hisense Europe Group (Hisense, Toshiba, Gorenje,
Sharp, Kelon, Hitachi, Asko and Ronshen, ATAG, Pelgrim, Etna, Körting, Mora,
Upo).
· Hisense
Gorenje Europe d.o.o., Hrvaška 4, 1000 Ljubljana, Slovenia
(Both data
controller hereinafter: Company)
We treat
your personal data seriously and responsibly with respect of the provisions of
the General Data Protection Regulation (GDPR) and other applicable regulations
in the field of personal data protection. Besides respecting the GDPR and in
relation to individuals from certain jurisdictions (California, Canada, Mexico,
Russian Federation) this Data Protection Policy respects also other possible relevant
legislation. This document contains information on data processing activities
we undertake related to personal data of users of our products, our customers,
potential customers, and/or website users.
In addition
to the subject data protection policy:
· we
adopted an internal procedure regarding the protection of personal data, in
which the obligations of the Company and employees regarding the protection of
personal data are determined.
· we
adopted the Cookie Policy, which regulates the protection of
personal data of users of our products, our customers, potential customers, and/or
website users.
· we
have created a dedicated e-mail box where you can contact us regarding all
questions about your personal data.
· we
regularly educate employees about the handling of personal data.
· we
regularly check personal data handling systems and propose improvements.
1. Who processes your personal data?
The
controllers of your personal data are:
Company: ConnectLife, data technologies, LLC
Address: Partizanska cesta 12, 3320 Velenje,
Slovenia
e-mail: privacy@connectlife.io
Company: Hisense Gorenje Europe d.o.o.
Address: Hrvaška 4, 1000 Ljubljana,
Slovenia
e-mail: privacy@connectlife.io
A company
ConnectLife, data technologies, LLC Partizanska cesta 12, 3320 Velenje,
Slovenia, (hereinafter: Company), is acting as core data controller of companies
producing and/or trading appliances of the brands within companies of Hisense
Europe Group (Hisense, Toshiba, Gorenje, Sharp, Kelon, Hitachi, Asko and
Ronshen, ATAG, Pelgrim, Etna, Körting, Mora, Upo).
A company
Hisense Gorenje Europe d.o.o. is a company that offers support services to
other Hisense Europe group companies regarding the sale of branded products produced
by Hisense Europe group companies.
Other
companies within Hisense Europe Group may be processors of your personal data. As
such the companies of Hisense Europe Group and distributors are collecting and
in other way processing your personal data (based on agreement, legitimate
interest or your consent) and their means of data processing (e.g. websites,
CRM programs, online tools, etc) are for the purpose of this policy stated as
our means. The list of other companies of Hisense
Europe Group, distributors and their processors is available here: LINK
2. Method of obtaining data
We obtain
your personal data based on using our websites or applications, through cookies
and other online tools, by filling out forms on our website or in physical
form, through telephone and electronic communication, through other written
communication and/or through social networks.
3. Which of your personal data do
we process and for what purpose?
In this section,
we explain which data we process and for what purpose, depending on the
individual activity:
3.1. Purchase
on the Company's website or collection of the products ordered online
In order to
purchase products via the Company's website or to collect products ordered
online, we must collect and process some of your personal data (e.g. delivery
address), as this is the only way we will be able to process your order and
identify the purchased products in the event of a warranty claim.
To enable a
purchase on the Company's website or collection of products ordered online, we
will process the following data:
- name and surname,
- invoicing address and delivery
address (if the delivery option is selected),
- e-mail address,
- phone number,
- order number,
- order value,
- method of payment,
- bank account number and/or credit
card number,
- details of products ordered,
- date of purchase.
The
purpose and basis of the processing of the above data is to ensure the possibility of delivery or
acceptance of the order, payment of the order, information about the status of
your order and issuing an invoice for the completed purchase. By placing an
order, you have made a purchase, which legally means that you have entered a
sales contract, and to fulfil our part of the obligations arising from the
sales contract, we must process your personal data (contractual processing),
and at the same time, we are obliged by law to issue an invoice for the
completed purchase (legal processing).
Processing
period: Data sent
to the delivery service is stored for 1 year from the date of delivery of your
order. Data related to the purchase itself is stored as long as you can
exercise certain rights in connection with your purchase according to the
competent law (period set forth in the law in which it is possible to lodge the
claim with a competent court). In accordance with tax and accounting
regulations, data for issuing invoices are kept for the period according to
local legislation.
What happens if you do not provide personal
data? In the case of online shopping or collecting
the products ordered online, we cannot carry out your purchase or collection of
the products without obtaining above listed personal data. Still, you can buy
and collect the products directly in our physical store or in the stores of
contractual partners that enable the latter.
3.2. Customer
support in troubleshooting and warranty claims
In order to
provide customer support for troubleshooting and warranty claims, we need to
collect and process some of your personal data, as this is the only way we can
meet our legal obligations in this regard.
In order to
provide customer support for troubleshooting and warranty claims, we will
process the following data:
- name and surname,
- e-mail address,
- phone number,
- order number,
- details of purchased products,
- date of purchase,
- address,
- language of communication,
- in the case of a call to the call
centre, a recording of the telephone call.
The
purpose and basisof processing the above data is compliance with the legal provisions regarding
the seller's warranty for the purchased products (legal processing) and the
fulfilment of the purchase agreement regarding the purchased products
(contractual processing).
Processing
period: Data is
kept for the duration of the possibility of asserting claims from the contract
and from the warranty according to the competent law (period set forth in the
law in which it is possible to lodge the claim with a competent court). Phone
call recordings are kept for the period according to local legislation.
What
happens if you do not provide personal data? Non-providing the above listed personal data
may affect provision and quality of customer support regarding the use of our
products, or the way of resolving warranty claims. However, depending on the channel
and reason of communication we may not need all above listed data.
3.3. Notification
related to products back in stock
In the
event when certain product is out of stock individual can insert his or her
email in order to be notified when the product is back in stock.
In order to
notify individual about the availability of the product we will process the
following data:
The
purpose and basis of the processing of your personal data is to notify you about the availability
of the product. The processing of personal data is
carried out only based on your consent.
Processing
period: Until the consent is revoked where you can withdraw your
consent at any time. The data will cease to be stored within 1 month of
receiving the revocation of the consent or within 1 month after the
notification about the availability of the product is sent to the individual,
where in those time period you may still be recipient of our communication.
What happens if you do not provide personal
data? In case of non-providing your e-mail
address we cannot notify you about product back in stock, however for the same
purpose you may check our website regularly.
3.4. User
account on the Company's website or Connectlife mobile app
Any
individual can create a user account on the website that is intended to monitor
the progress of the order, view the purchase history or give an opinion about
the product. Within the settings of the user account, it is also possible to
express the will to receive marketing messages or to cancel receiving them. Same
access data as for user account on a website can be used for a user account
within Connectlife mobile app.
In order to
create a user account, we will process the following data:
- e-mail address
- name and surname,
- phone number,
- address,
- language of communication,
- password,
- food preferences,
- service ticket and service history,
- social network account label (in
case of establishing user account with social media account),
- gmail address and data acquired by
gmail (in case of establishing user account with gmail).
The
purpose and basis of the processing of your personal data is to ensure access to your account and
user authentication. With the request to create a user account, a contractual
relationship has been established, and in order to fulfil our part of the
contractual obligations, we will process your personal data (contractual
processing). Some of the personal data (food preferences) are processed based
on your consent and are processed in order to notify you about our proposal for
a meal. Some of the personal data (service ticket and service history) are
processed in order to fulfil the purchase agreement regarding the purchased
products (contractual processing).
Processing
period: We keep
your personal data until you delete your account or up to 3 years after the
last login to the account. Data processed based on the contract are kept for
the duration of the possibility of asserting claims from the contract according
to the competent law (period set forth in the law in which it is possible to
lodge the claim with a competent court). Personal data that are processed based
on your consent are kept until the consent is revoked and you can withdraw your
consent at any time. Those data will cease to be stored within 1 month of
receiving the revocation of the consent, where in that time period you may
still be recipient of our communication.
What
happens if you do not provide personal data? It is not possible to create a user account
without the above determined personal data. Still, you are not obliged to
create a user account (i.e. to provide personal data for such a purpose) to
purchase or use our products.
3.5. Registration
of the product at our website and Connectlife mobile app
Any
individual that bought any of our product can register the product at our
website or through Connectlife mobile app within his or her user account. Based
on registration the individual acquires simplified access to the instructions
for use, our proposals for using the product, information related to warranty
and additionally extended period of warranty and notifications about updates
related to Connectlife appliances.
In order to
perform registration of the product, we will (besides the data stated in point
3.4.) process the following data:
- product number,
- serial number of the product,
- date of purchase,
- copy of the purchase invoice.
The purpose
and basis of the
processing of your personal data is to grant access to the instructions for
use, our proposals for using the product and information related to warranty.
The processing of personal data is carried out only based on your consent.
Processing
period: Until the
consent is revoked where you can withdraw your consent at any time. The data
will cease to be stored within 1 month of receiving the revocation of the
consent or within 1 month after deletion of the registration of the product, where
in those time period you may still be recipient of our communication.
What happens if you do not provide personal
data? Without above stated data you cannot
register the product at our website or Connectlife mobile app. However, each
product has at the time of the purchase attached instructions for use and
information related to warranty.
3.6. Providing
opinions, evaluations and comments on the website
In order to
enable the possibility of providing opinions, ratings and comments on the website,
we must collect and process some of your personal data, as we want to share the
experiences of actual customers and users with potential customers and users. We
may share experiences of actual customers and users of certain product or
service from one market also with potential customers and users in other
market.
In order to
provide opinions, ratings and comments, we will process the following data:
- name or chosen name,
- e-mail address,
- details of purchased products,
- copy of the purchase invoice.
The
purpose and basisof the processing of your personal data is to ensure that the opinion,
evaluation and comment of the individual product was given by the person who
actually purchased or uses the individual product. The processing of personal
data is carried out only based on your consent.
Processing
period: Your
personal data will be automatically deleted after 5 years after publishing the
opinion, ratings and comments. Your opinions, ratings and comments are visible
on the website for 5 years after publishing on the website. However, your
opinions, ratings and comments will be deleted earlier in case of withdrawal of
your consent to such data processing, where in those cases the data will cease
to be stored within 1 month of receiving the revocation of the consent.
What
happens if you do not provide personal data? You may provide opinions, ratings and comments
on the website also anonymously (without providing your personal data).
However, without your personal data we may not ensure that opinions, ratings
and comments are given only from actual purchasers and users.
3.7. Marketing
and related services
For the
purpose of marketing activities, providing information about our products, receiving
feedback on purchased products and to encourage you to register the product
within user account, we need your express consent and without the latter we
will not contact you for the purpose above. You can always revoke your given
consent in your user account settings, by unsubscribing from receiving messages,
by changing cookie settings, or by sending us a request to privacy@connectlife.io.
For the
purpose of marketing and related services, we process the following data:
- name and surname,
- e-mail address,
- phone number,
- location data of the user obtained
from the user's mobile device,
- the individual's interests regarding
viewing products on websites,
- contact information via instant
messaging applications,
- purchase history,
- postal code,
- data related to delivery, opening,
clicking and unsubscriptions of our messages,
- sentiment analytics of user product
reviews.
The
purpose and basisof the processing of your personal data is to enable the sending of marketing
messages or to present a customized offer based on your interests or to improve
your user’s experience. The processing of personal data is carried out only based
on your consent.
Processing
period: Until the consent is revoked where you can withdraw your
consent at any time. The data will cease to be stored within 1 month of
receiving the revocation of the consent where in those time period you may
still be recipient of our communication.
What
happens if you do not provide personal data? You are not obliged to provide your personal
data for marketing purposes (providing consent for personal data processing for
these purposes is voluntarily). Still, in such a case we will not be able to notify
you about our marketing activities, our products and create personalized offers
for you.
3.8. Information
about your activities on our website
For the
purpose of improving the functioning of the website, statistical reviews and
customized offers, we also monitor your activities on our website, whereby this
data is in pseudonymized form.
For the
purpose of monitoring the activity on our website, we process the following
data:
- user account designation,
- purchase history,
- IP address of the device,
- device operating system,
- used browser,
- web address (URL address) of the
initial page that you use to access to our website.
The
purpose and basis of the processing is to improve the functioning of the website, statistical
reviews, and personalized offers, which is our legitimate interest, whereby the
processing for the purpose of personalized offers is based on your consent. You
can always revoke your given consent in your user account settings, by changing
cookie settings or by sending us a request to privacy@connectlife.io .
Processing
period: Your personal data will be automatically deleted after 1
year from each visit of our website. However, your data will cease to be
processed in case your consent is revoked where you can withdraw your consent
at any time. The data will cease to be stored within 1 month of receiving the
revocation of the consent.
What
happens if you do not provide personal data? In case of non-providing above stated data we cannot
track your activity on our website and consequently improve functionality of
our website and prepare personalized offer for you.
3.9. Processing
of personal data via social networks, instant messaging applications and chat rooms
The company
may have established profiles on social networks (e.g. LinkedIn, Instagram,
Facebook, TikTok, Twitter, etc.) or may
use instant messaging applications (e.g. WhatsApp, FB Messenger, Viber, etc.)
for communication. Social networks and instant messaging applications allow us
to promote our products and services or provide customer support. When doing
the latter, we can also select categories of individuals on the social network
to which we want our ad to refer. As such, the Company may be responsible for
the protection of personal data that users share with the Company through the
aforementioned media, and at the same time, the provider of the individual
media is also responsible for the data processing it performs on such media, so
users are advised to familiarize themselves with the privacy policy of the
individual media.
In the case
of visiting the Company's profile on an individual
social network or establishing communication via instant messaging
applications, we can process the following data:
- if you like, share a post, mark the
Company's profile or comment, we receive access to your public profile and the
content of your post,
- if you send us a private message on
a social network or through an instant messaging application, we obtain
information about your public profile, or your contact information and
information about the content of the sent message.
When
communicating via social networks, instant messaging applications and chat
rooms, we will process the following data about you:
- the public profile of the individual
on the social network and the content of the publication,
- contact information of the
individual in the instant messaging application,
- other data that you will provide to
us during the communication.
The
purpose and basisof the processing of your personal data is the promotion of the Company's
products and the establishment of communication with users of social networks
or instant messaging applications. We may contact you only based on your
consent, but we can respond to your inquiry based on our legitimate interest,
which is satisfying the needs of customers by providing information related to
our products.
Processing
period: Your
personal data kept by us will be automatically deleted after 1 year since the
communication occurred or earlier in case of withdrawing your consent. In case
of withdrawing the consent, the data will cease to be stored within 1 month of
receiving the revocation of the consent where in those time period we may still
process your personal data.
What
happens if you do not provide personal data? Without providing your personal data you cannot
communicate with us through the aforementioned media, and we cannot respond to
your inquiries.
3.10. Use
of products through the Connectlife applications
In order to
enable all the functions of smart devices to users, to understand the needs of
users and to determine the efficiency and usage of the device, we collect and
process some of your personal data and data about the operation of each device.
As part of the above, user registration and the conclusion of a license
agreement are foreseen.
For user
registration and the conclusion of the license agreement, we will process the
following personal data:
- title
(mr, mrs),
- name and surname,
- language of communication,
- address,
- phone number,
- e-mail address,
- food
preferences,
- types of food and drink and storage in
the device (e.g.,
fridge, wine cellar),
- data on pairing the device with our
cloud.
In order to
connect the appliance to the cloud via local WIFI users have to insert also
data about Service Set IDentifier (SSID) and a password. However, those data
are used only for pairing the appliance with Wi-Fi module and are not
collected, stored or in any other way processed by us.
During the
use of the smart device, we will use the following diagnostic data regarding
the operation of the device:
- device’s data (brand, model, serial
number),
- installation date of the device,
- operation of the device (operating
time, breakdowns, scheduled maintenance),
- data detected by the device's
sensors and which are important for the operation of the device (e.g. data
regarding technical performance, data related to possible error messages,
temperature, humidity, air quality, etc.),
- user behaviour analytics,
- device booking,
- resource consumption.
The
purpose and basis of the processing of your personal data is to ensure the possibility of using all
the functions of smart devices. By the request for user registration and the
conclusion of the license agreement the contractual relationship is established
and in order to fulfil our part of the contractual obligations, we must process
your personal data (contractual processing).
Processing
period: Data
related to user registration and the conclusion of the license agreement are
stored as long as you can exercise certain rights in connection with our
contractual obligations (period set forth in the law in which it is possible to
lodge the claim with a competent court after the expiry of the license
agreement).
What
happens if you do not provide personal data? It is not possible to register a user of the
Connectlife application and conclude a license agreement without above stated personal
data.
3.11. Cookies
and other online tools
If you
visit our web page, we may store cookies on your device. For
more information on cookies used on our webpage, please see the Cookie Policy.
In addition to cookies, we also use other online tools
from the following providers:
Google, namely:
- Google
Marketing Platform for the purpose of obtaining data related to website traffic
(e.g. number of visitors, pages visited by visitors, time spent by visitors on
the website);
- Google
Maps for the purpose of using the mapping service Google Maps via API in order
to facilitate the location of places specified by the individual on the
website;
- Google Tag
Manager for the purpose of managing website tags through the user interface and
integration of program codes on our websites;
- Google Ads
for the purpose of placing advertisements, remarketing and tracking
conversions;
- Google
Optimize for the purpose of A/B testing and website testing;
- Site Kit
for the purpose of improving and monetizing our content on the web page;
- Youtube
for the purpose of establishing a connection with YouTube servers, where the
use of plugins from YouTube is required;
- Google
Analytics for the purpose of collecting data from websites and apps to create
reports that provide business insights;
- Google
Search Console in order to show the performance of websites on Google Search
and how Google sees our website
- Looker
Studio for the purpose of turning data into informative, easy to read, easy to
share, and fully customizable dashboards and reports.
The listed online tools are operated by Google Inc.
based in the USA, whereby certain information about an
individual's use of the website may also be transferred to a server in the USA,
so we suggest that you also familiarize with their privacy policy, which is
available here: LINK. If you
are a Google Account holder and have consented to the customization of ads, we
may also obtain reports on the effectiveness of our advertising measures
(including cross-device reports), demographic information and interests of
individuals, as well as cross-device online advertising functions.
Meta, namely:
- Meta business suite as a social
media management tool for Facebook and Instagram for the purpose of creating
and scheduling content to responding to engagement to analyzing insights
- Meta pixel for the purpose of
placing advertisements, remarketing and tracking conversions.
The listed online tools are operated by Facebook Ireland Limited, with
registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02
X525, Ireland; whereby certain information about an individual's use of the
website may also be transferred to a server in the USA, so we suggest that you
also familiarize with their privacy policy, which is available here: LINK. If you are a
Facebook or Instagram account holder and have consented to the customization of
ads, we may also obtain reports on the effectiveness of our advertising
measures (including cross-device reports), demographic information and
interests of individuals, as well as cross-device online advertising functions.
3.12. Remarketing,
tracking and similar technologies
We and our
third-party service providers use cookies to inform, optimize and serve ads
based on your past visits to our web page or our mobile apps in order to
advertise on third-party websites to you. For this purpose we use:
- Google Ads,
provided by Google and you can opt-out of this by visiting the Google Ads
Settings page: https://adssettings.google.com/authenticated, and
- Facebook Retargeting,
provided by Meta and you can opt-out this by visiting the Facebook site where
you have to log in and go to Settings > Ads > Ad Settings. On
the app, go to Setting & Privacy > Settings > Ad > Ad
Preferences > Ad Settings. Then choose the Not Allowed
To see how our
web page and mobile app is performing we use conversion beacons, tags, scripts
and pixels, that perform a short line of code to tell us when you have clicked
on a particular button or reached a particular page. The use of these
technologies allows us to record that a particular device, browser, or
application has visited a particular webpage.
If you enable location-based services on your computer or mobile device in
connection with your use of the web page or mobile app, you expressly consent
to us collecting the geolocation (which may include specific longitude and latitude)
of your device. This information will be used as set forth in this Data
Protection Policy, including to provide specific advertising content or
messages based on your location.
We and our
third-party service providers may use the information that we collect about you
(information from our web page or mobile app, through your device(s), or from a
third party) to help us and our third-party service providers identify other
devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We,
and our third-party service providers also may use the cross-device use and
other information we learn about you to serve targeted advertising on your
devices and to send you emails. These third-party cookies and other
technologies are governed by each third party’s specific privacy policy, not
this one.
4. Collection of children’s personal data
We are
committed to protect the personal data of children and recognize that parents
or legal guardians may use our services or purchase our products for family
use, including by minors. As such, our services and products are not intended
for use by individuals under the local adult legal age minimum, and we will not
knowingly collect personal data from individuals under such age for any
purpose, nor will we accept registration from such individuals. In some cases,
particularly where information is collected electronically, we may not be able
to determine whether information was collected from children under local legal
age, and we treat such information as though it were provided by an adult. If
we learn that a child under the local legal age has provided any personal data,
we will use commercially reasonable efforts to delete such information
immediately.
5. Who processes your personal
data and with whom do we share it?
Your data
are processed either within internal software programs (e.g. SAG and Hisense
CRM) or with use of tools provided by external providers.
Other
related entities of Hisense Group Holdings Co., Ltd may have access to your
personal data, as individual companies are sellers or manufacturers of the
product you purchased, and individual companies provide adequate support for
the Company's operations. Related entities of Hisense Group Holdings Co., Ltd
seated outside of EU/EEA appointed company VERDATA Datenschutz GmbH &
Co. KG, Roemerstr. 12, D – 40476 Duesseldorf, Germany as their
representative according to Article 27 of GDPR.
The Company
may also transfer personal data to external contractors (mainly for the purpose
of ensuring payments, transportation and other matters related to your order
etc.). In such a case the Company undertakes to enter into an agreement with
the external contractors that ensures adequate security of your personal data,
and the external contractors can process your data only for the purpose for
which they were obtained.
Your
personal data may also be the subject of transfer to external contractors in
third countries. In this case the Company will ensure adequate safeguards if
the external contractors are seated or provide services relevant to the
protection of personal data in a third country that does not offer the same
level of data protection as GDPR and undertake other obligations set forth by
the GDPR regarding such kind of transfer.
In particular, we may transfer your personal data to other companies in the Hisense
group and our distributors that sell our products
and services at certain markets or provide other services in relation to
business support, complaints of ordered goods or customer support. List of our
companies in certain countries and their processors is listed in the Appendix: LINK
We may
transfer your personal data based on your consent according to this data
protection policy to advertising and social networks, in particular to:
- Google Ireland Limited (registered
number: 368047), with registered office at Gordon House, Barrow Street, Dublin
4, Ireland; the company's privacy policy is available here: LINK
- Facebook Ireland Limited, with
registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02
X525, Ireland; the company's privacy policy is available here: LINK
- Pinterest, Inc., with registered
office at 505 Brannan Street San Francisco, CA 94107 United States, the
company's privacy policy is available here: LINK
- LinkedIn as a tool provided by
Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA,
LinkedIn's privacy policy is available here: LINK
To process
personal data, we also use the services of other processors who process
personal data in accordance with our instructions and for the purposes for
which the data is collected. Such processors include:
- cloud computing service providers
and other technology support providers such as
o Microsoft
Azure, provided by Microsoft Corporation, One Microsoft
Way, Redmond, Washington 98052, USA, the company's privacy policy is available
here: LINK
o SAP
Hybris provided by SAP America, Inc., 3999 West Chester Pike, Newtown Square,
PA 19073, USA, the company's privacy policy is available here: LINK
o Salesforce Marketing Cloud and
Salesforce Service Cloud provided by Salesforce, Inc. Salesforce Tower, 415
Mission Street, 3rd Floor, San Francisco, CA 94105, United States, the company's privacy policy is available here: LINK
o Cloudera provided by Cloudera, Inc., 5470 Great America
Parkway, Santa Clara, CA 95054, USA, the company's privacy policy is available here:LINK
o Tuya
IoT platform provided by Tuya Global Inc., 3979 Freedom Circle, Suite 340,
Santa Clara, CA 95054, the company's privacy policy is available here: LINK
o DigitalOcean, 101 6th Ave New
York, NY 10013, the company's privacy policy is available here: LINK
o Cloudflare France SAS, 6 place
de la Madeleine, 75008 Paris, the company's privacy policy is available here: LINK
o Amazon Web Services, Inc., 410 Terry Avenue North
Seattle, WA 98109 United States, the company's privacy policy is available
here: LINK
- marketing tools providers that help
us optimize the web and personalize content and offers for you, such as:
o Salesforce,
Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105,
United States, the company's privacy policy is available here: LINK
o SAP
SE, Dietmar-Hopp-Allee 16, 69190 Walldorf/Germany, the company's privacy policy
is available here: LINK
o Sprinklr,
Inc. 29 West 35th Street, New York, NY 10001, USA, the company's privacy policy
is available here: LINK
o Freshworks
Technologies B.V. Stationsplein 32, 3511 ED Utrecht, the company's privacy
policy is available here: LINK
o "eXpoint"
SIA, rīvības street 76-34, Riga, LV-1001, the company's privacy policy is
available here: LINK
o Mailchimp
as a tool provided by Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043,
the company's privacy policy is available here: LINK
o Loadbee GmbH, Karlsruher Strasse 3,
70771 Leinfelden-Echterdingen, Germany, the company's privacy policy is
available here: LINK
o Flixmedia Limited, 14 – 16 Well
Court, Farringdon Lane, London, EC1R 3AU, UK, the company's privacy policy is
available here: LINK
o ChannelAdvisor
Corporation, 3025 Carrington Mill Blvd., Suite 500 Morrisville, NC 27560, the
company's privacy policy is available here: LINK
o Simply4net
Sp. z o.o., ul. Królowej Jadwigi 43, 61-871 Poznań, the company's privacy
policy is available here: LINK
o 24TTL
B.V., Amsterdam, Noord-Holland, The Netherlands, the company's privacy policy
is available here: LINK
o eStoreMedia
sp. z o.o., Aleja Komisji Edukacji Narodowej 18, 02-722 Warszawa, Poland, the
company's privacy policy is available here: LINK
o SiteOne
Landscape Supply, Inc, 300 Colonial Center Parkway Suite 600 Roswell, GA 30076
United States, the company's privacy policy is available here: LINK
o Campaign
Monitor Holdings Pty Ltd, 5 STAPLETON AVE SUTHERLAND NSW C3 2232, the company's
privacy policy is available here: LINK
o Splunk
Inc., 270 BRANNAN STREET SAN FRANCISCO CA 94107, the company's privacy policy
is available here: LINK
o Twilio
Inc., 101 Spear Street, Ste 500, San Francisco, CA 94105, the company's privacy
policy is available here: LINK
- call centres and providers of tools
for managing and recording telephone calls, especially:
o Hisense
Europe Customer Care Centar, Strahinjića bana 9, 11000 Beograd, Serbia;
o 3CX,
4010 Boy Scout Boulevard, Suite 325, 33607, Tampa, Florida, USA, the company's
privacy policy is available here: LINK
o Diabolocom
SAS, 20, rue de Paix - 75002 Paris, France, the company's privacy policy is
available here: LINK
o Cisco
Systems, Inc., 170 West Tasman, Dr.San Jose, CA 95134 USA, the company's
privacy policy is available here: LINK;
- processors of external
communication, especially communication via SMS messages and chat rooms,
especially:
o LiveChat, Inc. (101 Arch Street, 8th
Floor, Boston MA 02110, United States of America, the
company's privacy policy is available here: LINK
o Jivochat as a tool provided by Lucas
Loureiro Carvalho Suporte Tecnico ME., the Rua Neves Armond, 140, Sala 301,
Praia Do Suá. Vitória, ES/Brazil, the company's privacy policy is available
here: LINK
o TargetFirst,
23 rue de la Croix Lormel, 22190 PLERIN, the company's privacy policy is
available here: LINK
o Message4u
Pty Ltd t/a MessageMedia of Level 24, 367 Collins Street, Melbourne, Victoria,
Australia 3000, the company's privacy policy is available here: LINK
o SMS
Broadcast Pty Ltd of Level 24, 367 Collins Street, Melbourne, Victoria,
Australia 3000, the company's privacy policy is available here: LINK
- companies that prepare surveys for
us regarding user satisfaction with our products and services, especially:
o Trustpilot
A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K, the company's privacy
policy is available here: LINK.
o Bazaarvoice,
Inc., 10901 Stonelake Blvd, Austin, TX 78759, the company's privacy policy is
available here: LINK
o Reevoo, 2nd Floor Walbrook Wharf,
78-83 Upper Thames Street, London EC4R 3TD, the company's privacy policy is
available here: LINK
o Momentive Europe UC, 2 Shelbourne
Buildings, Second Floor, Shelbourne Rd Ballsbridge, Dublin 4, Ireland, the
company's privacy policy is available here: LINK
o IPSOS
s. r. o., Slovanský dům, Na Příkopě 22, Praha, the company's privacy policy is
available here: LINK
From time
to time, the company organizes prize games and similar promotional campaigns
together with third parties, to whom it may also provide individual personal
data, whereby you will be informed of this prior to the collection of personal
data.
6. Where do we store your data?
Your data are stored
within company internal server units and workstations (also using cloud
technologies) and in the data lake system (a data lake is a centralized
repository that allows you to store structured and unstructured data at any
scale).
7. California privacy rights
If a California resident wishes to make any of the
requests described below, such as access and deletion, he or she may contact us
by contacting our Data Protection Officer (defined in section below). You may
be able to exercise some of the below rights, such as access and deletion, by
using the management features available in your account. You may authorize an
agent to make such a request on your behalf. We will seek to verify your
identity and your agent’s authority when we receive an individual rights
request from you or on your behalf to ensure the security of your personal data
and may need to collect additional personal data to do so.
California residents have the right to request the
deletion of personal data as prescribed in Section 1798.105(a) of the CCPA and
CPRA. We may not delete some or all personal data if such personal data is
necessary for us, or our service providers or affiliates, to:
- complete
the transaction for which the personal data was collected, provide a good or
service requested by the consumer, or reasonably anticipated within the context
of our ongoing business relationship with the consumer, or otherwise perform a
contract between us and the consumer,
- detect
security incidents, protect against malicious, deceptive, fraudulent, or
illegal activity; or prosecute those responsible for that activity,
- debug to
identify and repair errors that impair existing intended functionality,
- exercise
free speech, ensure the right of another consumer to exercise his or her right
of free speech, or exercise another right provided for by law,
- comply
with the California Electronic Communications Privacy Act pursuant to Chapter
3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code,
- enable
solely internal uses that are reasonably aligned with the expectations of the
consumer based on the consumer’s relationship with us,
- comply
with a legal obligation, or
- otherwise
use the consumer’s personal data, internally, in a lawful manner that is
compatible with the context in which the consumer provided the personal data.
You may request to receive details about how we
collect, use, and share your personal data.
Specifically, you may request to receive the specific pieces of
information that we have collected about you by contacting our Data Protection
Officer (defined in section below). If you do so, we may need to collect
additional personal data and other information, including name, email address,
zip code, product purchase location, phone number (which you may choose not to
provide), product model number and serial number to verify your identity. The
same process applies to requests for the deletion of personal data described
above.
You may also request to receive:
- the
categories of personal data that we have collected about you,
- the
categories of personal data that we have disclosed for a business purpose,
- the
categories of sources from which we collected the personal data,
- our
purposes for collecting that personal data, and
- the
categories of parties with whom we share your personal data.
You have a right to direct us not to sell your
personal data. In the preceding twelve months we have not sold your personal
data, as that term is generally understood, but we recognize that the CCPA/CPRA
defines personal data as a “personal information” in such a way that making
available identifiers linked to you for a benefit may be considered a “sale.”
If you would like to exercise that right in relation
to our use of cookies, software development kits, or other tracking
technologies, please click “Do Not Sell My personal data” within the settings
menu of web page or device. Alternatively, you may direct us to not to sell
your personal data by contacting our Data Protection Officer (defined in
section below).
We do not discriminate against you for exercising any
CCPA rights, such as the access and deletion rights described above. If we
choose to offer a product enhancement or financial incentive that is contingent
on you sharing personal data, we will first notify you and obtain your opt-in
permission and ensure that the value provided to us by that collection is
reasonably related to the value of the product enhancement or financial incentive.
8. Canada privacy rights
We will
obtain your consent to collect, use or disclose personal data except where we are authorized
or required by law to do so without consent. For example, we may collect, use
or disclose personal
data without your knowledge or consent where: the information is publicly available, as defined by statute or regulation; we are obtaining
legal advice; or we reasonably
expect that obtaining consent
would compromise an investigation or proceeding. Other exceptions may apply.
Your
consent can be express, implied or given through an authorized representative. Consent may be provided orally, in writing,
electronically, through inaction (such as when you do not notify us
that you do not wish your personal data collected/used/disclosed for various purposes after you have received notice of those purposes) or
otherwise.
You may
withdraw consent at any time, subject to legal, contractual and other
restrictions, provided
that you give us reasonable notice of your withdrawal of
consent. If you notify us that you
withdraw consent, we will
inform you of the likely consequences of that withdrawal, which may include our inability to provide certain services for which that information is
necessary.
We will not
collect personal data indiscriminately but will limit collection of personal data to that which is
reasonable and necessary. We will also collect personal data as
authorized by law.
Your personal
data will only be used or disclosed for the purposes set out above and as authorized by law.
We will keep
your personal data for as long as necessary in connection with the purposes identified above
or as permitted or required by law. You must notify us if you no longer want us
to retain your information.
We will destroy,
erase or make anonymous documents or other records containing personal data as soon as it is
reasonable to assume that the original purpose is no longer being served by
retaining the information and retention is no longer necessary for a
legal or business purpose. We will take due care when destroying
personal data so as to prevent unauthorized access to the information.
Our service providers may be located outside of the country in which you
are located, and our servers are currently located in the European Union. You
therefore acknowledge that your personal data may be
processed and stored in foreign jurisdictions and that governments, courts, law enforcement or government or
regulatory agencies in other jurisdiction may be able to access or obtain disclosure of your personal data under a lawful order or otherwise through the laws of the applicable jurisdiction, irrespective of the safeguards we have put in place for the protection
of your personal data.
You may modify
personal data that you have submitted by logging into your account and updating
your profile information or by contacting our Data
Protection Officer (defined in section below).
Also, upon
written request and authentication of identity, we will provide you with your
other personal data under our control, information about the
ways in which that information is being used and a description of
the individuals and organizations to whom that information has been disclosed.
We will make the
information available within 30 days or provide written notice where
additional time is required to fulfil the request.
In some
situations, we may not be able to provide access to certain personal data. Thismay be the case where,
for example, disclosure would reveal personal data about another
individual, the personal data is protected by solicitor/client privilege, the information was
collected for the purpose of an investigation or where disclosure of theinformation
would reveal confidential commercial information that, if disclosed, could harm our competitive
position. We may also be prevented by law from providing
access to certain personal data. When an access request is refused, we will
notify you in writing, document the
reasons for refusal and outline further steps which are available to
you.
Requests to
modify any information, may be submitted to our Data Protection Officer
(defined in section below). Please allow up to thirty (30) days for us to
process and respond to your request.
You may request
deletion of your personal data by us, however, we may be required (by law or
otherwise) to keep this information and not delete it. After we delete personal
data, we may retain de-identified information, and will continue to use the
information as permitted under this Data Privacy Policy.
We will make a
reasonable effort to ensure that personal data we are using or disclosing is accurate and
complete. In most cases, we rely on you to ensure that your information is current, complete and
accurate.
If you
demonstrate the inaccuracy or incompleteness of personal data, we will amend the information as
required. If appropriate, we will send the amended information to third parties to whom the information
has been disclosed. When a challenge regarding the accuracy of personal datais not resolved to
your satisfaction, we will annotate the personal data under its control with a note that the
correction was requested but not made.
We may send
periodic promotional emails to you. You may opt-out of promotional emails by
following the opt-out instructions contained in the email. Please note that it
may take up to 10 business days for us to process opt-out requests. If
you opt-out of receiving promotional emails, we may still send you emails about
your account or any services you have requested or received from us.
You may also
withdraw your consent to our collections, uses and disclosures of your information at
any time, subject to
legal, contractual and other restrictions, provided that you give reasonable
notice of withdrawal of consent to us. On receipt of
notice of withdrawal of consent, we will inform you of the likely
consequences of the withdrawal of consent, which may include our
inability to provide certain services for which that information is necessary.
9. Mexico privacy rights
You have the
right to (i) access your personal data; (ii) rectify your personal data, if
they are inaccurate or incomplete; (iii) cancel your personal data; and (iv)
oppose the use of your personal data for specific purposes (hereinafter
jointly, the “ARCO Rights“). In case you wish to exercise any of the ARCO
Rights, please send an email to our Data Protection Officer (defined in section
below), which must contain, at least, the following information:
- Full
name and email address or address, in order to communicate the response to
your request.
- The
documents that prove your identity, or if applicable, that of your legal
representative.
- A clear
description of the personal data with respect to which you seek to
exercise any of the ARCO Rights.
- Any
other element or document that facilitates the location of personal data.
If required, we
may request additional information. The response to your request will be
communicated to you within the following 15 (fifteen) business days and, if it
is appropriate, it will be implemented within a maximum period of 20 (twenty)
business days.
You can revoke
the consent that, in your case, you have given us for the processing of your
personal data. However, it is important that you bear in mind that not in all
cases we will be able to respond to your request or terminate the use
immediately, since it is possible that due to some legal obligation, we will
need to continue processing your personal data. Likewise, you should consider
that for certain purposes, the revocation of your consent will imply that we
cannot continue to provide the service you requested, or the conclusion of your
relationship with us.
To revoke your
consent, you must submit your request to our Data Protection Officer (defined
in section below).
To know the
procedure and requirements for the revocation of consent, you can contact our
Data Protection Officer (defined in section below).
In order for you
to limit the use and disclosure of your Personal Data, we offer you the
following means:
Your
registration in the Public Registry to Avoid Advertising (Registro Público
para Evitar Publicidad), which is in charge of the Federal Consumer
Prosecutor’s Office (Procuraduría Federal del Consumidor), so that your
personal data is not used to receive advertising or promotions from goods or
services companies. For more information about this registry, you can consult
the PROFECO Internet portal, or you can contact it directly.
Your
registration in our exclusion list, so that your personal data is not processed
for marketing, advertising or commercial prospecting purposes by us. For more
information, you can contact our Data Protection Officer (defined in section
below).
If you consider
that your right to the protection of personal data has been damaged by any
conduct or omission on the part of the us, or you presume any violation of the
provisions set forth in the Law, its Regulations and other applicable
regulations, you may file your disagreement or complaint before the National
Institute of Transparency, Access to Information and Protection of Personal
Data (INAI).
10. Do not track settings
Certain
country/state/province laws require that we indicate whether we honor "Do
Not Track" settings in your browser concerning targeted advertising. We
adhere to the standards set out in this Data Protection Policy and do not
monitor or follow any Do Not Track browser requests.
11. Information for Russian Federation Citizens
All
personal data obtained from Russian Federation Citizens is stored in a central
database system located in the territory of the Russian Federation and the
Company is the controller of personal data.
Other
operations related data is transferred in an anonymized way to central location
in the EU to perform statistical analytics and provide data for further
improvement and development of our appliances and above all the related
services.
In case
personal data would be transferred outside the Russian Federation borders, it
would be for a special purpose only. As soon as the mentioned processing would
be finished, the personal data with all the relevant copies would be returned
to the Russian Federation territory or would be deleted.
12. What are your rights and how to exercise them
You can
exercise the following rights regarding your personal data we process:
§ Right
of access – enables you to obtain the information as to whether your personal
data is being processed and regarding the procedures and methods of personal
data processing,
§ Right to rectification – in case you
notice that your data is not accurate, you have the right to complete
incomplete or to correct the incorrect data,
§ Right to erasure – allows you to
request the erasure of your personal data that we process. We will do this in
accordance with the GDPR and in the event that there are no other restrictions
preventing us from doing so,
§ Right to restrict processing -
allows you to restrict processing, while you dispute the accuracy of the data,
object to deletion, as the purpose of the processing for which the data was
collected is no longer relevant, and you want further storage due to legitimate
interests, or if you have submitted a request to determine the legal reasons
for processing,
§ Right to data portability – allows
you to receive a copy of the provided personal data in a structured, commonly
used hardware format, and to transmit data to another controller, if the
requirements set forth by the GDPR are met,
§ Right to object - enables objection
in case of data collection and processing for the purposes of direct marketing
or related profiling,
§ Right to review automated
decision-making - in the event that a decision that is reflected in our mutual
relationship is based on automated decision-making, you can use the right to
implement a new, non-automated decision,
§ Right to withdraw consent – in the event that the processing is
based on the given consent, you have the right to revoke the consent at any
time. The withdrawal of consent shall not affect the lawfulness of processing
based on consent before its withdrawal.
If you wish
to use any of the above rights, you can notify us at the e-mail address privacy@connectlife.io.
In addition
to the above rights, you also have the right to lodge the complaint with the
supervisory authority. In the event that your rights regarding the processing
of personal data have been violated, you can file a complaint with the
competent authority: Information Commissioner of the
Republic of Slovenia, by mail to the address: Dunajska 22, 1000 Ljubljana or
via e -mail to the address: gp.ip@ip-rs.si
13. Data Protection Officer
In all
matters related to the processing of your personal data, our data protection
officer is at your disposal and can be contacted at the e-mail address: privacy@connectlife.io.