07 November 2018

dom-E: app Privacy Policy

1.1 Beghelli S.p.A. provides you, pursuant to art. 13 of European Regulation no. 2016/679 (hereinafter, "GDPR"), the information requested relating to the processing of your personal data for the use of the application Dom-E.

1.2 Dom-E is an app developed for Android / IOS smartphones and tablets and is available, free of charge, on the Play Store (Android) and App Store (IOS).

1.3 This document has also been drawn up taking into account the recommendations and clarifications provided by the Article 29 Working Party in its "Opinion no. 2/2013 on applications for smart devices", as well as the "Transparency Guidelines pursuant to Regulation 2016/679" (WP260 rev. 01).

1.4 Dom-E is a service/app dedicated to persons aged 16 and over.
2.1 Application Use Data
The computer systems and software procedures, used to run this application, acquire during their usual operation personal data whose transmission is implicit in the use of Internet communication protocols. Those information are not collected to be associated with identified parties, but they could, through processing and association with data held by third parties, identify users.

This category of data includes:
the IP address or ID of the device used from User, domain name, operating system, model and brand of the device, data relating to network connectivity and applications used on the device, information relating to storage systems (e.g. SD card), the mobile operator, the addresses in URI (Uniform Resource Identifier) of the services requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc..) and other parameters relating to the operating system and characteristics of your device.
These data are used only to obtain anonymous statistical information on the use of the application and to check its proper functioning.
Part of this information, contained in the memory of the device, can be sent to the technical support for debugging purposes upon request by the support staff of Beghelli S.p.A. and your consent expressed in the app itself.
2.2 Data voluntarily provided by the user
To be able to register in the app, you will be asked to provide some of your personal data such as: identification data, contact details (e-mail, phone number). The refuse to provide this information will not allow you to register or use the application's functions.
2.3 Geolocalization data
The app, with your permission, requires the activation of the geolocalization function of the device exclusively to provide the service technically. In particular, only for Bluetooth LE (Low Energy, also called BTLE) it is necessary to have the location services active in order to correctly detect those BluetoothLE devices that are in the area.
Geolocalization can also be useful:
-    for the automated activation of devices connected to dom-E.
-    to allow the app to know the location of the plant created so that it can show the weather data on the app itself and regulate the connected devices according to the weather variations.
These geolocalization data are not stored by Beghelli S.p.A. in any way.
3.1 When installing the app, Beghelli receives and / or stores information and / or accesses information stored on your device and consequently processes personal data.
The legal basis for the processing of personal data carried out during the installation of the app is the contract, in particular the execution of pre-contractual measures adopted at the request of the interested party.
3.2 In the next phase, during the use of the app, your data will be processed:
  • for technical management of the application;
  • for management of your account, to verify your identity, prevent and track fraudulent or inappropriate use of the app;
  • to allow you to use the functions of the application. For best use of all the features of dom-E you will be required to provide some access authorizations to your device. You can change or revoke these authorizations at any time through your device's general settings. The denial of these authorizations will not allow you to fully benefit of the dom-E services;
  • to send you push notifications to notify you of warnings and alerts concerning the regular functionality of the app;
  • to send you notifications about the regular functionality of the service.
  • to process information/customer care requests, provide maintenance services.
In relation to these purposes, the legal basis is the execution of a contract to which the data subject is party.

3.3 Further data processings:
  • The Data Controller will also process all further information according to the products/services chosen by the data subject as set by the data subject according to his or her preferences, e.g.:
- Timer settings and/or special programs;
- Creation of scenes and environments for the automatic management of household appliances;
-    Audio/video recordings and their storage in the cloud/NVR;
  • The Data Controller may process your data for the management of other activities in which the user decides to take part (competitions, lotteries, promotions ...).
In relation to these purposes, the legal basis is the performance of a contract to which the data subject is party.
3.4 Your data may be processed to ascertain, exercise or defend the rights of the Data Controller in a judicial proceeding.
In this case, the legal basis is the legitimate interest of the Data Controller.
4.1 For the purposes of points 3.1, 3.2 and 3.3, your data will be processed for the duration of the contract until the request for cancellation of the account.

4.2 in the case of litigation data will be processed for the entire duration of the same, until exhaustion of the time limits for the exercise of the right of appeal.

5.1 The processing of data is based on the principles of fairness, lawfulness and transparency and minimization of data (privacy by design); may be carried out either manually or using automated methods aimed at storing, processing and transmitting the data and will be carried out using appropriate technical and organizational measures, as long as is reasonable and appropriate to the state of the art, to guarantee the security, confidentiality, integrity, availability and resilience of the systems and services, preventing the risk of loss, destruction, unauthorized access or disclosure or, in any case, unlawful use, as well as through reasonable measures to promptly erase or rectify inaccurate information in relation to the purposes for which they are processed.

6.1 The data may be processed by external subjects operating as data controllers such as supervisory and control authorities and in general subjects, public or private, legitimated to request the data.

6.2 Your data may also be processed by our trusted companies (including companies owned by Beghelli S.p.a.) that perform on our behalf technical tasks, such as companies for the management and maintenance of the server where the data resides, technical assistance companies, call center companies. These companies are appointed as data processors in accordance with art. 28 of the GDPR.
6.3 The data will not be disclosed in any way.
The data may only be processed by employees of the Data Controller or Data Processors responsible for pursuing the above purposes, who have been expressly authorized to process the data and who have received appropriate operating instructions.
8.1 In relation to the processing of your personal data, you can ask the Data Controller for access to the Data, their erasure, rectification or integration. You can ask limitation of processing in the cases provided for in Article 18 GDPR; as well as the opposition to the processing in cases of legitimate interest of the Data Controller; to receive the data in a structured format, commonly used and readable by a common machine-readable format, and, if technically feasible, to transmit them to another Data Controller without hindrance where the conditions for the exercise of the right to portability pursuant to Article 20 of the GDPR are met (the processing is based on consent or contract and is carried out by automated tools); to revoke the consent given at any time. The revocation of consent does not affect the lawfulness of the processing based on consent prior to revocation.
8.2 Data subjects shall have the right to submit a complaint to the competent supervisory authority in the Member State where they habitually reside or work or in the Member State where the suspected breach has occurred.
8.3 The interested parties also have the right to lodge a complaint with the competent control authority in the Member State in which they habitually reside or work or of the State in which the alleged violation occurred.
9.1 The data controller is Beghelli S.p.A., Via Mozzeghine 13/15, Monteveglio 40053 Valsamoggia, Bologna (IT).
10.1 The DPO can be contacted at the following e-mail address: dpo@beghelli.it