PERSONAL DATA PROCESSING INFORMATION
ART. 13 REG. UE 2016/679
In accordance with European Union Regulation N. 2016/679 (hereinafter “GDPR”) and Article 13 in particular, please find below the information relating to personal data we will collect and process through the use of Finder YOU Mobile Application (hereinafter, “App”). This information does not concern other websites, webpages or online services that can be reached through hyperlinks or widgets that may be published on the App but refer to external resources.
PROCESSES YOUR PERSONAL DATA
Data Controller: FINDER S.p.A. con unico socio
Cod.Fisc./P.IVA: IT05732610018
Address: 10040 Almese (TO) Via Drubiaglio 14
CONTACT DETAILS
Data Subjects contact form at:
https://www.findernet.com/en/worldwide/data-protection/ or at https://www.findernet.com select “Support” / “Data Protection )
HOW AND FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
Please find below all the information to understand which personal data of the App’s Users we need to process. After installation, the App asks the User’s device for permission to access the User’s device data. Once the permission has been given, it can be revoked by the User at any time through the device settings. Please note that the denial or revocation of the requested permissions, where indicated as necessary, might impact the proper functioning of the App’s services.
Third parties recipient of the personal data
USER’S REGISTRATION
Data Processing Purposes
Registration of User’s account in order to provide the App’s services and to store the device settings connected to the App
Processed Data
- Name, Surname
Third parties recipient of the personal data
- Professionals, companies and consultant appointed by the Data Controller
Data type: Personal data; Legal basis: Contract performance; Necessary data: YES; Data retention 30 days from the User’s request for data erasure
APP FUNCTIONALITY
Data Processing Purposes
To provide the services of the App and of the devices connected to the App
Processed Data
- Device ID
- Wi-Fi network connection/disconnection
- Bluetooth settings
- Paired Bluetooth devices
- IP address
- Location data (BLE)
- Event log: User ID
- Event log: “Autoaway”
- User location for geofencing functions
- Status of the controlled devices
- Thermostat temperature history
- Settings history
- Unique ID of connected devices
- Type of device to control (lights, shutters, thermostat, etc.)
- Device-specif configuration parameters
- User assigned device name
- User assigned system/house/room name
- Names of personalised scenarios
- Names and Email addresses of people with whom you share your devices
Third parties recipient of the personal data
- Professionals, companies and consultant appointed by the Data Controller
Data type: Personal data; Legal basis: Contract performance; Necessary data: YES; Data retention: 30 days
TECHNICAL SUPPORT
Data Processing Purposes
- To provide technical assistance on User’s request
Processed Data
- Email, City/Province
- User’s data necessary to process the request and provide assistance
- Any additional information provided by the Data Subject
Third parties recipient of the personal data
- Professionals, companies and consultant appointed by the Data Controller
- Finder Company subsidiaries
Data type: Personal data; Legal basis: Contract performance; Necessary data: YES; Data retention: As long as necessary to respond the User’s requests
SMART ASSISTANT PERMISSION
Data Processing Purposes
- To allow the User to control the devices connected to the App through Smart Assistant devices
Processed Data
- Name, Surname, Email
- Unique ID of connected devices
- Type of device to control (lights, shutters, thermostat, etc.)
- User assigned device name
Third parties recipient of the personal data
- Smart Assistant service provider (e.g. Google Assistant ®, Amazon Alexa ®)
Data type: Personal data; Legal basis: Contract performance; Necessary data: NO; Data retention: 30 days
DATA PROTECTION SUPPORT
Data Processing Purposes
- To provide information on action taken on a request of a Data Subject to exercise rights under GDPR
Processed Data
- First name, Surname, Email
- Any additional information provided by the Data Subject
Third parties recipient of the personal data
- Public and/or Judicial Authorities
- Professionals, companies and consultant appointed by the Data Controller
- Finder Company subsidiaries
Data type: Personal data; Legal basis: Compliance with a legal obligation; Necessary data: YES; Data retention: Until the statutory prescription period
LEGAL OBLIGATION COMPLIANCE
Data Processing Purposes
- Provided by current legislation and/or order given by Public Authorities
Processed Data
- Personal data required by law or by order of a Public Authority
Third parties recipient of the personal data
- Public and/or Judicial Authorities
- Professionals, companies and consultant appointed by the Data Controller
Data type: Personal data; Legal basis: Compliance with a legal obligation; Necessary data: YES; Data retention: Until the statutory prescription period.
PROTECTION OF RIGHTS
Data Processing Purposes
- For the establishment, exercise or defence of legal claims in courts
Processed Data
- Personal data required to exercise rights
Third parties recipient of the personal data
- Public and/or Judicial Authorities
- Professionals, companies and consultant appointed by the Data Controller
Data type : Personal data; Legal basis: Legitimate interest; Necessary data: YES; Data retention: Until the statutory prescription period
INFORMATION SECURITY MANAGEMENT
Data Processing Purposes
- Management, maintenance and protection of IT infrastructure
Processed Data
- Data collected for User account registration purposes
- Data collected by the App
Third parties recipient of the personal data
- Public and/or Judicial Authorities
- Professionals, companies and consultant appointed by the Data Controller
Data type : Personal data; Legal basis: Legitimate interest; Necessary data: YES; Data retention: 30 days
HOW LONG WE KEEP YOUR PERSONAL DATA
We will retain your personal data for as long as necessary to achieve the purposes as set out above.
Please note that simply uninstalling the App from the User’s device is not enough to fully erase the collected data. To this end, the User can request the Data Controller to erase the data by using the contact form indicated above or, where available, the appropriate functionality within the App.
We may also be obliged to keep your personal data for a longer period in the case of legal obligation or by order of an Authority, or in case their use is necessary to the Data Controller for the establishment, exercise or defense of legal claims. At the end of the retention period your personal data will be deleted. Therefore, after this period, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.
TO WHOM WE DISCLOSE YOUR PERSONAL DATA
Your data will not be disclosed to third parties, unless where a law or a Public Authority requires us to do so, or in the event it is necessary for the establishment, exercise or defense of legal claims.
In addition, your data may be disclose to data processors, which are organizations external to ours that have been previously authorized to process your data on our behalf.
You will find in the table above the categories of recipients to whom we may disclose data.
In the case of use of Smart Assistant devices (e.g. Google Assistant ®, Amazon Alexa ®): after the User’s authorization, the App communicates the User’s identification data and the data relating to the connected devices to the third party providing the service. Please refer to the personal data processing information provided, as independent data controller, by the Smart Assistant service provider.
HOW WE PROCESS YOUR PERSONAL DATA
Your data will be processed by persons specifically authorized for this activity and/or by data processors, who are also authorized. The Data Controller verifies and checks their work. The processing will be carried out with the aid of electronic tools (including automated means) in addition to manual means, always respecting the provisions of the Privacy Code and the GDPR, to guarantee the security and confidentiality of your personal data.
PUBLIC DISCLOSURE OF PERSONAL DATA
No personal data provided will be disseminated
AUTOMATED DECISION-MAKING
We do not use systems that make automated decisions based on personal data.
TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
Personal data are managed within countries belonging to the European Economic Area (EEA).
The Data Controller may need to transfer some data to suppliers and/or Finder Company subsidiaries based in countries outside the EEA, for reasons of personal data’s organization or to achieve the purposes indicated above.
In these case, the Data Controller will ensure that the information is properly protected, in accordance with the principles set out in articles 45 and 46 of GDPR, if necessary by entering into legal agreements governing the transfer of information by providing adequate guarantees.
DATA SUBJECT’S RIGHTS
As a Data Subject, you can exercise your Rights, as required by articles 13, 15-23 of the GDPR. To do this, you can contact us through the contact form indicated above.
We will reply to you within one month. In cases of particular complexity of the request, we may reply to you within three months, but in this case we will notify you.
In summary, the Data Subject, with reference to personal data concerning him/her, has the possibility:
- To request access to personal data, rectification or erasure of personal data or restriction of processing;
- To object to processing;
- To data portability;
- To withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- To lodge a complaint with a supervisory authority, which in Italy is constituted by the “Garante per la Protezione dei Dati Personali”, which can be contacted through the references found on the website http://www.garanteprivacy.it.
