PELUVIO SMART APPLICATION PRIVACY POLICY
The controller of your personal data in connection with the use of the PELUVIO SMART mobile application is BrandLine Group sp. z o.o., with its registered office in Poznań, ul. Adama Kręglewskiego 1, 61-248 Poznań, entered in the register of entrepreneurs of the National Court Register maintained by the District Court Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number: 0000552768, NIP: 7822579840, REGON: 361233546, BDO: 000008493, share capital of PLN 24,800.00 (hereinafter also referred to as: the Controller, BrandLine or the Data Controller).
The purpose of this Privacy Policy is to define the actions undertaken by BrandLine Group sp. z o.o. regarding the protection of personal data and the scope and legal grounds for their processing, carried out in connection with the purchase in our online store PELUVIO.COM of an Intelligent Device product linked to the PELUVIO SMART mobile application (hereinafter also referred to as: the Application or PELUVIO SMART). The Application provides End Users with remote control of Intelligent Devices and the ability to connect to the supplier’s IoT platform.
The Controller also informs that the use of the Application involves the processing of data by the software provider Tuya Smart for the proper functioning of the Application, which is independent of the data processed by BrandLine Group sp. z o.o., and which takes place in connection with the purchase of an Intelligent Device in our online store PELUVIO.COM and the use of the Application.
More information for the User regarding data processed by the IoT provider is available at:
The PELUVIO SMART mobile application may be downloaded via third-party platforms such as, for example, Google Play and Apple App Store. Downloading the Application may require prior registration on these platforms. If personal data are processed in connection with the installation of the Application or its automatic updates, the operator of the given platform is responsible for such processing.
1. USE OF THE APPLICATION
The Application provides live video and audio streaming, enables interaction with the surroundings, as well as other services described below depending on the permissions granted by the User’s mobile device. In order to fully use the functionality of the Application, the Application requests access to the following permissions:
1. camera – this permission is necessary for the Application to connect the mobile device with a device equipped with a camera. The Application has access to the camera on the User’s mobile device only while the electronic device is in use;
2. location – this permission is necessary for the correct pairing of the mobile device with the electronic device;
3. microphone access – necessary for the proper operation of the electronic device in order to transmit sound waves;
4. detection of devices near the phone – necessary for the proper operation of the electronic device;
5. display of push notifications – necessary for the Administrator to conduct marketing activities;
6. access to the gallery and photos – for the purpose of recording images from the electronic device on the User’s mobile device.
The User of the Application may change the granted permissions at any time in the system settings of their mobile device; however, this may result in limited access to certain Application functions.
2. PERSONAL DATA CONTROLLER
All activities of BrandLine are subject to the provisions of law applicable in the field of personal data protection, in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR), as well as the Act of 10 May 2018 on the protection of personal data. In all matters related to personal data protection, you may contact the Controller:
a. by post at: ul. Adama Kręglewskiego 1, 61-248 Poznań
c. by phone: +48 612 222 980.
With regard to security, respect and protection of your rights, Personal Data at BrandLine are:
· processed lawfully, fairly and in a transparent manner,
· collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes,
· adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimisation principle),
· accurate and, where necessary, kept up to date,
· stored in a form permitting identification of the data subject for no longer than is necessary for the purposes for which the data are processed,
· processed in a manner ensuring appropriate security of personal data: the Controller ensures protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by means of appropriate technical and organisational measures. The Controller takes all necessary actions to ensure that its subcontractors and other cooperating entities provide guarantees of applying appropriate security measures in every case when they process Personal Data on behalf of the Controller.
3. PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE APPLICATION.PURPOSES, LEGAL BASIS AND DATA RETENTION PERIOD
In connection with the use of the Application, the Controller processes personal data (hereinafter also referred to as: Personal Data) of users who have purchased an Intelligent Device in the PELUVIO.COM store and in connection with linking the Intelligent Device with a mobile device (hereinafter also referred to as: User/Users).
The Controller informs that Personal Data are processed for the following purposes:
3.1 Establishment of an account and ensuring the functioning of the User profile – provision of services by electronic means (ensuring the ability to check the history of activities in the Application, use of the Application functionalities offered by the Controller, resolving technical problems) on the basis of Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract to which the data subject is a party, in accordance with the provision of services specified in the Terms of Service.
When the User registers an account, the Controller may collect their name and surname and contact details such as e-mail address, phone number, username and login details. During the User’s interaction with products, the Controller may additionally collect information on a nickname, profile photo, country code, language preferences or time zone.
Personal data will be processed for the period of service provision, and after account deletion for the time necessary to ensure compliance with legal regulations, pursue or defend against potential claims.
3.2 For the purpose of enabling Users to post reviews – on the basis of Article 6(1)(f) GDPR, where processing is necessary for the purposes of the legitimate interests pursued by the Controller, which include the ability to present opinions on offered products, as well as maintaining a good image of the Controller and the services provided by it, including improving the quality of solutions offered within the Application. When using the review and product suggestion function, the Controller collects the e-mail address, mobile phone number and the content of the review. Data will be processed as long as the Controller’s legitimate interest exists, no longer than until the User objects.
3.3 Ensuring proper communication regarding the performance of the contract and services provided by electronic means, including informing about changes in terms, rules and policies and/or other administrative information applicable at the Controller – on the basis of Article 6(1)(f) GDPR, where processing is necessary for the purposes of the legitimate interests pursued by the Controller, which is ensuring proper communication with the User. Data are processed for the duration of service use, in principle no longer than the limitation period for claims.
3.4 Provision of services within the use of the Application – within the Application it is possible to: (a) transmit image and sound; (b) enable audio recordings; (c) monitor and receive alerts; (d) receive messages and notifications; (e) record videos and sounds – on the basis of Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract in accordance with the Terms of Service. The Controller processes User account and profile data, device information, usage data, location information and information concerning Intelligent Devices. Personal data will be processed for the period of service provision, and after account deletion for the time necessary to ensure compliance with legal regulations, pursue or defend against potential claims.
3.5 Ensuring after-sales service – technical support – on the basis of Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract in accordance with the Terms of Service, and on the basis of Article 6(1)(c) GDPR, where processing is necessary to fulfil a legal obligation incumbent on the Controller, in connection with the provisions of the Act of 30 May 2014 on consumer rights, the Act of 18 July 2002 on the provision of services by electronic means, the Act of 29 September 1994 on accounting and other accounting and tax regulations.
3.6 For the purpose of preventing violations in conducted communication and taking actions aimed at examining reports concerning illegal and/or non-compliant content with the services – on the basis of Article 6(1)(c) GDPR, where processing is necessary to fulfil a legal obligation incumbent on the Controller, in connection with Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act). User data will also be processed after the completion of the handling of the report. The legal basis for such processing is the Controller’s legitimate interest in archiving the report for the purposes of demonstrating its course in the future and defending against potential claims (Article 6(1)(f) GDPR). Data will be processed for the time necessary to examine the report and then for the period related to the limitation of claims arising from the report.
3.7 For the purpose of providing the User with commercial information regarding services provided by the Controller (marketing of own services) – on the basis of Article 6(1)(f) GDPR, where processing is necessary for the purposes of the legitimate interests pursued by the Controller, which is conducting marketing of its own services. Personal Data will be processed until an objection is raised.
3.8 For the purpose of examining preferences regarding services and products and analysing business processes through surveys – on the basis of Article 6(1)(a) GDPR, where processing is carried out on the basis of the User’s consent. The Controller may process User account and profile data, usage data and device information in order to personalise product design and provide services tailored to their needs, such as recommending and displaying information and advertisements concerning products tailored to their needs, as well as inviting them to participate in surveys regarding their use of the Controller’s products. Data are processed until consent is withdrawn or they lose their usefulness. More information in section 6. Cookies and similar technologies.
3.9 For the purpose of pursuing and defending against claims arising in connection with the concluded contract and provided services on the basis of Article 6(1)(f) GDPR, where processing is necessary for the purposes of the legitimate interests pursued by the Controller, which is ensuring the possibility of pursuing or defending against potential claims. Data will be processed until the limitation period for claims arising from the concluded contract or service provision expires.
4. DATA RECIPIENTS
Users’ Personal Data may be transferred to third parties whose services are used by the Controller in connection with offering the Application, in particular:
· entities providing IT services and IT system suppliers,
· companies handling payment transactions,
· entities providing marketing services,
· entities providing goods distribution services,
· entities providing customer service,
· companies providing service services (within complaint handling),
· authorised entities upon a documented request,
provided that this is regulated by provisions of law.
As a rule, the Controller does not transfer User Data to a third country or an international organisation; however, such a situation may occur. In such a case, the Controller undertakes to ensure that an appropriate level of data protection is provided. User Data may be transferred to a third country when they are processed using cloud tools whose storage space may be located on servers outside the European Economic Area (EEA), or when the User uses e-mail communication with the Controller where the e-mail service provider uses servers located outside the EEA. In the event of data transfer outside the EEA, the Controller implements appropriate safeguards required by the GDPR to ensure the security of Personal Data.
Information regarding data transfers outside the EEA within the use of the Tuya Smart IoT provider software is included at:
5. RIGHTS AVAILABLE
Providing Personal Data is always voluntary; however, failure to provide data marked as necessary makes it impossible to use services via the Application.
Each User whose Personal Data are processed by the Controller has the right to:
1. Right of access to data – meaning that the User may request information from BrandLine as to whether and what data are processed by the Data Controller. In accordance with Article 15 GDPR, a registered Customer has unrestricted access at any time to all their Personal Data provided to the Controller.
2. Right to rectification of data – meaning that the User may request that BrandLine rectify inaccurate data or complete incomplete data. A registered Customer may at any time independently correct their personal data in their Profile within the Customer account.
3. Right to erasure of data – meaning that the User may request the deletion of their data processed by the Controller.
4. Right to restriction of processing – meaning that the User may request restriction of data processing by BrandLine.
5. Right to data portability – meaning that, subject to certain conditions, the User may request that their data be transferred directly to another indicated controller.
6. Right to object – meaning that the User may object to the processing of Personal Data by the Data Controller.
7. Right to object to automated decision-making, including profiling – meaning that the User may object to the use of Personal Data in automated decision-making processes, including profiling.
8. Right to withdraw consent – meaning that the User may withdraw previously granted consent at any time, whereby withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
9. Right to notify a supervisory authority of a personal data protection breach – when the User considers that the processing of their data by us violates legal provisions (right to lodge a complaint with the President of the Personal Data Protection Office, www.uodo.gov.pl).
6. COOKIES AND SIMILAR TECHNOLOGIES
The Controller uses cookies or similar technologies (hereinafter also referred to as “Cookies”). The Controller collects the following data:
a. Device information: When the user interacts with the Product, the Controller automatically collects device information such as device MAC address, IP address, wireless connection information, operating system type and version, application version number, push notification identifier, log files and mobile network information.
b. Usage data: When the user interacts with our Websites and Services, we automatically collect data regarding the use of our Websites and Services.
c. Log information: When using our Application, system logs and exception logs may be transmitted.
d. Location information: The Controller may collect information about the User’s precise or approximate real-time geolocation when using the Application.
7. AUTOMATED DECISION-MAKING, INCLUDING PROFILING
1. The Controller uses systems for automated decision-making, including profiling; however, this will not produce any legal effects for the User or similarly significantly affect their situation.
2. Profiling of personal data by the Controller consists in processing data (also in an automated manner) by using them to assess certain information, in particular to analyse or predict the personal preferences of our Users.
3. Information obtained as a result of automated decision-making, including profiling, will be used solely for the purpose of adjusting our marketing activities to the needs and preferences of Users.
8. LIST OF SUPPLIERS
List of service providers used by the Controller in connection with the use of the PELUVIO SMART Application.