Orange Smart Home ES Privacy Policy
ORANGE ESPAGNE, S.A.U(now on, “Orange”) a company registered in Paseo del Club Deportivo 1, Parque Empresarial La Finca, Edificio 8, 28223 Pozuelo de Alarcón (Madrid) will process your personal data acting as the Data Controller and committed to protecting your privacy. This Privacy Policy (now on “Policy”) describes our practices in connection with information privacy on Personal Data we process through your individual use of the following services, products, and related mobile applications (collectively, the “Products”):
·Orange Smart Home ES Mobile Application
In this Policy, “Personal Data” means information generated, collected, recorded and/or stored, electronically or otherwise, that can be used to identify an individual or reflect the activity of an individual, either from that information alone, or from that information and other information we have access to about that individual. The reference “Smart Devices” refers to those computing devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including: smart home appliances, smart wearable devices, smart air cleaning devices, etc. The reference “Apps” refers to those mobile applications developed by Orange that provide end users remote control to Smart Devices and with the ability to connect to the supplier IoT Platform.
What Personal Data do we collect
In order to provide our services to you, we will ask you to provide necessary Personal Data that is required to provide those services. If you do not provide your Personal Data, we may not be able to provide you with our products or services.
1.Information You Voluntarily Provide Us
·Account or Profile Data: When you register an account with us, we may collect your name and contact details, such as your email address, phone number, user name, and login credentials. During your interaction with our Products, we may further collect your nickname, profile picture, country code, language preference or time zone information into your account.
2.Information We Collect Automatically
·Device Information: When you interact with our Product, we automatically collect device information, such as the MAC address of your devices, IP address, wireless connectioninformation, operating system type and version, application version number, push notification identifier, log files, and mobile network information.
·Usage Data: During your interaction with our Sites and Services, we automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.
·Log Information: When you use our app, the system and exception log may be uploaded.
·Location Information: When you enable location-based functions through permission settings on your mobile device, we will collect and process your location information to enable certain functions, such as pairing with your Smart Devices. Also, we may collect information about your real-time precise or non-precise geo-location when you use our specific Products or Services.
3.Smart Devices Related Information:
·Basic Information of Smart Devices: When you connect your Smart Devices with our Products or Services, we may collect basic information about your Smart Devices such as device name, device ID, online status, activation time, firmware version, and upgrade information.
·Information Reported by Smart Devices: Depending on the different Smart Devices you elect to connect with our Products or Services, we may collect different information reported by your Smart Devices.
·Information collected by the Smart Device to provide the video monitoring service: image, voice, facial recognition, etc.
Purposes and legal basis for processing Personal Data
The purpose for which we may process information about your personal data are as follows:
Who do we Share Personal Data with?
The User's data may be communicated where appropriate to:
•Public Administrations in the cases provided by Law.
•Banks and Financial Entities for the collection of the services offered.
•Other companies of the business group for internal administrative purposes and the management of the products and services contracted.
•The entities responsible for the Credit Information Files to which the data relating to non-payments and incidents in the payment of products or services contracted to ORANGE or to third parties may be communicated.
•Recovery entities for the total or partial assignment of the loan portfolio derived from the provision of telecommunications services that are unpaid.
•Suppliers and distributors that perform necessary functions for the correct provision of the service, in the name and / or on behalf of ORANGE.
International Transfer of Information Collected
ORANGE will comply with applicable data localization requirements in corresponding jurisdictions with respect to storage of data. To facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. When we do so, we will ensure that an adequate level of protection is provided for the information by using the following approach:[ODPO11]
Agreement on the basis of approved EU standard contractual clauses per GDPR Art. 46. For more information, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
If you would like further detail on the safeguards we have in place, you can contact us directly as described in this Privacy Policy.
Your Rights Relating to Your Personal Data
We respect your rights and the use you manage over your Personal Data. You may exercise any of the following rights through the section “Profile-Personal Center”. For that matter, you do not have to pay a fee and we will aim to respond you within 30 days. If you decide to email us, in your request, please make clear what information you would like to have changed, whether you would like to have your Personal Data deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.
You may:
·Request access to the Personal Data that we process about you;
·Request that we correct inaccurate or incomplete Personal Data about you;
·Request deletion of Personal Data about you;
·Request restrictions, temporarily or permanently, on our processing of some or all Personal Data about you;
·Request transfer of Personal Data to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; and
·Opt-out or object to our use of Personal Data about you where our use is based on your consent or our legitimate interests.
·Right to not be subject to decisions based solely on automated decisions made by Orange. You have the right to have an agent intervention to explain the decision made through this automated processing, also collect your comments and dispute such decision where appropriate.
·File a claim regarding the protection of your personal data through the mediation system of the Association for the Self-regulation of Commercial Communication (AUTOCONTROL) at the following link: www.autocontrol.es/servicios/mediacion or through the Spanish Data Protection Authority through its web www.aepd.es, or by postal address at C / Jorge Juan, 6, 28001-Madrid.
Security
We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Data. Orange provides various security strategies to effectively ensure data security of user and device. As for device access, proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage.
Data Retention
ORANGE will process the user's personal data in compliance with the principle of limitation and the retention period, for the time necessary to fulfill the purposes for which they were collected and will be kept for the time necessary to provide the services requested and in response to the retention periods provided for in current legislation for the exercise or defense of possible administrative or judicial claims. In these cases, the information will be kept blocked with restricted access to certain profiles, with the necessary technical and organizational measures that guarantee the security of the information avoiding its alteration, loss, treatment or unauthorized access, taking into account the state of technology, the nature of the stored data and the risks to which they are exposed. After these periods, the data will be deleted or anonymized, as applicable, and in accordance with the applicable regulations.
Regarding the period of conservation of the data processed for profiling activities, they will respond to the current situation of the client and in any case, it will not exceed 12 months.
Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.
Contact Us
If you have any questions about our practices or this Privacy Policy, please contact us as follows:
ORANGE ESPAGNE SAU
Postal Mailing Address: Paseo del Club Deportivo 1, Parque Empresarial La Finca, Edificio 8, 28223 - Pozuelo de Alarcón (Madrid)
Email: orangeproteccion.datos@orange.com.