SALUS CONTROLS PRIVACY NOTICE FOR USERS OF THE SALUS APP

Introduction and Scope

This Privacy Notice sets out how SALUS Controls Limited and its subsidiaries ,including, in particular, Salus Controls plc (collectively, "SALUS Controls", "we", "us" and "our"; when we use these terms we are referring to the company in the group that is responsible for processing your data), will process your personal data, to allow customers or end users to control various Internet connected and smart home products, devices and equipment (collectively, “Device” or “Product”) remotely through our SALUS branded technology and mobile software applications, whether accessed through the application itself or our website (collectively, “App” or “Apps”).

This Privacy Notice covers users in the United Kingdom (“UK”) and countries in the European Economic Areas (“EEA”) of the following Internet connected Devices and Apps:

  • SALUS iT500
  • SALUS iT500 Plus
  • SALUS IT600
  • SALUS RT310i
  • SALUS Smart Home

Any other Devices and/or Apps provided by us.

Any reference to “you” or “your” shall mean the user of the App and Device and includes any individual or commercial users. Customers and users in the US and other countries outside of the UK and EEA are served by our sister company, SALUS North America Inc.

Personal data or personal information refers to information in any form that can identify an individual. This includes any data, attributes or activities associated with an identifiable person or can be combined to identify a person. Any personal data you supply to us via our Apps or Devices will be treated in accordance with applicable data protection laws.

When you provide us with personal data about others, you must ensure you notify the relevant individual(s) before sharing their information and present this Privacy Notice (or your own legally compliant privacy notice), explaining that their personal information will be processed in accordance with the relevant Privacy Notice. By accepting our Privacy Notice you are confirming you have met this requirement and will comply with all applicable laws relating to the personal data of the relevant third party.

In order to register an account with us you must be 18 years old. Our Devices and Apps are not intended for or directed at persons under 18 years of age. SALUS Controls does not knowingly collect, use or disclose personal data from anyone under 18 years of age.

By connecting our Devices to the Internet and using our Apps you are accepting the terms of this Privacy Notice. If you do not agree with this Privacy Notice, then please refrain from downloading and using our Apps, or connecting our Devices to the Internet.

Data Controller and Data Protection Officer

SALUS Controls Plc is the headquarters for the SALUS Controls Group and is a company located in Rotherham registered in the United Kingdom (company number: 05057362; registered address as Units 8-10 Northfield Forge Way, Parkgate, Rotherham, South Yorkshire, S60 1SD). For the purposes of the European Union (“EU”) General Data Protection Regulation (“GDPR”), SALUS Controls Plc acts as the data controller responsible for determining the purposes and means of any processing of your personal data.

SALUS Controls has appointed a Group Data Protection Officer (“DPO”) for you to contact if you have any questions or concerns about our personal data policies or practices. The DPO can be contacted via email at: dataprotection@salus-tech.com, or by post at:

  • Data Protection Officer
  • SALUS Controls Plc
  • Units 8-10, Northfield Business Park
  • Forge Way
  • Rotherham
  • South Yorkshire
  • S60 1SD
  • United Kingdom

Other affiliate companies in the EU that form the SALUS Controls Group include:

  • SALUS Controls GmbH a company registered in Germany
  • SALUS Controls Romania S.R.L a company registered in Romania
  • SALUS Nordic A/S a company registered in Denmark

SALUS Controls Plc and its affiliate companies above are subsidiaries of SALUS Controls Limited. SALUS Controls Limited is a holding company incorporated in the British Virgin Isles (BVI) and is wholly owned by the Computime Group Limited, which is registered in Hong Kong.

QL Controls Sp. Z o.o. Sp.K. (“Agent”) is a company registered in Poland and is an exclusive and sole Agent appointed to sell SALUS Controls Limited Devices in select markets.

What We Collect and How We Use Your Personal Data

SALUS Controls will collect and process your information when we have one or more of these reasons:

  • To fulfil a contract we have with you (Contract)
  • When it is our legal duty (Legal)
  • When it is in our legitimate interest (Legitimate Interest). Legitimate Interest means the interest of conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Generally, we do not rely on consent as a legal basis for processing your personal data.

We may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature within the App. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

The table below describes the personal data SALUS Controls collects from users of our Apps and Devices, how we may use such personal data, and the reasons or purposes we rely on to do so.

TYPE OF PERSONAL DATA REASON / PURPOSE DETAILS

Account Registration or Profile Information

This is the personal data you enter and submit to register details on our App and includes:

  • First and Last Name
  • Email Address
  • Password
  • Address
  • Postal Code
  • Telephone Number
  • Language
  • Unique Device Reference or Identifier

A Device Identifier is a number that is automatically assigned to your Device when you access our servers. Our computers identify your Device by its Device Identifier.

Basis for Processing: CONTRACT

This information is used to meet our contractual obligations and provide our services to you as described when you purchase our Devices, and in the Terms and Conditions you accept when you download and use our Apps.

For example, we use this information to:

  • register and link Devices to an account or profile;
  • authenticate a Device owner and manage your account;
  • provide technical support, customer services, and assist you with the installation, use or configuration of your Devices and Apps;
  • manage an account and provide services to support the operation of your Devices;
  • administer your Device or App remotely;
  • provide guidance or fixes for you to implement;
  • log, diagnose and resolve issues or faults (whether or not in connection with the provision of our Healthcheck Services, as described in our End User Licence Agreement);
  • deal with complaints and claims, and process refunds or a product replacement;
  • organise an onsite engineer visit (whether or not in connection with the provision of our Healthcheck Services, as described in our End User Licence Agreement); and
  • send you specifications, manuals or installation guides.

Basis for Processing: LEGITIMATE INTEREST

We have a legitimate interest to use this data to:

  • support our audits and help meet our service standards, or for training purposes;
  • send you servicing communications by email – such as important notices, alerts, scheduled maintenance, updates or changes to our services;
  • send you information on new features or functionality of existing products you may own, and information to help improve the safety, security and way you use our Devices and Apps;
  • provide useful information to you on how to better utilise your heating, ventilation and cooling systems, and enhance the use of connected Devices and Apps you already own;
  • request feedback about the services we are currently providing to you through a survey for research purposes (although you do not need to respond to them);
  • investigate any suspected breach of our terms; and
  • send you communications containing promotional information on SALUS’ products, offers, and services and to make suggestions and recommendations to you about goods or services that may be of interest to you. Our legitimate interest here is Necessary for our legitimate interests to develop our products/services and grow our business.

Refer to “Your Communications Choices” below for details on how to update your choices.

SALUS Device and App Information

This is the personal data passively, automatically or voluntarily sent to us when you install and use our Devices and Apps, and includes:

  • Unique Device Reference (Device ID) and Device Type
  • IP Address
  • Device Mac Address
  • Device location (if Geo-location is activated and enabled through your smart Device or phone)
  • Names you give to your locations or Devices.
  • Images you decide to upload where they are of a personal nature.
  • Distance alerts or geo-fencing set up.

We also receive Device and App properties and information that will be treated as personal data when combined with Account or Profile Information for as long as it remains combined:

  • How you use Devices in your home:  For example,
    • user behaviour when logging on or using our Devices or Apps
    • usage history, including household energy and electricity, patterns and use.
    • Device configuration, settings, and schedules including temperature and if Device is set to holiday mode.
    • Device status – whether active or disabled (on/off).
  • Device Type, Browser Type, Operating System and Application Version.

The IP address associated with a smart device, phone or computer may provide an approximate location when you connect to our App, but this will be no more precise than the city, state or country.

Basis for Processing: CONTRACT

This information is used to meet our contractual obligations and provide our services to you as described when you purchase our devices, and in the Terms and Conditions you accept when you download and use our Apps.

For example, we use this information to:

  • add or remove Devices to your account;
  • enable you to view real-time Device settings, status and monitor energy usage;
  • enable you to control your Devices remotely through the Apps;
  • enable us to perform analytics to diagnose and resolve problems which we may detect in your heating system or which you as the user may experience;
  • enable us to organise an onsite engineer visit (whether or not in connection with the provision of our Healthcheck Services, as described in our End User Licence Agreement);
  • enable us to monitor stability of your Devices and connections between Device, gateway and Internet; and
  • monitor compliance with these terms or other applicable terms and conditions.

Basis for Processing: LEGITIMATE INTEREST

We have a legitimate interest to use this data to:

  • carry out historical or statistical research over aggregated information to gain a broader understanding of the performance and use of our Devices and Apps over time;
  • personalise the content you see, based on the details given by you and /or your activity on the App;
  • investigate any suspected breach of our terms;
  • identify, develop and deliver improvements to our products and services for example to assess and enhance safety, Device battery life, stability of Apps, or identify issues with heating system or smart home Device and connections; and
  • provide useful information on how to better utilise your heating, ventilation and cooling systems, and enhance the use of connected Devices and Apps you already own.

Cookies

SALUS Controls uses cookies to enable functionality of our Apps and improve the user’s experience. Cookies are small text files which are stored in the memory of your computer or other device such as mobile phones or tablet devices. Cookies are created when you visit a website or load an App that uses cookies.

We use cookies to save information about registered users on our Apps such as your username and password, provide secure log in, assess how our Apps are used, and personalize your experience.

It may be possible to disable some cookies through your computer, tablet or mobile device browser settings. Please note, however, that certain features of our services may not be available if cookies are disabled or deleted. For more details about cookies and details of how to disable and delete cookies, please visit www.youronlinechoices.eu.

The list below details the cookies that are used by our Apps:

App Cookie Name Description – What does this cookie do? Retention / Expiry
SALUS iT500 PHPSESSID Identify the client and save the login status Browsing session
SALUS-iT500.com (Web) PHPSESSID Identify the client and save the login status Browsing session
SALUS-iT500.com (Web) LG[one] Remember username / email when ‘Keep me logged in’ is selected by user. 1 month
SALUS-iT500.com (Web) LG[two] Remember encrypted password when ‘Keep me logged in’ is selected by user. 1 month
SALUS iT600 PHPSESSID Identify the client and save the login status Browsing session
SALUS iT600 PHPSESSID Browsing session
SALUS Smart Home _device_service_session Minimize webpage response times and provide personalisation (such as language preferences). Browsing session
SALUS Smart Home _session_id Identify the client and save the login status Browsing session

What Happens If You Don’t Give Us Your Information

To fulfil our contractual obligations we require our users to provide certain categories of personal data as described above. Although failure to provide information will not generally prevent users of SALUS Controls products from operating their Devices manually, in some cases those users will not benefit from the full user experience and not be able to connect or control our Devices remotely through our Apps. Please refer to the user guide of the SALUS branded Device you own for instructions on how to use the relevant Device manually.

Some of our Apps offer the functionality to switch off “Data Collection” within the App Settings. Please refer to settings within the App you use. Where Data Collection is switched off this means the App will be automatically disabled and your mobile device or computer cannot be used to manage your equipment or service, and you will also not receive important alerts or notifications.

Sharing of Personal Data and Locations of Processing

SALUS Controls will only share personal data with others when we are legally permitted to do so.

SALUS Controls is a global group of companies with subsidiaries and affiliates across Asia, North America and Europe supporting us to develop, engineer and sell our Devices and Apps, and provide technical support to users. We may share your personal data with these group companies, acting as joint controllers or processors of personal data, for the purposes set out in the table above. We also use third party data processors to process personal data on our behalf who help provide and support our products and services. Some third party data processors are based outside of the UK or are part of an international group of companies. Further details of these providers are set out below.

As a result of the above, personal data may be transferred, stored and accessed outside the countries where we and our data processors are located.  This includes countries outside the European Economic Area (“EEA”). The laws in some countries may not provide as much legal protection for your personal data as in the EEA.

SALUS Controls take steps to ensure all personal data is provided with adequate protection and that transfers of personal data outside the EEA are done lawfully.  Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an appropriate framework that protects the fundamental rights of anyone in the EU for such international data transfers, such as the EU-US Privacy Shield or a European Commission approved standard contractual clauses. If you would like more information on our international data transfer mechanisms please contact us via the details in section “Data Controller and Data Protection Officer”

Personal data held by us may be transferred to the following categories of third party (whether as data processor or joint controller):

  • Affiliates and subsidiaries in the same group of companies as us: for administration purposes, to fulfil our contract, deploy our products and services to you, and as necessary to pursue our legitimate interests;
  • Third party cloud providers: to provide ‘Internet of Things’ and Internet connection services; provide cloud-based solutions including infrastructure, servers and software; perform diagnostics and support for the stable operating of our Apps and connected Devices; provide security, back up and system availability services; and support problem management to resolve issues.
  • Other service providers, data processors and advisors: such as companies that support our IT and provide cloud hosting services, help develop and test our Apps, process payments, send communications to our customers, provide us with legal, accountancy, insurance and banking advice, and generally help us deliver our services to you;
  • Third-party installers and service engineers: to share operating and system diagnostics information, to book appointments with you and to provide installation, Device inspection and maintenance services, and any other onsite support (whether or not in connection with the provision of our Healthcheck Services, as described in our End User Licence Agreement);
  • Market research partners: to contact our customers to help us find out how to improve our products and services;
  • Parties involved in corporate transactions: as part of a purchase, merger or transfer, or in the event of a bankruptcy;
  • Parties as a requirement by law: to comply with the law or respond to compulsory legal process; to assist government or regulators; and to verify or enforce compliance with policies governing our services.

Security of Personal Data

SALUS Controls is committed to keeping personal data secure. We endeavour to apply suitable safeguards including technical, administrative and physical measures designed to protect the privacy and security of your personal data.

SALUS Controls also minimizes the risk to your rights and freedoms by limiting access to personal data to only those who have a business need and not collecting or storing special categories of information about you through our Apps or Devices. We require third party data processors to safeguard personal data and only use your personal data for the purposes we specify.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to and from our Apps or Devices. Once we receive your information, we will use strict measures and security features to try to prevent unauthorised access.

Retention of Personal Data

SALUS Controls will keep your personal data for as long as is reasonably necessary for the purposes we have described. These periods vary depending on the nature of the information and your interactions with us, our legal basis for processing the information and the requirements imposed on us by law and regulations. The retention period may also be affected by our litigation, accounting or reporting requirements. When we no longer need (or are obliged) to process your personal data, we will take reasonable steps to securely destroy your information or permanently de-identify it.

Your Privacy Rights

The GDPR and other countries’ privacy laws provide certain rights over your personal data. If you have any questions about how we process your personal data or wish to exercise any of your rights, please contact us via the details in section “Data Controller and Data Protection Officer”.

In certain instances, you have the right to:

  • access, review and/or update your personal data;
  • restrict and/or object to the use of your personal data;
  • withdraw consent for our use of your personal data at any time where we process personal data based on consent, for example to opt-out of receiving marketing messages. This does not affect the lawfulness of the processing that occurred on the basis of your earlier consent, before its withdrawal;
  • request erasure of your personal data, subject to certain conditions, for example where the processing does not comply with applicable data protection laws;
  • when technically feasible, request personal data to be provided or transmitted directly to another controller (right to portability); and
  • request a copy of the personal data we hold about you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Your Communications Choices

You will receive marketing communications from us if you have requested information from us or purchased goods from us and you have not opted out of receiving that marketing. SALUS Controls will nevertheless give users a choice to receive marketing and promotional communications. If you wish to stop receiving such communications, you can update your preference at any time by the following methods:

  • Click the “Unsubscribe” link presented in any promotional email communication we send;
  • Updating your notification preferences where available via our Apps; and
  • Contacting us via the details in section “Data Controller and Data Protection Officer” and requesting removal from our mailing list.

Note - Opting out of promotional emails will not end transmission of important service-related emails that are necessary to the on-going use of our services.

Complaints

SALUS Controls hopes that you won’t ever need to, but if you do want to complain about our use of personal data, please contact our Data Protection Officer using the contact details in section “Data Controller and Data Protection Officer”.

If you do not feel we have been able to resolve your complaint satisfactorily you can lodge a complaint with the data protection regulator in the United Kingdom – the Information Commissioner's Office (“ICO”).  For further information on how to complain to the ICO, please refer to the ICO website: https://ico.org.uk/global/contact-us/.

Changes to This Privacy Notice

This Privacy Notice was last updated on [27 February 2020].

We recognise that transparency is a continual responsibility, so we will keep this Privacy Notice under regular review and updated. Any changes to this notice will be posted on this page, so please check back frequently.