Privacy Policy of Comelit Group S.p.A.

1. INTRODUCTION
Your privacy is important to Comelit Group S.p.A. We have therefore developed a Privacy Policy on how we collect, use, disclose, transfer and store your data. Please read this document to learn about our privacy policy and let us know if you have any questions.
With this document Comelit Group S.p.A provides you, pursuant to articles 13 and 14 of the European Regulation no. 2016/679, on the protection of individuals with regard to the processing of personal data (hereinafter, “GDPR”), with some information regarding the processing of your personal data required whenever you come into contact with Comelit Group S. p.A. or companies controlled by it in relation to the use of the Comelit website www.comelitgroup.com and www.comelit-pac.co.uk, the services offered by Comelit and the Comelit applications (hereinafter only “App”).

Our Privacy Policy explains:
– Data collected and purposes.
– How we use this information.
– The options we offer, including how to access and update the information.
This document is also drawn up taking into account the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on cookies, and the provision of the Italian Data Protection Authority “Identification of simplified procedures for the provision of information and the acquisition of consent for the use of cookies” of 8 May 2014 of the recommendations and clarifications provided by the Working Group Article 29 in the “Opinion No. 2/2013 on applications for smart devices”, as well as in the “Opinion 13/2011 on geolocation services”.

2. PROCESSED DATA
2.1 Data required to use the website and applications
Personal information is data that can be used to identify or contact a specific person, to offer better services to all our customers/users. You may be asked to provide your personal information whenever you get in touch with Comelit or a Comelit-affiliated company.

Here are some of the types of personal data Comelit may collect, and their uses:

Access data collected anonymously
The computer systems and software procedures used to operate the website and all Comelit applications acquire, even without the user’s registration, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP address or domain name of the device you are using, the operating system, the model and brand of the device, the mobile operator, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of your device. This data, collected anonymously through the use of cookies or web beacons, is used for the sole purpose of obtaining anonymous statistical information on the use of the application and the website and to check its correct functioning.

Data provided voluntarily by the user
If you choose to register by creating your own account for the use of the site and applications related to Comelit products, we ask you to send and/or provide certain personal information with which you can be personally identified, including your name and surname, e-mail address, year of birth, tax code, user name and password, telephone number and postal address, necessary for the creation and management of the Users/Customers/users registry (hereinafter CRM supported with PROCAL system). The same data will be requested during interventions carried out by the technical assistance centre (SATCO) and by service employees for the provision of Comelit services. The user is responsible for the accuracy of the personal information sent/supplied to Comelit.
In these cases we will ask you for explicit authorisation to process the data provided (e.g. on the registration page, on the intervention card or when requesting telephone assistance).
The data processed also include information, data and videos, collected by your Comelit devices and related applications which may be stored, if the service is activated, for a certain period of time on specific Clouds not directly managed by Comelit but located on European territory or in countries whose privacy policy is recognised by the EU.
Data supplied voluntarily also include images and videos collected by our customers using Comelit equipment (i.e. video intercoms, video surveillance systems) whose images, if the facial recognition service is activated, may be stored in an absolutely anonymous form and after conversion of the images into algorithms that do not allow reconstruction of the original images. The data extracted from the images may be used for the comparison of other images.
We will use this user information provided by you to enable your device to perform facial recognition. For this purpose, you shall receive specific notice on the use of the facial recognition system if it is active.

Location data
When you use Comelit applications and services, we may collect and process information on your location and the location of your systems. If you have activated the use of geo-localisation services when installing the system or application and if you have expressly consented to the processing of geo-localisation data, the applications, when active, will acquire data relating to the geographical position of the Comelit system and/or your equipment (GPS, Wi-Fi, GSM network).
You can, however, decide to deactivate the geolocation services of your device at a later date by accessing the special localisation permissions section of your device’s operating system (Android or IOS). From that moment on, you will no longer be able to collect geolocation data for the use of the service.
If you have not activated the use of geolocation services at the time of installation, if you have not consented to the processing of geolocation data at the time of registration or if you decide to deactivate geolocation services, you will not be able to use certain functions of the applications.

Information we collect from third parties
We may also collect information about you from third parties, including information from our partners (external SATCO Technical Service Centers, installers, etc.) and other partners; from social media services (including but not limited to Facebook, Linkedin, Instagram) consistent with your settings on those services; and from third-party sources. We may add such information to the information we already have on file and share it with others as set forth in this Policy.
The provision of registration data is optional (art. 6(b), (e) GDPR), however, failure to provide it may prevent Your registration and use of Comelit’s application and account features and provision of services (art. 7 GDPR).
Comelit and its affiliates may share this data with each other and use it in accordance with this privacy policy. They may also combine it with other data to provide and improve products, services, content and advertising materials. You are not required to provide the personal information we request; however, if you choose not to provide it, in many cases we will not be able to offer you our products or services or answer your questions.
The data may be used for the investigation of criminal liability where required by the competent authorities.

3. PURPOSE OF PROCESSING AND LEGAL BASIS
The legal basis of the processing means the source/origin/justification of the processing following the consent provided in accordance with Article 4 of the GDPR by the data subject.

3.1 Your data will be processed:
– for the technical management of Comelit systems and applications;
– for the management of your registration;
– to allow you to use the functions of the applications including the facial recognition service that some video door phones are equipped with;
– to send you push notifications;
– for marketing activities;
– for the fulfilment of legal obligations to which the Controller is subject.
In relation to these purposes, the legal basis for the processing is the performance of a contract to which the data subject is a party, the execution of pre-contractual measures taken at the request of the data subject or in satisfaction of a request by the data subject.

3.2 Comelit Group S.p.A. will process your data subject to your specific consent. In relation to these purposes, the legal basis is the consent of the data subjects.
Consent to the processing of personal data is purely optional, it being understood that if consent is not given you will not be able to use the services and applications.

3.3 Comelit Group S.p.A. may also use user information (which may include personal data and videos) for the following purposes.
– Comelit Group S.p.A. may use the video in the cloud cache or uploaded by the user to provide the motion detection alarm function with push notifications. Cloud cached video will be saved, on the server, for no longer than 24 hours.
– To provide remote access to real-time video or video playback on the cloud When the user watches a real-time video or video playback, a p2p channel will be set up to transfer the video stream. If errors occur in setting up the p2p channel, we can use our server to retransmit the data. All streaming and non-streaming data will be saved on the server.
– To query the status of the device: to verify that the user’s access is authorised.
– To provide the facerecognition service: if activated by the customer the facerecognition function at each video call the system detects the image of the caller, this image can be associated on the customer’s device to a name and/or pseudonym and will be converted into an algorithm saved on a cloud server in anonymous form. Following the conversion, the image will be permanently deleted. This algorithm will be retrieved from the device used by the customer for comparison with the images of other video calls.

Personal Data
– The personal data we collect allows us to keep you updated on the latest Comelit product announcements, software updates and upcoming events. If you do not want to be included in our mailing list, you can unsubscribe at any time.
– We also use personal data to develop, deliver and improve our products, services, content and advertising materials, as well as to prevent loss and fraud.
– Personal data, including date of birth, may be used to verify identity, facilitate user identification and determine appropriate services. For example, date of birth may be used to determine the age of Comelit ID account holders.
– We may periodically use your personal information to send you important notices, such as notices of changes to our terms, conditions and policies. Because this information is important to your interaction with Comelit, you cannot opt out of receiving these communications.
– We may also use personal information for internal purposes, audits, data analysis and research to improve our products, services and communications with Comelit’s customers/users.
– If you participate in a competition or similar promotion, we may use the data you provide to administer these activities.
Furthermore, in order to provide our services to you, we require that you provide us with the necessary personal information. If you do not share your personal information with us, we will not be able to provide you with our products or services. We will only collect information that is necessary for specified, legitimate and explicit related purposes and the data and information you provide will not be processed.

The information collected will be of this type (which may or may not be personal information):
– Device information: data about the hardware, performance, status and settings of the device. For example, device name, device ID, device settings, device status (online/offline), IP address, MAC address, Wi-Fi RSSI, router SSID, firmware version
– User provided or uploaded information: we may collect personal information provided by the user, such as Comelit account details
– Cloud cached video: while using Comelit systems if the detection function is enabled, when motion is detected we may collect video clips that will be stored in the cloud. By default, each video will be saved in the cloud. The user can disable this function at any time.
– Local video: for the provision of video door entry and video monitoring services, we may collect the user’s video information saved in the memory card inserted by the user, or in the internal memory of the device itself, for the purpose of viewing the history.

Non-personal data
Data that is collected anonymously or is in a form that does not, in itself, allow direct association with a specific individual, such as but not limited to profession, language, postal code, area code, unique device identifier, referral URL, location and time zone where a Comelit product is used in order to better understand customer/user behaviour and to improve our products, services and advertising materials are collected, used, transferred and disclosed by us for any purpose.

4. STORAGE PERIOD
Your data will be processed for the entire duration of the contract and/or validity of the account as well as for the period provided for by the law on tax matters. Personal data processed for Marketing Purposes will be kept in compliance with the principle of proportionality and, in any case, until the purposes of the processing have been pursued or until – if previously – the revocation of the specific consent by the data subject.
Images and videos will be retained for a maximum period of 24 hours.

5. METHODS OF PROCESSING AND THEIR USE
5.1 Processing
The data will be processed, in compliance with the necessary security and confidentiality, by means of the following methods: collection of data from the data subject, collected and recorded for specific, explicit and legitimate purposes and used in further processing operations in terms compatible with those purposes, processing carried out with the aid of electronic and automated tools (data collection by telematic means, directly from the data subject)
Data processing is based on the principles of correctness, lawfulness and transparency in accordance with the GDPR; It may be carried out either manually or by automated means for storing, processing and transmitting the data and shall take place by means of technical and organisational measures that are appropriate, insofar as reasonably necessary and in accordance with the state of the art, to ensure, among other things, the security, confidentiality, integrity, availability and resilience of the systems and services, avoiding the risk of loss, destruction, unauthorised access or disclosure or, in any case, unlawful use, as well as by means of reasonable measures to delete or rectify in a timely manner any data that are inaccurate with respect to the purposes for which they are processed.

5.2 Use
Access to data
Your data may be made accessible for the purposes set out in art. 3: (i) to employees and collaborators of Comelit or Group companies in Italy and abroad, in their capacity as data processors and/or internal data controllers and/or system administrators; (ii) to third party companies or other parties (for example, credit institutions, professional firms, consultants, insurance companies for the provision of services, etc.) who carry out activities in outsourcing on behalf of Comelit, in their capacity as external data processors.
Data communication
Without the need for express consent (ex art. 6 lett. b) and c) GDPR), Comelit may communicate your data for the purposes referred to in art. 3 to judicial authorities, as well as to those subjects to whom the communication is required by law for the fulfillment of the aforementioned purposes. These subjects will process the data in their capacity as autonomous data controllers.
Data transfer
Your registration data will reside on your Comelit devices and devices using the Comelit applications may communicate your data for the purposes set out in art. 3 without the need for your express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR).
Personal data are stored on servers located within the European Union. In any case, it is understood that Comelit, as Data Controller, will have the right to move the servers outside the EU if necessary. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in compliance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided for by the European Commission.

6. RECIPIENTS OF DATA
6.1 Your data shall be processed by employees and collaborators of Comelit Group S.p.A. who carry out the activities related to the pursuit of the above-mentioned purposes. These employees have been appointed as data processors and have received adequate operating instructions in this regard.
6.2 Comelit shares users’ personal data with companies that provide services such as data processing, data storage, processing of customer/user orders, home delivery of products, management and improvement of customer/user data, customer/user support, evaluation of interest in our products and services and market research or user satisfaction surveys. These companies are obliged to protect your data and may be located wherever Comelit operates.

7. YOUR RIGHTS
In relation to the processing of personal data carried out by Comelit, you may request access to the Data concerning you, their rectification or deletion pursuant to art. 17 of the GDPR, the integration of incomplete Data, the restriction of Processing; to receive the Data in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another data controller without hindrance in case the conditions for exercising the right to portability pursuant to art. 20 of the GDPR (the processing is based on consent pursuant to Art. 6.1 lett. a) or Art. 9.2, lett. a) or on contract pursuant to Art. 6.1, lett. b) of the GDPR and is carried out by automated means); to revoke the consent given at any time for the purpose referred to in Art. 3 above and to object, in whole or in part, to the processing in the cases allowed; to lodge a complaint with the Guarantor, as well as to exercise the other rights recognised by the applicable regulations (Art. 16-21 GDPR).
These rights may be exercised by sending a written communication to the address below or an e-mail to: [email protected], as well as by using the access tools available within each application.

8. USE OF COOKIES AND COOKIE POLICY
Comelit and its partners use various technologies to collect and store information when you visit Comelit’s website or use Comelit’s services and applications, which may include the use of cookies, web beacons, pixel tags or similar technologies to identify your browser or device. We also use these technologies to collect and store information when you interact with services we offer our partners, such as advertising services or features of Comelit applications that may be displayed on other sites.

Cookies
We use “cookies” to personalise your experience on the Comelit site and app, if you create a password, to store your password so you don’t have to re-enter it each time you visit the site or access the app. Cookies” are small files that are transferred to your computer’s hard drive that contain information such as your user ID, your preferences, the pages you have visited and the activities you have performed while using the sites. We do not connect the information stored in cookies to any of your personal information submitted on the sites. You can block cookies or delete cookies from your hard drive; however, if you disable cookies, you will not be able to access the full functionality of the sites or applications. Some of our business partners and affiliates also use cookies to provide anonymous data and information regarding the use of our sites, applications and services. We do not have access to or control over these cookies; our privacy policy does not cover the use of such cookies. Some of our business partners (e.g. licensees and sponsors) may use cookies on our Site (in advertising banners) or on their sites accessible from ours via links. We do not have access to and cannot control these cookies. We do not have access to or control over these cookies. You are not obliged to accept cookies from us or from any other website and you can set your browser not to accept cookies, although in this case some functions of the Site may not be available.

Web Beacons
Comelit or our tracking services company also uses “web beacons” to collect information about your use of our sites and apps on published sponsor and sponsor websites and your use of emails, special promotions or newsletters that we send. Web beacons are small graphic files embedded in a web page or email that provide a presence on the web page or email and return information to the home server from the user’s browser. The information collected by web beacons allows us to statistically track how many people open our e-mails, use our sites and services, and affiliate, sponsor and advertiser sites and communications, and for what purposes. Our web beacons are not used to monitor your activity outside of our sites or applications or those of our affiliates or sponsors. We do not link web beacons to personal information without your consent, except in connection with our marketing, promotion or similar initiatives alone or in cooperation with our business partners and affiliates.

Traffic Data
We may automatically collect the following categories of information when you visit our website or apps: (1) IP addresses; (2) domain servers; (3) types of computers accessing the website; (4) types of web browsers used to access the website; (5) referral source that may have been sent to the website; and (6) other information associated with your browser and website and app interaction with the installed equipment (collectively, “traffic and/or equipment usage data”). We do not link non-personal information from traffic data to personal information without your consent, except in connection with our marketing, promotion or similar initiatives alone or jointly with our business partners and affiliates.