Heat@Home Personal Data Protection Statement
1.
General provisions
1.1.
The Personal Data Protection Statement Heat@Home regulates the
protection of end-user personal data with Heat@Home Service.
1.2.
By using the Heat@Home Service, the user acknowledges that he is
aware of the contents of the Personal Data Protection Statement and
agrees to its terms.
1.3.
Personal Data Protection Statement Heat@Home is available at
www.nomnio.com.
1.4.
Nomnio d.o.o., Razvanje, Tržaška cesta 85A, SI-2000 Maribor, Slovenia
(hereinafter: provider), reserves the right to change or amend the
Personal Data Protection Statement without prior notice. Unless
otherwise specified, the amended Personal Data Protection Statement
shall enter into force on the day of publication at the Nomnio d.o.o.
website available at
www.nomnio.com.
2.
Definitions
In this statement, the terms used shall have the following
meanings:
2.1.
Contractual data processor is an organization or an individual,
authorized by the data controller to process the users’ data for a
specific task following the requirements of the data controller.
2.2.
Data controller is the provider of Heat@Home Service.
2.3.
General Terms and Conditions for using Heat@Home Service
are terms and conditions of the service provider and are available at
the Nomnio d.o.o. website
www.nomnio.com.
2.4.
Personal data is any data that relates to an individual,
regardless of the form in which it is expressed.
2.5.
Personal data processing means any operation or set of
operations that are performed in connection with personal data, which
is subject to automated processing or manual processing (processing
means) of personal data collection or is intended for inclusion in the
collection of personal data, in particular the collection, entry,
editing, storage, adaptation or alteration, retrieval, consultation,
use, disclosure by transmission, communication, dissemination or
otherwise making available, alignment or integration, blocking,
anonymizing, erasure or destruction.
2.6.
User is the end-user, i.e., a customer that uses Heat@Home
Service.
2.7.
ZVOP-1 is the Public-Private Partnership Act (OG RS, No.
94/07).
3.
Legal basis for collection, processing, and storage of personal
data
3.1.
The legal basis for processing and collecting the personal data
provided by the user is the user’s explicit consent. This statement
specifies when the user’s explicit consent is deemed to have been
provided.
3.2.
Personal data of minors can be processed with their parent’s consent
or the consent of their legal representatives. It is considered that
the consent of the parents or legitimate representatives is provided
if they, as the holders of the Heat@Home building, allow the minor
to create a user account.
4.
Data collected by the Heat@Home Application and the purpose of
processing
The following user data is collected and processed:
4.1.
Personal data of users:
4.1.1
Full name
The data is processed to personalize the service, identify with the
repairer, and provide technical support.
4.1.2
Home address or address of the building where the device is installed
The data is collected to personalize the service, identify with the
repairer, and provide technical support.
4.1.3
Email
If the user registers with the Heat@Home Application with their
email account, the data is processed for sign-in identification,
notices on upgrades and other services performed by the provider, and
promotional emails. The users can always choose to cancel the
promotional emails by clicking the link at the bottom of the
promotional email or by sending a written request to terminate this
feature to the official email address of the provider.
4.1.4
Social network profile information
If the user registers with the Heat@Home Application with their
social network profile (Facebook, Google or Apple), the basic user
profile information is collected. The type of information received
depends on the user’s privacy settings, whereby the following data is
included: user name, full name, email address, profile picture,
gender, age, location. For identification at sign-in, the following
data is collected, stored, and processed: full name, email address,
profile picture. This Personal Data Protection Statement is completely
independent of the privacy policy of the social network provider. The
provider does not assume any responsibility for any misuse of personal
data which is not exclusively in the provider’s domain and which does
not relate to the use of the Heat@Home application.
4.1.5
Telephone number
The user provides its phone number for notices on upgrades, technical
support, and other notifications via text messages or calls.
4.1.6
Country
The data is collected to personalize the service, identify with the
Repairer, and provide technical support.
4.1.7
IP address
The data is collected to prevent unwanted visitors (spiders, DDOD,
etc.) and abuse. If an incorrect password for the user account is
entered 10 times, the IP address through which the incorrect password
was entered is blocked from accessing the service. The user is
informed about the blocked access via email and can re-enable it.
4.2.
Device data:
The following data on user devices are collected and processed:
Heat@Home communication module, controller, router IP address, MAC
address, security protocol (WPA, etc.), SSID, signal strength.
4.2.1
Technical data
The following data are collected and processed: device model, state of
connectivity (online, offline), device software version, Wi-Fi network
SSID, and the information about when the device was last connected (if
offline).
4.2.2
Device functioning
The following data are collected and processed: all status changes,
i.e., measurements of temperature sensors, all status changes, i.e.,
measurements of relays, and heating system settings.
4.2.3
Operational parameters of the controller
The following data is collected and processed:
•
User parameters of the controller operation: mode of operation
(day mode, night mode, constant day/night temperature, heating
off), user functions (party, eco, holiday), weekly heating
schedule;
•
Configuration parameters of the controller operation.
•
Device data from
Section 4.2.
is processed to ensure the operation of Heat@Home Service,
technical support, and services. Anonymous data are processed to
develop and improve new and existing products and services, to
provide better solutions for a more convenient and cost-efficient
heating control, and for general analysis of Heat@Home Service
usage.
5.
Creating a user account in the Heat@Home Application
5.1.
User account registration is performed following the General Terms and
Conditions for using the Heat@Home Service available at the Nomnio
d.o.o. website
www.nomnio.com.
5.2.
If the account registration is performed via email or social network,
the Auth0 authentication (located in the EU) by Auth0, Bellevue,
Washington, United States is used.
5.3.
By registering, the users declare that they have read and understood
the privacy policy of Auth0, which is available at
https://auth0.com/security.
5.4.
If more than one user account is created for one Heat@Home
building, the holder of the Heat@Home environment (owner) cannot
be a minor.
6.
Data storage period and termination of user account
6.1.
The provider will store personal data as long as necessary to achieve
the purpose for which it was collected.
6.2.
Furthermore, the provider will store personal data to process it for
historical, statistical, and scientific research purposes, all in
anonymized form, and shall erase them after the processing has been
completed.
6.3.
The user can, at any time, request an overview of its stored data or
changes to stored data if they are incorrect or incomplete, and
request the provider to erase them. The request for data access,
modification, or deletion is made by the user in the manner specified
in the General Terms and Conditions for using the Heat@Home
Service, available at the Nomnio d.o.o. website
www.nomnio.com. Upon the user’s request, the provider, as the data controller, will
erase all data except for those required to be stored longer under the
legislation.
7.
Contractual data processors
7.1.
Without a prior notice to users, the provider may entrust individual
tasks of personal data processing to a contractual data processor who
is registered for performing such an activity and who provides
appropriate procedures and measures for personal data protection. The
contractual data processor may perform individual tasks relating to
the processing of personal data within its authorizations, and may not
process personal data for any other purpose.
7.2.
Under the provisions laid down in Article 63 ZVOP-1, the provider may
supply personal data to the contractual data processors in a third
country.
7.3.
The user has the right to demand information on all contracted data
processors from the provider. The user sends the request for
information via email to
support@nomnio.com. The
provider undertakes to process the request in the period and manner
set out by ZVOP-1.
8.
Informing employees about personal data protection
8.1.
The protection of personal data for Heat@Home users is ensured in
such a way that all employees and all external associates of the
provider are informed of the provisions of the provider’s internal
rules that regulate the field of personal data protection as well as
technical and organizational procedures for securing personal data,
preventing unauthorized access or disclosure of such data, maintaining
the accuracy and proper use of personal data.
9.
Disclosure of data to third persons
9.1.
The personal data controller is obliged to disclose the user’s data to
competent authorities where the latter requires such disclosure based
on legal authorization.
9.2.
In the event of a reorganization, merger, or sale of the provider or
the contractual data processor, it may disclose personal data within
the scope of powers it possesses to a third party for the processing
of personal data.
10.
Inquiries on personal data protection
10.1.
If you have any questions regarding the protection of personal data or
access to personal data of Heat@Home, do not hesitate to contact
us at
support@nomnio.com.
10.2.
The provider undertakes to answer all questions sent to the
abovementioned email address within 10 working days.
11.
Final provisions
11.1.
The legal validity of these provisions, the relationship between the
provider and the user, as well as resolving possible disputes, falls
under the jurisdiction of the regulations in force in the territory of
the Republic of Slovenia, except insofar as the regulations governing
the field of consumer protection and which apply in the country of the
user provide more comprehensive protection. All possible disputes
shall be resolved by the court having jurisdiction at the place where
the provider has its principal place of business.
11.2.
Insofar as an individual provision of this Protection of personal data
statement proves invalid, this does not affect the validity of other
provisions.
11.3.
Privacy policy can be modified due to changes introduced by the
development of the Heat@Home Service. The users shall be notified
of any changes to the Protection of personal data statement in advance
via an email sent to the email address given upon creating a user
account in the Heat@Home Application.
11.4.
The Protection of personal data statement enters into force on
1.9.2024.
