Privacy policy

1. General provisions

1.1.

The personal data protection statement Nomnio IoT Platform regulates the protection of end-user personal data with Nomnio IoT Platform service.

1.2.

By using Nomnio IoT Platform service, the user acknowledges that he is aware of the contents of the Personal data protection statement and agrees to its terms.

1.3.

Personal data protection statement Nomnio IoT Platform is available at www.nomnio.com.

1.4.

NOMNIO d.o.o., Tržaška cesta 85A, SI-2000 Maribor, Slovenia (hereinafter: provider), reserves the right to change or amend the Personal data protection statement without prior notice. Unless otherwise specified, the amended Personal data protection statement shall enter into force on the day of publication at Nomnio IoT Platform website available at www.nomnio.com.

2. Definitions

In this statement, the terms used shall have the following meanings:

2.1.

Contractual data processor is an organization or an individual, authorized by the data controller to process the users’ personal data for a specific task in accordance with the requirements of the data controller.

2.2.

Data controller is the provider of Nomnio IoT Platform service.

2.3.

General Terms and Conditions for using Nomnio IoT Platform service are terms and conditions of the provider and are available at Nomnio IoT Platform website www.nomnio.com.

2.4.

Personal data is any data that relates to an individual, regardless of the form in which it is expressed.

2.5.

Personal data processing means any operation or set of operations which is performed in connection with personal data, which is subject to automated processing or manual processing (processing means) of personal data collection or is intended for inclusion in the collection of personal data, in particular the collection, entry, editing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, communication, dissemination or otherwise making available, alignment or integration, blocking, anonymizing, erasure or destruction.

2.6.

User is the end-user, i.e., customer that use Nomnio IoT Platform services.

2.7.

ZVOP-1 is the Public-Private Partnership Act (OG RS, No. 94/07).

3. Legal basis for collection, processing and storage of personal data

3.1.

The legal basis for processing and collecting the personal data provided by the user is the user’s explicit consent. This statement specifies when the user’s explicit consent is deemed to have been provided.

3.2.

Personal data of minors can be processed with their parents’ consent or the consent of their legal representatives. It is considered that the consent of the parents or legitimate representatives is provided if they, as the holders of the Nomnio IoT Platform environment, allow the minor to create a user account.

4. Data collected by the Clausius application and the purpose of processing

The following user data is collected and processed:

4.1. Personal data of users

4.1.1. Full name

The data is processed in order to personalize the service, identify with the repairer, and to provide technical support.

4.1.2. Home address or address of the building where the device is installed

The data is collected in order to personalize the service, identify with the repairer, and to provide technical support.

4.1.3.Email

If the user registers with the Clausius application with their email account, the data is processed for the purpose of sign-in identification, notices on upgrades and other services performed by the provider, and for promotional emails. The users can always choose to cancel the promotional emails by clicking the link at the bottom of the promotional email or by sending a written request to terminate this feature to the official email address of the provider.

4.1.4. Social network profile information

If the user registers with the Clausius application with their social network profile (Facebook or Google+), the basic user profile information is collected. The type of information received depends on the user’s privacy settings, whereby the following data is included: user name, full name, email address, profile picture, gender, age, location. For the purpose of identification at sign-in, the following data is collected, stored and processed: full name, email address, profile picture. This Personal data protection statement is completely independent from the privacy policy of the social network provider. The provider does not assume any responsibility for any misuse of personal data which is not exclusively in the provider’s domain and which does not relate to the use of Calusius application.

4.1.5. Telephone number

The user provides its phone number for the purpose of notices on upgrades, technical support, and other notifications via text messages or calls.

4.1.6. Country

The data is collected in order to personalize the service, identify with the Repairer, and to provide technical support.

4.1.7. IP address

The data is collected to prevent unwanted visitors (crawlers, DDOD, etc.) and abuse. If an incorrect password for user account is entered 10 times, the IP address through which the incorrect password was entered is blocked from accessing the service. The user is informed about the blocked access via an email and can re-enable it.

4.2. Device data

4.2.1. Technical data

The following data are collected and processed: device model, state of connectivity (online, offline), device software version, Wi-Fi network SSID, and the information about when the device was last connected (if offline).

4.2.2. Device functioning

The following data are collected and processed: all changes in status, i.e., measurements of temperature sensors, all changes in status, i.e., measurements of relays, and heating system settings.

4.2.3. Operational parameters of the controller

The following data is collected and processed:

  • User parameters of the controller operation: mode of operation (day mode, night mode, constant day/night temperature, heating off), user functions (party, eco, holiday), weekly heating schedule;
  • Configuration parameters of the controller operation.

4.2.4.

Device data from point 4.2 is processed in order to ensure the operation of Nomnio IoT Platform service, technical support, and servicing. Anonymous data are processed in order to develop and improve new and existing products and services, to provide better solutions for a more convenient and cost-efficient heating control, and for general analysis of Nomnio IoT Platform service usage.

5. Creating user account in Clausius application

5.1.

User account registration is performed in accordance with the General Terms and Conditions for using Nomnio IoT Platform service available at Nomnio IoT Platform website www.nomnio.com.

5.2.

I the account registration is performed via email or social network, the Auth0 authentication (located in the EU) by Auth0, Bellevue, Washington, United states is used.

5.3.

By registering, the users declare that they have read and understood the privacy policy of Auth0, which is available at  https://auth0.com/security.

5.4.

If more than one user account is created for one Nomnio IoT Platform environment, the holder of the Nomnio IoT Platform environment (administrator) cannot be a minor.

6. Data storage period and termination of user account

6.1.

The provider will store personal data as long as necessary to achieve the purpose for which it was collected.

6.2.

Furthermore, the provider will store personal data in order to process it for historical, statistical and scientific research purposes, all in anonymized form, and shall erase them after the processing has been completed.

6.3.

The user can, at any time, request an overview of its stored data or changes to stored data if they are incorrect or incomplete, and request the provider to erase them. The request to data access, modification or deletion is made by the user in the manner specified in the General Terms and Conditions for using Nomnio IoT Platform service. Upon the user’s request, the provider, as the data controller, will erase all data except for those required to be stored longer under legislation.

7. Contractual data processors

7.1.

Without a prior notice to users, the provider may entrust individual tasks of personal data processing to a contractual data processor who is registered for performing such an activity and who provides appropriate procedures and measures for personal data protection. The contractual data processor may perform individual tasks relating to the processing of personal data within its authorizations and may not process personal data for any other purpose.

7.2.

Under the provisions laid down in Article 63 ZVOP-1, the provider may supply personal data to the contractual data processors in a third country.

7.3.

The user has the right to demand information on all contracted data processors from the provider. The user sends the request for information via email to info@nomnio.com. The provider undertakes to process the request in the time period and manner set out by ZVOP-1.

8. Processing of data collected by the Kelvin application

8.1.

Kelvin application is the dedicated application for repairers and support.

8.2.

The data from point 3, collected by the Clausius application, will also be processed in the Kelvin application in order to provide support to the operation and use of the heating system.

8.3.

Kelvin application can be accessed exclusively by the provider and its contractual processors (authorized repairers and its other authorized legal persons providing services relating to and necessary for the proper operation of Nomnio IoT Platform service for the provider).

8.4.

Upon the prior consent of the user, an authorized repairer will have access to the information specified in point 3 . A prior consent for data access is deemed to have been given under the following circumstances:

  • If the repairer adds a new GWD communication module through the Kelvin application and the customer confirms the repairer as its chosen repairer in the process of taking over the device;
  • If the customer selects its chosen repairer through the Clausius application.

9. Informing employees about personal data protection

9.1.

The protection of personal data for Nomnio IoT Platform users is ensured in such a way that all employees and all external associates of the provider are informed with the provisions of the provider’s internal rules that regulate the field of personal data protection as well as technical and organizational procedures for securing personal data, preventing unauthorized access or disclosure of such data, maintaining the accuracy and proper use of personal data.

10. Disclosure of data to third persons

10.1.

The personal data controller is obliged to disclose the user’s personal data to competent authorities where the latter require such disclosure on the basis of legal authorisation.

10.2.

In the event of a reorganization, merger or sale of the provider or the contractual data processor, it may disclose personal data within the scope of powers it possesses to a third party for the processing of personal data.

11. Inquiries on personal data protection

11.1.

If you have any questions regarding the protection of personal data or access to personal data of Nomnio

Platform, do not hesitate to contact us at info@nomnio.com.

11.2.

The provider undertakes to answer all questions sent to the abovementioned email address within 10 working days. However, the provider is not obliged to provide an answer in the case of questions or problems explained in this statement, at Nomnio IoT Platform website www.nomnio.com in the FAQ section, or to which the provider has already provided an answer or explanation.

12. Final provisions

12.1.

The legal validity of these provisions, the relationship between the provider and the user, as well as resolving possible disputes, falls under the jurisdiction of the regulations in force in the territory of the Republic of Slovenia, except insofar as the regulations governing the field of consumer protection and which apply in the country of the user provide a more comprehensive protection. All possible disputes shall be resolved by the court having jurisdiction at the place where the provider has its principal place of business.

12.2.

Insofar as an individual provision of this Protection of personal data statement proves invalid, this does not affect the validity of other provisions.

12.3.

Privacy policy can be modified due to changes introduced by the development of Nomnio IoT Platform service. The users shall be notified of any changes of the Protection of personal data statement in advance via an email sent to the email address given upon creating a user account in the Clausius application.

12.4.

The Protection of personal data statement enters into force on 10/17/2017.