Privacy-policy

Privacy Policy Comelit customers/users for website and App. EU Regulation 2016/679.

Download the pdf

1. INTRODUCTION
Your privacy is important for Comelit Group S.p.A. We have therefore developed a Privacy Policy concerning the way in which we collect, use, disclose, transfer and store your data. We invite you to read this document to learn about our privacy protection criteria and to let us know if you have any questions.
With this document Comelit Group S.p.A. provides you, in accordance with Articles 13 and 14 of European Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data (hereinafter, “GDPR”), with certain information relating to the processing of your personal data requested whenever you come into contact with Comelit Group S.p.A. or companies controlled by it in connection with the use of the Comelit website www.comelitgroup.com, the services offered by Comelit and the Comelit applications (hereinafter, only App”).

Our Rules on privacy explain:
– Data collected and purpose.
– Mode of use of said information.
– The options that we offer, including the manner of accessing and updating the information.
This document is also drawn up considering the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on cookies, and the provisions of the Authority for the Protection of Personal Data “Identification of simplified modes for information and the acquisition of consent for the use of cookies” of 8 May 2014 of the recommendations and explanations supplied by Work Group art. 29 in the “Opinion no.2/2013 on the applications for smart devices”, and in the “Opinion 13/2011 on geolocalisation services”.

2. PROCESSED DATA
2.1 Data necessary for using the website and for using the applications
Personal information is data that can be used to identify or contact a given person, to offer better services to all our customers/users. You might be asked to provide your data whenever you come in contact with Comelit or with a company affiliated to Comelit.

Here are some types of personal data that Comelit might collect, and the respective uses:

Access data collected anonymously
The I.T. systems and software procedures used for the operation of the website and of all Comelit applications, during normal operation, collect some personal data even without the user being registered; the transmission of these data is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified parties, but which, for its very nature, could, through processing and association with data held by third parties, allow the users to be identified. This data category includes the IP address or domain name of the device you use, the operating system, the model and make of the device, the mobile phone operator, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and I.T. environment of your device. These data, collected anonymously through the use of cookies or web beacons, are used only to obtain anonymous statistical information on the use of the application and of the website and to check that they are working properly.

Data supplied voluntarily by the user
If you choose to register and create your own account for using the site and applications connected to Comelit products, we ask you to send and/or supply some personal information with which you can be personally identified, including your name and surname, e-mail address, year of birth, tax code, account name and password, telephone and postal address, which are necessary for the creation and management of the Users/Customers/users master file (hereinafter CRM supported with the PROCAL system). The same data are requested for interventions carried out by the technical assistance centre (SATCO) and by employees providing assistance for the supply of Comelit services. The user is responsible for the exactness of the personal information sent/supplied to Comelit.
In these cases you will be asked for explicit authorisation for the processing of the data supplied (for example on the registration page, on the intervention sheet or at the time of requesting telephone assistance).
Among the data processed there are also the information, data and videos, collected from your Comelit devices and the respective applications which may be kept, if the service is activated, for a certain period on special Cloud storage units not run directly by Comelit but located in European territory or in countries of which the privacy policy is recognised by the EU.
The data provided voluntarily also include images and videos collected by our customers using Comelit equipment (i.e. door entry monitors, video surveillance systems) whose images, if the facial recognition service is activated, can be kept in absolutely anonymous form and after converting the images into algorithms that do not allow the reconstruction of the original images. The data extracted from the images can be used to compare other images.
We will use the information you provide about your users to enable your device to perform facial recognition. For this purpose, the user must receive a specific notice on the use of the facial recognition system, if active.

Data on position
When Comelit applications and services are used, we could collect and process information on your position and on the position of your systems. If you activated the geolocalisation services at the time of installing the system or application, and if you expressly consented to the processing of geolocalisation data, the applications, when active, will acquire the data on the geographical position of the Comelit system and/or of your appliance (GPS, Wi-Fi, GSM network).
However, you can decide later to deactivate the geolocalisation services of your appliance by accessing the special sector dedicated to localisation authorisation in the operating system of your device (Android or IOS). From that moment it will no longer be able to collect geolocalisation data for the use of the service.
If you did not activate the geolocalisation services at the time of installation, if you did not consent to the processing of geolocalisation data at the time of registration, or if you decide to deactivate the geolocalisation services, you will not be able to use some functions of the applications.

Information that we collect from third parties
We can also collect information on you from third parties, including information from our partners (external SATCO Technical Support Centres, installers, etc.) and from other partners; from social media services (for example, but without limitation, Facebook, LinkedIn, Instagram) consistently with your settings on said services; and from third party sources. We can add this information to data that we already have in our archives and share it with others based on the policy established in this Note.
The supply of registration data is optional (art. 6 lett. b), e) GDPR), however the failure to supply them may prevent your registration and the use of the functions of the Comelit applications and account, as well as the provision of services (art. 7 GDPR).
Comelit and its affiliates may share these data and use them in accordance with this privacy policy. They may also combine them with other data to supply and improve products, services, contents and advertising materials. You are not required to supply the personal data that we request; however, if you decide not to supply them, in many cases we will not be able to offer you our products or services, or reply to your questions.
The data could be used to ascertain criminal responsibilities, where required by the competent authorities.

3. PURPOSES OF PROCESSING AND LEGAL BASIS
By legal basis of processing we mean the source/origin/justification of processing after consent of the party concerned in accordance with art. 4 of the GDPR.

3.1 I Your data will be processed:
– for the technical management of the Comelit systems and of the applications;
– for the management of your registration;
– to allow you to use the functions of the applications, including the facial recognition service, with which some door entry monitors are equipped;
– to send you news;
– for marketing activity,
– to fulfil the legal obligations to which the Data Controller is subject.
With relation to these purposes, the legal basis of processing is the execution of a contract in which the data subject is a party, the execution of precontractual measures adopted on the request of the same, or the satisfaction of a request of the data subject.

3.2 Comelit Group S.p.A. will process your data, following your specific consent. With relation to these purposes, the legal basis is the consent of the parties concerned.
Consent to the processing of personal data is purely optional, while it remains understood that, in the absence of such consent, you will not be able to use the services and the applications.

3.3 Comelit Group S.p.A. may also use the user’s information (which may include personal data and videos) for the following purposes.
To provide the motion detection function with push notifications it can use videos in the cloud cache or uploaded by the user to provide the motion detection alarm function to the user with a push notification message. The video in the cloud cache will be saved on the server for no longer than 24 hours.
To provide remote access to real-time video or video playback in thecloud When the user watches a real-time video or video playback, a p2p channel will be configured to transfer the video stream. If errors occur in the setting of the p2p channel, we can use our server to retransmit the data. All streaming data will not be saved on the server.
To query the status of the device: to verify that user access is authorized.
– To provide the facial recognition service: if activated by the customer, the facial recognition function for each door entry monitor system detects the image of the caller; this image can be associated on the customer’s device with a name and/or pseudonym and will be converted into an algorithm saved anonymously on a cloud server. After conversion, the image will be permanently deleted. This algorithm will be retrieved by the device used by the customer for comparison with the images of other video calls.

Personal data 
– The personal data that we collect allow us to keep you up to date on the adverts for the latest Comelit products, the software updates and the coming events. If you do not want to be included in our mailing list, you can remove your name at any time.
– We also use personal data to develop, supply and improve our products, services, contents and advertising materials, and to prevent losses and frauds.
– Personal data, including the date of birth, can be used to check the identity, facilitate user identification, and establish which services are appropriate. For example, the date of birth can be used to establish the age of the holders of Comelit ID accounts.
– We can use your personal data periodically to send important notices, such as communications concerning modifications to our terms, as well as to our conditions and policies. Since this information is important for your interaction with Comelit, it is not possible to deactivate the receipt of these communications.
– We can also use personal data for internal purposes, for checks, data analysis and research to improve products, services and communications with Comelit customers/users.
– If you take part in a competition or similar promotions, we can use the data you supply to manage these activities.
In addition, in order to provide our services to the user, it is necessary that the same provides the necessary personal information. If the user does not share his or her personal information with us, we will not be able to provide our products or services. We shall only collect information that is necessary for its specified, legitimate and explicit purposes and the data and information provided will not be processed.

The information collected will be of this type (which may or may not be personal information):
Information about your device: data about your device’s hardware, performance, status and settings. For example, device name, device ID, device settings, device status (online/offline), IP address, MAC address, Wi-Fi RSSI, router SSID, firmware version.
Information provided or uploaded by the user: we may collect personal information provided by the user, such as Comelit account details.
Videos in the cloud cache: during the use of Comelit systems, if the detection function is enabled, when motion is detected we can collect video clips that will be stored in the cloud. By default, each video will be saved as required by law. The user can deactivate this function at any time.
Local videos: to provide door entry monitor and video surveillance services, we can collect the user’s video information saved in the memory card inserted by the user, or in the internal memory of the device itself, in order to view the history.

Non-personal data
The data collected anonymously or that are not in such a form as to allow a direct association with a specific individual, purely as an example the profession, language, postcode, telephone dialling code, the unique identification code of the device, reference ORL, place and time zone in which a Comelit product is used in order to have a better understanding of the conduct of customers/users and to improve our products, services and advertising materials, are collected by us, transferred and disclosed for any purpose.

4. PERIOD OF STORAGE
Your data will be processed for the whole duration of the contract and/or validity of the account and for the period contemplated by the law on taxation. With reference to personal data processed for marketing purposes, they will be kept in accordance with the principle of proportionality and until the purposes of processing have been completed, or until specific consent is withdrawn by the party concerned, if this occurs previously.
The images and videos will be stored for a maximum period of 24 hours.

5. METHODS OF PROCESSING AND THEIR USE
5.1 Processing
The data will be processed with the following methods, respecting their necessary safety and confidentiality: collection of data from the party concerned, collected and recorded for determined, explicit and legitimate purposes and used in further processing operations in terms compatible with these aims; processing will be carried out with the aid of electronic and automated instruments (data collected via computer, directly from the interested party)
Data processing is based on principles of correctness, lawfulness and transparency in conformity with the provisions of the GDPR; it may be carried out either manually or using automated methods suitable to store them, process them and transmit them and suitable technical and organisational measures will be applied, as reasonable and commensurate with the state of the art, to guarantee, among other thins, the safety, confidentiality, integrity, availability and resilience of the systems and services, avoiding the risk of loss, destruction, unauthorised access or disclosure, or any illegal use, as well as applying reasonable measures to delete or promptly correct any incorrect data with respect to the purposes for which they are processed.

5.2 Use
Access to data
Your data can be made accessible for the purposes described in art. 3: (i) to employees and collaborators of Comelit or of companies in the Group in Italy and abroad, in their capacity as appointees and/or internal data supervisors and/or system administrators; (ii) to third party companies or other subjects (for example, banks, professional studios, consultants, insurance companies for the supply of services, etc.) who perform outsourced activities on behalf of Comelit, in their capacity as external data supervisors.
Data communication
Without the necessity of express consent (pursuant to art. 6 lett. b) and c) GDPR), Comelit may communicate your data for the purposes described in art. 3 to judicial Authorities and to subjects to whom communication is obligatory by law for achieving said purposes. These subjects will process the data in their capacity as autonomous data controllers.
Transfer of data
Your registration data will be stored in your Comelit devices and in the devices that use the applications. Comelit may communicate your data for the purposes described in art. 3 without the necessity of express consent (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR).
Personal data are stored on servers located in the European Union. In any case it remains understood that, where necessary, Comelit, as data controller, shall have the faculty to transfer the servers also outside the EU. In this case, the Controller ensures forthwith that the transfer of data outside the EU will take place in conformity with the applicable provisions of the law, after stipulating the standard contractual clauses envisaged by the European Commission.

6. RECIPIENTS OF THE DATA
6.1 Your data will be processed by the employees and collaborators of Comelit Group S.p.A. who carry out the activities linked to the pursuit of the aims indicated above. Said employees have been designated data processing appointees, and have received adequate operating instructions for the purpose.
6.2 Comelit shares users’ personal data with companies that provide services such as data processing, data storage, clearing of the orders of customers/users, home-delivery of products, management and improvement of the data of customers/users, assistance of customers/users, evaluation of the interest in our products and services, market researches or surveys of user satisfaction. These companies are obliged to protect your data and could be located wherever Comelit operates.

7. YOUR RIGHTS
In relation to the processing of personal data by Comelit, you can request access to the data concerning you, correct or delete them as per art.17 of the GDPR, integrate incomplete data, or limit their processing; you can ask to receive the data in a structured form, commonly used and legible with an automatic device, and, if technically feasible, to transmit them to another data controller without impediments if there are the conditions for exerting the right to portability contemplated in art. 20 of the GDPR (processing is based on consent pursuant to art. 6.1 lett. a) or art. 9.2, lett. a) or on contract pursuant to art. 6.1, lett. b) of the GDPR and is carried out with automated instruments; you can withdraw the consent given at any time for the purposes described above in art. 3 and oppose processing, in whole or in part, in the cases allowed; you can lodge a complaint with the Authority and exert all the other rights recognised by the applicable discipline (art. 16-21 GDPR).
These rights may be exerted by sending a written communication to the address given below or an e-mail to: [email protected], or by using the access tools available in each application.

8. USE OF COOKIES AND COOKIE POLICY
Comelit and its partners use different technologies to collect and store information when you visit the Comelit site or when Comelit services and applications are used, which could envisage the use of cookies, web beacons, pixel tags or similar technologies to identify the user’s browser or device. We also use these technologies to collect and store information when the user interacts with the services that we offer to our partners, for example advertising services or functions of the Comelit applications that could be shown on other sites.

Cookies
We use cookies to customise your experience on the Comelit site and app, if a password is created, to memorise your password so that you do not have to enter it every time you visit the site or access the App. Cookies are small files that are transferred to the hard disk of the computer containing information on the user ID, the user preferences, the pages visited and the activities you carried out during use of the sites. We do not let the information stored in the cookies come in contact with any of your personal data sent to the sites. It is possible to block cookies or to eliminate cookies from the hard disk; however, if cookies are deactivated, it is not possible to access all the functions of the sites or of the applications. Some of our commercial partners and affiliates also use cookies to supply anonymous data and information concerning the use of the sites, of the applications and of our services. We have no access or control of these cookies, our privacy policy does not cover the use of these cookies. Some of our commercial partners (for example licensees and sponsors) could use cookies on our Site (in advertising banners) or on their sites that can be reached from ours by a link. We have no access or control of these cookies. You are not obliged to accept cookies from us, nor from any other website, and you can set your browser so that it does not accept cookies, even though in this case some functions of the Site might not be available.

Web Beacons
Comelit or our monitoring services company also uses “web beacons” to collect information about the use of our sites and apps on the websites of published sponsors and sponsors and its use of emails, special promotions or newsletters that we send. Web beacons are small graphic files incorporated in a web page or an e-mail that provide a presence on the web page or via e-mail and return the information to the home server from the user’s browser. The information collected by web beacons allows us to monitor statistically how many people open our e-mails, use our sites and services, the sites and communications of affiliates and sponsors, and the sites of advertisers and for what purposes. Our web beacons are not used to monitor your activity outside our sites or applications or those of our affiliates or sponsors. We do not connect personal information from web beacons to personal information without your consent, save in relation to our marketing activity, promotion or similar initiatives, alone or in collaboration with our commercial partners and affiliates.

Traffic data
We can automatically collect the following categories of information when you visit our website or the applications: (1) IP addresses; (2) domain servers; (3) types of computers that access the website; (4) types of web browsers used to access the website; (5) reference source that might have been sent to the website; and (6) other information associated with the interaction of the browser and of the website and app with the systems installed (collectively “data on the traffic and/or use of the systems”). We do not connect non-personal information from traffic data to personal information without your consent, save in relation to our marketing activity, promotion or similar initiatives, alone or in conjunction with our commercial partners and affiliates.

9. INFORMATION NOT CONTAINED IN THIS POLICY
Further information on the processing of Personal Data may be requested from Comelit at any time, using the contact information.

10. MODIFICATIONS TO THIS PRIVACY POLICY
As Data Controller, Comelit reserves the right to make modifications to this privacy policy at any time, informing the Users on this page. You are therefore requested to consult this page frequently, taking as reference the date of the last modification shown at the foot. If he does not accept the modifications made to this privacy policy, the User is required to cease using this Application and he can ask Comelit to remove his personal data. Unless otherwise specified.

11. DATA CONTROLLER AND CONTACT DATA
The Data Controller is Comelit Group S.p.A. – Via Don Arrigoni 5 – 24020 Rovetta S. Lorenzo BG Italia e-mail [email protected] .

 

Latest update: July 2019

Comelit Group S.p.A.