Effective Date: 4 June 2018
WHO WE ARE
WHAT DATA ABOUT ME IS COLLECTED AND HOW IS IT USED?
Which Personal Data we Collect
Personal Data is information that identifies you or can be used to identify or contact you (“Personal Data”). Such Personal Data may include your name, address, email address, telephone number, birth date (primarily for eligibility purposes), billing and credit card information.
How we Collect and Use Your Personal Data
The types of information that you provide actively and that we collect automatically depend on your level of engagement with our Services. The higher the level of your engagement, the more information we need to serve you.
- If You Use Our Website
We collect Information, some of which contains Personal Data that you provide directly to us through responses to special Services such as surveys, questionnaires and the like. We use this data to personalise our Services and to optimize your customer experience when using our Website.
Moreover, we automatically collect information including Personal Data when you browse our Website, such as your IP address, browser type, operating system, error logs, and other similar information. Such aggregated information does not allow us to identify you and is used by us to analyse trends, to administer the Website, to monitor our Website’s use, and to gather general information about the use of our Website.
The legal basis for such processing of your Personal Data are our legitimate interests (Art. 6(1)(f) GDPR) in customizing the content of our Services in line with user preferences and in further improving our Services.
Please note that you are not legally required to provide us with your Personal Data. However, without your Personal Data we will not be able to provide you with the full range of our Services.
- If You Become a My Neato Account Holder
In order to access certain Services on our Website, you must first complete certain steps to become either a regular My Neato Account holder or a My Neato account holder as a developer. During these steps, you will be required to provide us with Personal Data such as your name, postcode and email address. When you become a My Neato account holder, we will send you a welcome email to provide transactional information about your subscription or to verify your username and password.
Such processing of your Personal Data is necessary for the performance of our services. The legal basis for such processing of your Personal Data is therefore Art. 6(1)(b) GDPR.
- If we Send you Service Updates
We use your Personal Data to send you important service announcements and updates regarding our Website or about your billing account status. Such service announcements and updates contain important information relevant to your use of our Website and/or our Services.
The processing of your Personal Data for such purposes is necessary for the performance of our Services. The legal basis for such processing of your Personal Data is therefore Art. 6(1)(b) GDPR. Please note that you are contractually required to provide us with such Personal Data and that without such Personal Data we will not be able to send you service-related communication.
- If You Contact our Customer Service
If you contact our customer service, we will communicate with you in response to your inquiries, to provide the services you request, and to manage your subscription. We will communicate with you by email or telephone, in accordance with your preferences.
Such processing of your Personal Data is necessary for the performance of our Services; the legal basis for such processing of your Personal Data is therefore Art. 6(1)(b) GDPR. Please note that you are contractually required to provide us with such Personal Data and that without such Personal Data we will not be able to send you customer service related communications.
- If You Subscribe to Newsletters and other Marketing Communications
When subscribing to our Services you have the option to consent to receiving newsletters and other information on our products and services. If you “opt-in” we will send you promotional newsletters and inform you about offers, events and surveys via e-mail and through social media platforms. Robot Owners may register their NEATO robots in their My Neato account. We may ask for other information in surveys to assist us with new product development by asking questions about how you like your NEATO robot or how you use it. You do not have to participate in these surveys.
The legal basis for such processing of your data is your consent (Art. 6(1)(a) GDPR). Please note that you are not legally required to provide us with your Personal Data. However, without your Personal Data we will not be able to send you our newsletters and other information as described above. You have the option to opt-out of these types of communication at any time by following the respective instructions in such communication.
A cookie is a small data file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Our Website uses both types of cookies. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.
Further information about the cookies we use and about how to opt-out can be accessed here: [LINK]
We use the following types of cookies:
- First-Party Cookies. First-Party cookies are cookies set by us when you visit our Website. Our cookies store information about your location and language. These cookies cannot be blocked. If you do not wish to receive them, do not use our Website.
- Device Identifiers. When you use a mobile device such as a tablet or cell phone to use our Website, we may assign or access one or more tokens or “Device Identifiers.” Device Identifiers are small data files associated with your mobile device that uniquely identify your mobile device to us. A Device Identifier may deliver information to us or a third party partner about how you browse and use our Website and may help us or others provide reports or personalized ads. Some Website features may not function properly if use or availability of Device Identifiers is impaired or disabled.
HOW WE SHARE AND DISCLOSE PERSONAL DATA
We will not share, sell, transfer or otherwise disseminate your Personal Data to third parties, unless required by law according to Art. 6(1)(c) GDPR, unless required for the purpose of your contract according to Art. 6(1)(b) GDPR, unless we are allowed to do so on the basis of a data processing agreement according to Art. 28 GDPR or you have given us express consent to do so according to Art. 6(1)(a) GDPR.
We share some of your Personal Data with other Neato companies to the extent necessary for such companies to provide services on our behalf. In particular, we are using other Neato companies to send marketing communication to you if you have given us your consent to do so.
We also use third-party service providers to offer or facilitate services on our behalf and share your Personal Data with such providers to the extent necessary for such providers to perform their services on our behalf. In particular, we use a payment service provider to bill you for goods and services and for credit card processing, a specialist provider for fraud screening, a shipping company to fulfil orders, a call center provider to facilitate customer service, a social media agency to manage our social media campaigns, a repair center for receiving and repairing defective units.
Some of the companies we share your Personal Data with as described above are located outside of the European Economic Area.
In order to grant sufficient protection of your Personal Data in this context, we use standard data protection clauses adopted by the European Commission according to Art. 46(2)(c) GDPR with such companies or certifications of such companies under the EU-U.S. Privacy Shield according to Art. 45(1) GDPR. You can request further details by contacting us at the contact details as mentioned below.
We may also be required to disclose your Personal Data to government or law enforcement officials in response to a lawful request by a public authority or if we have to do so to comply with a legal obligation, including to meet national security or law enforcement requirements according to Art. 6(1)(c) GDPR. We can also disclose your information in order to pursue our legitimate interest in applying or enforcing our terms and conditions or in responding to any claims, in protecting our rights or the rights of a third party, in protecting the safety of any person or in preventing any illegal activity (including for the purposes of fraud protection and credit risk reduction) according to Art. 6(1)(f) GDPR.
If required under applicable data protection laws, we will collect your prior consent before sharing your Personal Data with other companies. In such cases, the legal basis is Art. 6(1)(a) GDPR.
IS MY PERSONAL DATA USED FOR ANY OTHER PURPOSES?
WHAT RIGHTS DO I HAVE?
You have the following rights:
- Right of access (Art. 15 GDPR):You have the right to request confirmation as to whether we process your Personal Data and where that is the case, to request access to the Personal Data we hold about you.
- Right to rectification (Art. 16 GDPR):You have the right to request the correction of inaccurate Personal Data.
- Right to erasure (Art. 17 GDPR):You have the right to request erasure of Personal Data without undue delay under certain circumstances, e.g. if your Personal Data is no longer necessary for the purposes for which it was collected or if you withdraw consent on which our processing is based according to Art. 6(1)(a) GDPR and where there is no other legal ground for processing.
- Right to restriction of processing (Art. 18 GDPR):You have the right to request us to restrict the processing of your Personal Data under certain circumstances, e.g. if you think that the Personal Data we process about you is incorrect or unlawful.
- Right to data portability (Art. 20 GDPR):Under certain circumstances, you have the right to receive your Personal Data you have provided us with, in a structured, commonly used and machine-readable format and you have the right to transmit that information to another controller without hindrance or ask us to do so.
- Right to object (Art. 21 GDPR):You have the right to object to the processing of your Personal Data under certain circumstances, in particular if we process your Personal Data on the legal basis of legitimate interests (Art. 6(1)(f) GDPR) or if we use your Personal Data for marketing purposes.
You can assert your abovementioned rights by contacting us at the contact details mentioned below.
RIGHT TO LODGE A COMPLAINT BEFORE THE DATA PROTECTION AUTHORITY
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that our processing of your Personal Data infringes the applicable data protection laws. Please contact us at the contact details mentioned below and we will assist you to identify the respective competent supervisory authority.
We store your Personal Data and other information for as long as necessary to enable you to use our Website, to provide our Services to you, to comply with applicable laws (including those regarding document retention), to resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. If you have a question about a specific retention period for certain types of Personal Data we process about you, please contact us at the contact details mentioned below.
AUTOMATED INDIVIDUAL DECISION-MAKING
We do not use your Personal Data to make decisions with legal or similar effects for you based on the automated processing of your Personal Data only.
CALIFORNIA DO-NOT-TRACK DISCLOSURE REQUIREMENTS
We are committed to providing you with meaningful choices about the information collected on our Website, and that is also why we provide the opt-out links above. However, we do not recognize or respond to browser-initiated Do-Not-Track signals, because the Internet industry is still working on uniform Do-Not-Track standards.
We do not knowingly collect any Personal Data from anyone under the age of eighteen (18) without parental consent, unless permitted by law. If we learn that a person under the age of eighteen (18) has provided us with Personal Data, we will delete it in accordance with applicable law.