Smappee is committed to safeguarding the privacy of the visitors on our website and the users of the Smappee Energy Services. In this policy we explain how we will handle and protect your personal data.
In this Privacy Policy document, the following terms are to be understood as:
Smappee NV, with registered office at Evolis 100, 8500 Kortrijk (BTW-BE0849.366.642).
Any entity (B2C, B2B) that is using the Smappee Smart Devices, Smappee Energy Services or that has or will be having a contractual relationship of whatever nature with Smappee.
EU General Data Protection Regulation (GDPR) from 14 April 2016.
All Smappee hardware devices that are intended to operate at the site of the user. It also includes the software components that are installed on these devices.
Smappee Smart Devices include, for example: Smappee Energy, Smappee Solar, Smappee Plus, Smappee Pro, Smappee Gas & Water, Smappee Switch, Comfort Plug, etc.
The system that consists of the — central and decentral — hardware, software, cloud services, interfaces and communication protocols provided by Smappee.
This includes:
This system is continuously evolving and may include additional components in the future.
The term 'Energy' should here be understood in de broadest sense, including — but not limited to — electricity, gas, water, light, battery capacity, consumption, production etc.
The services that are provided by the Smappee Energy Systems.
The subject of one or more sales contracts, in this case – but not exclusively limited to – the Smappee Smart Devices, Smappee Energy Services, other hardware, software, websites and web-based services.
In this section we explain in what systems of Smappee we process personal data.
We may process data that originates from the Smappee website and webshop (www.smappee.com), such as:
We may process data relating to customer orders that the customer provided to Smappee by other means than the Smappee website and webshop.
If you choose to create a webshop user account, we may process the data that you provided for that user account.
We may process data that are part of the — central and decentral — Smappee Energy Services and Smappee Energy Systems. That refers to data that is being collected and processed by, for example:
This data includes, for example:
We may process data in the various operational systems of our offices, in particular the systems used by the Support Team, Reception, Research and Development, and Sales and Marketing Team.
This data includes, for example:
In this section we explain the general categories of personal data that we process.
We process account data, which refers to data that identifies you and allows us to get in contact with you. This includes, for example: your name, address, email, telephone number, general payment data, gender, birthdate, hobbies and interest, relationship status and others.
We process technical data, which refers to all data that we need to provide good and secure services.
This includes, for example, the serial numbers of your devices, the configuration details internal states of your devices and services, the software version of the system components and others. This also includes access credentials needed to process the data of the various Smappee systems.
We process usage data, which refers to all data that are collected from the Smappee Monitors, other distributed devices, apps, and websites, as well as data resulting from actions and activity of the users.
We may combine this data with other data categories of this privacy policy, and process data that is derived from this data.
This incudes, for example, electrical measurements, geo-location data, detected appliances, events, messages, alerts, internal states of the Smappee Monitors or other distributed devices, and data that is manually entered in the Smappee apps or Websites.
We process interaction data, which refers to all data that result from user interaction with our systems, devices, apps, or websites.
This includes, for example, the use of the websites and apps. This also includes browser cookies, for which the Smappee Cookie policy is applicable.
We process network data, which refers to data resulting from network traffic.
This includes, for example, IP address and MAC address.
We process data for support, inquiry and correspondence, which refers to all data resulting from interaction with our staff, in particular with the Support Team, Reception, Sales Team.
This includes, for example, data that is provided as part of your correspondence, communication logs (telephony, network).
We may process data gathered as part of surveys, polls and studies.
This data includes, for example, data that identifies you and data that represents your responses.
We may process derived data, which refers to all data that is a result of combining and analysing data. We may combine data of all of the data categories provided in this Security Policy and data that we received from Third Parties.
We may process data that we received from Third Parties in order to improve the services and better adapt them to the needs of the users.
We may process data of persons that are not yet customers of Smappee or Smappee Partners, in order to offer them personal products and services.
As required by the privacy law, Smappee does not process sensitive data such as racial or ethnic origin, political opinions, religious beliefs, sexual orientation, and health.
Smappee may process data that is collected as part of the Appliance Scan Feature, for the purpose of improving the detection of appliance activity. This data includes the network identity (MAC address) , timestamps, name, and Vendor of appliances that are connected to the local network.
This feature is inactive by default. If needs to be activated by an expert user before first use. This feature can be activated and deactivated in the Smappee Expert Modus "Enable/disable MAC address arp-scan".
The legal basis for this processing is consent and the performance of a contract. By activating this feature the user agrees to this processing. This consent can be withdrawn at any time by deactivating this feature.
Please do not supply any other person's personal data to us, unless we prompt you to do so.
In this section we explain the purposes for which we may process personal data, and the legal bases of the processing.
Smappee processes data for the purpose of order fulfilment and contract fulfilment:
The legal basis for this processing is:
Smappee processes data for the purpose of providing the Smappee Energy Services and the Web presence, which includes, for example:
These services are continuously evolving and may include new services and features in the future.
The legal basis for this processing is
Smappee processes data for the purpose of continuously improving its product, service and web presence. This includes, for example:
The legal basis for this processing is
Smappee processes data for the purpose of providing value-added services:
The legal basis for this processing is
Smappee processes data for the purpose of providing support, responding to inquiries and correspondence:
In case Smappee detects an issue with the configuration or other data of accounts, services or remote devices, Smappee may modify the configuration or other data for the involved accounts, services or remote devices.
The legal basis for this processing is
We may process the data that is in the scope of this Privacy Policy for the purpose of
Direct Marketing:
The legal basis for this processing is
You have the right to object to this processing. For more information, see section "Your rights", on page 21 .
We may process the data that is in the scope of this Privacy Policy for the purpose of Research, Investigation and for gaining Business Insights. This includes, for example:
The legal basis for this processing is legitimate interest.
We may process the data that is in the scope of this Privacy Policy for the purpose of System Development. This includes, for example:
The legal basis for this processing is legitimate interest.
In addition to the specific purposes for which we may process your personal data set out in this Section , we may also process data from all available sources that are in the scope of this Privacy Policy where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
This section explains to what external parties we may disclose the personal data.
We may disclose your personal data to any member of our group of companies — this means our subsidiaries, our ultimate holding company and all its subsidiaries — insofar as reasonably necessary for the purposes set out in this policy.
We may transfer your personal data as part of a merger, acquisition, divestiture, joint venture, or similar transaction of all or a portion of our business or business assets. In that case the receiving entity will assume the rights and obligations regarding your personal information as described in this policy.
We may disclose data from all available sources that are in the scope of this Privacy Policy to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
Financial transactions may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices below.
Payment service Providers:
We may disclose personal data obtained on our Website and Webshop to our suppliers and subcontractors insofar as reasonably necessary for
We may disclose personal data that are in the scope of this Privacy Policy to our data processors. The Categories of these Subcontractors are:
We may disclose personal data available on our Smappee Energy Systems to Partners insofar as reasonably necessary for
If you obtained your Smappee Products or your Smappee Energy Services from any Third Party other than Smappee NV, or if you obtained support for installation, configuration or operations of your Smappee from any other Third Party than Smappee NV, Smappee may disclose your personal data that is in the scope of this Privacy Policy to this Third Party.
Each such Third Party will act as a data controller in relation to the data that we supply to it; and upon contacting you, each such Third Party will supply to you a copy of its own privacy policy, which will govern that Third Party's use of your personal data.
We may disclose the data that is in the scope of this Privacy Policy to selected Third Parties for the purposes that are described in section 5, "For what Purpose do we Process your Data", in particular — but not limited to — to contact you so that they can offer, market and sell to you relevant goods and/or services .
Each such Third Party will act as a data controller in relation to the data that we supply to it; and upon contacting you, each such Third Party will supply to you a copy of its own privacy policy, which will govern that Third Party's use of your personal data.
The Smappee Energy Services allow the user to connect and integrate his or her account with Third Party Services. We may disclosure your personal data to these services insofar as reasonably necessary for the purpose of making the corresponding features and functions available.
Note: In those cases where these Third Party Services are located outside the European Union, additional safeguards apply. These safeguards are described in section 7.2.3, "Integrated Third Party Services".
The Smappee Energy Services provide various way to access your data remotely, such as the "Developers API". Each of these access methods is protected by an authentication process that requires your password.
As explained in section "10 How you can help to keep your personal data secure", Smappee will provide access to your data to anyone who has access to your password or other access credentials during the authentication process.
If you are a Partner, Installer, or Reseller of Smappee products or services, we may publish your contact information on our website and include it in other sales and marketing communication.
If you wish not to be included in this publications, please let us know (see section "Questions and Requests" on page 23).
We may disclose your enquiry data to Installation Partners and selected Third Party suppliers of goods and services for the purpose of enabling them to contact you so that they can offer, market and sell to you relevant goods and/or services. Each such Third Party will act as a data controller in relation to the enquiry data that we supply to it; and upon contacting you, each such Third Party will supply to you a copy of its own privacy policy, which will govern that Third Party's use of your personal data.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
In addition to the specific disclosures of personal data set out in this Section , we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
We may disclose your personal data, as described in the section 6, "Providing your Data to Others", to entities outside the EEA, provided the transfer is protected by appropriate safeguards, namely:
For detailed information about these transfers and the safeguards, please contact us by email, as described in section "Questions and Requests" on page 23.
Smappee NV and it's full subsidiary, Smappee INC, have offices and facilities in the United States of America.
Transfers to Smappee INC will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission. (Set II controller – processor, Commission Decision 2010/87/EU, dated 5th February 2010).
In case Smappee establishes new international group member companies, joint ventures, or similar, Smappee may transfer personal data to these entities. This data transfer will be protected by the appropriate safeguards for international transfers.
As explained above, the Smappee Energy Services allow the user to connect and integrate his or her account with Third Party Services. The use of these services may require that personal data will be transferred to countries outside the European Union, where data privacy protection cannot be assured.
In these cases, at the time that a user activates the connection to an integrated Third Party Service, Smappee informs the user about the possible risk of such transfers and obtains the consent of the user for such a transfer.
Examples of those services:
As explained above, the Smappee Energy Services provide various way to access your data remotely, such as the "Developers API".
As explained in section 10, "How you can help to keep your personal data secure", Smappee will provide access to your data to anyone who has access to your password or other access credentials during the authentication process.
The party who gains this type of access to your data may be located outside the EU, where no data protection laws may apply and where the protection of your personal data cannot be assured.
For that reason, the user is not allowed to share the password or other access credentials with anyone else.
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
In case you wish to delete the personal data related to your Smappee Energy Services, please use the function "Delete All My Data" in the Smappee App. If you require assistance, please contact Smappee Support.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary or reasonable for that purpose or those purposes. We may retain personal data longer than this period if it is in our legitimate interest and not prohibited by law.
Notwithstanding the other provisions of this Section , we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Smappee is committed to high standards of information security when handling the data of our customers.
We implement reasonable and appropriate security measures to protect your personal data from unauthorized access, disclosure or destruction.
All communication between your Smappee devices and the Smappee cloud is encrypted by strong encryption protocols.
We use computer safeguards, such as firewalls and data encryption. We allow access to personal information only for employees that require it to fulfil their job.
Your user account of the Smappee App and the Smappee Dashboard website pro.smappee.com is protected by your personal password.
Anyone who has access to or can guess your user name and password may get access to your personal data of your user account.
This may result in the transfer of your personal data to third parties, inside or outside the European Union, and you may lose any protection that the European Data Protection Laws provide.
Do not share your password of your user account with anyone else!
The Smappee App allows you to share the measurement data of your home ("service location") with other users. When shared, the other users have full access to your personal data.
You can revoke this sharing at any time using your App.
Use this feature only to share your data with people you trust.
Please note that the Smappee Webshop (www.smappee.com) uses a different login than the Smappee App and the Dashboard (pro.smappee.net):
We recommend to use different user names and passwords for these two applications.
The Smappee Monitors use secure protocols with strong encryption when communicating with the Smappee cloud over the internet.
Still, the Smappee Monitors, as well as the other Smappee Distributed Devices, are intended and designed to be used and operated in secure private local networks. An unauthorized or untrustworthy intruder to your local network may compromise the security of all your connected systems, including the Smappee Monitors, and gain unauthorized access to your personal data.
We strongly recommend to protect your local network and Wi-Fi network.
In this Section, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
You may exercise any of your rights in relation to your personal data by written notice to
Smappee NV, c/o DPO, Evolis 100, 8500 Kortrijk, Belgium
or by contacting us by email, as described in section "Questions and Requests" on page 23.
Your principal rights under data protection law are:
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
If you are a user of a Smappee product and have any requests regarding your personal data, or
if you would like to exercise your rights, or
if you wish to update the information we have about you or your preferences,
please contact us here:
privacy@smappee.com or
support@smappee.com
If you have any questions or comments regarding the Smappee Privacy Policy, or your rights regarding your personal data, please contact our Data Protection Officer:
Heiko Unterstab
Data Protection Officer
dpo@smappee.com
Smappee NV, Evolis 100, 8500 Kortrijk, Belgium
Effective Date: 25-05-2018
© 2013-2018 Smappee NV. All rights reserved.
All product names are trademarks of their respective companies.