SERVICE: Shelly Cloud (the Application) available at https://shelly.cloud/cloud-connected/ , the Website https://shelly.cloud/ and any Device for distant control of the home, branded Shelly TM (the Device), referred hereinafter jointly as “the Services”.
DATA PROCESSOR and DATA CONTROLLER:
ALLTERCO ROOTICS EOOD, UIC: 202320104 as a Data Controller is a Bulgarian registered company, with registered office at Blvd. Bulgaria 109, floor 8, 1404 Sofia, Bulgaria (referred hereinafter as ALLTERCO)
ALLTERCO ROBOTICS EOOD, UIC: 202320104 is registered administrator of personal data with № 418975 in the Register of the Commission for Personal Data Protection.
When the Services are provided under the brand of a mobile operator ALLTERCO has the capacity of Data Processor, whereas the mobile operator is Data Controller.
Although you are not under any obligation, failure to provide your data for the purposes said hereunder may cause the impossibility to provide in whole or in part the services requested.
“User” shall mean any natural person using either of the Services.
“Services” shall mean Shelly Cloud Application (the Application) available at https://shelly.cloud/cloud-connected/ , the Website https://shelly.cloud/ (“the Website”) and any Device for distant control of the home, branded Shelly TM (the Device).
“Personal Data” shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
"Location data" means any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of a User of a publicly available electronic communications service;
“processing of personal data“ shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
DATA processed through the Services
Personal data may include any information related to the User such as name, e-mail address, MSISDN (mobile number) and any other personal information submitted personally by the User.
Personal data may be automatically collected or submitted personally by the User.
Location-based information could be automatically collected if the location service of the mobile device of the User used for access to the Service is turned-on. The User may disable the location-based data collection by using the settings of his/her device.
Non-personal information such as IP host address, device-specific identifiers, computer or smartphone configurations, pages viewed, time and usage habits of the Services, identifiers of the and other similar data is automatically collected. It is possible at times when collecting non-personal information through automatic means that the Services may unintentionally collect or receive personal information that is mixed in with the non-personal information. While reasonable efforts to prevent such incidental data collection are made, such possibility still exists. If personal information is inadvertently collected, it will not be used intentionally, as if it has been collected with consent. The Services may also aggregate demographic (such as the number of Users in a particular country) and other information (such as time of activation, use of functionalities) collected from the Services’ Users in a manner, which does not identify any one individually. This information will be used for marketing analysis, run contests, surveys and improvement of features and optimization of the Services.
The Services need access to a public or local wifi network through which the Device on which the Application is installed connects to other Devices. The User needs to permit this access otherwise we won’t be able to provide him/her the full functionality of the Services. By using the Services it is possible that we collect information related to the Device, where the Application is installed and through which the Service is accessed including related to
By using the Service you may receive service messages (notifications) that could be related to certain functionalities of the Service, marketing and promotional activities, application updates and others. The User may disable the notificationd by using the settings of his/her device and the setting of the Application.
Google Account / Amazon Account
The Application is available for download and installation through Google Play. For using certain features of the Service (such as voice commands) there might be necessary for the User to download and install Google Home (available on Google Play) or Alexa (available in Amazon). By downloading and using the Application including through Google Home or Alexa you agree that personal information from your Google (Home) and Amazon Account might be accessed and processed. Any such information shall be used only for the purposes of providing you with the functionalities of the Application and its updates.
By the use of the Services log information is collected. That information includes, among other things:
details about how the User has used the Services;
device information, such as User’s web browser type and language, type and model of the Device;
identifiers associated with cookies or other technologies that may uniquely identify your device or browser;
USE of the Personal Information:
The Personal Data may be used for:
providing the Services and their functionalities to the User;
responding to Users’ inquires or requests;
sending information about the Services (such as direct marketing, maintenance or security information);
processing and deliveries of purchase orders;
improvement of the Services and personalized User experience;
sending a limited number of offers for additional products and services that may be of interest for the User;
permitting subcontractors to perform Service related activities, provided they are under an obligation of confidentiality and do not use the information for their own benefit without the prior explicit consent of the User;
complying with applicable law or legal process;
investigating suspected fraud, harassment, danger to persons or property or other violations of any law, rule or regulation, or the terms or policies for the Services or such of Controller’s/Processor’s business partners with which the User has committed to comply;
transfer of information in connection with the sale or merger or change of control of the Controller/Processor or the division responsible for the services with which the Personal Data is associated;
sharing non-personal or de-identified information with any number of parties, including analytics companies, technology providers and other business partners; or combine it with data from other sources outside of the use of the Services, such as data obtained from Wi-Fi access points;
Personal Data provided for the purposes outlined here above shall be processed - both with or without electronic means by subjects dully appointed by the Data Controller. In particular, for the above mentioned purposes the User’s data may be communicated to the following subjects:
Providers of the Service or provider of Internet which make possible the use of the Service;
Curriers in charge of the delivery of gifts related to marketing and promotional activities;
Consultants in charge of the setting up, managing and updating hardware and software of the Application or the Data Controller’s/Processor’s hardware and software for the provisions of the Services;
Public or private entities, individuals or legal entities, if the data communication results necessary or appropriate to the correct accomplishment of the contractual obligations undertaken and as permitted by the law;
Public authorities in fulfilment of legal obligations for provision of information within the limits required by the law;
Third parties as part of a merger or acquisition related to the Data Controller/Data Processor;
Affiliates of the Data Controller/Data Processor;
Subcontractors and/or business partners (distributors, agents, mobile operators) involved in the delivery of the Shelly Services under the conditions of specific agreements for the purposes of providing the Shelly Services – processing and execution of purchase orders and deliveries, analysis of data and information with regard to the services, research and analysis of sales and marketing of the Device under the condition of strict non-disclosure agreements and in compliance with the legal requirements;
The Data Controller and the Data Processor are using reasonable efforts to protect the Service from unauthorized access. The Data Controller and the Data Processor shall practice appropriate data collection, storage and protection practices and takes necessary security measures to prevent un-authorized access, alteration and disclosure of personal information. However, due to the inherent open nature of the Internet and wireless communications, no guarantee can be provided that the Personal Data will be completely free from unauthorized access by third parties, as when transferred over or through systems not within the exclusive control of the Data Controller or the Data Processor. The use of either of the Services demonstrates the User’s assumption of this risk. The Data Controller and the Data Processor shall put in place reasonable physical, electronic, and managerial procedures to safeguard the information collected. Only those employees who need access to the Personal Data in order to perform their duties are authorized to have access to the Personal Data whereas these employees are committed to non-disclosure obligations on the ground of their employment relation with the Data Controller / Data Processor.
Personal information shall be retained for as long as it needed for providing the Services after which these could be processed only as de-personalized.
Non-personal information shall be retained for as long as there is business need for providing the Services.
RIGHTS of the User
The User has the right to obtain from the Controller, at any time, without delay:
information of her/his personal data processed, the purposes for its processing and the persons to whom personal data may or have been communicated;
suspension of the data processing, update, correction or integration of personal data the confirmation of the existence or non-existence of hi/her personal data, even if it is not yet recorded, and its communication in a intelligible form;
cancellation, transformation into an anonymous form or the blockage of his/her personal data if processed in breach of the law, including data deemed unnecessary for the purposes for which the data was collected or subsequently processed
The User is entitled to totally or partially oppose to:
the processing of personal data for valid reasons, even if pertinent to the purpose of collection;
the processing of personal data for purposes of advertisement or direct marketing, or if used for the purposes of market surveys or commercial communications.
As a convenience to the User, the Controller may provide links to third party services within the Services. Neither the Controller nor the Processor shall be responsible for the privacy practices or content of these third party services and such links should not be construed as an endorsement of any such third party services. When the User links away from the Services, the User does so at his/her own risk.
For questions or concerns related to privacy, the Data Controller and the Data Processor can be contacted as follows:
Blvd. Bulgaria 109, floor 8, 1404 Sofia, Bulgaria