PRIVACY POLICY

SERVICE: Shelly Cloud (the Application) available at https://shelly.cloud/cloud-connected/ , the Website https://shelly.cloud/ and any Device for distant control of the home, branded Shelly TM (the Device), referred hereinafter jointly as “the Services”.

DATA PROCESSOR and DATA CONTROLLER:

ALLTERCO ROOTICS EOOD, UIC: 202320104 as a Data Controller is a Bulgarian registered company, with registered office at Blvd. Bulgaria 109, floor 8, 1404 Sofia, Bulgaria (referred hereinafter as ALLTERCO)

ALLTERCO ROBOTICS EOOD, UIC: 202320104 is registered administrator of personal data with № 418975 in the Register of the Commission for Personal Data Protection.

When the Services are provided under the brand of a mobile operator ALLTERCO has the capacity of Data Processor, whereas the mobile operator is Data Controller.

By proceeding to use the Services or (where available) by the registration to use any of them, the User confirms that he/she has read, understood and accepted this Privacy Policy in its entirety and grants the Controller and the Processor permission to process his/her personal data that the User has provided in accordance with the provisions of this Privacy Policy. We therefore advise you to read it carefully.

Although you are not under any obligation, failure to provide your data for the purposes said hereunder may cause the impossibility to provide in whole or in part the services requested.

DEFINITIONS

“User” shall mean any natural person using either of the Services.

“Services” shall mean Shelly Cloud Application (the Application) available at https://shelly.cloud/cloud-connected/ , the Website https://shelly.cloud/ (“the Website”) and any Device for distant control of the home, branded Shelly TM (the Device).

“Personal Data” shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

"Location data" means any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of a User of a publicly available electronic communications service;

“processing of personal data“ shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

DATA processed through the Services

During the use of the Services, Personal Data are processed by the Data Controller / the Data Processor. The data processing is performed with the beforehand approval of the User. By using the Services, the User agrees to comply with this Privacy Policy and the applicable law and grants the Data Controller/the Data Processor the permission to process User’s personal data in accordance with the provisions of this Privacy Policy and applicable law.

Personal data

Personal data may include any information related to the User such as name, e-mail address, MSISDN (mobile number) and any other personal information submitted personally by the User.

Personal data may be automatically collected or submitted personally by the User.

Personal data is automatically collected by using the Services. By using either of the Services the User grants the Data Controller/the Data Processor the permission to process User’s personal data in accordance with the provisions of this Privacy Policy and the applicable law. The processing of personal identification information may happen but is not limited to cases such as visiting the Website, registration, placement of a purchase order, downloading and installation of the Application, subscription for a newsletter, filling of an on-line survey or other forms of inquiries all activities in connection with other services, features or resources we make available.

Location-based information

Location-based information could be automatically collected if the location service of the mobile device of the User used for access to the Service is turned-on. The User may disable the location-based data collection by using the settings of his/her device.

Non-personal information

Non-personal information such as IP host address, device-specific identifiers, computer or smartphone configurations, pages viewed, time and usage habits of the Services, identifiers of the and other similar data is automatically collected. It is possible at times when collecting non-personal information through automatic means that the Services may unintentionally collect or receive personal information that is mixed in with the non-personal information. While reasonable efforts to prevent such incidental data collection are made, such possibility still exists. If personal information is inadvertently collected, it will not be used intentionally, as if it has been collected with consent. The Services may also aggregate demographic (such as the number of Users in a particular country) and other information (such as time of activation, use of functionalities) collected from the Services’ Users in a manner, which does not identify any one individually. This information will be used for marketing analysis, run contests, surveys and improvement of features and optimization of the Services.

Device information

The Services need access to a public or local wifi network through which the Device on which the Application is installed connects to other Devices. The User needs to permit this access otherwise we won’t be able to provide him/her the full functionality of the Services. By using the Services it is possible that we collect information related to the Device, where the Application is installed and through which the Service is accessed including related to

Notifications

By using the Service you may receive service messages (notifications) that could be related to certain functionalities of the Service, marketing and promotional activities, application updates and others. The User may disable the notificationd by using the settings of his/her device and the setting of the Application.

Google Account / Amazon Account

The Application is available for download and installation through Google Play. For using certain features of the Service (such as voice commands) there might be necessary for the User to download and install Google Home (available on Google Play) or Alexa (available in Amazon). By downloading and using the Application including through Google Home or Alexa you agree that personal information from your Google (Home) and Amazon Account might be accessed and processed. Any such information shall be used only for the purposes of providing you with the functionalities of the Application and its updates.

Log information

By the use of the Services log information is collected. That information includes, among other things:

USE of the Personal Information:

The Personal Data may be used for:

COOKIES

“Cookies” are pieces of information that may be placed on a User’s device by a service for the purpose of facilitating and enhancing the communication and interaction with that service. To the extent possible depending upon the device used by the User, the Service may use cookies (and similar items such as clear gifs, web beacons, tags, etc.) to customize the User’s experience, to make User’s access to the Application more convenient or to enable the enhancement of the Services. The Services may also use and place cookies on a User’s device from third parties in connection with the Services, such as an analytics provider that helps to manage and analyse the Services usage. The User may stop or restrict the placement of cookies on certain devices or flush them from a browser by adjusting the web browser preferences, in which case the User may still use the Services, but it may interfere with some of its functionalities. Cookies and similar items will not be used to automatically retrieve personal information without the User’s knowledge. Cookies are device and browser specific, so if the User makes a change to the User’s environment a cookie may be reinstalled.

THIRD Parties

Personal Data provided for the purposes outlined here above shall be processed - both with or without electronic means by subjects dully appointed by the Data Controller. In particular, for the above mentioned purposes the User’s data may be communicated to the following subjects:

SECURITY

The Data Controller and the Data Processor are using reasonable efforts to protect the Service from unauthorized access. The Data Controller and the Data Processor shall practice appropriate data collection, storage and protection practices and takes necessary security measures to prevent un-authorized access, alteration and disclosure of personal information. However, due to the inherent open nature of the Internet and wireless communications, no guarantee can be provided that the Personal Data will be completely free from unauthorized access by third parties, as when transferred over or through systems not within the exclusive control of the Data Controller or the Data Processor. The use of either of the Services demonstrates the User’s assumption of this risk. The Data Controller and the Data Processor shall put in place reasonable physical, electronic, and managerial procedures to safeguard the information collected. Only those employees who need access to the Personal Data in order to perform their duties are authorized to have access to the Personal Data whereas these employees are committed to non-disclosure obligations on the ground of their employment relation with the Data Controller / Data Processor.

DATA Retention

Personal information shall be retained for as long as it needed for providing the Services after which these could be processed only as de-personalized.

Non-personal information shall be retained for as long as there is business need for providing the Services.

RIGHTS of the User

The User has the right to obtain from the Controller, at any time, without delay:

The User is entitled to totally or partially oppose to:

The User may unsubscribe or opt-out from receiving future messages by sending a request to the following e-mail: support@shelly.cloud and the Data Processor/Data Controller shall process the request within a reasonable time after receipt. However, neither the Data Controller nor the Data Processor shall be responsible for removing the Personal Data from the lists of any third party who has been previously provided with Personal Data in accordance with this Privacy Policy and/or the User’s consent. The User shall contact such third parties directly.

OTHER SERVICES

As a convenience to the User, the Controller may provide links to third party services within the Services. Neither the Controller nor the Processor shall be responsible for the privacy practices or content of these third party services and such links should not be construed as an endorsement of any such third party services. When the User links away from the Services, the User does so at his/her own risk.

CHANGES to this Privacy Policy

ALLTERCO ROOTICS EOOD reserves the right, at its own discretion, to change, modify, add, or remove portions from this Privacy Policy at any time. ALLTERCO ROOTICS EOOD shall post such changes in the Application. The User agrees that it is his/her own responsibility to check periodically for such changes (to inform himself/herself regarding changes)

However, if at any time in the future the ALLTERCO ROOTICS EOOD plans to use Personal Data in a way that materially differs from this Privacy Policy, such as sharing such information with more third parties, the ALLTERCO ROOTICS EOOD shall post such changes at in the Application and provide the User with the opportunity to opt-out of such differing uses. The User’s continued use of either of the Services following the posting of any changes to this Privacy Policy means the User accepts such changes.

PRIVACY LAW

ALLTERCO ROOTICS EOOD servers are maintained in Bulgaria, European Union. By using either of the Services, the User freely and specifically provides his/her consent to his/her Personal Data to be collected, processed, stored and used in Bulgaria, according to the Bulgarian law, as specified in this Privacy Policy. The User understands that the data stored may be subject to lawful requests by the courts or the law enforcement authorities.

CONTACT

For questions or concerns related to privacy, the Data Controller and the Data Processor can be contacted as follows:

Data Controller

e-mail: support@shelly.cloud

Blvd. Bulgaria 109, floor 8, 1404 Sofia, Bulgaria

OTHER TERMS

This Privacy policy could be available in multiple languages. In case of inconsistency, the Bulgarian version shall prevail.

For all outstanding with the current Privacy policy questions, the active Bulgarian legislation shall apply.