Stone Connect
PRIVACY POLICY
This privacy policy (“Privacy Policy”) describes how IRCA S.p.A., as Data Controller, an Italian company with offices at Via Podgora, 26, – 31029 Vittorio Veneto (Treviso, Italy), Italian VAT n° 01168660262 (“IRCA”) collects, uses and processes information from the user (“User”) of the “Stone Connect WiFi” / “Stone Connect BLE” / “Olle Connect” / “Deltacalor Comfort” software applications (“Apps”) in connection with IRCA radiators and electrical towel rails (“Products). The App’s purpose is to allow users of IRCA Products to control, monitor, manage and communicate with their Products through mobile smart devices (i.e. smartphones and tablets) via Bluetooth Low Energy (BLE) (applicable for “Stone Connect BLE” / “Olle Connect” / “Deltacalor Comfort Apps”), and Wi-Fi (applicable for “Stone Connect WiFi App”) .
Among such information are certain User’s personal data and other non-personal information.
The User’s personal data shall be processed pursuant to the Italian Legislative Decree n° 196 of 30/06/2003 (“Privacy Code”) and art. 13 of the EU Regulation n. 2016/679 (“GDPR”) in accordance with the principles of necessity, transparency, fairness and proportionality. In compliance with Article 13 of Legislative Decree 196/2003 and art. 13 of the EU Regulation n. 2016/679, the following information is hereby provided with regard to the User’s personal data that may be processed by using the App.
a) Types of data that may be processed
a.1) Browsing information
The IT systems and software procedures involved in the App’s operations, will regularly receive certain personal data, whose transmission is implied through the use of web communication protocols. Such data, if combined with other data held by third parties, may identify the User. Examples of such data are IP addresses and domain names in the User’s devices.
a.2) Personal data provided by the User to register an account with the App: User’s email address; user ID and password.
a.3) Other data (personal or non-personal) regarding the User’s Product and/or the User’s home or place where the Product managed through the App is located. For example:
- User’s home address or city/postal code
- location of the Product at User’s home
- information about the User’s heating and cooling system (e.g. temperature, performance, energy consumption, etc.)
- information about the User’s Product (such as for example Product model and serial number, Product software version, technical information such as battery charge level).
b) Purposes of data processing pursuant to art. 6 of the EU Regulation n. 2016/679
The User’s email address, ID and password, are necessary information in order for the User to create an account and use the App.
Browsing information is also necessary for the App to function and provide its services.
The User will not be able to use the App if the above information is not provided.
The User’s email address (as provided during the account registration process) will not be used by IRCA to send the User communications, alerts, reminders, and newsletters or updates on IRCA’s activities and products.
Information about the User’s Product and User’s Installation are necessary in order to allow the App to perform its remote functions, and are also required to provide the User with improved Product and App functionalities.
For example, the temperature and other functionalities of the User’s heating and cooling system are required to provide the User with statistical/historical reports. Such information is fully encrypted.
The User’s home address (or the address of the other place where the Product is properly located and used) will help IRCA to determine the nearest local weather station.
The User’s Product information (e.g. Product model and serial number, Product software version, technical information such as battery charge level) are required in order to help troubleshoot any problems the User may have with the Product.
Should the User not provide such information, the User may not be able to use the App and/or the App’s functionality and effectiveness would be substantially reduced.
c) How personal data may be processed
The processing of your personal data will be done through the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data will be processed by electronic and / or automated tools.
The Controller will process your personal data for the time necessary to fulfil the purposes referred to in art. b) and in any case for no more than 10 years from the termination of the contractual relationship, also with regard to personal data acquired for marketing purposes. At the end of the aforementioned period the data will be deleted or made anonymous.
The User’s data will be collected, processed and stored on the IRCA web server. Your personal data will be stored on servers located within the European Union. In any case it is understood that the Data Controller, if necessary, will have the right to move the servers even extra-EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.
d) Communication and disclosure of data to third parties
The User’s data may be disclosed by IRCA to third parties carrying out technical services on Products, to the App developers, to third parties software and other providers, to Product resellers, suppliers and assemblers.
e) The Data Subject may exercise the rights provided for by Article 7 of the Legislative Decree 196/2003 and art. 15 GDPR, i.e.:
- The right to obtain confirmation as to whether or not personal data concerning him exist, regardless of their being already recorded, and communication of such data in intelligible form;
- The right to be informed: a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if the latter is carried out with the help of electronic means; d) of the identification data concerning data controller, data processors and the representative designated as per Section 5(2) of the law and art. 3 GDPR;
f) of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
- The right to obtain:
a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
- The right to object, in whole or in part: a) on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection; b) to the processing of personal data concerning him/her, where it is carried our for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.
- Where applicable, it also has the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of processing, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.
f) Modalities of exercise of rights
You may exercise the rights referred to in point e) above by sending:
- A registered letter R / R to the company IRCA SPA, Via VIA PODGORA 26., 31029, Vittorio Veneto , TV, ITALY.
- An email to the address antonio.demoliner@zoppas.com which must be followed within the next 48 hours
by a registered letter R/R at the address above.
g) Data Controller is IRCA S.p.a., with offices at Via VIA PODGORA 26., 31029, Vittorio Veneto , (Treviso, Italy). IRCA may be contacted at antonio.demoliner@zoppas.com with any questions concerning this Privacy Policy.