Heat@Home Personal Data Protection Statement

1.General provisions

1.1.The Personal Data Protection Statement Heat@Home regulates the protection of end-user personal data with Heat@Home Service.

1.2.By using the Heat@Home Service, the user acknowledges that he is aware of the contents of the Personal Data Protection Statement and agrees to its terms.

1.3.Personal Data Protection Statement Heat@Home is available at www.nomnio.com.

1.4.Nomnio d.o.o., Razvanje, Tržaška cesta 85A, SI-2000 Maribor, Slovenia (hereinafter: provider), reserves the right to change or amend the Personal Data Protection Statement without prior notice. Unless otherwise specified, the amended Personal Data Protection Statement shall enter into force on the day of publication at the Nomnio d.o.o. website available at www.nomnio.com.

2.Definitions

In this statement, the terms used shall have the following meanings:

2.1.Contractual data processor is an organization or an individual, authorized by the data controller to process the users’ data for a specific task following the requirements of the data controller.

2.2.Data controller is the provider of Heat@Home Service.

2.3.General Terms and Conditions for using Heat@Home Service are terms and conditions of the service provider and are available at the Nomnio d.o.o. website www.nomnio.com.

2.4.Personal data is any data that relates to an individual, regardless of the form in which it is expressed.

2.5.Personal data processing means any operation or set of operations that are performed in connection with personal data, which is subject to automated processing or manual processing (processing means) of personal data collection or is intended for inclusion in the collection of personal data, in particular the collection, entry, editing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, communication, dissemination or otherwise making available, alignment or integration, blocking, anonymizing, erasure or destruction.

2.6.User is the end-user, i.e., a customer that uses Heat@Home Service.

2.7.ZVOP-1 is the Public-Private Partnership Act (OG RS, No. 94/07).

3.1.The legal basis for processing and collecting the personal data provided by the user is the user’s explicit consent. This statement specifies when the user’s explicit consent is deemed to have been provided.

3.2.Personal data of minors can be processed with their parent’s consent or the consent of their legal representatives. It is considered that the consent of the parents or legitimate representatives is provided if they, as the holders of the Heat@Home building, allow the minor to create a user account.

4.Data collected by the Heat@Home Application and the purpose of processing

The following user data is collected and processed:

4.1.Personal data of users:

4.1.1Full name
The data is processed to personalize the service, identify with the repairer, and provide technical support.

4.1.2Home address or address of the building where the device is installed
The data is collected to personalize the service, identify with the repairer, and provide technical support.

4.1.3Email
If the user registers with the Heat@Home Application with their email account, the data is processed for sign-in identification, notices on upgrades and other services performed by the provider, and promotional emails. The users can always choose to cancel the promotional emails by clicking the link at the bottom of the promotional email or by sending a written request to terminate this feature to the official email address of the provider.

4.1.4Social network profile information
If the user registers with the Heat@Home Application with their social network profile (Facebook, Google or Apple), the basic user profile information is collected. The type of information received depends on the user’s privacy settings, whereby the following data is included: user name, full name, email address, profile picture, gender, age, location. For identification at sign-in, the following data is collected, stored, and processed: full name, email address, profile picture. This Personal Data Protection Statement is completely independent of the privacy policy of the social network provider. The provider does not assume any responsibility for any misuse of personal data which is not exclusively in the provider’s domain and which does not relate to the use of the Heat@Home application.

4.1.5Telephone number
The user provides its phone number for notices on upgrades, technical support, and other notifications via text messages or calls.

4.1.6Country
The data is collected to personalize the service, identify with the Repairer, and provide technical support.

4.1.7IP address
The data is collected to prevent unwanted visitors (spiders, DDOD, etc.) and abuse. If an incorrect password for the user account is entered 10 times, the IP address through which the incorrect password was entered is blocked from accessing the service. The user is informed about the blocked access via email and can re-enable it.

The following data on user devices are collected and processed: Heat@Home communication module, controller, router IP address, MAC address, security protocol (WPA, etc.), SSID, signal strength.

4.2.1Technical data
The following data are collected and processed: device model, state of connectivity (online, offline), device software version, Wi-Fi network SSID, and the information about when the device was last connected (if offline).

4.2.2Device functioning
The following data are collected and processed: all status changes, i.e., measurements of temperature sensors, all status changes, i.e., measurements of relays, and heating system settings.

4.2.3Operational parameters of the controller
The following data is collected and processed:

User parameters of the controller operation: mode of operation (day mode, night mode, constant day/night temperature, heating off), user functions (party, eco, holiday), weekly heating schedule;

Configuration parameters of the controller operation.

Device data from Section 4.2. is processed to ensure the operation of Heat@Home Service, technical support, and services. Anonymous data are processed to develop and improve new and existing products and services, to provide better solutions for a more convenient and cost-efficient heating control, and for general analysis of Heat@Home Service usage.

5.Creating a user account in the Heat@Home Application

5.1.User account registration is performed following the General Terms and Conditions for using the Heat@Home Service available at the Nomnio d.o.o. website www.nomnio.com.

5.2.If the account registration is performed via email or social network, the Auth0 authentication (located in the EU) by Auth0, Bellevue, Washington, United States is used.

5.3.By registering, the users declare that they have read and understood the privacy policy of Auth0, which is available at https://auth0.com/security.

5.4.If more than one user account is created for one Heat@Home building, the holder of the Heat@Home environment (owner) cannot be a minor.

6.Data storage period and termination of user account

6.1.The provider will store personal data as long as necessary to achieve the purpose for which it was collected.

6.2.Furthermore, the provider will store personal data to process it for historical, statistical, and scientific research purposes, all in anonymized form, and shall erase them after the processing has been completed.

6.3.The user can, at any time, request an overview of its stored data or changes to stored data if they are incorrect or incomplete, and request the provider to erase them. The request for data access, modification, or deletion is made by the user in the manner specified in the General Terms and Conditions for using the Heat@Home Service, available at the Nomnio d.o.o. website www.nomnio.com. Upon the user’s request, the provider, as the data controller, will erase all data except for those required to be stored longer under the legislation.

7.Contractual data processors

7.1.Without a prior notice to users, the provider may entrust individual tasks of personal data processing to a contractual data processor who is registered for performing such an activity and who provides appropriate procedures and measures for personal data protection. The contractual data processor may perform individual tasks relating to the processing of personal data within its authorizations, and may not process personal data for any other purpose.

7.2.Under the provisions laid down in Article 63 ZVOP-1, the provider may supply personal data to the contractual data processors in a third country.

7.3.The user has the right to demand information on all contracted data processors from the provider. The user sends the request for information via email to support@nomnio.com. The provider undertakes to process the request in the period and manner set out by ZVOP-1.

8.Informing employees about personal data protection

8.1.The protection of personal data for Heat@Home users is ensured in such a way that all employees and all external associates of the provider are informed of the provisions of the provider’s internal rules that regulate the field of personal data protection as well as technical and organizational procedures for securing personal data, preventing unauthorized access or disclosure of such data, maintaining the accuracy and proper use of personal data.

9.Disclosure of data to third persons

9.1.The personal data controller is obliged to disclose the user’s data to competent authorities where the latter requires such disclosure based on legal authorization.

9.2.In the event of a reorganization, merger, or sale of the provider or the contractual data processor, it may disclose personal data within the scope of powers it possesses to a third party for the processing of personal data.

10.Inquiries on personal data protection

10.1.If you have any questions regarding the protection of personal data or access to personal data of Heat@Home, do not hesitate to contact us at support@nomnio.com.

10.2.The provider undertakes to answer all questions sent to the abovementioned email address within 10 working days.

11.Final provisions

11.1.The legal validity of these provisions, the relationship between the provider and the user, as well as resolving possible disputes, falls under the jurisdiction of the regulations in force in the territory of the Republic of Slovenia, except insofar as the regulations governing the field of consumer protection and which apply in the country of the user provide more comprehensive protection. All possible disputes shall be resolved by the court having jurisdiction at the place where the provider has its principal place of business.

11.2. Insofar as an individual provision of this Protection of personal data statement proves invalid, this does not affect the validity of other provisions.

11.3.Privacy policy can be modified due to changes introduced by the development of the Heat@Home Service. The users shall be notified of any changes to the Protection of personal data statement in advance via an email sent to the email address given upon creating a user account in the Heat@Home Application.

11.4.The Protection of personal data statement enters into force on 1.9.2024.