PRIVACY POLICY
IN CONNECTION WITH THE USE OF CLOUD JABLOTRON
(“Policy”)
No. PP_20231101
Effective from: 1 November 2023
Whereas:
(A) JABLOTRON CLOUD Services s.r.o., reg. No.: 047 86 645, registered office U Přehrady 3204/61 Mšeno nad Nisou, 466 02 Jablonec nad Nisou, Czech Republic, registered in the Commercial Register administered by the Regional Court in Ústí nad Labem, section C, file No. 36983 (“Provider”), is aware of the importance of protection of personal data and privacy of individuals;
(B) A user of Cloud JABLOTRON (“User”) uses it on the basis of a contractual relationship established by the acceptance of the General Terms and Conditions for the Use of Cloud JABLOTRON (“TCU”);
(C) In collecting, storing and otherwise processing Personal Data, the Provider proceeds in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as amended (hereinafter also referred to as “GDPR”), and the legal regulations of the Czech Republic;
(D) The purpose of this Policy is to fulfil the Provider's obligation to inform as a Data Controller towards Cloud JABLOTRON Users arising from the GDPR;
The Provider issues this Policy:
1. Terms
1.2. “Data Subject Concerned” for the purposes of this Policy means a User of Cloud JABLOTRON who is an identified natural person, and is thus in the position of a Data Subject with respect to the Provider.
1.3. “Controller” for the purposes of this Policy means the Provider, whose contact details are listed above under subpar. (A) and on the Website. The Controller may also be contacted at gdpr@jablotron.cz, or through the person responsible for the protection of Personal Data.
2.1. The Controller has appointed Data Protection Officer (DPO), who may be contacted using the electronic form available at https://gdpr.jablotron.cz/.
3. Purposes of the processing of Personal Data in Cloud JABLOTRON and the legal basis for the processing of Personal Data
3.1. The Controller processes Personal Data for the Purposes set out below:
|
Purpose of Processing of Personal Data |
Legal basis for Processing of Personal Data |
|
||
BASIC SERVICE (without functionality extension) |
||
|
1. setting up a User Account in Cloud JABLOTRON; 2. enabling the User to use the Services; 3. providing technical support in the use of Cloud JABLOTRON.
In the event that the User's Account is affected by Extraordinary Administration carried out with respect to another User's Account, the purpose of the processing of Personal Data by the Provider is also: 1. registration of Users’ Devices in Cloud JABLOTRON or, where applicable, logging out of the Devices from Cloud JABLOTRON; 2. remote configuration of the Device according to the User's request; 3. set-up and cancellation of User Accounts in Cloud JABLOTRON; 4. transfer of Accounts to a new User of the My COMPANY or JA PARTNER Modules; 5. billing of the price of the Services used. |
implementation of measures prior to the conclusion of the contractual relationship between the Provider and the User under the TCU and the subsequent fulfilment of the obligations arising therefrom. |
BASIC SERVICE with functionality extended by the MyCOMPANY Module |
||
|
1. setting up MyCOMPANY Module User Account in Cloud JABLOTRON; 2. enabling the User to use the Services; 3. drawing bonus offers from the Provider or Related Parties; 4. participating in the Provider’s partner systems; 5. providing technical support in the use of Cloud JABLOTRON.
In the event that the Account of a User – Installation Partner (IP) is affected by Extraordinary Administration carried out with respect to the account of another JA PARTNER Module User, the purpose of the processing of Personal Data by the Provider is also: 1. registration of Devices of Users – IPs in Cloud JABLOTRON or, where applicable, logging out of the Devices from Cloud JABLOTRON; 2. remote configuration of Devices of Users – IPs; 3. transfer of the Account of a User – IP to another JA PARTNER Module User;
In the event that the MyCOMPANY Module User Account is subject to Extraordinary Administration, the purpose of the processing of Personal Data by the Provider is also: 1. registration of Users’ Devices in Cloud JABLOTRON or, where applicable, logging out of the Devices from Cloud JABLOTRON; 2. transfer of the Account of a User – IP to another JA PARTNER Module User; 3. administration and cancellation of the Account of a User – IP in Cloud JABLOTRON. |
contract (TCU together with Special Terms and Conditions for the Use of the MyCOMPANY Module) concluded between the User and the Provider |
BASIC SERVICE with functionality extended by the JA PARTNER Module |
||
|
1. setting up JA PARTNER Module User Account in Cloud JABLOTRON; 2. enabling the User to use the Services; 3. providing technical support in the use of Cloud JABLOTRON; 4. participating in the Provider’s partner systems.
In the event that the JA PARTNER Module User Account is subject to Extraordinary Administration, the purpose of the processing of Personal Data by the Provider is also: 1. transfer of the JA PARTNER Module User Account to another JA PARTNER Module User; 2. administration and cancellation of the JA PARTNER Module User Account in Cloud JABLOTRON; |
contract (TCU together with Special Terms and Conditions for the Use of the JA PARTNER Module) concluded between the User and the Provider |
VIDEO SERVICES |
||
|
1. establishing a remote connection with the monitoring Device; 2. its set-up and administration; 3. enabling recordings to be made from the monitored areas; 4. verification of the situation in the guarded premises upon receipt of an alarm or other message by the surveillance centre; 5. billing of the price of the Services used. |
performance of the contractual relationship regarding the Video Service used by the User according to the TCU and further according to the Terms and Conditions for the Provision of Paid Video Services |
VEHICLE MONITORING – DRIVER’S LOG |
||
|
1. obtaining records of the movement of the vehicle and the proper functioning of the Service
|
performance of the contractual relationship according to the Terms and Conditions for the Use of the Driver’s Log Service and the TCU |
HOME AUTOMATION – GSM HEATING CONTROL |
||
|
1. establishing a connection between the relevant Devices of the User and the means used by the User to control them remotely; and 2. for the purpose of the proper functioning of the Service. |
performance of the contractual relationship according to the Terms and Conditions for the Provision of the GSM Heating Control Service and the TCU |
SDC (Security Data Connector) |
||
|
1. connection of the relevant Device to the telecommunication network and its connection to Cloud JABLOTRON, 2. proper functioning of the Service; 3. billing of the price of the Services used. |
performance of the contractual relationship according to the Terms and Conditions for the Use of the SDC Service and the TCU |
NOTIFICATION |
||
|
1. sending the required notifications to the telephone number specified by the User; and 2. billing of the price of the Services used. |
performance of the contractual relationship according to the Terms and Conditions for the Use of the Notification Service and the TCU |
MARKETING |
||
|
1. direct marketing (in particular sending selected commercial communications offering Provider's services by all means, including the use of electronic means of communication and conducting market research and evaluation) 2. direct marketing (in particular sending selected commercial communications offering products and service of the Provider’s Related Parties by all means, including the use of electronic means of communication and conducting market research and evaluation) |
Ad 1. legitimate interest of the Provider Ad 2. based on the User’s informed consent |
3.2. Pursuant to Art. 21(2) of the GDPR, the User has the right to object at any time to the processing of their Personal Data for direct marketing purposes; for details, see Article 6 of the Policy. To be able to use Personal Data for other marketing purposes, the Provider is obliged to request consent from the User; for details, see Article 7 of the Policy.
3.3. Data processed for statistical and analytical purposes:
3.3.1 The Provider uses Personal Data rendered anonymous for statistical and analytical purposes.
3.3.2 Processing of Personal Data rendered anonymous no longer constitutes processing of Personal Data within the meaning of the GDPR.
3.4. All of the aforementioned cases of processing, unless otherwise expressly stated in a specific case, are cases of processing in which the provision of Personal Data is necessary for the provision of the Service or, where applicable, the need for the provision Personal Data arises from a contract other than the TCU concluded between the Data Subject Concerned and the Provider. Failure to provide Personal Data in such cases is an obstacle to the provision of the Service or a reason for termination of the contract by the Provider.
4. Categories of Personal Data concerned, Period of Processing and sources of Personal Data
4.1. Processing of Personal Data concerns the following categories, which the Controller obtains from the sources listed below and processes for the periods set out in the table.
Category of Personal Data |
Period of Processing of Personal Data |
Source of Personal Data |
|
||
BASIC SERVICE (including functionality extended by Modules) |
||
1. login and password to the Account; 2. identification data of the User (in particular their name and date of birth); 3. the User's contact details (in particular their e-mail address and telephone number); 4. information on the User's Services (in particular their type and method of their use by the User); 5. address of the premises; 7. photographs – the physical appearance of persons in the monitored areas. |
for the duration of the User's Account, unless otherwise stated in the Policy |
· the data specified in subpar. 1 to 5 from the User, either as part of the Account set-up process or subsequent changes to the Account settings or when ordering the Services; the password for the first login to the Account is assigned by the Provider and the User has to change it thereafter; · the data specified in subpar. 6 and 7 from the Device. |
VIDEO SERVICES |
||
1. the physical appearance of persons in the monitored areas. 2. information on the movement and location of persons; 3. vehicle registration numbers; 4. User ID; 5. Device location; 6. MAC address of the Device; 7. Device name, 8. history of payments of the User for the Services; |
for the duration of the User's Account, unless otherwise stated in the Policy |
· the data specified in subpar. 3, 4, 8 from the User, either as part of the Account set-up process or subsequent changes to the Account settings or when ordering Services; · the data specified in subpar. 1, 2, 5, 6 and 7 from the Device. |
VEHICLE MONITORING – DRIVER’S LOG |
||
1. driver’s log data and their history; 2. vehicle traffic data, including location data; 3. name and surname of the person to whom the vehicle has been entrusted; |
for the duration of the User's Account, unless otherwise stated in the Policy |
· the data specified in subpar. 3 from the User, either as part of the Account set-up process or subsequent changes to the Account settings or when ordering Services; · the data specified in subpar. 1 and 2 from the Device. |
HOME AUTOMATION – GSM HEATING CONTROL |
||
1. history of payments of the User for the Services; 2. operational data (e.g. identification number of the Device, phone number of the SIM card placed in the Device, as well as data on the operation of the Device such as technical conditions or alarm events); 3. IP address; 4. Device location. |
for the duration of the User's Account, unless otherwise stated in the Policy |
· the data specified in subpar. 1 from the User, either as part of the Account set-up process or subsequent changes to the Account settings or when ordering Services; · the data specified in subpar. 2, 3 and 4 from the Device. |
SDC (Security Data Connector) |
||
1. history of payments of the User for the Services; 2. Device location according to BTS; 3. Device SIM card number. |
for the duration of the User's Account, unless otherwise stated in the Policy |
· the data specified in subpar. 1 from the User, either as part of the Account set-up process or subsequent changes to the Account settings or when ordering Services; · the data specified in subpar. 2 and 3 from the Device. |
SMS NOTIFICATION |
||
1. phone number of the notification recipient; 2. e-mail address of the notification recipient; 3. history of payments of the User for the Services; 4. operational data (e.g. identification number of the Device, data on the operation of the Device such as technical conditions). |
for the duration of the User's Account, unless otherwise stated in the Policy |
· the data specified in subpar. 1, 2 and 3 from the User, either as part of the Account set-up process or subsequent changes to the Account settings or when ordering Services; · the data specified in subpar. 4 from the Device. |
DIRECT MARKETING |
||
1. the User's contact details (in particular their e-mail address and telephone number); 2. information on the User's Devices (in particular their type and method of their use by the User); 3. information on the User's Services (in particular their type and method of their use by the User).
|
for the duration of the User's consent |
· the data specified in subpar. 1 from the User, either as part of the Account set-up process or subsequent changes to the Account settings or when ordering Services or from registration for events or meetings at exhibitions; · the data specified in subpar. 2 and 3 from the User's Account and registered Devices. |
4.2. Other Personal Data may be processed by the Provider on the basis of the User's consent. The User will be informed of the Personal Data involved before granting consent.
5. Categories of recipients of Personal Data
5.1. Recipients of Personal Data. In connection with the provision of Services in Cloud JABLOTRON, the Provider uses the services of other persons who may have access to Personal Data or, where applicable, may process them directly for the Provider. These persons are recipients of Personal Data. Such persons include:
5.1.2 The operator of the Provider's external communication centre, which processes the identification and contact data of the Data Subjects Concerned;
5.1.3 The operator of the data storage (cloud server solution) that processes all Personal Data in Cloud JABLOTRON;
5.1.4 The operator of the services of the payment gate that processes the Personal Data necessary to make payments for the Services (Verifone Payments B.V.);
5.1.5 Cloud JABLOTRON Users who have been granted access to their Devices by another JABLOTRON Cloud User and who process or receive Personal Data to the extent appropriate to the Device settings;
5.1.6 JABLOTRON Cloud Users using the MyCOMPANY or JA PARTNER Modules in the event that the Provider has made data about the Data Subject Concerned available to them as part of the Extraordinary Administration;
5.1.7 Important Partners of the Provider in the relevant territory when paying for the Services[AT1] ;
5.1.8 Contractual collaborators of the Provider in the field of accounting, tax, and legal agendas (in particular, the accounting service provider, tax consultant, auditor, attorneys and other legal specialists, debt collectors);
5.1.9 Insurance companies and insurance brokers / intermediaries in dealing with insurance claims;
5.2. Information about Recipients. At the request of a Data Subject Concerned sent using the contact form pursuant to art. 2 of this Policy, the Provider will provide details on the process of Personal Data processing.
5.3. Physical location of Personal Data. The Personal Data are located on servers and data storage facilities owned by the Provider, controlled by the Provider or controlled by persons with whom the Provider or its Processors or other Processors have a contractual relationship involving the processing of Personal Data and are located in the territory of the European Union, specifically in the Czech Republic, Germany, and the Netherlands. Servers and data repositories are maintained and managed with all the necessary professional care corresponding to the character and nature of Cloud JABLOTRON in accordance with EU and Czech legislation. The Provider has ensured an adequate level of security of servers and data repositories. Personal Data may be transmitted within these counties among individual technological and computing devices (including servers and data repositories) controlled or owned by the Provider.
5.4. Transfer of Personal Data outside the EU. The Provider may also involve international organisations and Processors located in third countries, i.e., outside the European Union or the European Economic Area, in the processing process.
6.1. Data Subjects may exercise the rights listed below against the Provider to the extent and under the conditions set out in Chapter III of the GDPR Regulation via the electronic form at https://gdpr.jablotron.cz/ or via email gdpr@jablotron.cz.
6.2. Right of access to Personal Data: Data Subjects have the right to obtain confirmation from the Provider whether or not the Provider processes Personal Data concerning the Data Subject. If the Provider processes them, the Data Subject has not only the right to access these data, but also the right to access other information (e.g. about the purposes and scope of the processing, about the categories of Personal Data processed or about their source) and the right to request a copy of the Personal Data processed.
6.3. Right to rectification: Data Subjects have the right to obtain from the Provider without undue delay the rectification of any inaccurate Personal Data concerning them.
6.4. Right to erasure: If any of the reasons set out by the GDPR (e.g., Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or the Data Subject’s consent is withdrawn), Data Subjects have the right to obtain from the Provider the erasure of Personal Data concerning them. This right, however, does not apply indefinitely; Personal Data will not be erased, for example, where they are processed based on a legal obligation arising from Applicable Regulations.
6.5. Right to restriction of processing: Data Subjects have the right to obtain from the Provider restriction of processing in cases defined by the GDPR.
6.6. Right to data portability: In the event that Personal Data are processed by automated means and on the basis of the Data Subject’s consent or a contract, the Data Subject has the right to have the Provider provide the Data Subject with the Data Subject’s Personal Data in a structured, commonly used and machine-readable format, as well as the right to transfer such data to another Controller or to have the Provider provide such data to another Controller directly, if technically feasible.
6.7. Right to object: Data Subjects have the right to object, on grounds relating to their particular situation, at any time to the processing of Personal Data concerning them where the Personal Data are processed because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or it is necessary for the purposes of the legitimate interest of the Provider or a third party. Data Subjects also have the right to object to the processing of their Personal Data for direct marketing purposes.
6.8. Automated individual decision-making, including profiling: Data Subjects have the right not to be subject to any decision-making based solely on automated processing, including profiling, which has legal effects on them or significantly affects them in a similar manner. However, this right does not apply in all cases, for example, if the decision is necessary for the conclusion or performance of a contract between a Data Subject and the Provider.
6.9. Right to withdraw consent: Where the processing of Personal Data is based on consent granted, that consent may be withdrawn at any time. Withdrawal of consent, however, does not affect the legality of processing before the withdrawal (i.e., the withdrawal does not have retroactive effects). Consent to the processing of Personal Data granted to the Provider may be withdrawn either in the settings of the MyJABLOTRON Application or at https://gdpr.jablotron.cz/. Account cancellation or deactivation can also be requested in the same manner.
6.10. Right to lodge a complaint. Without prejudice to any other remedies, Data Subjects have the right to lodge a complaint with the supervisory authority (Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Praha 7, Czech Republic) if they believe that the processing of their Personal Data violates the GDPR.
7. Direct communications to the User, Cookies
7.1. Sending operational communications. The Provider is entitled to send the User (i) email messages to the Email Address; (ii) SMS/MMS messages to phone numbers, concerning any acts, events or facts related to Cloud JABLOTRON, Services used by the User or the Devices if these messages are related to the functionality of the Software or its use. These communications are not subject to any consent of the User.
7.2. Commercial Communications. In accordance with Applicable Regulations, the Provider is entitled to send Users Commercial Communications in the form of email messages and marketing materials to contact details provided by Users in relation to similar products and services Users have purchased from the Provider or have used. That authorisation, however, only lasts where (i) Users have not refused it; or (ii) Users have provided consent to receiving Commercial Communications. If User agree, the Provider may also send them information about other products and Services of the Provider and its related parties.
7.3. The User has the option to refuse the sending of Commercial Communications at any time. Such option will also be indicated in each individual Commercial Communication. Consent can also be withdrawn at any time in the Account settings.
7.4. Cookies. Some of Personal Data are contained in the cookies used by the Provider in Cloud JABLOTRON. Details on the use of cookies are provided directly in the MyJABLOTRON application or at https://gdpr.jablotron.cz/.
8. Governing Law
8.1. The Policy is governed by directly applicable regulations of the European Union and Czech law.
9. Policy updates
9.1. The Provider is entitled to modify or update the Policy from time to time. Any changes to the Policy will become effective upon publication of the updated version of the Policy via the Cloud JABLOTRON Services. If the Provider makes changes to the Policy that it considers to be fundamental and that require the User's consent in accordance with applicable law, the Provider will inform the User through the Cloud JABLOTRON Services and, if applicable, request the User's consent.
* * *