ICO Mobile Application Privacy Policy

1. Introduction

Ondilo takes the utmost care to protect the personal data it collects.

This Policy is intended for people downloading our BWT Pearl Water Manager Mobile Application – The Connected Island (hereinafter “the Application”) in order to connect their connected object, as presented on the website accessible at www.ondilo.com or in the commercial documentation (the “Connected Object”). https://ondilo-dev.ravendt.net/en/ or in the commercial documentation (the “Connected Object”).

As part of our commitment to protect your personal data in a transparent manner, we want to inform you :

– how and why Ondilo uses and stores your personal data through the Application it offers;

– the legal basis under which your Personal Data is processed; and

– of your rights and our obligations with respect to such processing.

2. In what context do we collect personal data?

As part of its activity and the Connected Objects offered for sale, Ondilo offers its customers the download of its Application through which Ondilo collects data.

This private data is grouped into 2 categories:

  • Personal data: data that allows the identification, directly or indirectly, of a person, collected during the downloading of the Application and the configuration of the Application, data for which Ondilo is responsible for processing;

  • Data collected through the Connected Object: data relating to water quality (acidity, disinfection, minerality, temperature) collected by the Connected Object, data for which Ondilo acts as service provider.

3. What personal data do we process and for what purposes?

In the context of the processing of personal data, Ondilo collects and processes the following data for the purposes detailed below :

Purpose of the treatment

Categories of Personal Data Processed

Legal basis of the processing operation

Customer Relationship Management

Last name, first name,

email, password

The Processing is necessary for the performance of the contract that binds us or for carrying out measures prior to the conclusion of a contract with you, or because we have a legitimate interest in the Processing in order to provide you with services.

Management and follow-up of customer requests

Name, first name, email, phone number, country, place of purchase of the product, UUID of the product, status of private or professional, details of the request, type of request, OS used, history of requests.

The Processing is necessary for the performance of the contract that binds us or for carrying out measures prior to the conclusion of a contract with you, or because we have a legitimate interest in the Processing in order to provide you with services.

Management and follow-up of customer requests

Pool/SPA data : Treatment of the pool/SPA, type of pool/SPA, average number of users of the pool/SPA, stock of disinfectant and/or other maintenance products, size of the pool/SPA, time of presence and absence, location of the pool, average water temperature and in real time, consumption of disinfectant and/or other cleaning products over the season, consumption status of the cleaning products, alkalinity level, ORP level, hardness level, conductivity level, Ph, chlorine or bromine, salt level and average use time of the pool/SPA over the year. The pool/spa equipment present such as cover, cover, shelters, pump model, type of stairs, chlorinator, pH control, ozonator, brominator, uV lamp, filter type and model. Rate of filter replacement or cleaning. Packaging of disinfectant and/or other cleaning products. Pool or spa coating (liner, tiles, shell, acrylic, abs, …).

The Treatment is necessary for the provision of the service, but also in our legitimate interest. Concerning the geolocation data, they are collected only with your consent.

Data collected through the Connected Object: operating system of the smartphone, UUID number, place of purchase of the Connected Object, IP addresses, location data (depending on the permissions you have granted us)

Management and follow-up of recommendations

Customer recommendation based on data collected through the Connected Object and the customer information provided

The Treatment is necessary for the provision of the service, but also in our legitimate interest.

Service Improvement

Analysis of the profile, interests and behaviour of users, as well as on the measures carried out by the Connected Object in order to improve the content and functionality of the services, and to better understand customer needs.

The processing of this data is carried out in our legitimate interest but on the basis of anonymised and non-identifying data.

4. Recipients of your data

Ondilo considers that personal data and privacy are central to the relationship with its customers.

Ondilo. The personal data that we collect directly or through the Connected Object (your data), are intended for us and allow access to services and monitoring of the use of these services. In this context, we may use your personal data as well as the data collected in the context of providing the service in order to provide you with personalised analysis and advice.

Retailers. In the context of certain partnerships, Ondilo may share your data with the reseller or distributor from whom the Connected Object was purchased, or, in the context of a Connected Object purchased on our website, Ondilo may transfer your data to certain distributors and resellers for the purposes of providing and monitoring the service. The distributor and/or reseller undertakes not to use your data for commercial purposes. Furthermore, under no circumstances may the distributor or reseller resell your data.

Providers. We ensure that only authorised persons have access to this data. Our service providers may receive this data in order to perform the services we entrust to them. Some personal data may be forwarded to third parties or legally authorised authorities in order to fulfil our legal, regulatory or contractual obligations.

They may be communicated to these entities for the purposes set out in this privacy policy. These operations are carried out on the basis of instruments that comply with the applicable regulations and are capable of ensuring the protection and respect of your rights.

Partners. In addition, data collected through Connected Items may be shared with a smart assistant in your home, such as Alexa, Google Home, or others, if you choose to do so.

In this context, data may then be shared with these partners, subject to your consent and within the framework of the privacy policy issued by each of the intelligent assistants with which you will interface the Connected Object. We invite you to read the privacy policy governing the collection of personal data from these intelligent assistants to which you agree to submit by interfacing the Connected Object.

Buyer. Finally, in the event that Ondilo is purchased by a buyer, your data will be transferred to the buyer. The Acquirer shall in turn be bound by the same obligations to store and modify data with respect to the user of the Application and its linked sites as those set out in this Privacy Policy.

5. How long we keep your data for

The retention periods we apply to your personal data are proportionate to the purposes for which they were collected.

The length of time we retain personal data is variable and determined by various criteria, including :

– the purpose for which we use them: Ondilo must keep the data for the period necessary to fulfill the purpose of the processing ;

and

– legal obligations: legislation or regulations may set a minimum length of time for which we must retain personal data.

We organise our data retention policy according to these criteria and make it available to you.

Furthermore, your data is kept until you request its deletion. If you request deletion, all your data will be permanently deleted within 30 days of your request. In the event of deletion of your account, Ondilo will however keep anonymised data for the purposes of improving service and statistics. However, if you have deleted your Ondilo account and wish to use our Products and Services again, you simply need to create a new account.

6. Ondilo’s commitment

As part of the provision of the service, Ondilo, acting as a service provider on behalf of its client, undertakes to : (i) Process the data solely for the purpose(s) for which the service is provided; (ii) Process the data in accordance with the instructions of the client; (iii) In the event that Ondilo is required to hire subcontractors to provide services for which personal data is processed, to inform the client; (iv) Guarantee the confidentiality of the data processed; (v) Ensure that its staff involved in the processing of personal data is fully informed of this fact: – undertakes to respect the confidentiality of the data processed by way of contract; – receives the necessary training in the protection of personal data; – undertakes to take commercially reasonable measures to ensure the reliability of any member of staff involved in the processing of personal data; (vi) notifies the client of any violation of personal data as soon as possible after becoming aware of it; (vii) Assist the customer, to the extent possible, in fulfilling its obligation to comply with requests to exercise the rights of data subjects and transmit to the customer, upon receipt, any request for exercise of the rights of a data subject; (viii) Make available to the customer the documentation necessary to demonstrate compliance with its obligations under applicable regulations. In addition, Ondilo undertakes to implement the technical and organisational measures guaranteeing a level of security appropriate to the risk, in particular : (a) The means to guarantee the confidentiality, integrity, availability and constant resilience of the processing systems and services; (b) The means to restore the availability of and access to personal data within an appropriate timeframe in the event of a physical or technical incident; (c) A procedure to regularly test, analyse and evaluate the effectiveness of the technical and organisational measures to ensure the security of processing. (ix) Depending on the choice of the customer, once the service has been terminated, to delete all personal data or to return them to the customer; existing copies shall be destroyed, unless Union law or the law of the Member State requires the retention of personal data.

7. Your rights

1. Your right to information

You acknowledge that this Privacy Policy informs you of the purposes, legal framework, interests, and recipients or categories of recipients with whom your personal data is shared.

If we decide to process data for purposes other than those indicated, you will be informed of these new purposes.

2. Your right to access and rectify your data

You have the right to access and correct your personal data.

In this respect, you have confirmation whether or not your personal data are processed, and when they are processed, you have access to your data as well as to information concerning :

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients as well as the international organisations to whom the personal data have been or will be communicated, in particular recipients who are established in third countries ;
  • where possible, the envisaged period of retention of the personal data or, where this is not possible, the criteria used to determine that period;
  • the existence of the right to ask the data controller for the rectification or deletion of your personal data, the right to request a restriction on the processing of your personal data, the right to object to such processing ;
  • the right to lodge a complaint with a supervisory authority;
  • information on the source of the data when they are not collected directly from the data subjects;
  • the existence of automated decision making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and intended consequences of such processing for the data subjects.

You may request that your personal data be, as the case may be, rectified or completed if they are inaccurate, incomplete, equivocal or out of date.

3. Your right to have your data deleted

You may request us to delete your personal data when one of the following reasons applies:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • you withdraw the consent previously given;
  • you object to the processing of your personal data where there is no legal ground for such processing;
  • the processing of personal data does not comply with the provisions of the applicable laws and regulations;
  • your personal data has been collected in the context of providing Information Society services to children under the age of 16.

Nevertheless, the exercise of this right will not be possible when the retention of your personal data is necessary under the terms of legislation or regulations and in particular for example for the establishment, exercise or defence of legal rights.

4. Your right to limit data processing

You may request the limitation of the processing of your personal data in the cases provided for by laws and regulations.

5. Your right to object to data processing

You have the right to object to the processing of personal data concerning you when the processing is based on the legitimate interest of the controller.

6. Your right to portability of your data

You have the right to the portability of your personal data

The data on which this right can be exercised are :

  • only your personal data, which excludes anonymized personal data or data that does not concern you;
  • the declarative personal data as well as the personal operating data mentioned above;
  • personal data that does not infringe on the rights and freedoms of third parties, such as those protected by business secrecy.

This right is limited to processing based on consent or a contract as well as to personal data that you have personally generated.

This right does not include neither derived data nor inferred data, which are personal data created by Ondilo.

7. Your right to withdraw your consent

Where the data processing we carry out is based on your consent, you may withdraw it at any time. We will then stop processing your personal data without jeopardizing the previous operations for which you consented.

8. Your right to appeal

You have the right to file a complaint with the CNIL on French territory, without prejudice to any other administrative or jurisdictional recourse.

9. Your right to set post-mortem guidelines

You have the option to set guidelines for the storage, deletion and disclosure of your personal data after your death to a trusted, certified third party who is responsible for enforcing the wishes of the deceased in accordance with the requirements of the applicable legal framework.

10. How to exercise your rights

All the rights listed above can be exercised at the following email address rgpd@ondilo.com or by mail with a copy of an identity document to the following address Ondilo: 162 Avenue Robert Schuman ZA la Pile, 13 760 Saint-Cannat – France.

Nevertheless, with regard to the exercise of the right to information, we may not be obliged to act on it if :

  • you already have this information;
  • the registration or communication of your personal data is expressly provided for by law ;
  • the communication of information proves impossible;
  • the provision of information would require disproportionate efforts.

8. How do we protect your personal data?

All useful precautions are taken to ensure the security and confidentiality of your personal data, in particular to prevent their loss, alteration, destruction or use by unauthorised third parties.

In addition, we require service providers and subcontractors who may have access to personal data to implement appropriate technical and organisational security measures with regard to such personal data.

9. Update

We reserve the right to amend this policy to reflect changes in various regulations and practices.

Any changes we make to our policy will be directly accessible through the Application under the heading “Privacy”.

In order to ensure that you always have the latest version, we invite you to consult this section regularly.

In order to ensure that you always have the latest version, we invite you to consult this section regularly.