1. Summary
Heimgard Technologies AS (“the Supplier” or “we”) offers network equipment, an Internet of Things “IoT” platform and associated mobile applications under the Heimgard brand that allow the end user (also called “User” or “you”) to control their network and IoT devices, either locally or via the Internet, hereinafter referred to as “the Service”.
It is important to us at Heimgard Technologies that you know what information we process about you when you visit our websites heimgard.com and heimgardtechnologies.com, and purchase and use our Services, and that you feel confident that your privacy is well taken care of. This privacy statement provides you with information about the personal information that is collected, why we collect the information, how it is processed, and your rights related to the processing of personal data.
What the Service includes depends on which Products and Services you have purchased. The general Services are described on heimgard.com, and for you they are described in your order confirmation.
2. Definitions
The Apps: A selection of mobile applications for networks and / or smart homes created by the Supplier with licensors that allow the Product to be used by the User with access to associated Services for the Product for as long as the Agreement lasts. The Customer uses the Apps to control the Customer’s Hub or Smart Router / Mesh. The Supplier’s offered Apps are described on the Supplier’s website heimgard.com.
Agreement: This Agreement for the Product with the Services including the Terms of Use for the App and the Services.
Subscription price: The period price for the Basic Service or other Subscription Services for the Product that the Customer has purchased from the Supplier. Paid in advance for each Period.
Subscription services: What you order in addition to the Basic Service
The Basic service: The Basic Service contains a set of standardized services associated with a purchased Product. The Basic Service can be offered in subscription form in the App and will be specified in more detail in the product description. Unless otherwise stated for a Product, the Basic Service consists of free non-exclusive use for the Customer of the Apps for the Products that the Customer has purchased from the Supplier.
User: User of the Services via the Apps from the Provider.
Terms of Use: The general terms of use for the use of the Apps available on the Supplier’s website heimgard.com and for the associated Services to which the User has legal access.
Cloud solution: The part of the Service that consists of a cloud solution provided by other providers (Google Cloud is used for data storage, and other providers’ networks are used for communication between the Products, Apps and the Services). When the Customer is away from their local network, data can be forwarded from the Apps to the Customer’s Hub or Smart Router / Mesh where anonymous usage data is stored in the cloud service.
Hub: The supplier’s home center for smart homes / “IoT” for connecting the system and the Service. In order for the Service to be available to the Customer, the Customer must use an activated Hub. Activated Hub means a Hub that has pre-installed software on the product (firmware) from the Supplier so that the Hub can work together with the Apps and Services from the Supplier.
The Customer: The natural person (private person) or the legal entity registered with the Supplier who purchases the Product and thus the recipient of the Services.
Supplier: Heimgard Technologies AS with organization number 985 439 419 and business address Sommerrogata 13-15, N-0255 Oslo.
Delivery address: Current address where the Customer has registered that the Product is to be delivered to.
Installation address: Current address where the Customer has registered that the Product and Service is used. Such address can be changed by the Customer in the Apps.
The Parties: The parties to this Agreement, i.e., the Customer and the Supplier.
Period: Period for payment of Subscription Price. Unless otherwise stated, a Period is considered a calendar month for as long as the Agreement lasts.
The Products: The physical products that the Customer has purchased from the Supplier. As a minimum, Hub or Smart Router / Mesh must be purchased for the Services to work. The products are specified in the Supplier’s order confirmation or in another way for the individual purchase. The Supplier’s offered products are described on the Supplier’s website heimgard.com.
Smart Router / Mesh: The provider’s home network solution for wireless (Wi-Fi) and wired (Ethernet) Internet sharing. The device also has a built-in smart home Hub to connect to your IoT devices. In order for the Service to be available to the Customer, the Customer must use an activated Smart Router / Mesh device. Activated Smart Router / Mesh means a Smart Router / Mesh device that has pre-installed software on the product (firmware) from the Supplier so that the Smart Router / Mesh device can work together with the Apps and Services from the Supplier.
The Services: The Services that the Supplier provides to the Customer, related to the Product, using the Apps. The services are specified in the Supplier’s order confirmation or in another way for the individual purchase. The general services are described on the Supplier’s website heimgard.com. The services consist of several components which together with the Products enable the Customer to have their own smart home solution: Internet-of-Things (“IoT”) platform which allows the Customer to control their IoT devices, either locally or via the Internet, including App, Hub or Smart Router / Mesh and Cloud solution. The Supplier’s Basic Service is the very basic module of these services. In addition to the Basic Service, the Supplier may offer the Customer additional services, e.g., the special service Boligalarm or other Subscription services.
3. Who is the Data Processor?
Heimgard Technologies AS with organization number 985 439 419 and business address Sommerrogata 13-15, 0255 Oslo (the “Supplier”), by the CEO, is responsible for all processing of personal data carried out through the Apps, the Service and on the website heimgard.com.
The responsibility for the daily follow-up of compliance with the regulations lies with the Privacy Coordinator at the Supplier. For questions you may have about the Supplier’s processing of your personal information, you can contact the privacy coordinator by sending an e-mail: personvern@heimgard.com
4. About the Supplier’s processing of personal data
We take your security and privacy seriously. The provider’s policy is to make it as difficult as possible to misuse your personal data. We do this, among other things, by having an authorization system that does not require personal information to work – you can download and use the Apps without sharing your personal information with others. In order to activate additional functionality (such as push notification) in the Apps or use the Services as described on heimgard.com, it is necessary that the Supplier processes certain personal information. An example is that we must know the address for delivering products you buy from us to the delivery address so stated, and we must take care of purchase information that Norwegian law requires for such purchases.
When you use the website heimgard.com, heimgardtechnologies.com, the Apps or other Services, the Provider will in some cases process personal information about you. The privacy statement explains to you what personal information the Supplier processes about you in connection with these different ways of being a Customer.
We try to avoid the processing of your personal data (including, but not limited to, name, telephone number, home address and e-mail) or data that can be used to identify the Users in our cloud solution. The provider undertakes not to sell or misuse your personal information. If we need to store personal information about you, we will ensure good processing security such as encryption of data storage services so that your information is not lost in the event of data breach.
The transfer of personal information will take place encrypted, end-to-end, through the cloud solution. Such information can only be decrypted by the sender or recipient, making it impossible for unauthorized users to obtain information that can be read from the cloud solution. The Provider has taken adequate measures to protect the User’s privacy, including physical, technical, and organizational measures to prevent loss, alteration, theft, and unauthorized access to information. The apps are designed with built-in privacy, so-called “privacy by design” and “privacy by default”.
Some of the features of the Apps are not possible to deliver without processing personal information. For example. to provide an SMS alert on your phone when your Hub or Smart Router / Mesh is offline, we need to retrieve and store your phone number. Such functionality that is not necessary to provide you with the agreed Services, is only activated with your prior consent, and you manage your consents via the Apps. You choose whether functions that require the processing of personal data should be on. You can give and withdraw your consent to these functions at any time through the settings in the Apps.
5. What personal data is processed?
5.1 Introduction
When you use the website heimgard.com, heimgardtechnologies.com and the Services, the Supplier will in some cases process personal information about you. This part of the privacy statement gives you detailed information about what personal information the Supplier processes about you in connection with these different ways of being a Customer.
In those cases where the Supplier processes personal data about you, this is the personal data that is processed: First and last name, address, e-mail address, telephone number and other contact information as well as payment information. The provider may also collect your IP address and other information about your device for administrative purposes, see Cookie Policy. In case you want to pay by invoice, you must also provide your social security number.
Some Services involve the Provider processing more personal information about you. If you e.g. If you choose the special service Boligalarm, you must register your personal information with the alarm company that provides such an alarm service that is part of the Boligalarm service.
5.2 The Apps
You can use the Apps without registering an account and provide personal information such as name and contact information to the Supplier.
Certain services require the Provider to process personal information, including the cloud service operated by Google Cloud. If you store video in the cloud service, this could mean that personal information is stored if there are people who are identifiable in the video.
5.3 Purchase of Products
When you buy Products on heimgard.com or through a retailer, the Supplier processes personal information about you to ensure that you are who you claim to be, to be able to obtain payment and to be able to complete the purchase.
In these cases, the Supplier and sub-data processors process the following personal information: name, address, e-mail address, telephone number and other contact information, payment information. If you want to pay with a Klarna invoice, you must also provide a social security number. For the cases where you are to receive the Product, the charterer will also process personal data.
5.4 The Services
Depending on what you do, it is different what personal information the Supplier processes about you. For other services that are eventually added to heimgard.com or in the Apps, it will be relevant for the Supplier to process more personal information about you.
If you purchase a Home Alarm, the Supplier will have to process more personal information about you in order to fulfill the Agreement you have entered into regarding these Services. The supplier will also transfer personal information to Avarn Security AS (“Avarn”), which provides Boligalarm.
If you purchase Boligalarm, the Supplier will process the following personal information about you:
Name, address where Boligalarm is installed and emergency calls are made, telephone number, e-mail address, credit card information.
Name and telephone number of the contact person to be called, if Avarn does not get in touch with you in the event of an emergency.
5.5 Heimgard.com and heimgardtechnologies.com
The websites heimgard.com and heimgardtechnologies.com process personal information about you in order to maintain your user session and whether you have consented to cookies. In addition, the Supplier keeps statistics about visitors to the site and analysis of how visitors use our websites.
To the extent we use Cookies, this is explained in our Cookie Policy on the above websites.
6. The purpose of processing personal data
The provider may in some circumstances collect or otherwise process personal information about you. The purpose of processing personal data is primarily to fulfill the Agreement with you. The agreement is that the Supplier shall deliver the agreed Products and Services to the User.
The Provider’s purposes of processing personal data about Users are:
To fulfill the Agreement with you, that is, to enable you to use the Service and complete your purchase of Products.
To carry out communication with the User, depending on user activity from the Customer, e.g., that the Customer changes settings in the Apps.
To notify the User of relevant changes to the Service, the Terms of Use or this Privacy Statement.
To comply with requirements in the Purchase Act, the Accounting Act, the Accounting Act or other Norwegian law or regulations.
For other purposes we will notify you specifically at the time of collection or as described in this Privacy Statement or as permitted or required by law, rule, regulation, or other legal process.
7. The legal basis for processing
7.1 Agreement as a basis for processing
The Supplier will use your personal information to the extent necessary for the Supplier to be able to deliver (administer and operate) the Products and Services, including the Website and the Apps.
The Supplier collects and processes personal information with the Agreement you enter into with the Supplier as a basis for processing. The agreement consists of the Terms of Use and Privacy Policy for the Apps, and the Purchase Agreement for Products and Services. The agreement is considered entered into when you have installed one of the Apps, and you tick the box that shows that you have approved the Terms of Use and Privacy Statement for the App. For Purchase Agreement, the Agreement is entered into as you approve the terms of purchase and complete your purchase.
7.2 Consent as a basis for processing
You can give a voluntary, express, and informed consent in the App or on the website that the Supplier uses your contact information to send you SMS notifications and other important information by SMS, and / or push notifications. You can also consent to custom marketing. The consent can be withdrawn at any time, by changing the settings in resp. The app or on the website. Consent as a basis for processing applies when the purpose of the processing of the information falls outside what is necessary to fulfill the Agreement with you or administer you as a User.
7.3 Legislation as a basis for processing
In some cases, the Supplier has a statutory duty to process your personal data. In that case, the processing basis for the processing of your personal data may be law. This is relevant in those cases where the Contractor is required to store certain personal information, for example in connection with customer control, investigation and reporting in accordance with the Money Laundering Act. We are obliged to comply with, among other things, the Purchase Act, the Accounting Act and the Accounting Act.
8. How long does the Supplier store personal information about you?
The provider stores your personal information for as long as it is necessary for the purpose for which the personal information was collected.
This means, for example, that personal data that the Supplier processes on the basis of your consent is deleted immediately if you withdraw your consent. Personal information The Supplier processes to fulfill an agreement with you is deleted when the Agreement is fulfilled and all obligations arising from the contractual relationship are fulfilled. However, personal information will be stored for as long as is necessary to fulfill the purpose of the processing or statutory obligations of the Supplier.
9. Third-party services – disclosure of personal information
You may choose to integrate third-party services (“Third-Party Services”) into the Service. Providers of such Third-Party Services should have their own Privacy Statement. Although the Supplier may, at your request, share personal information with such third parties, the Supplier is not responsible for the third-party’s handling of personal information. We recommend that you familiarize yourself with third-party services’ Privacy Statement and Terms of Use.
10. Disclosure of personal information to others
The supplier does not pass on your personal information to others unless there is a legal basis for such disclosure. Examples of such a basis would be the Agreement with you or a legal basis that requires the Supplier to release the information.
Disclosure of personal information may also take place in connection with a business transfer, merger, acquisition, merger, or division of the Supplier’s business.
The Supplier will never sell or give away personal information to other third parties than those explicitly mentioned in these terms or in the Services.
11. About the Supplier’s sub-suppliers
The Supplier has these subcontractors who can process our Customers’ personal information.
Google Cloud
Heimgard’s cloud service is based on Google Cloud. The cloud service is encrypted end-to-end. The provider also uses a pre-shared generated encryption called public key encryption. The servers are located in the EU and personal information is not transferred outside the EU / EEA. Google Cloud processes personal information stored in the cloud service if you have Services that require the processing of personal data or select features in the Apps that require the processing of personal data. All Services that include notification via e-mail, SMS, push notifications, video services and Boligalarm presuppose that the Supplier processes personal information about you.
Avarn
Avarn delivers Home Alarms integrated with other Services. See more information about the Service called Home Alarm at Heimgard.com. Avarn receives, among other things, contact information and Installation Address about the User and other registered persons that the Users inform about. Avarn also has information related to emergency services. For more information on how Avarn processes personal information, see Avarn’s Privacy Statement.
Carriers
When you purchase Products from the Supplier, the Supplier transfers personal information to the carriers who is to deliver the Product to you. Which carrier this is depends on the type of shipping you have chosen. The selected carrier will also communicate directly with you about delivery.
Payment solutions
Heimgard.com offers several different payment solutions when you use the online store: Vipps, credit cards, Stripe or Paypal. These process personal data about you in order to make payment. Common to these are name, e-mail address and payment information. To use Klarna’s invoice function, you must also enter your birth number.
When paying for Services offered by Heimgard in and outside Heimgard’s Apps, the payment solution may vary based on the Service offered. Stripe is used for payment in the App. When purchasing Services provided by a Third-Party, the payment solution will be based on their integration partner.
Retailers
When you purchase Products through a store or retailer of the Supplier’s Products (as a third-party is called a “retailer”), the retailer will process personal information about you. The Reseller processes personal information about you in accordance with their Privacy Statement.
12. Your rights
As the one registered under the Personal Data Act and the EU Privacy Regulation called GDPR, you have certain rights to your own personal data for which the Supplier is responsible for processing. You have the right to demand access, correction or deletion of the personal data the Supplier processes about you. You also have the right to demand limited treatment and object to the treatment. According to the terms of the Personal Data Act and the GDPR, the data subject also has the right to demand data portability, and this means, among other things, that you can ask us to transfer personal data to you or to another Data Controller.
You also have the right not to be the subject of a decision that is based solely on automated processing that has legal effect for, or in a similar way to a significant degree, affects you. In some cases, you may ask us to limit the processing of personal data.
Questions or requests for access to information registered about you or the exercise of other rights may be directed to the Supplier’s privacy coordinator.
To exercise your rights, please send an e-mail to the Supplier’s privacy coordinator. The supplier will respond to your inquiry as soon as possible, and no later than 30 days.
You can read more about the content of your rights as the registered person, on the Data Inspectorate’s website datatilsynet.no.
13. Contact us
You can contact the Supplier: Heimgard Technologies AS, Postboks 1618 Vika, 0119 Oslo, Norway – Phone +47 649 44 442 – Email: privacy@heimgard.com.
