ZEHNDER DATA PROTECTION POLICY FOR IOT-ENABLED PRODUCTS AND SERVICES

Status: 20/06/2022

This data protection policy (“Policy”) describes the specific personal data that we process and use, the purposes for which we do so and the measures we implement to protect your data.

1. Scope of application and controller

This Policy applies to the data processing when using the Zehnder IoT Cloud. This data processing and data generation comprises all Zehnder connected devices, (“Devices”) and the Zehnder Control mobile and web Apps (together the “Apps”) (Devices and Apps together referred to as “Systems”).

Name and address of the company controlling the processed data:

Zehnder Group International AG («Zehnder»)
Moortalstrasse 1
5722 Gränichen
Switzerland

2. Applicability of Policy

By registering for the Zehnder IoT Cloud you accept this Policy and the obligations contained herein.

3. Data protection officer:

EU data protection representative pursuant to Art. 27 of the EU General Data Protection Regulation (GDPR):

Ralf Winzer, contact via our contact form at https://www.zehndergroup.com/de/unternehmen/kontakt

4. Data collected and processed

A variety of different data is transmitted during your use of our Systems. The following data and information is stored and/or processed by Zehnder or our IoT providers (Microsoft Headquarters One Microsoft Way Redmond, WA 98052and Doop Enschede (NL) Roomweg 637523 BL Enschede, Netherland):

When downloading a Zehnder App, the necessary information is transmitted to the app store provider (Apple's App Store, Google's Play Store). Zehnder has no influence on this data collection and is not responsible for it.

Registration for the Zehnder IoT Cloud is either via a Zehnder account or a Google, Microsoft or Amazon account (“Third-Party Account”). When signing up via a Third-Party Account, authentication takes place via the respective provider. Zehnder has no influence on the processing of the data by the providers of Third-Party Accounts.

5. Purpose of data processing

The data is processed to enable you to use the Systems, to document their technical functioning, to optimise and further develop the systems, to document and analyse user behaviour in the context of the indoor climate and to make personalised offers for optimising the indoor climate. You can access the operating data of your Systems via our web portal.

We process usage data for statistical evaluation of the user behaviour of our Systems if the user chooses this option during registration. This data is stored as described in Section 6. This data provides input for optimising our Systems and for developing new or improved applications.

6. Data storage

The data collected as described in Section 2 is deleted or blocked as soon as there is no longer a purpose for storing this data.

7. Data transmission

We may forward your personal data collected as described in Section 4 of this Policy to other affiliates of Zehnder as well as to third parties designated in this Policy.

These recipients may be located in countries that do not have an equivalent level of data protection. You expressly agree to your data being transmitted to these countries. We ensure data protection with our Group affiliates contractually through standard data protection clauses per Art. 46(2)(c) EU GDPR and/or Art. 6 para. 2 letter a Swiss data protection code.

8. Consent to data processing

By registering for the Zehnder IoT Cloud and accepting this Policy (upon activation of the Cloud), you consent to the collection and processing of your data by Zehnder and to the transmission of your data to third parties in accordance with this Policy.

9. Spaces equipped with Devices not exclusively used by owner of Devices

Property owners may choose to install Devices in locations that are (mainly) used by third parties (such as tenants). The following provisions are applicable only if spaces equipped with Zehnder devices are used by third parties that are not the owners of these Devices, such as tenants. In the following, the owners of the spaces equipped with the Devices are referred to as property owners and third parties to whom the spaces equipped with the Devices are made available referred to as tenants.

It is the sole responsibility of the property owner to inform tenants of the presence of such Devices, the fact that data from these Devices will be processed by Zehnder, and to obtain tenant's consent where necessary. Zehnder may, if necessary, request proof of tenant's consent from the property owner and the property owner agrees to provide Zehnder with the respective documentation.

Upon termination of the lease, tenants are obliged to disconnect their App from the Devices installed in the apartment. The property owner is responsible to verify upon termination of the lease with the tenant that the tenant disconnects their App from the Devices.

If the Devices are not owned by the property owner (e.g. rental of Devices), the property owner and the owner of the Devices are jointly and severally liable for compliance with these obligations. Failure to comply with these obligations may not only constitute a breach of this Policy but may also be a breach of relevant data protection legislation.

10. Your rights

You have the following rights vis-a-vis us regarding the personal data relating to you:

Whenever data processing is solely based on your consent, you can revoke your consent at any time, with effect for the future, without providing reasons. The revocation should be addressed to the responsible person via the contact details in Section 1. Restrictions to our data processing may result in certain functionalities no longer being available.

11. Data security

To protect your data, we encrypt data transmissions and have also implemented many other technical and organisational measures in order to ensure that the personal data processed is protected as comprehensively as possible.

12. Miscellaneous

Due to further development of our services, it may become necessary to amend this Policy, in which case we will keep you informed.