Privacy Policy

Valid from 25.09.2024

Introduction

Bisly OÜ, an Estonian limited liability company (registration No. 12198160, address: Volta tn 1, 10412 Tallinn, Estonia), hereinafter referred to as “Bisly” or “we”, provides smart home services through our proprietary software platform. In the course of you visiting our website or us providing our services, we may process personal data of users (hereinafter referred to as “User” or “you”), for which Bisly acts as the data controller. This Privacy Policy outlines how Bisly collects, uses, processes, and protects personal data in accordance with applicable law, including the General Data Protection Regulation (GDPR).

Any person using our website or services must study this Privacy Policy carefully and use our website or services only if they agree with the contents of this Privacy Policy.

We reserve the right to update the Privacy Policy from time to time. We will provide you with reasonable notification on any updates, including via e-mail notifications and/or website updates.

  1. Categories of Personal Data We Process

We may collect and process the following types of personal data in connection with our website and services. The specific personal data we process may vary depending on the nature of the service, but we always adhere to the principle of data minimisation, collecting only what is necessary:

  • Full name;
  • Personal identification number;
  • Email address;
  • Phone number;
  • Payment information, including credit card details and billing addresses, if applicable;
  • Communication preferences, including how you prefer to receive communications from us (e.g., via email, SMS, or other methods);
  • Account data, such as user name and access credentials;
  • Address of the service location (e.g., apartment or premises where the smart home system is installed)
  • Technical information from the devices you use to access our services, including device model, operating system version, IP address, connectivity and network details, app version, and usage patterns (e.g., session durations and interactions);
  • Usage data generated or stored by the system, such as location data, usage patterns, and preferences (e.g., electricity, heating, water consumption, movements within the premises, vehicle registration number) ;
  • Log files and analytics, including data related to user interactions, system diagnostics, and performance monitoring;
  • Customer support records, such as chat logs, email transcripts, or call recordings;
  • Cookies and tracking information, collected through the use of cookies or other tracking technologies, such as preferences, and session data;
  • Any additional personal data disclosed during service provision or communications with us.
  1. Purpose and Legal Basis for Data Processing

We process personal data for the following purposes:

Contractual Performance: To fulfil our contractual obligations under customer agreements, including: (i) creating user accounts necessary for accessing the service; (ii) providing the functionalities of the smart home system; (iii) handling service disruptions and responding to inquiries through customer support or otherwise through our website; (iv) facilitating technician visits.

Legal Compliance: We process personal data to comply with legal obligations, such as safeguarding your personal data, retaining records for accounting purposes, and fulfilling other legal duties.

Legitimate Interests: Under the basis of legitimate interest, we process personal data as follows: (i) when a person who is not our customer contacts us by phone or email, we process such person’s personal data (including storing calls and emails) to respond to such person’s inquiries and ensure smooth customer service; (ii) in the event of a dispute, we may process personal data to protect our legitimate interests; (iii) for commercial and statistical purposes, we may anonymise your personal data and utilise the anonymised data in a manner that ensures it cannot be traced back to you; (iv) to analyse usage patterns and improve the quality, performance, and development of our services, we may process personal data to better understand how users engage with our services and identify areas for enhancement. 

Consent: With your consent, we may send you newsletters, updates, advertisements, and other marketing materials via email. You can opt out of these communications at any time by clicking the unsubscribe link provided in each email.

We will seek your consent before processing your personal data for purposes not specified in this Privacy Policy. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal.

  1. Data Security

We process personal data only when we have a valid legal basis and ensure that it is used for legitimate purposes. Personal data is stored securely on our encrypted local servers, and access is limited to authorised personnel who require it to fulfil their job responsibilities. We implement technical and organisational measures to safeguard the confidentiality, integrity, and availability of personal data.

In the event of a data breach that may compromise the security of your personal data, we will notify you as soon as possible, in line with applicable data protection laws. You will be informed of the nature of the breach, its potential impact, and the steps we are taking to mitigate the risks.

Please note, we are not responsible for any misuse of personal data due to malware or security breaches originating from the user’s device.

  1. Disclosure and Transfer of Personal Data

We may disclose personal data to third-party service providers (processors) who act on our behalf under data processing agreements, and in compliance with applicable law. We may also disclose personal data to third parties such as legal advisors or auditors when necessary to protect our rights or comply with legal obligations.

In cases where you have given consent, we may share your personal data with marketing service providers to conduct marketing campaigns.

  1. Data Retention and Deletion

We retain personal data only for as long as necessary to achieve the purposes outlined in this Privacy Policy, protect our rights, or comply with legal obligations.

Account Deletion: Upon deletion of your account, we will retain personal data (e.g., name, identification number, email, address, etc.) for six months to protect both your interests and ours in case of any dispute or request relating to the account. After six months, this data will be permanently deleted.

Communications Retention: Emails and other correspondence between you and Bisly will be retained for three years in accordance with our archiving policy. After three years, these records will be permanently deleted.

Accounting Records: For compliance with accounting regulations, we will retain relevant financial records for seven years following the end of the financial year in which they were created.

We reserve the right to process anonymised data, including personal data that has been irreversibly transformed in such a way that it can no longer be linked to any identifiable individual. This anonymised data may be processed both during and after the term of the agreement for the purposes of enhancing our services, developing new solutions, and conducting statistical analysis. Such data may also be shared with our partners for these purposes, provided that it remains fully anonymised.

  1. Cookies

We use cookies and similar tracking technologies to enhance your experience when using our website. Cookies are small text files that are stored on your device when you access our website or services. These cookies help us:

  • Remember your preferences and settings;
  • Analyse website traffic and usage patterns;
  • Improve our services and performance;
  • Provide personalised content and advertisements.

You can manage your cookie preferences through your browser settings, and you can choose to block or delete cookies at any time. Please note, however, that disabling cookies may affect the functionality of our services.

  1. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • The right to request access to your personal data;
  • The right to request rectification or deletion of your personal data;
  • The right to restrict the processing of your personal data (which may limit your use of the service);
  • The right to object to the processing of your personal data;
  • The right to receive your personal data in a structured, commonly used, and machine-readable format, and the right to transfer that data to another controller.

If processing is based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing that occurred prior to the withdrawal of consent.

We will respond to all requests regarding your personal data as soon as possible, and always within the time limits set by law.

  1. Enquiries and Complaints

If you have any questions or complaints regarding the processing of your personal data, please contact us at 

Bisly OÜ

Volta tn 1, 10412 Tallinn, Estonia

[email protected]

(+372) 7 123 007

You may also contact the Data Protection Inspectorate at [email protected] or by calling +372 5620 2341.