Data Privacy Statement for “nymea” Products and “nymea” Services

Last update: 2019 Mar 18

1. Data processed by “nymea:app”

The “nymea:app”, interacting with a “nymea:edge”-based device and if applicable other devices interacting with any “nymea” product process the following information and exchange it among them:

2. Interaction with products from other providers

The “nymea” products are designed for interaction and integration with products of other providers. This applies in particular to products based on the ZigBee specification (Philips Hue for example). When a connection is established with such products, “nymea:app” only provides the access data required to establish the connection.

We have no influence on the processing of personal data by third-party providers of such products. Please consult the data protection guideline of the respective third party in this regard.

3. Use and dissemination of data

Personal data are used and disseminated exclusively for the purpose of operating and maintaining the “nymea” products.

3.1. Operation of the “nymea” products

The personal data listed below are used as follows for the operation of the “nymea” products:

WiFi access data: WiFi access data are recorded for the integration of the “nymea:edge” device in a WLAN and stored in the “nymea:edge” device.

E-mail address/password: A user has to be set up to use the “nymea” device. This requires the user to enter his or her e-mail address one time as well as a password chosen by the user. Both are stored in the device and in the nymea:app.

Bluetooth pairing information: To establish connections between nymea:app and nymea:edge, pairing information is exchanged and stored in the “nymea:edge” layer for subsequent connections.

ZigBee control data: To establish and maintain a connection with ZigBee devices (Philips Hue for example), control data are exchanged and stored in the “nymea:edge” layer.

SnapStore: There is no use of personal data.

Certificate/CPU serial number: To connect to nymea:cloud, a certificate preconfigured in the “nymea:edge” layer and the CPU serial number are transmitted. The nymea:cloud is required for remote access, push notifications, and other services that have not been implemented yet. Possible services include paid weather services, camera streams, and SMS services.

Device information: To assist with problems, “nymea:app” can grant the user the option to connect his or her device with a help desk server, thereby giving help desk personnel full access to the device and the data stored on it for a predefined period of time; the connection is severed automatically. Passwords are not transmitted or displayed.

Crash information: The “nymea:edge” layer and the “nymea:app” can provide functionality that, in case of a crash, automatically generates and sends a report describing when and why the crash occurred. No personal data are involved here.

3.2 Other processing of data

We use the personal data to optimize the delivery of services, including remote diagnosis of malfunctions and fault elimination if applicable. Data stored for this purpose are located on servers in the EU and are protected against unauthorized access using state-of-the-art, established security measures.

We also use state-of-the-art, established methods to protect the transmission of information from your home network over the Internet to our servers and from our servers to your home network.

There is no dissemination of personal data for promotional or marketing purposes. Personal data are only disseminated in the following cases:

There is no transmission of personal data to countries outside the EU/EEA.

Data that are not personal, in particular anonymized data, are not subject to the provisions of the Federal Data Protection Act (BDSG) and the General Data Protection Regulation. We are not restricted in regards to the handling of such data, in particular regarding the use of such data for product development and improvement. In any case, we ensure in the use of non-personal data that relating them to a specific person is excluded.

4. Deletion of personal data

We store your personal data as long as we need them to provide our services for you. You can demand the deletion of your personal data at any time. Please note that we are obligated to verify your legitimization prior to deletion. Your deletion request should therefore be accompanied by a photocopy of a valid identification document.

The storage of data for the purpose of concluding a contractual relationship is reserved, as is the case where the blocking of data takes the place of deletion as an exception pursuant to Section 35, Paragraph 3 of the Federal Data Protection Act (BDSG).

5. Amendment of the data privacy statement

We reserve the right to update or amend this data privacy statement. This is not associated with a restriction of your rights. If adjustments associated with your rights become necessary for technical, organizational, or legal reasons, we will obtain your consent.

6. Information according to Section 34 BDSG

To obtain information about your personal data that is stored, please get in touch with guh GmbH, Spittelauer Lände 10/2/2 1090 Wien AUSTRIA, T +43 (0) 660 192 40 41. Please note that we are obligated to verify your legitimization before providing information. We therefore need a photocopy of a valid identification document to respond to your request for information.