Tedee App Privacy Policy

§ 1 Definitions

§ 2 General information

Tedee attaches particular importance to protecting the confidentiality and privacy of the information that Users entrust to us. One of our key responsibilities is to ensure an appropriate level of security and proper use of Users’ personal information collected through our website.

The controller of Your Personal Data is:

TEDEE Spółka z ograniczoną odpowiedzialnością entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register under KRS number: 0000712451, NIP: 7010795542, REGON: 369188621 with its registered office in Warsaw, 02-127, Karola Bohdanowicza 21/57 Street, e-mail address: rodo@tedee.com

The Controller informs that it performs the duties of the controller independently and has not appointed a Data Protection Officer for this purpose, within the meaning of Article 37 of the DPA.

Tedee processes Users’ Personal Data for various purposes and therefore, depending on the specific purpose, different methods of collection, legal basis for processing, use, disclosure and retention periods may apply. We only collect Personal Data voluntarily provided to us by Users who wish to receive information or use our services.

In this Privacy Policy, we describe how we collect and use Users’ Personal Data, as well as your rights and your ability to exercise control in relation to the data we hold. All capitalized terms in this Privacy Policy have the meanings given to them in § 2 Definitions.

If you have any questions about how Tedee processes your Personal Data, we encourage you to contact us at: [email protected]

§ 3 What types of Personal Data we collect

Tedee collects the following types of Personal Data of the User:

• email address;
• GPS location of the User and the User’s end-device;
• User’s IP Address, Date and time of access, operating system, language, country;
• user ID;
• telemetric data of the User’s device

(jointly: “Personal Data”).

The provision of your Personal Data to the Controller is entirely voluntary, although the provision of true and complete data may be necessary in order to perform a particular service or to achieve a specific purpose for Tedee or the User. For example, in the case of:

1. registering a user account on the Tedee App – it is necessary to provide the Controller with the: (i) the User’s username (ID) and (ii) e-mail address in order to provide the User with the Tedee App user account service;
2. beginning the use of the features of the Tedee App –   it is necessary to provide the Controller with the (i) GPS location of the User and the User’s end-device, (ii) user ID, (iii) telemetric data of the User’s device, (iv) language and (v) country in order to enable the use of such features for the User;
3. integrating the User’s device with third-party smart home integrator (e.g. Amazon Alexa, Google Home) – it is necessary to provide the Controller with the: (i) the User’s username (ID) and (ii) e-mail address in order to facilitate the integration;
4. monitoring the proper functioning of Tedee App and troubleshooting – it is necessary to provide the Controller with the: (i) User’s IP Address, (ii) Date and time of access, (iii) operating system, and (iv) email address in order to allow monitoring, troubleshooting and informing the User about any potential issues and important matters related to the Tedee App.

(jointly: “Services”)

Tedee only processes the Personal Data that the User provides to us himself/herself, with the exception of monitoring and troubleshooting data collected automatically in order to ensure continuous operationality of Tedee App.

§ 4 Why do we collect Personal Data

Tedee collects Your Personal Data for the following purposes:

1. registering a user account on the Tedee App
   
   • the performance of contractual obligations, i.e.: to conclude and perform Tedee’s obligations under a contract for the provision of the Tedee App user account service – on the basis of Article 6(1)(b) of the GDPR and Article 6(1)(a) of the GDPR;
2. beginning the use of the features of the Tedee App
   
   • the performance of contractual obligations, i.e.: to conclude and perform Tedee’s obligations under a contract for the provision of the Tedee App features – on the basis of Article 6(1)(b) of the GDPR and Article 6(1)(a) of the GDPR;
3. integrating the User’s device with third-party smart home integrator (e.g. Amazon Alexa, Google Home)
   
   • facilitating User’s use of third-party integration via Tedee App – on the basis of Article 6(1)(a) of the GDPR;
4. monitoring the proper functioning of Tedee App and troubleshooting
   
   • allowing for continuous improvement of the Tedee App and general quality of service, as well as performance monitoring and data usage optimization – on the basis of Article 6(1)(f) of the GDPR.
5. archiving
   
   • compiling records of the processing of Personal Data, as required by the GDPR and separate legislation – on the basis of Article 6(1)(c) and Article 6(1)(f) of the GDPR;
   • archiving of information for evidential purposes, in order to prove relevant facts – on the basis of Article 6(1)(c) of the GDPR.

§ 5 How long we keep Personal Data

Tedee collects and processes (uses) Your Personal Data upon registration of the user account in Tedee App and continues to do so throughout the provision of the Services, and:

• until the contract for provision of services under the Tedee App Terms of Use and this Privacy Policy is expired;
• until the expiry of the limitation period for pecuniary/personal claims under the relevant legislation – with regard to the data of the Users;
• until the expiry of the obligation to keep records resulting from separate legal regulations, including tax law – with regard to the data of the Users,
  – whichever of the above falls first.

§ 6 What are the rights of Users

Pursuant to the provisions of Articles 15 – 20 of the GDPR, each User shall have the following rights regarding his/her Personal Data processed by Tedee:

1. Right to request access to Personal Data (Article 15 GDPR)
   The data subject has the right to obtain confirmation from the Controller as to whether his or her Personal Data are being processed. If so, this person also has the right to access this data.
   If the User’s Personal Data is transferred to a third country or international organisation, the User has the right to be informed of the appropriate safeguards relating to the transfer.
2. Right to rectification of Personal Data (Article 16 GDPR)
   The data subject has the right to request from the Controller the immediate correction of incorrect Personal Data relating to him/her.
   Furthermore, the user also has the right to request the completion of incomplete Personal Data, and this includes the possibility of providing an additional statement.
3. The right to erasure (right to be “forgotten”) (Article 17 GDPR)
   The data subject has the right to request from the Controller that his/her data be deleted from the Controller’s database without delay.
   The Controller may choose not to delete data in the case of withdrawal of consent by the User, if consent was not the only primary motive for the processing of his/her data. This is particularly the case when the processing is necessary for the further fulfilment of the obligations arising from the contract between the User and the Controller, or when the processing is necessary for the fulfilment of a legal obligation incumbent on the Controller, for the performance of a public task by the Controller, for statistical purposes, or for the establishment, investigation or defence against claims.
4. Right to restrict the processing of Personal Data (Article 18 GDPR)
   The data subject has the right to request the restriction of the processing of his/her data by the Controller in situations such as:
   • questioning by the User of the correctness of his/her Personal Data (for a period of time allowing the Controller to verify its correctness);
   • processing unlawfully, with the User objecting to the deletion of the data and instead requesting the restriction of processing;
   • a situation in which the Controller no longer needs the Personal Data for the purposes of the processing, but they are still necessary for the User to establish, assert or defend claims;
   • where the User has objected to the processing pursuant to Article 21(1) of the GDPR, until it is determined whether the legitimate grounds on the part of the Controller override the grounds for objection raised by the data subject.
5. Right to data portability (Article 20 GDPR)
   The data subject shall, upon request, receive the Personal Data concerning him or her in a structured, commonly used machine-readable format (e.g. .doc, .docx, .pdf, etc.).
   This data has been provided to the Controller by the User and is processed by the Controller. Furthermore, the User has the right to request that this data be sent to another controller. He also has the right to transfer this data to another controller without hindrance from the Controller.
6. Right to object (Article 21 GDPR)
   The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of Personal Data concerning him or her for the purposes of the legitimate interests of the Controller or by a third party, including profiling on the basis of these provisions.
   From the moment you lodge an objection until it is successful or unsuccessful, the Controller is not allowed to process your Personal Data unless he/she demonstrates that there are valid legitimate grounds for the processing, overriding your interests, rights and freedoms, or grounds for establishing, asserting or defending claims.

In order to exercise any of the rights referred to above, please contact the Controller at the physical address indicated in § 1 of the Privacy Policy or at the e-mail address: [email protected], indicating in the body of the message the scope of the User’s request. The deadline for responding to the request is 30 days from the date of effective delivery of a correctly completed request.

The Controller would like to point out that the exercise of the above rights is not absolute and does not apply to the same extent to all Personal Data processing activities undertaken by the Controller. Detailed information regarding the limitations referred to above is available in the text of the GDPR Regulation.

In addition to being able to enforce their rights directly with the Controller, each User has the right to lodge a complaint with the supervisory authority for the protection of Personal Data, which is the President of the Office for the Protection of Personal Data, ul. Stawki 2, 00-193 Warsaw at: [email protected] or by means of the Electronic Submission Box (ESP) at: https://uodo.gov.pl/pl/83/153.

§ 7 Do we transfer Personal Data to third countries

The Controller informs that the User’s Personal Data may be transferred outside the European Union and the European Economic Area to third countries, subject to all security requirements under the relevant legislation, including the GDPR.

The maintenance of the aforementioned standards is due to the fact that Personal Data is only shared with those entities (processors) that:

1. are established in a country for which the EU Commission has issued an implementing decision declaring an adequate level of protection for Personal Data (e.g. https://eur-lex.europa.eu/legal content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en);
2. have concluded so-called standard contractual clauses (SCC) in their contracts with the Controller, which guarantee the level of Personal Data protection required by the applicable legislation;

• Right to object (Article 21 GDPR)

§ 8 Do we pass on Personal Data to third parties

The Controller informs that, in order to properly perform the services referred to in the Privacy Policy and the Terms of Use, the User’s Personal Data may be made available to third parties with whom the Controller cooperates, while complying with all security requirements arising from the relevant legislation, including the GDPR.

User data may be made available to the following entities:

1. Smart-home integration business partners (e.g. Amazon Alexa, Google Home, Fibaro, Homey, Krossbooking) – in the event that the User decides to integrate his/her devices with any third-party integrator via the Tedee App, the User may authorize Tedee to share his/her Personal Data with such integrator;
2. To public administration bodies (e.g. law enforcement authorities, the President of UOKiK) – in the event of a request by an authorised body to provide the User’s Personal Data in order to fulfil a legal obligation;
3. Suppliers of ancillary services (e.g. legal, accounting, IT service providers) – to the extent that these entities provide legal/human resources/IT support services to the Controller, with the requirement to minimise the Personal Data shared with these entities.

IMPORTANT: The use of the User’s Personal Data by any third party smart home integration business partners is facilitated by way of personal data sharing on the grounds of User’s explicit consent. Since such integration does not constitute an entrustment as per Article 28 of the GDPR, the specific terms and conditions for User’s Personal Data processing are accessible via the respective privacy policy documentation made available by such third party integrators. It is advisable to always carefully review these documents prior to granting consent for sharing user personal data.

§ 9 DPA

In the event that you (the User) act as a controller of Personal Data of any third parties, and, upon registration and setup of the Tedee App user account, such Personal Data is to be processed, transferred, disclosed or otherwise made available to the Controller through any use of the Tedee App, by accepting this Privacy Policy, You and Tedee are entering into, without any other action in this regard, a Data Processing Agreement, as defined in the Article 28 of the GDPR (DPA), in which You shall act as the controller of the entrusted Personal Data and Tedee shall act as the Processor of the Personal Data so received, the content of which is enclosed as Attachment No. 1 to this Privacy Policy.

All capitalized terms used in the DPA shall have the same meaning as per defined for the purposes of this Privacy Policy.

§ 10 Liability and copyright

The Controller informs that all content contained in this Privacy Policy is the exclusive property of the Controller and is protected by copyright, as defined in the Act on the Protection of Copyright and Related Rights.

Any attempt to copy the contents of the Privacy Policy made without the Controller’s express written consent shall constitute an unlawful infringement of copyright, subject to legal sanctions provided for in the relevant provisions of commonly applicable law.

§ 11 Change of policy

This Privacy Policy is effective as of 25 January 2024.

Tedee retains the right to amend this policy from time to time in connection with the ongoing development of the Tedee App which shall be binding to You upon your acceptance of the newly published version thereof, displayed in the Tedee App.

Archived versions of the Privacy Policy:

1. Tedee privacy policy of 25 January 2025
2. Tedee privacy policy of 2 June 2023;