/var/www/mmobile/c1/DataPrivacy-Tool/tmp/dataprivacynotic_smarttherostat

Privacy Notice
Last Update July 2019

Protecting the security and privacy of your personal data is important to Siemens. Therefore, Siemens
(as defined below) operates Siemens Smart Thermostat RDS (“

App

”) in compliance with applicable

laws on data protection and data security.

For App users residing in the United States, “

Siemens

” shall be Siemens Industry, Inc., Smart

Infrastructure, a Delaware corporation, with its principal office in Buffalo Grove, Illinois, 60089, USA;
for all App users residing

elsewhere, “

Siemens

” shall be Siemens Switzerland AG, Smart

Infrastructure Global Headquarter, Theilerstrasse 1a, 6300 Zug, Switzerland.

In the following, we provide information on the categories of data we process via the App, the
purposes of processing and the parties with which we may share such data, where applicable.

1. Categories of personal data processed

We process the following personal data (your personal data):

•

Personal data that you actively provide to us within the App i.e. information that you actively enter

when registering for the App or creating a user account or when using contact and other forms
offered within the App such as full name, your e-mail address, language preference, your company
information;

•

Session information such as IP-address or information on your operating system; and

•

Information on your usage of the App.

2. Purpose of the processing

We process your personal data for the following purposes:

•

to offer the App’s services and functions and to administer your use of the App;

•

to verify your identity;

•

to answer and fulfill your specific requests;

•

to provide support;

•

to send you marketing information or to contact you in the context of customer satisfaction

surveys as further explained in Section 9; and

•

as reasonably necessary to enforce our agreements, to establish or preserve a legal claim or

defense, to prevent fraud

or other illegal activities, including attacks on Siemens’ information

technology systems.

The  personal  data  processed  is  strictly  necessary  for  the  purposes  mentioned  above.  If  you  do  not
provide us with the aforementioned personal data, we may not be able to offer the App to you.

We only process your personal data if we are permitted by applicable law to do so. In particular if you
are based in the European Economic Area, the legal basis for Siemens processing data about you is
that such processing is necessary for the purposes of:

(i)  Siemens exercising its rights and performing its obligations in connection with any contract we make
with you (Article 6 (1) (b) General Data Protection Regulation),
(ii)

compliance with Siemens’ legal obligations (Article 6 (1) (c) General Data Protection Regulation),

and/or
(iii) legitimate interests pursued by Siemens (Article 6 (1) (f) General Data Protection Regulation).

Generally, the legitimate interest pursued by Siemens in relation to our use of your personal data is the
efficient operation, management and support of the App, but we may disclose other legitimate interests
for specific uses.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the
legal basis for Siemens processing that personal data is that you have consented (Article 6 (1) (a)
General Data Protection Regulation).

3. Push notifications

The activation of push notification services allows Siemens to provide you with the following information:
(1) Change filter notification (2) Digital input notification and (3) Condensation monitor notification. In
the course of using this function and after activation of the push-notification permission, a connection
with the push notification service of your operating system provider is established and your device
receives notifications over this connection. For this purpose information on your device identifier is
transferred to your operating system provider.

4. Cookies

The App might make use of unique identifier or cookies. You will find additional information

here

on this

subject in our Cookie Policy.

5. Usage statistics and profiles

Siemens may store information on your interaction with the App in usage statistics and profiles for the
purpose of analyzing the use of the App and allowing us to tailor and optimize the App and our products
to better match our customers’ interests. Usage statistics and profiles do not include your personal data.

6. Google Maps

In order to offer you certain location-based functions, the App uses

“Google Maps” (e.g. to let you obtain

directions to your local Siemens point of contact). When you use Google Maps

in a country of the

European Economic Area and/or Switzerland, your personal data will be processed by Google Ireland
Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, otherwise by Google LLC, 1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA (each referred to as

“Google“). The processed personal data

may include,

, your device’s IP address and your location. Location data can only be processed if you

granted permission to access, or actively provided your location data within the App.
The data controller responsible for the processing of your personal data in connection with Google
Maps is Google; Google’s privacy notice can be found at https://www.google.com/policies/privacy.

7. Links to other websites

This Privacy Policy applies only to this App, and not to websites or applications offered and operated
by third parties. We may provide links to other websites or applications (such as Google Maps or
YouTube) which may be of interest to you. Any link to an external website or application is marked as
such. Siemens is not responsible for the privacy practices or the content of such external websites or
applications.

8. App permissions

The use of certain functions of the app may require you to provide certain App permissions. App
permissions allow the App to access information stored on your device.

If you make use of an iOS device, the App may ask for the permissions listed below. The data collected
via such permissions and the purposes of the data collection are the following:

•

Permission to access the camera: Via this permission the App collects information from the
QR-code on the Smart Thermostat. This information is processed and used for the purpose of
associating your account with the Smart Thermostat.

•

Permission to use loc

ation data: Via this permission the App collects your phone’s location

data. This information is processed and used for the purpose of enabling the geo-fencing

feature. Without this permission, this feature cannot function. Siemens will not track your
location: Instead, the App shares only basic notifications that say you are inside or outside of
your geo-fence.

If you make use of an Android device, the App permissions used by this App, data collected via
permissions and the purposes of the data collection are the following:

•

Permission to access the phone is required in order to let an incoming call notification have
control of the screen. The App needs the phone status to stop any actions and move to the
background until the phone status changes again (call ends).

•

Permission to access the storage: Allows the user to install the App on an external SD card.
Without this permission the user can only install to internal storage.

•

Permission  to  use  location  data:  Via  this  permission  the  App  collects  your  phone’s  location
data.  This  information  is  processed  and  used  for  the  purpose  of  enabling  the  geo-fencing
feature.  Without  this  permission,  this  feature  cannot  function.  Siemens  will  not  track  your
location: Instead, the App shares only basic notifications that say you are  inside or outside of
your geo-fence.

You may manage the use of App permissions in the section “settings” of your operating system. Please
note that the use of certain functions of the App may no longer be possible if you deactivate the
respective App permission.

9. Processing of personal data for customer satisfaction surveys and for direct marketing

Where and as permitted under applicable law, Siemens may process your contact information for direct
marketing purposes (e.g. trade show invitations, newsletters) and to carry out customer satisfactions
surveys, in each case also by e-mail. You may object to the processing of your contact data for these
purposes at any time by writing to

contact@siemens.com

or by using the opt-out mechanism provided

in the respective communication you received.

10. Transfer and disclosure of personal data

For the purposes mentioned above Siemens may transfer or disclose your personal data to :

•

other Siemens companies or third parties - e.g. sales partners or suppliers - in connection
with your use of the App or our business relationship with you;

•

third parties which provide IT services to Siemens and which process such data only for the
purpose of such services (e.g., hosting or IT maintenance and support services); and/or

•

third parties in connection with complying with legal obligations or establishing, exercising or
defending rights or claims ( e.g. for court and arbitration proceedings, to law enforcement
authorities and regulators, to attorneys and consultants.

a. Recipients of your personal data outside of the EEA

If you are located within European Economic Area, please be aware that sometimes the recipients to
whom Siemens transfers or discloses your personal data are located in countries in which applicable
laws do not offer the same level of data protection as the laws of your home country.

In such cases and if required by applicable law, Siemens takes measures to implement appropriate
and suitable safeguards for the protection of your personal data. In particular:

•

We share your personal data with Siemens companies in such countries only if they have
implemented the Siemens Binding Corporate Rules („BCR“) for the protection of personal
data. Further information about the Siemens BCR can be found here.

•

We transfer personal data to external recipients in third countries only if the recipient has (i)
entered into EU Standard Contractual Clauses with Siemens, (ii) implemented Binding
Corporate Rules in its organization or (iii)

– in case of US recipients – the recipient is certified

under the Privacy Shield. You may request further information about the safeguards
implemented in relation to specific transfers by contacting dataprotection@siemens.com.

b. Your rights

The data protection law applicable to Siemens when processing your personal data may entitle you to
specific rights in relation to your personal data. You can find out more about those rights by contacting
dataprotection@siemens.com.

In particular and subject to the respective statutory requirements, if you are located in the European
Economic Area, you are entitled to:

• Obtain from Siemens confirmation as to whether or not personal data concerning you are being
processed, and where that is the case, access to the personal data;
• Obtain from Siemens the rectification of inaccurate personal data concerning you;
• Obtain from Siemens the erasure of your personal data;
• Obtain from Siemens restriction of processing regarding your personal data;
• Data portability concerning personal data, which you actively provided; and
• Object, on grounds relating to your particular situation, to processing of personal data
concerning you.

Further background information and explanations related to the rights described above are available
on the European Commissions’ website “

Rights for citizens”.

11. Retention Periods

Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form
completed by you), we erase your personal data if the retention of that personal data is no longer
necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply
with legal obligations.

12. Data Privacy Contact

The  Siemens  Data  Privacy  Organization  provides  support  with  any  data  privacy  related  questions,
comments,  concerns  or  complaints  or  in  case  you  wish  to exercise  any  of  your  data  privacy  related
rights. The Siemens Data Privacy Organization may be contacted at: dataprotection@siemens.com.

The Siemens Data Privacy Organization will always use best efforts to address and settle any requests
or complaints you bring to its attention. Besides contacting the Siemens Data Privacy Organization, you
always  have  the  right  to  approach  the  competent  data  protection  authority  with  your  request  or
complaint.

13. Do Not Track

At this time our Service does not recognize or respond to “Do Not Track” browser signals.

14. Children

This Service is not directed to children under the age of thirteen. We will not knowingly collect personal
data via this Service from children under the age of thirteen without insisting that they seek prior parental
consent if required by applicable law. We will only use or disclose personal data about a child to the
extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a
child.

15. Security

To protect  your  personal  data  against  accidental or unlawful destruction,  loss, use, or alteration  and
against  unauthorized  disclosure  or  access,  Siemens  uses  reasonable  physical,  technical  and
organizational security measures. Unfortunately, there is no complete assurance of security in transit
or  storage  to  any  information  that  you  transmit,  no  complete  assurance  that  information  will  not  be
accessed,  disclosed,  altered,  or  destroyed  by  a  breach  of  any  of  our  physical,  technical,  or
organizational measures.

If you reside within the United States, please also note the following provision:

16. California Privacy Rights

California’s “Shine The Light” law permits those App users who are California residents to annually
request a list of their personal information (if any) that we disclosed to third parties for direct marketing
purposes in the preceding calendar year, and the names and addresses of those third parties. At this
time, we currently do not share any personal information with third parties for their direct marketing
purposes.

17. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. The date of the latest update is indicated at the
top of this privacy policy.