Uponor collects personal data about the user (“User”) of Uponor Smatrix Pulse service (“Service”).
The personal data may be used by Uponor and on its behalf for the following purposes:
• maintenance and development of the Application and Uponor products and services;
• marketing and communication purposes such as for conducting marketing research, direct marketing, automated marketing, informing Users of new features, new products or launches, and special promotions;
• upholding and developing the User relationship;
• exercising Uponor’s rights;
• performing Uponor’s obligations towards User and handling, evaluating and enforcing Users’ or Uponor’s obligations or liabilities; and
• statistical and analytical purposes.
The legal basis for processing the user’s personal data is the performance of the agreement between the user and Uponor concerning the use of the Application and the services it provides (see article 6.1(b) of the EU General Data Protection Regulation 2016/679, the “GDPR”). In some instances, Uponor may also process the user’s personal data based on its legitimate interests to analyse how the Application is used, further develop it, and to market its products and services (see article 6.1(f) of the GDPR). Processing may be based on user’s consent if such consent is required under applicable laws or regulations.
The user’s personal data may be stored as long as Uponor need it for the above listed purposes, however typically not longer than ten years.
Types of personal data
The following information is processed by Uponor for the purposes of providing the Application and related services:
• User’s name and city
• mobile number
• email address
• installation ID
• personal password
• device ID/serial number
• installation description
Regular sources of data
The personal data is collected primarily from the User of the Application or through the Application.
Regular disclosure of data and the transfer of data outside the EU or the EEA
Uponor may disclose and transfer personal data outside EU/EEA in accordance with and subject to the limitations imposed by applicable legislation as follows:
• based on consent; or
• as otherwise permitted by applicable legislation.
For technical reasons and for reasons related to the use of data, the personal data may also be stored on servers of external service providers (also outside EU / EEA) who may process the data on behalf of Uponor.
Any transfers of personal data shall be made in accordance with the General Data Protection Regulation (2016/679) and any applicable mandatory legislation, as amended.
In addition to the above Uponor may be obliged to disclose the personal data to the authorities. Uponor may also disclose and otherwise process the personal data, in accordance with applicable legislation, to defend its legitimate interests.
Principles of Securing Personal Data – Technical and Organizational Controls
Physical material is stored in locked spaces with restricted access. Any IT systems are secured by means of the operating system’s protection software. Access to the systems requires entering a username and a password and data transfers happen via high encryption channels.
Within the organizations of Uponor, the use of the personal data is instructed, and access to IT systems including personal data is limited to such persons who are entitled to access them on the basis of their work assignments or role and who are subject to confidentiality obligations regarding the personal data.
Data subject’s rights
Unless any limitations apply, each data subject has the right to access all personal data Uponor have on him/her. Each data subject also has the right to request that Uponor corrects, erases or stops using any erroneous, unnecessary, incomplete or obsolete personal data. Each data subject may also withdraw any consent previously provided by him/her, and object to all direct marketing.
Any requests should be sent using the contact details mentioned in Section 2 above. Uponor processes all requests as soon as possible. If dissatisfied with the decision or actions of Uponor, each data subject has the right to lodge a complaint with his/her country's data protection authority.