Privacy

Introduction

[EverWatt Lights, LLC] (hereinafter referred to as “we”, “us”) has made great efforts to protect your personal data. We collect and process your personal data fully complying with the requirements of the EU General Data Protection Regulation and within the scope stated in the Privacy Policy (hereinafter referred to as “this Policy”) when providing you with [EverWatt Wireless Lighting Control System] (hereinafter referred to as “this application”).

Please read and understand this Policy before submitting your personal data to us. Please note that this Policy applies only and exclusively to this application. Please refer to other privacy policies if you use our other products and services.

This Policy will help you understand the following content:

Who we are
What personal data do we collect
What is our legal basis for processing your personal data
How we manage your personal data
How do we entrust a third party to the process, share, transfer, and disclose your personal data
How your personal data is transferred outside the EU/EEA
What rights do you have
How we protect children’s personal data
How to update this Policy
How to contact us
Who we are

Our company, [EverWatt Lights, LLC] is registered at [7303 EDGEWATER DR STE D OAKLAND, CA 94621]. As the controller determining the personal data processing activity, we have full rights to this application and will be responsible for all matters related to this application.

What personal data do we collect?

To provide you with better service and realize the basic functions of this application, we collect the following personal data for each function:

(1) In order to enable your account’s registration and verification, we need to collect your user name, password, e-mail address and phone number, password, email address, and phone number. And if you authorize login to this application with a third-party account, we will obtain from such third party your account information (such as portrait, nickname, region, etc.) which may be bound with this application account for quick login. We will ensure compliance with applicable data protection laws and regulations, as well as agreements, policies, or documentation agreed with such third party regarding sharing personal information, in processing your Personal Data;

(2) In order to enable your use of the device and ensure the normal operation, we need to collect your IP address, city, time zone, device information (including but not limited to WIFI box number, WIFI box mac address, SSID, boiler model, boiler ID, etc.) and real-time data of the device (including but not limited to software version, time, temperature, fault code, etc.);

(3) In order to enable your reporting device fault to us and our pushing device fault information to you where necessary, we need to collect your e-mail address and IMIE.

(4) Use our specific products or services: if you use our weather or daylight-saving time service, we may collect your city and time zone information; If you use the function of device adding, family sharing, and avatar switching, we need to obtain your camera permission. And the device adding function also needs to obtain your location permission in order to get Wi-Fi information according to your city and time zone. And the avatar switching function also needs to obtain your storage permission in order to read your local photos.

What is our legal basis for processing your personal data?

We collect and process your personal data within the scope necessary for realizing the above functions. We conduct such personal data processing activities in order to fulfill our obligations under the smart hardware devices purchase agreement and to provide you with the smart home and related services (including this application). Therefore we rely on the necessity of performing the contract as the legal basis for such data processing activities. When you use our specific products or services, the legal basis for such processing is your consent.

How we manage your personal data

4.1 Storage of your personal data

Your personal data will be appropriately stored on [aliyun] in [Frankfurt] or [aliyun] in [America] for. We will remind user who has not logged in to this application for one year continuously by E-mail, if the user does not respond, the corresponding data will be destroyed after one month.

4.2 Security of your personal data

The server we use has the industry-leading security capacities to protect your personal data. In addition, by strengthening the administrative and technical safeguards (such as the access control system, encryption, and security training for employees) of personal data, we will endeavor to protect your personal data from unauthorized access, use, disclosure, modification, damage, loss and any other forms of unlawful processing.

The network environment is not absolutely secure. In the event of a personal data security incident, we will fulfill our notification obligations, which may include informing you of the basic circumstances and possible impact of the security incident, the actions we have taken or will take, and recommendations that you can take precautions and reduce risk on your own initiative. We will endeavor to inform you in a timely manner by telephone, email, notification, etc., and we may make an announcement on this website under certain circumstances.

If you know or have reason to believe that your personal data has been lost, stolen, misappropriated, or otherwise infringed, or if there is any actual or suspected embezzlement of your personal data, please contact us.

How do we entrust a third party to the process, share, transfer, and disclose your personal data

In principle, we transfer your personal data to third parties only with the notification and your authorization. In order to ensure the security of your personal data, we will follow the principle of minimization and comply with applicable legal requirements when sharing, transferring, or disclosing your personal data with the following third parties:

Service providers: such as companies that support our IT, help us process we hold and provide us with underlying cloud service. We have signed data processing agreements with related service providers to ensure lawful and secure personal data processing.

API/SDK providers: In order to enable your normal use of this application, we will embed SDK or other similar applications of authorized partners in this application.

When pushing notifications to your mobile phone, Alibaba Cloud Push SDK or Google Push SDK will collect your device Token, mobile phone system, and mobile phone model.

Purpose: to push device change information and users’ operation information.

In order to enable your better use of this application, Gaode Map SDK will collect the location information of your device and home.

Purpose: to set up your home location information.

We will conduct security checks on the Application Programming Interfaces (API) and Software Development Kit (SDK) collecting personal data and agree with the authorized partners on strict data protection measures to ensure that the partners collect and process your personal data in accordance with our agreements and this Policy.

Government or regulators: on the basis of ensuring the security and legality of the disclosure, we may also disclose your minimal and necessary personal data to the law enforcement agencies/governmental authorities, if we believe that such disclosure of your personal data complies with any applicable law or responds to related legal process, after checking with specific law enforcement authorities on the basis of the disclosure.

Business transfer: for the transfer of your personal data during a merger, acquisition, bankruptcy liquidation, asset transfer, or other similar transactions, we will require the new company or organization possessing your personal data to be bound continuously by the requirements, commitments, and safeguards described in this Policy. For instance, the new company or organization should not use your personal data beyond the said purposes. Otherwise, we will require the new company or organization to reapply for corresponding authorization from you.

How your personal data is transferred outside the EU/EEA

In order to normally operate and maintain this application, the service providers we entrusted need to access your personal data remotely from countries or territories outside the EU/EEA (including China) where the data protection laws in effect are not as stringent as those in EU/EEA. To fully secure your personal data, we have signed the cross-border data transfer Standard Contractual Clauses (SCC) as the transfer mechanism. You can contact us to obtain the corresponding data transfer agreement text.

What rights do you have

You are entitled by law to the following rights in respect of your personal data:

INFORMATION AND ACCESS: You have the right to be provided with certain information about our processing of your personal data and access to that data.

RECTIFICATION: If your personal data changes, we encourage you to inform us of the change. You have the right to require inaccurate or incomplete personal data to be updated or corrected.

ERASURE: You have the right to require that your data be erased in certain circumstances where it is no longer necessary for us to process this data in relation to the purposes for which we collected or processed the data.

DATA PORTABILITY: You may have the right to have the data transferred to you or another controller in a structured, commonly used and machine-readable format, where this is technically feasible.

RIGHT TO RESTRICTION OF PROCESSING: You have the right to restrict our processing of your personal data while your request for data rectification or objection to personal data processing is being considered, if we no longer need to process your data but you need that data in connection with a legal claim, or if our processing is unlawful but you do not want us to erase the data. If this right applies, we will continue to store your data but will only further process it with your consent, for the establishment, exercise, or defense of legal claims, to protect the rights of another person, or for reasons of important public interest.

RIGHT TO COMPLAINTS: If you have any objection to our data processing activities and this Policy, you have the right to lodge a complaint with the regulatory authorities in your country or region.

How we protect children’s personal data

Our products and service are primarily aimed at adults. We do not knowingly collect personal data of children under 14 without the parent’s or guardian’s consent. Where the parents or guardians consent to collect and process children’s data, we will only use or disclose these data within the scope of the parent’s or guardian’s explicit consent and strictly comply with GDPR. If we find that we have collected a child’s personal data without the prior verifiable consent of his/her parents or guardian, we will take measures to delete related personal data as soon as possible.

How to update this Policy

We may update this Policy from time to time. If this Policy is revised, we will promptly release the latest revised version of this Policy in prominent positions on this website for your awareness. If there is any major change to this Policy, we will notify you of such change in a more prominent way by means of email, text message, or website pop-ups.

How to contact us

If you have any opinion, suggestion, or question about this Policy, or have any request or query for your personal data, please contact us in the following manner. In principle, we will reply within 30 days.

Contact Information:

E-mail: lcs_support@everwattlights.com