Applicable from: 10.05.2021

Aguardio’s Privacy Notice

Introduction

When we receive personal data from you, we strive for your confidence in us processing data in a transparent and safe manner.

For this reason, we have developed this Privacy Policy to give you information about the types of data that we process and how we process data.

Collection and processing of personal data will take place in accordance with applicable rules and regulations in force at any time, and we will only process personal data when there is a legally sufficient basis for processing. We understand that we may only process personal data to the extent necessary in view of the purpose. We will review periodically registered personal data and will delete personal data no longer relevant to process for us.

This Notice forms part of Aguardio’s documentation for complying with applicable data protection rules and regulations.

In case of any questions relating to our processing of personal data please take contact to us.


Data Controller

The company responsible for processing your personal data is Aguardio ApS, Innovations Allé 3, 7100 Vejle, Denmark, Danish Business Registration No. 38512048


Categories of data subjects

End users of the device.


Our reasons to process personal data (Purpose of processing) and legal basis

Our processing of your personal data requires a legal basis.

We process your personal data with the purpose of keeping track of water consumption in order, by way of data, to guide or nudge end user to save water and energy – and to protect the environment. By having better insights into the time spent on showering, better attention can be brought to the consumption of water as a scarce resource. This is to motivate a change in consumption habits.


Categories of personal data

The Aguardio sensor registers time of start and end of water consumption, temperature and room humidity per hour and Media Access Control (MAC) address.

Aguardio does not know the physical address of the sensor.


Sensitive data and children’s data

We will not register sensitive personal data such as personal data about health or religious or political beliefs or similar. We also do not process personally identifiable information relating to children.


Lawfulness (Legal Basis)

Aguardio is contractually obliged to deliver data from sensors to our customers, usually housing associations, water utilities etc.

Hence, processing is lawful under Article 6, Subclause 1, litra c, relating to processing being necessary for compliance with a legal obligation to which Aguardio is subject.


Data from other sources

We do not receive or process personal data from other sources.


Storage of data

Water consumption data is stored in order to nudge water consumers to reduce their water consumption.

Data is also kept in storage in order to make sure that consolidated data is correct and in order to develop our products and services.

Consolidated data from the sensors is stored for as long as the particular purpose is valid and thereafter for a limited time due to our purposely determined back-up and deletion routines.

The sensor unit does not save data for more than one to two days. Once a day, the unit accesses the internet to send data about water usage time, temperature and humidity. Subsequently, data in the unit is erased as it is being overwritten by new data.


Deletion

We delete personal data when the designated purpose for processing or retaining it has been achieved, or as soon as possible after you object to its use, or the use is no longer legally permitted.


Dataprocessor

As a part of our normal operational procedures, we give NTT DATA Business Solutions access to handle our systems.

The data processor only has access in order to deliver IT services or support to us. As data controller, Aguardio has set up the framework for the data processor access to personal data that we process. Data processors may not use personal data for their own marketing purposes or other purposes. Data processor’s retention of personal data is governed by a data processing agreement. This includes requirements as to an appropriate level of security.


Disclosure

We disclose personal information to third parties only when it is necessary for the purposes specified and only to the categories of the recipients identified.

We do not disclose personal data for direct marketing purposes.

In the event of Aguardio’s sale or liquidation of any part of its business or assets, personal data may be shared, complying fully with applicable data protection regulation.


Security

We process data in confidence and in a manner that ensures appropriate security of personal data, including IT technical and administrative limitations to prevent un-authorized access to or use of personal data that are under our responsibility.

We have also implemented technical and organizational security measures in order to protect your personal data from accidental or unlawful destruction, loss, alteration, un-authorized disclosure of, or access to personal data transmitted, stored or otherwise processed in a way that infringes personal data legislation.

We regularly redevelop our security policies and procedures in order to protect the security of our data processing.

Only persons who need the data, may access personal data.

We require the same from our commercial partners as we require from ourselves.

Our employees receive instruction as to how they must or may process personal data. Internal guidelines are in place for action in case of infringements of the security of our data processing.

If because of e.g., a cyber-attack or similar, Aguardio becomes the victim of an infringement of the security of data processing, we will communicate this to you as soon as possible if the infringement poses a high risk.


Transmission to Third Countries

Personal data that we may process will preferably and to the extent possible be processed and kept in Denmark, the EU, and countries that are party to the European Economic Agreement (EEA).


Your rights, and where to complain

You are entitled to know whether we hold personal data about you and if we do, obtain insight to that data and require the data to be corrected, if inaccurate, and

you may object to our use of your personal data and require such data erased.

Restrictions may apply to these rights.


If you want to exercise your rights, you must contact us.

You also have the right to file a complaint on how we process your personal data to a Data Protection Authority.


Review of this Privacy Notice

We aim for as much transparency as possible regarding the collection and processing of personal data.

For this reason, we will review and update this Privacy Notice from time to time.

Any update of the practice regarding processing of personal data that we follow according to this Privacy Notice will come into force immediately as regards personal data that we process about you.

In case we change the Privacy Notice substantially we strive for taking such reasonable and usual steps to communicate this to the data subjects including information about the consequences of the changes we make.


The Privacy Notice was updated at the date referred to at the top under “applicable from”.

This Privacy Notice supersedes all and any earlier versions.