Uponor UK
Head Office
Uponor UK
The Pavillion
Blackmoor Lane
Watford Hertfordshiree
WD18 8GA

Privacy Policy for Uponor Smatrix Pulse App

  1. Controller

    Uponor GmbH (“Uponor”)
    Industriestrasse 56
    97437 Hassfurt
    Germany
     
  2. Contact details

    Uponor GmbH
    Industriestrasse 56
    97437 Hassfurt
    Germany
    privacy@uponor.com
     
  3. Name of the privacy policy

    Uponor Smatrix Pulse
     
  4. Purpose of and legal basis for processing

    Uponor collects personal data about the user (“User”) of Uponor Smatrix Pulse service (“Service”).

    The personal data may be used by Uponor and on its behalf for the following purposes:

    • maintenance and development of the Application and Uponor products and services;
    • marketing and communication purposes such as for conducting marketing research, direct marketing, automated marketing, informing Users of new features, new products or launches, and special promotions;
    • upholding and developing the User relationship;
    • exercising Uponor’s rights;
    • performing Uponor’s obligations towards User and handling, evaluating and enforcing Users’ or Uponor’s obligations or liabilities; and
    • statistical and analytical purposes.

    The legal basis for processing the user’s personal data is the performance of the agreement between the user and Uponor concerning the use of the Application and the services it provides (see article 6.1(b) of the EU General Data Protection Regulation 2016/679, the “GDPR”). In some instances, Uponor may also process the user’s personal data based on its legitimate interests to analyse how the Application is used, further develop it, and to market its products and services (see article 6.1(f) of the GDPR). Processing may be based on user’s consent if such consent is required under applicable laws or regulations.

    The user’s personal data may be stored as long as Uponor need it for the above listed purposes, however typically not longer than ten years.
     
  5. Types of personal data

    The following information is processed by Uponor for the purposes of providing the Application and related services:

    • User’s name and city
    • mobile number
    • email address
    • installation ID
    • personal password
    • device ID/serial number
    • installation description
     
  6. Regular sources of data

    The personal data is collected primarily from the User of the Application or through the Application.

  7. Regular disclosure of data and the transfer of data outside the EU or the EEA

    Uponor may disclose and transfer personal data outside EU/EEA in accordance with and subject to the limitations imposed by applicable legislation as follows:

    • in accordance with a contract entered into between the relevant Uponor entities, incorporating the European Commission’s Standard Contractual Clauses, which ensure that adequate data protection arrangements are in place as well as to authorized third parties to the extent they participate in the processing of personal data for the purposes stated in privacy policy. The personal data may be processed by such authorized third parties also outside EU or EEA in accordance with a contract entered into between Uponor Corporation and/or its affiliate and such authorized third party, incorporating the European Commission’s Standard Contractual Clauses, which ensure that adequate data protection arrangements are in place. Uponor Corporation shall oblige such third parties to keep confidential and adequately secure any such transferred personal data; or
    • based on consent; or
    • as otherwise permitted by applicable legislation.

    For technical reasons and for reasons related to the use of data, the personal data may also be stored on servers of external service providers (also outside EU / EEA) who may process the data on behalf of Uponor.

    Any transfers of personal data shall be made in accordance with the General Data Protection Regulation (2016/679) and any applicable mandatory legislation, as amended.

    In addition to the above Uponor may be obliged to disclose the personal data to the authorities. Uponor may also disclose and otherwise process the personal data, in accordance with applicable legislation, to defend its legitimate interests.
     
  8. Principles of Securing Personal Data – Technical and Organizational Controls

    Uponor shall ensure that sufficient technical and organizational personal data protection measures are implemented and maintained throughout its own organization. Further, Uponor shall ensure that any transfer or disclosure of personal data described in this Privacy Policy to any third party is subject to Uponor having ensured an adequate level of data protection by agreements or by other means required by law.

    Technical controls:
    Physical material is stored in locked spaces with restricted access. Any IT systems are secured by means of the operating system’s protection software. Access to the systems requires entering a username and a password and data transfers happen via high encryption channels.

    Organizational controls:
    Within the organizations of Uponor, the use of the personal data is instructed, and access to IT systems including personal data is limited to such persons who are entitled to access them on the basis of their work assignments or role and who are subject to confidentiality obligations regarding the personal data.
     
  9. Data subject’s rights

    Unless any limitations apply, each data subject has the right to access all personal data Uponor have on him/her. Each data subject also has the right to request that Uponor corrects, erases or stops using any erroneous, unnecessary, incomplete or obsolete personal data. Each data subject may also withdraw any consent previously provided by him/her, and object to all direct marketing.

    Any requests should be sent using the contact details mentioned in Section 2 above. Uponor processes all requests as soon as possible. If dissatisfied with the decision or actions of Uponor, each data subject has the right to lodge a complaint with his/her country's data protection authority.