Privacy policy for smart home appliances and applications

THE RITTERWERK-MOBILE APPLICATION OR "APP"

Before you use our Products, please carefully read through this Policy and understand our purposes and practices of collection, processing of your Personal Data, including how we use, store, share and transfer Personal Data. In the Policy you will also find ways to execute your rights of access, update, delete or protect your Personal Data.  

When you accept this Policy when you register with your Personal Data, or if you start to use our Products and does not expressly object to the contents of this Policy, we will consider that you fully understand and agree with this Policy. If you have any questions regarding this Policy, please do not hesitate to contact us.

For other branded mobile applications powered by ritterwerk, our Clients control all the Personal Data collected through our Products. We collect the information under the direction of our Clients and the processing of such information shall be limited to the purpose of providing the service for which our Clients have engaged us. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. 

Definition 

In this Policy, Personal Data means information generated, collected, recorded and/or stored, electronically or otherwise, that can be used to identify an individual or reflect the activity of an individual, either from that information alone, or from that information and other information we have access to about that individual.    

Personal Sensitive Data includes personal biometric information, communication records and contents, health information, transaction information, and precise location information. When we collect Personal Data from you, we will generate an explicit notification for your consent before we collect this data.

Smart Devices refers to those computing devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including: smart home appliances, smart wearable devices, smart air cleaning devices, etc.  

Apps refers to those mobile applications developed by ritterwerk that provide end users remote control to Smart Devices and with the ability to connect to the supplier IoT Platform.  

What Personal Data do we collect 

In order to provide our services to you, we will ask you to provide necessary Personal Data that is required to provide those services. If you do not provide your Personal Data, we may not be able to provide you with our products or services. 

Information You Voluntarily Provide Us 

Registered Account Data: When you register an account with us, we may collect your name and contact details, such as your email address, phone number, user name, and login credentials. During your interaction with our products, we may further collect your nickname, profile picture, country code, language preference and time zone information into your account. 

If you authorise login to the products with a third party account, we will obtain from such third party your account information (such as portrait, nickname, region, gender, etc.) which may be bound with your ritterwerk account for quick login. We will ensure compliance with applicable data protection laws and regulations, as well as agreements, policies or documentations agreed with such third party regarding sharing personal information, in processing your Personal Data.  

If the Services you request or purchase are based on your account, please go to the registration/login page for guidance. 

Feedback: When using feedback and suggestion features in our Products, we will collect your email address, mobile phone number and your feedback content to address your problems and solve device failures on a timely basis. 

Information based on additional functions:  

In order to offer you with more convenient and higher-quality Services with optimised user experiences, we may collect and use certain information if you consent to use additional functions in the App. Please note, if you do not provide such information, you may continue to use basic Services of the App and connected Smart Devices, but certain features based on these additional functions may not be available. These additional functions may include: 

1) Additional functions based on location information: 

When you enable the location-based functions through permission settings on your mobile device, we will collect and process your location information to enable these functions, such as pairing with your Smart Devices. Also, we may collect information about your: a) real-time and precise location, for instance when you choose to use the automation scenarios for controlling your Smart Devices, or b) non-precise geo-location when you use certain Smart Devices or the Services.

Based on your consent, when you enable the geo-fence feature, your location information will be generated and shared with Google Maps services. Please note that Google has corresponding data protection measures, which you may refer to Google’s Data Processing and Security Terms for more details.  

You may disable the collection and use of your location information by changing your mobile device settings ("Settings - Privacy Settings - Switch on/off Location Information", this may be different on Android and Apple devices), upon which we will cease to collect and use your location information.   

2) Additional services based on camera: 

You may use the camera to scan the code by turning on the camera permission to pair with a Smart Device, for example, to take a video. Please be aware that even if you have agreed to enable the camera permission, we will only obtain information when you actively use the camera within the app.

You may opt-out the using of camera permission ("Settings - Privacy Settings - Switch on/off Camera", this may be different on Android and Apple devices.) 

3) Additional services for accessing and uploading pictures/videos based on photo albums (picture library/video library): 

You can use this function to upload your photos/pictures/videos after turning on the photo album permission, so as to realise functions such as changing the avatar, reporting device usage problems by providing photo proofs, etc.. When you use the photos and other functions, we will not recognize this information; but when you report a device usage problem, we may use the photos/pictures you upload to locate your problem. 

You may opt-out the using of photo album permission: ("Settings - Privacy Settings - Switch on/off Album Access”, this may be different on Android and Apple devices)

4) Additional services related to microphone-based services: 

You can use the microphone to send voice information after turning on the microphone permission, such as shooting videos, waking up the voice assistant, etc. For these functions, we will collect your voice information to recognize your command. Please be aware that even if you have agreed to enable the microphone permission, we will only obtain voice information through the microphone when you voluntarily activate the microphone in the App. 

You may opt-out the using of microphone permission ("Settings - Privacy Settings - Switch on/off Microphone Access”, this may be different on Android and Apple devices)

5) Additional services based on storage permissions (Android): 

The purpose is to ensure the stable operation of the App by utilising the storage permission. After you give or indicate the permission to read/write your mobile device’s storage, we will access pictures, files, crash log information and other necessary information from your mobile device’s storage to provide you with functions, such as information publications, or record the crash log information locally. 

You may opt-out the using of storage permission ("Settings - Privacy Settings - Switch on/off Storage Access”, this may be different on Android and Apple devices)

6) Additional services based on Notification permissions: 

The reason why we ask you for the permission is to send you notifications about using the Smart Devices or Services, especially if you have purchased security services and you require an alert or message so that you can capture the real-time status. 

You may opt-out the using of App notifications: ("Settings - Notification Settings” use the toggle to switch of different app notifications accordingly, this may be different on Android and Apple devices)

7) Additional services based on Alert Window permissions： 

You may choose to bind a camera in the App and require the App to display the real-time image of the camera in a separate window. 

You may opt-out the using of alert window information: ("Settings - App Settings - Select the Meaco App - Switch on/off Alerts”, this may be different on Android and Apple devices)

8) Additional services based on Bluetooth permissions: 

You can enable Bluetooth functions after turning on the permission, including controlling the Smart Devices, acquiring status of, discovering and configuring Smart Devices. In these functions, we will communicate with Smart Devices via Bluetooth. Please be aware that even if you have agreed to enable the Bluetooth permission, we will only use Bluetooth for communication in these scenarios: display device status on the home page and Smart Device panel; perform device control on the home page and Smart Device panel; discovering Smart Devices on the home page and the add device page, Smart Device distribution network. 

You may opt-out the using of Bluetooth via ("Settings - Connectivity Settings - Disconnect or Switch Bluetooth on/off”, this may be different on Android and Apple devices)

9）Additional services based on HomeKit permission (iOS): 

You can enable related functions after enabling HomeKit permissions, including discovering Smart Devices, enabling Smart Device network configuration, controlling Smart Devices, and checking device status. Among these functions, we will process data with the "Home“ App that comes with the iOS system through HomeKit. Please be aware that even if you have agreed to enable the HomeKit permission, we will only use it in these scenarios: on the home page, to discover HomeKit devices, HomeKit device network configuration; in "Settings - HomeKit" for discovering HomeKit devices, HomeKit device network configuration. 

You may opt-out the using of HomeKit permission via ("Settings - Privacy Settings - Switch on/off HomeKit permissions”).

Please note that if you turn on any of the above permissions, you are authorising us to collect and use relevant personal information to provide you with corresponding services. Once you turn off any of the permissions, we will no longer continue to collect Personal Data based on the corresponding permissions, and the related functions may be terminated. However, your decision to turn off the permission will not affect the previous collection and use of information based on your authorisation. 

Information We Collect Automatically 

Mobile Device Information: In order to provide and maintain the normal operation of our services, to improve and optimise our services and protect your account security as well, we automatically collect mobile device information when using the app. This may include: mobile device model number, IP address, wireless connection information, the type and version of the operating system, application version number, push notification identifier, log files, and mobile network information. Meanwhile, we will also collect your software version number. In order to ensure the security of the operating environment or to provide services, we will collect information about the installed mobile applications and other software you use. 

Usage Data: During your interaction with the app, we automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our services. 

Log Information: When you use the App, in order to improve your user experience, the system and exception log may be uploaded, including your IP address, language preference setting, operating system version, date or time of access, so that we can facilitate and accurately identify problems and help you solve them in a timely manner. 

Please note that we cannot identify a specific individual by using device information or log information alone. However, if these types of non-personal information, combined with other information, may be used to identify a specific individual, such information will be treated as Personal Data. Unless we have obtained your consent or unless otherwise stated by data protection laws and regulations, we will aggregate or anonymise such information.

Smart Devices Related Information:  

Basic Information of Smart Devices: When you connect your Smart Devices with the Services, we may collect basic information about your Smart Devices such as device name, device ID, online status, activation time, firmware version, and upgrade information. 

Information collected during the process of connecting to a Smart Device: Based on the type of Smart Device you need to connect, the basic information collected includes: Wi-Fi information, device MAC address, etc.  

Information Reported by Smart Devices: Depending on the different Smart Devices you elect to connect with our Products or Services, we may collect different information reported by your Smart Devices. 

Purposes and legal basis for processing Personal Data  

The purpose for which we may process information about you are as follows: 

Provide You with Our Services: We process your account data, mobile device information, usage data, location information, and Smart Device related information to provide you with the Services that you have requested. The legal basis for this processing is to perform our contract with you according to this privacy policy.

Improve Our Services: We process your mobile device information, usage data, location information and Smart Device related information to ensure the functions and safety of the Services, to develop and improve the Services, to analyse the efficiency of our operations and to prevent and trace fraudulent or inappropriate usage. The legal basis for this processing is to perform our contract with you according to our App User & Service Agreement.

Non-marketing Communication: We process your Personal Data to send you important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information. At the same time, we will also send you notifications related to the services you have purchased, such as alert services. You can check and manage the “App Notification” in the App ("Me > Message Center > Settings > Notification Settings”, this may be different on Android and Apple devices). When you decide not to enable the Notifications function, we will no longer process your information for such purpose. The legal basis for this processing is to perform our contract with you according to our User & Service Agreement.

Data Analysis: In order to analyse the usage of the products we provide and improve your user experience, we will analyse the data you provide us, a) we need to check your problems when you encounter any malfunctions during the usage of the product, under such circumstance, you may not able to opt-out because it is highly relate to your functionalities and quality of using our product and service, and b) analyse data about how you interface with the product or under particular scenarios so that you can better enjoy the convenience brought by our Services, under such circumstance, if you do not agree to data analysis of your data, you can enter the privacy settings of App (“My > Settings > Privacy Settings > Data Analysis”, this may be different on Android and Apple devices) to opt-out your selection. The legal basis for such processing is based on your consent. 

Marketing Communication and Personalization: We may process your account data, usage data, device information to personalise product design and to provide you with services tailored for you, such as recommending and displaying information and advertisements regarding products suited to you, and to invite you to participate in surveys relating to your use of the Services. If you do not allow us to process your Personal Data for personalization, you may opt out when you enter the App, or by changing your preferences in “Privacy Settings” (“Me> Settings > Privacy Settings > Personalization”, this may be different on Android and Apple devices) in the App. The legal basis for this processing is your consent. 

Legal Compliance.

We disclose information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to: 

comply with a legal obligation, process or request; 

enforce our User Agreement and other agreements, policies, and standards, including investigation of any potential violation thereof; 

protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law; or 

detect, prevent or otherwise address security, fraud or technical issues. 

If there is any change in the purposes for processing your personal data, we will inform you of any such changes via email and/or a prominent notice on our website of such changes of purposes, and choices you may have regarding your Personal Data. 

Who do we Share Personal Data with? 

On the Meaco App, we only share Personal Data in ways that we tell you about. We may share your Personal Data according to our Privacy Policy.

International Transfer of Information Collected 

Meaco will comply with applicable data localisation requirements in corresponding jurisdictions with respect to storage of data. To facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. When we do so, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approach: 

Agreement on the basis of approved EU standard contractual clauses per GDPR Art. 46. For more information, see https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. 

If you would like further detail on the safeguards we have in place, you can contact us directly as described in this Privacy Policy. 

Your Rights Relating to Your Personal Data 

We respect your rights and control over your Personal Data. You may exercise any of the following rights seen in the Privacy Policy concerning our website, with our app. For any queries relating to this, please contact us.

Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.  

Withdrawal of consent:

For privacy permissions acquired through device system settings, your consent can be withdrawn by changing device permissions, including Confirm: location, camera, photo album (picture library/video library), microphone, Bluetooth settings, notification settings and other related functions;

You may opt-out the non-marketing communication through “Me > Message Center > Notification Settings”;

You may opt-out the data analysis features through “Me > Settings > Privacy Settings”; 

You may opt-out the Personalisation feature through “Me > Settings > Privacy Settings > Personalization”; 

Unbind the Smart Device through the App, and the information related to the Smart Device will not be collected; 

By using product with the "Try Now" mode, and not enable certain location setting for particular smart scene, we will not collect any Personal Data about you; 

When you withdraw your consent or authorisation, we may not be able to continue to provide you with certain products or services correspondingly. However, your withdrawal of your consent or authorization will not affect the processing of personal information based on your consent before the withdrawal. 

About Deletion of the Account: You can find the Delete function through “Me > Settings > Account and Security > Delete Account” (Deactivate Account） 

Security Measures 

We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Data. ritterwerk provides various security strategies to effectively ensure data security of user and device. As for device access, Meaco’s proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you have shared your password or phone with someone), you can immediately notify us of the problem by emailing us at psti@ritterwerk.de.

We do our best to provide continuous security updates for our IoT products. The security updates generally include the latest security patches, security vulnerability fixes, and other security improvements. We will maintain the security updates for at least 3 years from the launch day of related products.

The support period will not be shortened but can be extended after publication. You can contact us if you wish to check the latest security update, support period or whether your device can still receive security updates.

Please note that the security updates, policies and devices are subject to change and will be reviewed on a regular basis. We will acknowledge receipt of any reports or concerns of vulnerability within 7 calendar days.

Data Retention 

We process your Personal Data for the minimum period necessary for the purposes set out in this Policy, unless there is a specific legal requirement for us to keep the data for a longer retention period. We determine the appropriate retention period based on the amount, nature, and sensitivity of your Personal Data, and after the retention period ends, we will destruct your Personal Data. 

For as long as you require us to fulfil the products and services you request from us as defined in the User & Service Agreement

Personal Data will no longer be retained when you request to remove your Personal Data, we will accordingly complete the task. 

When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your Personal Data. 

12.QUERIES, REQUESTS OR CONCERNS

Disclosure of vulnerabilities

If you think you have found a security vulnerability, please let us know by emailing psti@ritterwerk.de.

Please provide details of the following in your report:

• the website, IP address or page where the vulnerability is found
• a brief description of the nature of the vulnerability, e.g. B. “XSS vulnerability”
• Steps to reproduce. This was intended to be a harmless, non-destructive proof of concept. This means the report can be processed quickly and precisely. Such reporting also reduces the likelihood of double reporting or malicious exploitation of certain vulnerabilities, such as: B. the takeover of subdomains.

After you submit your report, we will respond to you and endeavor to process your report within 7 calendar days. We will also keep you updated on our progress.

The priority of remediation actions is assessed based on the impact, severity and complexity of the vulnerability. Viewing and processing vulnerability reports can take some time. This allows our teams to focus on resolving vulnerabilities. We will notify you as soon as the reported security vulnerability is fixed.

Please note: You must always comply with data protection regulations and not violate the privacy of the organization's users, employees, contractors, services or systems. You may e.g. B. not to pass on, distribute or improperly secure the data retrieved from the systems or services. You must also securely delete any data obtained as part of your research as soon as it is no longer needed or within one month of resolving the vulnerability, if earlier (or in accordance with data protection law).

To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact us via psti@ritterwerk.de.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, U.K.