Effective date: 01 Oct 2023
Processing of personal data in Airthings
When you use our website or any of our products, software or services Airthings, will process your personal data. Below you will find information regarding which type of personal data that is being collected, the purposes of and reasons why we collect the data and your rights regarding the processing of your personal data.
Airthings ASA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Airthings ASA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. , the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Contact information for Airthings is:
- Address: Wergelandsveien 7, 0167 Oslo
- E-mail: [email protected]
- Telephone: +44 808 169 5752
- Organisation number: 993 092 045
For queries or questions regarding our processing of your personal data, you may contact [email protected]
1. The purposes of our data collection and what types of data we collect
Airthings provides Internet-enabled devices (our “Devices”) that are designed to monitor the air quality where installed (e.g., in your home, office, or commercial building). We also provide a mobile application (our “App”) and/or a web dashboard (“Dashboard”) that is designed to work in tandem with our Devices to provide you with information on the indoor air quality in the place(s) where you have installed our Devices. We provide a service through the App and/or Dashboard that is designed to provide you with air quality information and insights about air quality where our Devices are installed (our “Service”). In order to enjoy the full functionality of our Service, we require that you set up an account. In addition, our Service might include making recommendations to you for improving your air quality and making recommendations to you about who to contact to obtain help improving your indoor air.
We collect and process your personal data for various purposes depending on who you are and how we get in touch with you. We collect the following personal data for the purposes mentioned below:
|Your name, e-mail address, username, and password when you setup an account.||Administration of your user account. The processing purpose is based on contractual necessity. In other words, we need this information to identify our users and provide them access to a user account with their own credentials to provide the Service.|
|Device sensor data, including measurements of certain indoor contaminant levels.||As part of the Service, we collect sensor data via the Device to measure air quality and analyze such data as well as data about the Device to improve the Service. We also may receive or collect data about the Device, such as where it is located (e.g., the postal code and/or street address and/or general location if location services are enabled on the mobile device for the App), a unique ID assigned to each of our Devices, and the name and/or type of Device (e.g., the View Plus monitor). We may associate that information with your account information. We collect this information under the processing purpose of contractual necessity as it is required for us to provide the Service to you.|
|App and Dashboard data collection.
As part of the Service, we also collect data about the App and the mobile device where our App is installed and the Dashboard and the device used to access the Dashboard. For example, we will collect the type of mobile device (e.g, iPhone) the operating system of your mobile device, the IP address, the general location if location services are enabled on the mobile device for the App, and a unique ID for your mobile device. We may associate that information with your account information.
|We collect this information under the processing purpose of contractual necessity as it is required for us to provide the Service to you.|
|Name, telephone number, e-mail address and other personal data collected in connection with support enquiries.||Responding to incoming enquiries through our support channel and web application feedback channel. The processing purpose is based on the legitimate commercial interest of helping you with your enquiry.|
|Your name, e-mail address, username, and information about your mobile device and/or device used to access the Dashboard.||Sending out marketing materials, such as newsletters, email marketing messages, in-App marketing messaging and information regarding our activities. The processing purpose is based on either your consent (where required by law) or the legitimate commercial interest of helping you better understand how our Devices and related Services can help keep your home safe, including proposals for third-party mitigation solutions and/or contractors that might be available to you.|
|CV, applications references and attestations.||The recruitment of employment and consulting vacancies and positions. The processing of data is based on your given consent.|
2. Disclosure of personal data to others
Except as described above, we do not disclose your personal data to others unless there is a legal obligation for such disclosure. Examples as to the basis for disclosure could typically be a contract with you or legal basis in the law instructing us to provide the information. Airthings uses data processors to collect, store or in other ways process data on our behalf. In such cases we have concluded data processing agreements to ensure the information security in all segments of the data processing. We currently use the following data processors:
- Amazon (Amazon Web Services). Data about you is processed by Amazon to provide customer support, handling your user account and handling the name, location and sensor data of your device. The processing is required for us to provide the Service to you and also based on our legitimate commercial interest in processing these data for this purpose.
- Intercom and Cx Moments. Data about you is processed by using Intercom and Cx Moment as sub-processors to provide customer support efficiently. The processing is based on our legitimate commercial interest in processing these data for this purpose, as we consider it within our business purpose to provide our customers with support, which is not overridden by the interests or privacy of the data subjects.
- Consignor. Data about you is processed by Consignor to ship the Devices you purchase to your address. The processing is necessary for the performance of a contract with you.
- GoMage, Inc. Data about you is processed by GoMage, Inc. to process orders in our web shop. The processing is necessary for the performance of a contract with you.
- Slack. Data about you is processed by Slack to gather account data and information about your use of the Services in order to troubleshoot and manage customer service issues. The processing is based on our legitimate commercial interest in processing these data for this purpose.
- Hubspot. Data about you is processed by Hubspot to provide you with our newsletter. The processing is based on our legitimate commercial interest in processing these data for this purpose.
- Post Affiliate Pro. Data about you is processed by Quality unit to process orders in our web shop. The processing is necessary for the performance of a contract with you.
- Mixpanel. Data about you is processed by Mixpanel to provide customer support and for product analytics purposes. The processing is based on our legitimate commercial interest in processing these data for this purpose.
- Unifaun. Data about you is processed by Unifaun to ship packages to your address. The processing is necessary for the performance of a contract with you.
- ShipMonk. Data about you is processed by ShipMonk to ship packages to your address. The processing is necessary for the performance of a contract with you.
- Google (Google Workspace). Used as Airthings’ email provider and document storage. Data about you will be processed here when you contact Airthings for general communication and support.
- SoPro might obtain data about you directly for business-to-business digital marketing and share such data with us. In such event, the processing would be based on our legitimate commercial interest.
Your personal data might be transferred to countries outside the European Economic Area (third countries) in order to provide you services and where we use subcontractors. We always make sure that appropriate and suitable safeguards compliant with applicable laws are in place to protect your personal data.
Transfer to third countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
3. Storage, Retention period
We only store your personal data for as long as necessary for the purpose the data was collected for.
This means that personal data collection based on your consent will be deleted if you withdraw your consent unless we are required to retain all or part of the data under applicable law. Data processed for the purpose of our newsletter will for instance be deleted after withdrawal of your consent.
Personal data we process in the performance of a contract with you will be deleted when the contract is implemented and all obligations pursuant to the contract have been implemented. Personal data related to your user account, including location data, is retained until you delete your account, after such time the data is aggregated and may be stored for up to five years. Personal data related to shipment of packages is deleted after 2 years of last shipping date and then aggregated and stored for up to five years.
4. Your rights when we process your personal data
You have the right – partly under certain conditions:
- to request information (i.e., the “right to know”) about the processing of your data free of charge, as well as the receipt of a copy of your personal data. You can request information on the purposes of the processing, the categories of personal data being processed, our business purpose(s) for using that data, the recipients of the data (if they are passed on and whether that could be considered a sale of data), the duration of the storage or the criteria for determining the duration;
- to correct your data. Should your personal data be incomplete, you have the right to complete the data, taking into account the processing purposes;
- to delete or block your data. Reasons for the existence of a cancellation/blocking right can be, among others, the revocation of the consent on which the processing is based, the data subject objects to the processing, the personal data were processed unlawfully;
- to restrict the processing;
- to object the processing of your data;
- to revoke your consent to the processing of your data in the future, and;
- to complain to the competent supervisory authority about inadmissible data processing. You can read more about the extent of your rights in the web pages of the Norwegian Data Protection Authority: www.datatilsynet.no.
To assert your rights, we ask that you do so by logging into your account. If you do not have an account with us, or the account process is not functioning for some reason, please contact us through [email protected]. We will answer your request as soon as possible, and in all cases, no later than 30 days. California consumers may call our privacy hotline at 800- 674-9012.
You can always withdraw your consent to our processing of your personal data. The easiest manner to withdraw your consent is to contact us through [email protected].
The security of your information is important to us. We have implemented reasonable security measures to protect the information, both during transmission and once it is received. This includes but is not limited to the use of firewalls and encryption. No method of transmission over the Internet or method of electronic storage is 100% secure; therefore, while the company strives to use commercially acceptable means to protect your information, it cannot guarantee absolute security.
6. Children's Privacy
Our Devices and Services are designed for those 18 years of age and older. We not knowingly collect information from anyone under the age of 18. If the company is made aware that it has received personal data from someone under 18, it will use reasonable efforts to remove that information from its records.
7. Complaint and legal processes
If your opinion is that our processing of your personal data is not in compliance with the described manner here or in other ways not in compliance with the general data protection regulation, (GDPR), you can file a complaint with the Norwegian Data Protection Authority (Datatilsynet).
You can find information about how to contact the Norwegian Data Protection Authority on the web pages of the Authority: www.datatilsynet.no.
We use Norway's Norwegian Data Protection/Supervisory Authority as the leading supervisory authority for cross-border processing under GDPR Article 56. You can therefore direct any cross-border complaint to the Norwegian Data Protection Authority: www.datatilsynet.no.
In compliance with the EU-U.S. DPF, Airthings commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.
Airthings will only disclose personal information in response to lawful requests (such as subpoenas, court orders or other valid legal process) by public authorities. In case of illegal onward transfers of personal information to third parties, Airthings may be liable under applicable laws. One or more of Airthings’ subsidiaries may be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, you may have the possibility to invoke binding arbitration. In such case, arbitration will follow the terms set forth in Annex I of the DPF Principles https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
If there should be a change in our services or a change in the regulation regarding the processing of personal data, this can cause changes in the information given in this notice. In all cases updated information will always be easily accessible on our web pages.