General Data Protection
Regulation Compliance

Hosting
Our infrastructure service provider Hetzner Online GmbH is located at Hetzner Data Center Park, Nuremberg, Germany which is certified with accordance with DIN ISO/IEC 27001. The internationally recognized standard for information security certifies that Hetzner Online GmbH has established and implemented an appropriate information security management system (ISMS). This certification confirms that Hetzner Online will uphold strict information security standards. It states that they will keep your data under lock and key.


Processing of the personal data on the basis of Article 6(b) of the General Data Protection Regulation

Data required for the purpose of informing 1Home users - contact user email, name and surnameContact user email, name and surname is used to communicate new features and improvements to 1Home service with users, suggestions on how to better use 1Home service, tips on new technologies available on the market, ideas on how to improve smart homes and potential special offers 1Home might have in the future. Name and surname is used to address the user in a proper manner.
Data required for the purpose of offering our users support - user email, smart home usage dataFor the purpose of helping our users to set up 1Home services for their smart home and resolve any issues they encounter 1Home collects 1Home usage data (e.g. log of voice commands) which can also be reviewed by users through the 1Home web console. 1Home support team uses this information to assist our users. This consent can also easily be revoked by the user once the user is happy with the setup. Collection of this data is also a requirement for allowing selected installers offering support to the customer.
Data required for the purpose of your installer managing your smart home remotely - email, smart home configuration, smart home usage data1Home users can authorise their installers to help them with setting 1Home services for their smart home and manage the smart home remotely. For this purpose 1Home gives access to authorized installer for the following user data: user email used by the installer to identify the user, smart home configuration (e.g. types and names of your connected devices), 1Home usage data (e.g. log of voice commands) which can also be reviewed by users through the 1Home web console. Authorised installer is also allowed to modify your 1Home configuration. Authorised installer can be reviewed and authorised/de-authorised by the user through the 1Home web console.

The above mentioned data is processed by 1Home due to the fact that the data subject has given consent to the processing of his or her personal data for one or more specific purposes. The personal data will be stored as long as the user will have an active account. All logs are deleted after 30 days. A user has a right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Also a user has a right to lodge a complaint with a supervisory authority. The data shall not be exported outside the EU except where Privacy Policy states otherwise. Our Cloud service provider is located in Germany. This consent can be withdrawn at any time (without affecting the lawfulness of processing based on consent before its withdrawal) by sending an email to support@1home.io.

Data retention policy
1Home has transperent data retention policy, which is based on data minimization principle.All error logs and diagnostics are deleted after 30 days. All users who have not visited our site or have been actively using 1Home services in the past 9 months are deleted. All their information is deleted. If a user returns after 9 months they will be treated like a new user. Other users data will be stored as long as the user will have an active account.In other cases, personal information must be stored in accordance with regulatory requirements. Obligation regarding a different data retention period can be set in a relevant national or EU law.


Material and procedural rights

The GDPR provides the following rights for individuals:
Right to be informed obliges organizations to provide users with information about the data processing activities they carry out. The information must be concise, transparent, intelligible, easily accessible, written in clear and plain language and free of charge.

Right to access requires from data controller to provide individuals with their personal data and information about how their personal data is being processed.

Right to rectification allows users to have their personal data rectified if it is inaccurate or incomplete. This right also implies that rectification must be disclosed to any and all third-party recipients involved in the processing of the data in question.

Right to erasure (“Right to be forgotten”) enables individuals to obtain the erasure of personal data where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected, data subject withdraws consent, the personal data have been unlawfully processed etc.

Right to restrict processing enables users to request restriction of processing of their personal data in cases where they’ve contested its accuracy; or where the processing is unlawful but the user requests restriction instead of erasure; or where the data is no longer needed etc.
Right to Data Portability enables individuals to receive the personal data concerning them, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to object enables users to object to certain processing activities in relation to their personal data whenever the processing is based on the controller’s legitimate interest, or the performance of a task in the public interest/exercise of official authority, or for purposes of scientific/historical research and statistics.

Rights relating to automated decision making and profiling prevents that users are subjected to a decision when it is based on automated processing or profiling, except it is needed for the performance of a contract; authorized by EU state law applicable to the data controller; does not have a legal or similarly significant effect on the user; or is based on the individual’s explicit consent.1Home will comply as soon as possible with the above mentioned requests, however it has maximum 30 days for the above mentioned performance.