PRIVACY STATEMENT
- July 2019 -
Introduction
Below, you will find the privacy statement of Niko NV (hereinafter 'we' or 'us'). This statement only covers the processing of data relating to natural persons, i.e. personal data. This statement is not applicable to data of legal persons. This statement informs you about our policy regarding the processing of personal data.
In the first part, you will find general information that applies to all our processing operations of personal data, while in the second part, you will find information about specific processing operations that may apply to you.
1.GENERAL INFORMATION APPLICABLE TO ALL OUR PROCESSING OPERATIONS OF PERSONAL DATA
1.1 Who is the data controller?
We are Niko NV, with registered office at 9100 Sint-Niklaas, Industriepark West 40, company number 0405.045.670, telephone +32 3 778 90 00, fax +32 3 777 71 20, acts as data controller, unless another Niko entity is explicitly mentioned below for a certain processing operation. If, for a certain processing operation, the controller is another Niko entity, the general information also applies to that other entity.
1.2 How can you contact the Data Protection Officer (DPO)?
For all processing operations by entities belonging to the Niko group, a data protection officer (DPO) has been appointed who can contact you in case of questions or complaints. You can contact the DPO by post: Niko NV, attn Data Protection Officer, Industriepark West 40, 9100 Sint-Niklaas or via e-mail:
dataprotectionofficer@niko.eu.
1.3 Who receives your personal data?
We will disclose your personal data to our employees who need it for carrying out their duties, to subcontractors who process personal data on Niko’s behalf (processors), to other companies within the group of companies to which we belong, to academic institutions for the purpose of research and development, to judicial or police authorities if required by law.
1.4 Do we share your personal data outside the European Union?
In some cases, we may disclose your personal data to recipients located outside the European Union. In those cases, we provide adequate protection of your personal data by either concluding an agreement with such recipients or by working with recipients who are certified or who are located in third countries approved by the European Commission. You can always consult the Data Protection Officer (DPO) to gain access to the applicable adequate protection provided by Niko.
1.5 What rights do you have as a data subject?
You have several rights:
- You have the right of access to your personal data at all times. This allows you to check which personal data we process about you.
- You have the right to have your personal data rectified at any time. This allows you to correct or supplement incorrect or incomplete personal data that we process about you.
- You have the right to have your personal data deleted. This allows you to permanently delete any personal data we process about you. We are not always obliged to delete your personal data at your request. This right only applies in the cases and to the extent provided for by law.
- You have the right to restrict the processing of personal data relating to you. This allows you to freeze the use of your personal data by us without deleting it. We are not always obliged to limit your personal data at your request. This right only applies in the cases and to the extent provided for by law.
- You have the right to object to the processing of your personal data. This allows you to object to the further processing of your personal data. We are not always obliged to honour your objection. This right only applies when we process your personal data on the basis of our legitimate interest.
- You have the right to withdraw your consent at any time when your personal data are processed on the basis of your consent.
- You always have the right to object to the processing of your personal data for direct marketing purposes.
- You have the right to data transferability. This allows you to easily move, copy or forward personal data from one data controller to another. This right can only be exercised if the processing is based on your consent or on a contract with you.
You may address your request regarding your rights or privacy concerns to us or to the Data Protection Officer (DPO).
1.6 Would you like to lodge a complaint to the supervisory authority?
You can always lodge a complaint to the supervisory authority.
For Belgium, this is:
Data Protection Authority
Rue de la Presse 35
1000 Brussels
commission@privacycommision.be
tel. +32 (0)2 247 48 00.
2. SPECIFIC PROCESSING OPERATIONS THAT MAY APPLY TO YOU
We may come into possession of your personal data through all kinds of channels, products and methods. Depending on these channels, products and methods, our use of your personal data will differ. Below you can find out what the different processing methods are that we can use.
2.1 You are a user of a Niko connected product or service
If you are a user of a Niko connected product or service, such as Niko Home Control, we will process your personal data for:
- the operation or provision of the Niko connected product or service (user account, user management, security & diagnosis, customer service, installation and use of the related connected app) on the basis of the execution of the agreement with you. Without your personal data, we will not be able to execute the agreement.
- research and development on the basis of our legitimate interest. Research and development can lead to product improvement and innovation, which will benefit you (you will get better products, more tailored to your wishes) and the community in general (increased energy savings and/or safety);
- In order for the smart functionalities of the connected product or service to work, a profile must be created on the basis of your user and other personal data. Based on this profile, certain functions or events are automatically triggered as part of the proper operation of the product or service. You can turn off the smart functions at any time via your user account.
Research and development can be accompanied by the creation of a profile based on your usage data, in which identifying elements such as your name, address, etc. are omitted. This profile has no consequences for you, aside from possible improvements to our products.
If you choose to connect your Niko connected product or service with compatible products and/or services from our partners, we may share your personal data with, and receive personal data from, these partners. Such information may include user credentials, device information and usage data. The processing of these data is needed to establish a connection and ensure that the connected product or service is working properly. Personal data that is being shared with the partners may furthermore be used by these partners for other purposes, in accordance with their privacy policy and terms of use. Here you can find more information about our partners. For more information on the partner’s own data processing, please refer to the terms of the relevant partner.
Niko will keep your personal data for 10 years after the end of your user account.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data.
2.2 You are taking part in the Niko Partner Program
If you participate in the Niko Partner Program as an installer, we will process your personal data for the management of the Niko Partner Program (allocation of loyalty points, training and rating) on the basis of the need to execute an agreement with you. Without your personal data, we will not be able to execute the agreement.
Upon our approval, your contact details will be published on our website as a recognised Niko installer.
Niko keeps your personal data up to a maximum of 20 years after the last training.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.3 You are an installer
If you install our products, we will process your personal data for:
- the management of installers (including management service desk, delivery of installation software, etc.) based on the need to execute an agreement with you. Without your personal data, we will not be able to execute the agreement.
- to send you commercial information about our products and services subject to your permission. For this purpose, we use your aggregated purchase figures of our products, which we receive via the wholesalers. You can withdraw your consent at any time.
Niko keeps your personal data up to a maximum of 10 years after the last installation/contact.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.4 You are a supplier
If you supply products or services to us, we process your personal data as part of our supplier management based on the need to perform an agreement with you. Without your personal data, we will not be able to execute the agreement.
Niko keeps your personal data up to a maximum of 10 years after the last delivery.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.5 You are a business customer (B2B)
If you purchase products or services from us, we process your personal data as part of our customer management based on the need to perform an agreement with you. Without your personal data, we will not be able to execute the agreement.
Niko keeps your personal data up to a maximum of 10 years after the last delivery.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.6 You are a consumer and customer (B2C)
If you purchase products or services directly from us, we will process your personal data as part of our customer management based on the need to perform an agreement with you. Without your personal data, we will not be able to execute the agreement.
Niko keeps your personal data up to a maximum of 10 years after the last delivery.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.7 You are a visitor to one of our locations
If you visit one of our buildings, showrooms or other locations, we will process your personal data:
- for visitor management (fire safety, confidentiality and organisation events/meetings) on the basis of our legitimate interests;
- to send you commercial information subject to your permission. You can withdraw your consent at any time.
We keep your personal data for a maximum of 2 years after your last visit.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.8 You are a visitor of our website
When you visit our website, we process your personal data:
- on the basis of your permission to reply to your question or request for information;
- on the basis of your permission to send your commercial information;
- on the basis of our legitimate interest in research and development in order to analyse and improve the use and operation of the website. Research and development can lead to improvement and innovation, which benefits you (you get a better website, more tailored to your wishes) and the community in general (safety).
- for placing and reading cookies in accordance with our cookie policy. This includes using cookies from Facebook Ireland Limited with your consent to process events and aggregate them into page statistics. Niko and Facebook Ireland Limited are joint controllers in this regard. More information about the use of Facebook's cookies can be found in our cookie policy. More information about the mutual arrangement we have made with Facebook can be found via the following link.
We may update your personal information with interests that we collect from you through our other channels, products or methods.
We keep your personal data for a maximum of 5 years after your last visit to our website.
During your visit to a Niko website, cookies are also placed in accordance with our cookies policy.
2.9 You are a user of one of our free apps or software programs
If you are a user of one of our free apps or software programs, we will process your personal data for:
Research and development can be accompanied by the creation of a profile based on your usage data, in which identifying elements such as your name, address, etc. are omitted. This profile has no consequences for you, aside from possible improvements to our products.
We will keep your personal data for 10 years after the end of your user account.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.10 You receive commercial information about products and services from us
When you receive commercial information about our products and services, we process your personal data for direct marketing purposes on the basis of this information:
- your consent if you are not a customer of ours; or
- our legitimate interests if you are a customer of ours.
You can withdraw your consent at any time.
You can always unsubscribe for further receipt of commercial information about our products and services.
We keep your personal data up to 10 years after the end of our customer relationship (if you are a customer) or up to 5 years after inactivity (if you are not a customer).
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.11 You receive information about products or services from a partner of ours
When you receive commercial information about products or services from a partner of ours, we process your personal data for direct marketing purposes subject to your consent: You can withdraw your consent at any time.
We keep your personal data for a maximum of 5 years after inactivity.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.12 You participate in a market study
If you participate in a market investigation, we process your data for the purpose of conducting market research into our products and services on the basis of our legitimate interests. Market research allows us to continue to innovate and to better align our products and services to the wishes of the users.
If you do not wish to be contacted for market research purposes, please let us know via our Data Protection Officer (DPO).
We keep your personal data for up to 3 years after the end of the investigation.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.13 You are taking part in a test
If you participate in a test, we process your personal data for the purpose of testing and evaluating our products and/or services on the basis of the execution of the agreement with you. Without your personal data, we will not be able to execute the agreement.
We keep your personal data for up to 5 years after the end of the test.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.14 You are applying for a job
If you apply to us, Niko Group NV, with registered office at 9100 Sint-Niklaas, Industriepark West 40, company number 0448.548.388, telephone +32 3 778 90 00, fax +32 3 777 71 20, [insert general e-mail address], will process your personal data as an applicant:
- for the management and evaluation of your job applications in the context of the pre-contractual relationship;
- to maintain a recruitment reserve on the basis of the legitimate interest of all other entities of the Niko group. Maintaining a recruitment reserve allows us to contact you at a later date for a job opportunity if there is no immediate vacancy.
The provision of your personal data is necessary in order to be able to assess your application and, if necessary, to offer you a job. We keep your personal data for a maximum of 10 years after your last application. If you do not wish to be included in the recruitment reserve, please let us know via our Data Protection Officer (DPO).
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data
2.15 In all cases
If we process your personal data for one of the purposes mentioned above, we also process your personal data:
- the detection, prevention and combating of fraud and abuse on the basis of our legitimate interest. Less fraud and abuse benefits us, our customers and suppliers.
- managing disputes on the basis of our legitimate interest, because we must be able to safeguard and defend our rights.
We keep your personal data up to a maximum of 10 years after your personal data are inactive.
For more general information on this processing (who is the controller, what are the contact details of the data protection officer and supervisory authority, who are the recipients of your personal data, what are your rights, do we share your personal data with countries outside the EEA, etc.), see general information on all our processing operations of personal data