1. Home
  2. Knowledge Base
  3. General Support
  4. Privacy Policy
Searching...

Privacy Policy

Feilo Sylvania Privacy Policy – Sylvania Support

Effective Date: 19.05.2022

Updated: 19.05.2022

Feilo Sylvania International Group Kft. (“we”, “us”, “our”, “FSIG” or “Data controller”) is committed to protecting your privacy. This Privacy Policy (“Policy”) describes our practices in connection with information privacy on Personal Data we process through your individual use of our application Sylvania Support sold worldwide by FSIG and its affiliates.

Feilo Sylvania International Group Kft is a Feilo Sylvania company, based in Hungary (Duna Tower, Népfürdő utca 22, H.1138 Budapest, Hungary, registration number 01 09 304993).

Before you use our App, please carefully read through this Policy and understand our purposes and practices of collection, processing of your Personal Data, including how we use, store, share and transfer Personal Data. In the Policy you will also find ways to execute your rights of access, update, delete or protect your Personal Data.

When you accept this Policy when you register with your Personal Data, or if you start to use our application, we will consider that you fully understand and agree with this Policy. If you have any questions regarding this Policy, please do not hesitate to contact us via compliancemanager@sylvania-lighting.com.

Definition

Personal Data means information generated, collected, recorded and/or stored, electronically or otherwise, that can be used to identify an individual (data subject) or reflect the activity of an individual, either from that information alone, or from that information and other information we have access to about that individual.

Special categories of personal data mean Personal Data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Smart Device(s) refers to those smart devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including smart home appliances.

Portal refers to the Web Application related to energy visualization and analytics platform used by customers and supported by FSIG and its partner, Experene.

Data controller refers to a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. Unless otherwise stated by the FSIG, the FSIG is regarded as the Data controller.

Data processor refers to a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data controller, and Experene here is regarded as the Data processor.

What Personal Data do we process

In order to provide our services to you, we will ask you to provide necessary Personal Data that is required to provide those services. If you do not provide your Personal Data, we may not be able to provide you with our products or services. We also process your Personal Data for other purposes specified below.

  1. Information Related to Your Account and Feedback

IP addresses: We use IP addresses to help diagnose problems, to administer our website, and to gather demographic information. When you visit our website, we recognise only your domain name and not your email address. We will see your email address only if you give it to us by filling out a form or by sending us an email message.

User registration: If you choose to register, we can send you requested information or products, other product information, news, or promotions.

Email addresses: If you choose to give us your email address, we will communicate with you via email. We do not share your email address with others. You can choose not to receive any more email at any time. Depending on how your email application is set up, information about you may be transmitted automatically when you send an email to us.

Cookies and tracking technology: A cookie is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the site uses to track the pages you’ve visited, but the only personal information a cookie can contain is information you supply yourself. A cookie can’t read data off your hard disk or read cookie files created by other sites. Some parts of this website use cookies to track user traffic patterns. We do this in order to determine the usefulness of the website information to users and to see how effective the navigational structure is in helping users reach that information.

We may use a cookie when you register for a whitepaper, case study, webcast, eNewsletter or other download, when you use certain products or services of ours, when you register to attend a seminar or participate in an online survey, when you ask to be included in an email or other mailing list, or you submit an entry for a sweepstakes or other promotions, or when you submit your personal information to us for any other reason. Generally you will be notified of this occurrence, or have the option not to allow a cookie.

If you prefer not to receive cookies while browsing our website, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser, although you may not be able to take full advantage of our website if you do so. In particular, you may be required to accept cookies in order to complete certain actions on our website. You do not need to have cookies turned on, however, to use/navigate through many parts of this website, except access to certain webpages may require a login and password.

Purposes and legal basis for processing Personal Data

The purpose for which we may process information about you are as follows:

  1. Provide You Services: We process your account and profile data (which you have to provide during the registration process), as well as device information to perform our contractual services and to securely provide you the Portal, the Smart Device and our related services in accordance with the Terms of Use. If you provide additional account and profile data besides your email address and password, change or apply Portal settings (Portal management), or in case you use our home management or cloud storage services or connect your Smart Device to the Portal, we also process such data to perform our contractual obligation and to securely provide you the related services.
  2. Processing based on your consent: We process your feedback given in the framework of beta testing or separately based on your consent. If you enable (give consent to) location-based functions, we provide you the related functions and process your related Personal Data until the withdrawal of your consent or anonymization of your data (i.e. until your identification is no longer necessary related to our services provided to you).
  3. Non-marketing Communication: We process your Personal Data to send you important information regarding our services, changes to our terms, conditions, and policies and/or other administrative information. The legal basis for this processing is to perform our contract with you according to our Terms of Use in case of our contractual communication. Contractual communication also includes cases, when we assist our existing customers in using our services in accordance with our Terms of Service. We highlight that we also process data related to communication necessary for compliance with a legal obligation to which we are subject (including communications and related data processing prescribed by EU or member state law, such as answering and managing consumer complaints and data protection requests or communicating data breaches in cases prescribed by law). We can also process data related to communication based on our legitimate interest (in case of complaints lodged by data subjects unrelated to contracts directly concluded with a data subject or to pre-contractual communication initiated by a data subject).
  4. Additional Legal Compliance: We may process your Personal Data in cases when it is necessary to comply with a legal obligation to which we are subject, including data processing related to taxation and accounting obligations.
  5. Data security and inactive users: We process your data based on our legitimate interest to the extent necessary to protect our systems and your Personal Data. Data associated with active subscriptions is backed up monthly and retained for 5 years. Data retained for 5 years post subscription expiry.

Who do we Share Personal Data with?

At FSIG we only share Personal Data in ways that we tell you about. We share your Personal Data with the following recipients:

  1. ExpereneLtd] (address: [Level 2, 383 George Street, Sydney NSW 2000, AUSTRALIA) acting as our Data processor partner supporting the Portal and our related services and undertaking data processing by providing IT and technology support along with its partners.
  2. To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your Personal Data, and choices you may have regarding your Personal Data.
  3. As we believe to be necessary or appropriate: (a) to comply with applicable laws and regulations; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations, business and systems; (f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
  4. To subsidiaries or affiliates within our corporate family, to carry out regular business activities.

International Transfer of Information Collected

To facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. If your data is transferred outside the European Economic Area, adequate protections are put in place to ensure the protection of your Personal Data.

If you would like further detail on the safeguards we have in place, you can contact us directly as described in this Privacy Policy.

Your Rights Relating to Your Personal Data

Answering your data protection inquiries or completing your request is free of charge. However, if your request to exercise your data protection rights is manifestly unfounded or excessive (e.g. in the case of frequent repetition), we are entitled to either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on the request.

The data protection rights and remedies of the data subjects (including yours if the person responsible processes your Personal Data) are listed in the relevant provisions of the GDPR (in particular Art. 15, 16, 17, 18, 19, 20, 21, 77. 78, 79, 80 and 82 of the GDPR). The following is a summary of the key provisions and, accordingly, the Data controller will inform data subjects about their rights and remedies regarding data processing. We highlight that we respect your rights and control over your Personal Data. You may exercise any of the following rights via emailing us at compliancemanager@sylvania-lighting.com, or via the route of Feedback imbedded in the Portal: Me>FAQ & Feedback>Feedback suggestions> Others > Privacy and security.

The Data controller shall provide information on action taken on a request under Articles 15 to 22 to you or other data subjects affected by our data processing (the data subject) without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the Data controller does not take action on the request of the data subject, the Data controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

Right of access by the data subject

You shall have the right to obtain from the Data controller confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and the following information:

  1. the purposes of the processing;
  2. the categories of Personal Data concerned;
  3. the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
  4. where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the Data controller rectification or erasure of Personal Data or restriction of processing of Personal Data concerning you or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the Personal Data are not collected from you, any available information as to their source.

Where Personal Data are transferred to a third country, you shall have the right to be informed of the appropriate safeguards relating to the transfer.

The Data controller shall provide a copy of the Personal Data undergoing processing. For any further copies requested by you, the Data controller may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.

Right to rectification

You shall have the right to obtain from us the erasure of Personal Data concerning you without undue delay and we shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies.

Please note that by reporting a change in your Personal Data, you can help us to get accurate information about you at any time.

Right to erasure

You have the right to request that the Data controller delete Personal Data concerning you immediately and the Data controller is obliged to delete Personal Data immediately if one of the following reasons applies:

  1. the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
  3. you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing;
  4. the Personal Data have been unlawfully processed;
  5. the Personal Data have to be erased for compliance with a legal obligation in European Union or Member State law to which the Data controller is subject;
  6. the Personal Data have been collected in relation to the offer of information society services.

Right to restriction of processing

You shall have the right to obtain from the Data controller restriction of processing where one of the following applies:

  • the accuracy of the Personal Data is contested by you, for a period enabling the Data controller to verify the accuracy of the Personal Data;
  • the processing is unlawful and you oppose the erasure of the Personal Data and requests the restriction of their use instead;
  • the Data controller no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  • you have objected to processing pending the verification whether the legitimate grounds of the Data controller override those of you.

Right to data portability

The data subject shall have the right to receive the Personal Data concerning him/her, which he/she have provided to a Data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data controller to which the Personal Data have been provided, where

  1. processing is based on consent or on a contract; and
  2. the processing is carried out by automated means.

The exercise of the right shall not be without prejudice to the right to erasure and shall not adversely affect the rights and freedoms of others.

Withdrawal of consent and objection

You can withdraw your consent (Art. 7 (3) of the GDPR) at any time for the future or object to our processing, which is based on our legitimate interests (Art. 6 (1) f) of the GDPR). You can send the withdrawal or the objection either by e-mail or by post using our contact details above.

As regards objection, the Data controller shall no longer process your Personal Data unless the Data controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where Personal Data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of Personal Data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

As regards the withdrawal of consent, we highlight that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Security

We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Data. We provide various security strategies to effectively ensure data security of user and device. As for device access proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you could immediately notify us of the problem by emailing compliancemanager@sylvania-lighting.com

Data Retention

We process your Personal Data for the minimum period necessary for the purposes set out in this Privacy Policy unless there is a specific legal requirement for us to keep the data for a longer retention period.

This means that we store your Personal Data processed based on contract until the contract is terminated and for an additional 5 years thereafter to avoid any civil law contractual disputes (in accordance with Art. 6:22(1) of the Act Nr V of 2013 on the Hungarian Civil Code). We also store Personal Data related to civil law disputes for 5 years in accordance with the above provision of law.

In case of consumers, we are also required to store records on complaints and the copy of our response tailored to the relevant consumer for 3 years (in accordance with Art. 17/A(7) of Act Nr. CLV of 1997 on Consumer Protection).

In case when an invoice is issued, we store the related contractual and invoice data for 5+1 years. In addition to that, we also store data related to our accounting (such as contracts or invoices) for 8 years.

In cases where our data processing is based on consent, we process Personal Data until the withdrawal of your consent or the anonymization of the relevant data. We highlight the fact that you have the right to withdraw your consent at any time via the Portal or by contacting the Data controller. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

We highlight that in cases, it is not specified by law, we determine the appropriate retention period based on the amount, nature, and sensitivity of your Personal Data, and after the retention period ends, we will destruct your Personal Data. When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your Personal Data.

Children’s Privacy

Protecting the privacy of young children is especially important to us. The Services are not directed to individuals under the age of eighteen (18), and we request that these individuals do not provide any Personal Data to us. We do not knowingly collect Personal Data from anyone under the age of eighteen (18) unless we first obtain permission from that child’s parent or legal guardian. If we become aware that we have collected Personal Data from anyone under the age of eighteen (18) without permission from that child’s parent or legal guardian, we will take steps to remove that information unless there is another legal basis for processing besides consent.

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (send to the e-mail address specified in your account) or by means of a notice in the Portal prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Jurisdiction:

To the extent the local applicable data privacy and other laws allow, this Policy shall be governed by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons about the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”) and particularly the laws of Hungary. We undertake to follow the prescriptions of all applicable laws in case these laws prevail over the GDPR.

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Data relating to you infringes the GDPR.

A list of the supervisory authorities in the European Union (EU) can be found at https://edpb.europa.eu/about-edpb/board/members_en

The data protection supervisory authority of the seat of the Data controller is the Hungarian National Authority for Data Protection and Freedom of Information (in Hungarian: “Nemzeti Adatvédelmi és Információszabadság Hatóság”;1055 Budapest, Falk Miksa utca 9-11, 1363 Budapest, Pf.: 9., ugyfelszolgalat@naih.hu; +36 (30) 683-5969, https://www.naih.hu/).

Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority you shall have the right to an effective judicial remedy where you consider that your rights under the GDPR have been infringed as a result of the processing of your Personal Data in non-compliance with the GDPR. Proceedings against the Data controller shall be brought before the courts of the Member State where the Data controller has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where you have your habitual residence. In Hungary, you can bring proceedings at the tribunal of your domicile or habitual residence. You can find more information on this at https://birosag.hu/birosag-kereso

Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us as follows:

Feilo Sylvania International Group Kft.

Postal Mailing Address: Duna Tower, Népfürdő u 22., 1138 Budapest, Hungary

Email: compliancemanager@sylvania-lighting.com

Updated on 23 May 2022
Tagged:

Related Articles

Leave a Comment