Privacy Policy for VELUX ACTIVE with NETATMO

1. Purpose of document

Collecting, processing and storing data is essential to deliver the key benefits of VELUX ACTIVE, namely indoor climate control. We continuously aim to improve the VELUX ACTIVE products and services for a relevant and safe up-to-date user experience (hereinafter "the products and services").

It is fundamental to us that your personal data is protected and that you as the customer can easily understand what personal data we collect, process and store and for what purposes. We are completely open and informative about how we handle your data and we go to great lengths to keep your personal data safe. The purpose of this document is to clearly inform you about how we collect, process and store your personal data.

2. Our promise

Based on our corporate principles, as well as our commitment to comply with the General Data Protection Regulation (2016/679 of 27 April 2016), "GDPR", we promise the user the following:

  • VELUX A/S will only collect the personal data outlined in table 3. Only selected, trusted employees at VELUX A/S (hereinafter referred to as "VELUX"), NETATMO and the VELUX sales companies (the data processors) have access to your personal data and will treat it confidentially.
  • To be transparent and open about our collection, processing and use of personal data.

3. What personal data are we collecting and for what purposes?

3.1. Contact information

Data type:

Location, user name and email provided by the user through account registration in the application

Directly/indirectly identifiable personal data:

Your email, location and user name are considered as information that can directly identify a user. This information is thus directly identifiable personal data fields.

What we are using it for (processing & purpose):

Contact information is needed to enable you to use the products and services, send you account notifications, product and service updates, software updates and upgrades.

In case you sign up for receiving information and marketing material from VELUX (separate consent), we will use your contact information for this purpose as well.

Who has access:

If you agree to receive information and marketing material, your acceptance hereof and your email account will be forwarded to the VELUX sales company established in your home country. In the period, where you receive information and marketing material, the personal data will be stored at NETATMO's data centre and in VELUX.

3.2. User data 

Data type:

User data relates to your activity in the application, the settings in the app, and has a unique ID attached to you as a user.

Directly/indirectly identifiable personal data:

When tracking movements in the app, we cannot see who is using the app. However, in the rare case of an app continuously crashing, we have the option of taking the unique ID of the user ID in the app analytics system and looking for the user email in another system. User data is hence indirect personal data.

What we are using it for (processing & purpose):

User data enables us to improve the product functionalities and services and to ensure that the product functionalities are continuously up-to-date with new technologies etc.

Examples of user data are: how frequent certain functions or buttons in the app are used to interact with the VELUX products (for example a manual “open window”), frequency of manual interventions in the algorithms and how many times the functions are executed.

Who has access:

VELUX & NETATMO

3.3. Product status data, information and sensor data

Data type:

Information about the user's VELUX ACTIVE software version, IP address, product IDs, hardware version and installation.

Further, the sensor values measured, the number of rooms & houses and actuator movements.

Directly/indirectly identifiable personal data:

Unique identifiers such as the IP address and the MAC address of your devices are considered directly identifiable personal data. Hardware version, software version and sensor values are considered as indirectly identifiable, as they, if isolated, cannot lead to anyone identifying a person.

What we are using it for (processing & purpose):

The product information and sensor data enable the algorithms to provide you with the core services of VELUX ACTIVE to ventilate and automatically regulate your indoor climate. Further, it enables us to improve our software and hardware, and understand and respect your preferences for a better service experience.

Who has access:

VELUX and selected individuals within the VELUX sales companies as listed below will have access to this data for support purposes. The data is collected and stored by NETATMO & VELUX.

3.4. Service history 

Data type:

Service history is the accumulation of service calls or requests, visits and other online support. Further, when provided by the user in tickets, it includes name, phone number, email address and home address.

Directly/indirectly identifiable personal data:

The accumulated service history is both directly and indirectly personal data. When requesting support online, you are asked to fill in personal information, for us to contact you. When filling in this information and sending it to us, you agree that we may contact you concerning the request and save your information for this purpose. 

What we are using it for (processing & purpose):

Service history enables us to provide you with service on the product. Further, it enables us to support you concerning questions on guarantee and troubleshooting. In the unlikely event of a more general problem occurring on several products, we can quickly rectify and remedy the issue.

Who has access:

VELUX and selected individuals within the VELUX sales companies as listed below will have access to this data for support purposes. The data is collected and stored by VELUX.

4. Erasure of personal data

We store your personal data for the entire period you use our products and services and until you disconnect the products from the server plus one year. Thereafter, we either delete your personal data or anonymize/aggregate (or a combination of these methods) it so that you can no longer be identified on the basis of your personal data.

In case you have signed up for VELUX information and marketing material, we store your contact information until you unsubscribe from VELUX information and marketing material.

5. Limitations

This privacy policy governs the data retrieved by VELUX through its own products and services. If you use other third-party smarthome control systems (for example Apple Homekit) to execute functions with VELUX products and services, these systems or kits may collect, process and share personal data, for which VELUX cannot be held responsible or liable. Please make sure to read the privacy policies from such third-party providers.

6. Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data VELUX hold about you and to check that VELUX are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data (See 7 below for more information). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.

Please contact us via the mobile application or at active-support@velux.com if you wish to receive further information on your rights.

7. The right to be forgotten and access to personal data

As described above, as the user of the products and services you have a 'right to be forgotten', meaning that you can request to have your account closed and have all direct personal data deleted. When the direct personal data has been deleted, you will no longer be identifiable on the basis of any indirect personal data. You can at any point in time contact VELUX to get an overview of your personal data stored and processed by VELUX and request a copy of your personal data stored by VELUX.

Moreover, you may request your personal data to be corrected in the event of, for example, a name change, or if the information we hold about you is incomplete or inaccurate. Contact us via the mobile application or at active-support@velux.com for the above-mentioned requests.

In addition to the above mentioned rights, you may, by law, be entitled to exercise other rights in respect of your personal data stored and processed by VELUX. Please contact us via the mobile application or at active-support@velux.com if you wish to receive further information.

If you have given your consent to receive VELUX information and marketing material, and you no longer wish to receive it, you can always withdraw your consent at the end of information and marketing emails or by contacting the above email address or follow the link in the marketing email.

In case you want to file a complaint about VELUX processing of your personal data, you may address your complaint to:

Information Commissioner's Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Fax: 01625 524 510

Please refer to the website of the Information Commissioner's Office (the ICO) at https://ico.org.uk/global/contact-us/ for other ways of contacting the ICO.

8. The users, homes and guests

If you are a user of the products and services in several homes, this privacy policy applies to all of your homes and to the entire setup.

As the user of a home you can also invite up to 20 guests to operate the products and services. In case of the latter, the guest accounts are governed by this privacy policy, and with the same data and operational setup as the host.

9. Governing legislation

The GDPR applies to personal data from which an individual is identifiable, whether directly or indirectly.

VELUX and the VELUX sales companies comply with the GDPR entering into force on 25 May 2018, and all relevant national laws in force from time to time.

10. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Personal data will be stored on a server located in the European Union. VELUX instructs the data processor responsible for the server to have technical and security measures in place to keep your personal data safe and puts into place a contract for such processing where required.

11. Updates

We reserve the right to update this privacy policy at any time, and we will provide you with a new privacy policy if we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data. We recommend that you read the privacy policy from time to time to keep yourself updated.

12. The parties

The role of the provider(s) of the products and services is:

Data controller: VELUX A/S, Ådalsvej 99, 2970 Hørsholm, Denmark - CVR 46 91 14 15, is accountable for collecting, processing and storing your personal data.

Data processor 1: VELUX sales companies, which are owned 100 % by VELUX. VELUX sales companies in each country are responsible for the sales and services of VELUX ACTIVE products to end-users in the country where they are located. Please see the list of VELUX sales companies at the end of this privacy policy.

Data processor 2: NETATMO SAS, 93 Rue Nationale, 92100 Boulogne-Billancourt, France, Reg no. 532501848, is responsible for developing the VELUX ACTIVE products and for transferring personal data to VELUX. VELUX instructs NETATMO SAS to have technical and security measures in place to keep your personal data safe.

See appendix 1 for VELUX affiliates.

13. Legal requirements for data sharing

We will not share personal data with any third-party company, except from the listed parties in section 11. We will under no circumstances sell your personal data.

From time to time, we use third-party IT consultants to service and maintain the products and IT systems, but such third-party IT consultants will be under confidentiality obligations to VELUX and may only process personal data in accordance with documented instructions from VELUX.

In certain cases, we are required by law or legal processes to share specifically required data with the relevant regulatory body or other competent authority requesting access to the personal data. This is relevant only under strict legal requirements, such as by request of a court order, and will be treated with due care. If we must share your personal data with the above-mentioned legal entities, we will do our best to provide you with notice in advance by email or by other means, unless we are prohibited by a court order from doing so or where the request or legal process is directly related to a regulatory investigation. In the latter case, we will ensure that your disclosed personal data is treated as confidential.

14. Contact

If you have any questions about this privacy policy or how we handle your personal data, please contact us for further details here: active-support@velux.com

15. Appendix 1 - VELUX Sales Companies

UE VELUX Roof Windows, Str. L. Bedi 31 Minsk, Belarus - Reg.no. 800013811

VELUX (CHINA) Co., Ltd., No. 21 Baihe Road Hebei Province, China - Reg. no. 131000400004111

VELUX America LLC, 104 Ben Casey Drive Fort Mill, United States of America - Reg. no. 04-2559488

VELUX Argentina S.A., Colectora Panamericana Buenos Aires, Argentina - Reg. no. 10.928, of Book 122, Volume "A"

VELUX Australia Pty. Ltd., 78 Henderson Road New South Wales, Australia - ACN 001 841 541

VELUX Belgium, Boulevard de lEurope 121 Bierges, Belgium - BE 0412.621.370 (VAT)

VELUX Bosna i Hercegovina d.o.o., Dzemala Bijedica 295 Ilidza, Bosnia and Herzegovina - Reg.no. 1-18783

VELUX Bulgaria EOOD, Pelister 6 Sofia, Bulgaria - 121745393 (REG) /BG121745393 (VAT)

VELUX Canada Inc., 2740 Sherwood Heights Dr. Oakville Ontario, Canada - 016617-1 (Co. No.)/10550434RC0001 (BN - Business No.)

VELUX Çati Pencereleri Ticaret Limited Sirketi, Girne Mah. Girne Cad.Istanbul, Turkey - 9240119663 Erenkoy (REG)

VELUX Ceská, republika, s.r.o. Sokolova 654/1d, Horní Heršpice, 619 00 Brno, Czech Republic - 00532592 (IC)/ CZ00532592 (VAT)

VELUX Chile Limitada, San Patricio 4099 Santiago, Chile - Reg. on page 6926 No. 3787, year 1983

VELUX Company Ltd., Woodside Way Fife, United Kingdom - SC070286 (REG)

VELUX Danmark A/S, Breeltevej 18 Hørsholm, Denmark - DK 46911415 (VAT)/4911415 (CVR)

VELUX Deutschland GmbH, Gazellenkamp 168 Hamburg, Germany - 10042086 (REG)/EE100272657 (VAT)

VELUX Eesti OÜ, Peterburi tee 2 A Tallinn, Estonia - DE118585357 (VAT)

VELUX France, 1 rue Paul Cézanne Morangis, France - 970200044 0083 (SIREN/SIRET)/FR05 97020044 (VAT)

VELUX Hrvatska d.o.o., Avenija Veceslava Holjevca 40 Zagreb, Croatia - 17798323753 (OIB)

VELUX Italia s.p.a., Via Strà 152 Colognola ai Colli, Italy - 03726650157 (CF - Codice Fiscale)

VELUX Japan Ltd., 1-23-14 Sendagaya Tokyo, Japan - Reg.no. 018011

VELUX Latvia SIA, Liepajas iela 34 Riga, Latvia - 40003279195 (Co. REG)/40003279195 (VAT)

VELUX Lietuva, UAB, S.┼Żukausko 49 - 8A Vilnius, Lithuania - 111543443 (Co. REG/Valst.reg.Nr.)

VELUX Magyarország Kft., Zsófia utca 1-3 Budapest, Hungary - 10192207208 (VAT)

VELUX Nederland B.V., Molensteijn 2 De Meern, Netherlands - 30090412 (KvK Nummer)/NL001763775B01 (VAT)

VELUX New Zealand Ltd., 62B Princes Street Auckland, New Zealand - 649329 (REG)/9429000070706 (NZBN -Business no.)

VELUX Norge AS, Gjerdrumsvei 10D Oslo, Norway - NO917170967MVA (VAT)

VELUX Polska Sp. z o.o., ul. Krakowiaków 34 Warszawa, Poland - 006228649 (REGON)/KRS 0000018788 /PL5210091891 (VAT)

VELUX Portugal, Lda., Travessa das Pedras Negras Lisboa, Portugal - 507564138 (Fiscal No.)/PT507564138 (VAT)

VELUX Romania S.R.L., Aurel Vlaicu 40 Brasov, Romania - RO9434380 (Registry of commerce/VAT)

VELUX Schweiz AG, Industriestrasse 7 Trimbach, Switzerland - CHE-105.915.054 (Handelsregister-Nr.)/CHE-105.915.054 MwSt (VAT)

VELUX Slovenija d.o.o., Ljubljanska cesta 51A Trzin, Slovenia - 5933951 (Company ID)/SI88149161 (VAT)

VELUX Slovensko, s.r.o., Galvaniho 7/A Bratislava, Slovakia - Sri 4901/B (Co. Reg. No.)/31348611 (ID No.)/SK1010191460 (VAT)

VELUX Spain, S.A., Calle Chile 8 Madrid, Spain - A82477571 (CIF)/ESA82477571 (VAT)

VELUX Srbija d.o.o., dr Ive Popovica Ðanija 3 Beograd, Serbia - Reg. no. BD 62807

VELUX Suomi Oy, Lämmittäjänkatu 6 Helsink, Finland - FI 03983401 (VAT)

VELUX Svenska AB, Karbingatan 22 Helsingborg, Sweden - SE556221330501 (VAT)

VELUX Ukraina TOV, Revutskoho 44 Kiev, Ukraine - 31662199 (REG)

VELUX Österreich GmbH, Veluxstrasse 1 Wolkersdorf, Austria - ATU19046100 (VAT)

ZAO VELUX ul., Nizhnyaya Syromyatnicheskaya 10 Moscow, Russian Federation - MPII 007.058