1.1 This Privacy Notice is founded on the basis of the General Data Protection Regulation (GDPR), with the purpose of informing you about the scope and purpose of the collection, processing, and use of personal data on our websites and through our products either by Seluxit A/S or Seluxit stakeholders. Managing, securely protecting, and enabling the secure sharing of data is a cornerstone feature in the products Seluxit offers by their design.
1.3 According to the GDPR personal data refers to “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In this document we may refer to the data subject as “you”. Non-personal data and statistical data is anonymized. .
1.4 Seluxit A/S is the data controller in relation to your personal data. You can contact Seluxit A/S by using the contact information specified in section 7.
2 Seluxit products and their stakeholders
2.1 Seluxit offers an IoT end to end platform called Wappsto. Wappsto is a powerful, intelligent application which easily can be set up to automatically draw data from various sources. It has an integrated standard dashboard for monitoring and analyzing your data. Wappsto also offers tools that allow developers to create IoT applications as web apps with integrations and automations. Integrated in Wappsto there is also a marketplace, where developers and users can share their Apps.
In addition to Wappsto, Seluxit has performed and will continue to perform other project-based work for customers, especially with regards to embedded systems development, where privacy concerns may also be relevant. In these instances, the handling of data will be generally consistent with the policy outlined in this document. Additional considerations may be handled independently in contractual arrangements between Seluxit, our clients, and project stakeholders.
Any commercial usage of Seluxit products will require a set of contractual arrangements.
2.2 Seluxit products have multiple stakeholders that may influence the handling of data. The overall categories of stakeholder can be defined as follows: (1) Seluxit, as the producer and custodian of the Seluxit products, (2) developers (enterprises or individuals) using Seluxit products and potentially other products to create an application for others to use (i.e., end-users) (3) third parties utilized by these developers towards these ends, and (4) end-users.
3 The data we collect, the purpose and the legal basis for processing
3.1 Seluxit collects personal data insofar as it is required for the operation and support of Seluxit products. Seluxit sometimes collects personal data, as an offer to, and at the request of, visitors to Seluxit product websites, which is used for the purpose of sending communication and newsletters.
3.2 Personal data is only shared at the instruction of Seluxit products stakeholders. Seluxit will never use your personal data for marketing purposes but reserves the right to use non-personal data content and statistics for marketing purposes. Seluxit Products Stakeholders may, as an aspect of the usage of Seluxit products, share the personal data they collect. Stakeholders that use Seluxit products which collect and potentially share personal data will be obliged to make the terms of the sharing of data explicit for the data subjects, consistent with GDPR regulations.
3.3 Email address (username) and password
3.3.1 Accounts for Seluxit’s products are created by providing an email address as well as assigning a password upon registration. This is all the personal data that Seluxit needs users to provide in order to operate securely in authenticating the user of Seluxit products. Though this information is always required, and no other personal data needs to be provided by the user, other personal data may be collected either automatically (IP addresses) or manually (additional optional personal details). Refer to the sections below.
3.3.2 It should be noted that the email address need only be functional and does not necessarily have to be overtly indicative of the individual’s identity. For example, an email could itself come from a service allowing for an anonymous email without direct reference to a natural person.
3.3.3 Email addresses will never be shared with any other parties than the data subject.
3.4 Additional optional personal details
3.4.1 Additionally, it is an option to enter a limited amount of personal information, including name, phone number or address. This information can be provided in the event that the user wishes to allow themselves to be found as users on the Seluxit products.
3.5 IP Addresses and Cookies
3.5.2 IP addresses of users of Seluxit products will not be shared by Seluxit, though it is possible that Seluxit product stakeholders do. In these instances, users will be explicitly sharing their own personal data, or explicitly consenting to have their personal data shared.
3.6 Email Newsletters
3.7 Payment information
3.8 Email correspondence
3.8.1 Seluxit product stakeholders and other interested parties may send emails to Seluxit that contain personal data including the sender’s email address, name and home or office address.
3.8.2 Seluxit will never share personal information obtained through email correspondence between Seluxit and Seluxit product stakeholders. In the event that outside consultants could be interested in aspects of the email correspondence that has occurred between Seluxit and Seluxit products stakeholders, only non-personal, anonymized data will be used. This could include excerpts from the text of the mail, insofar as it does not reveal the identity of the data subject. This could be for various purposes including, but not restricted to supporting the Seluxit products stakeholder with issues they have in the use of Seluxit products. The purpose of sharing of anonymized data could also be for promotional purposes.
3.9 Job applications
3.9.1 Whether you apply directly related to a job announcement or you send us an unsolicited application we only process your personal data internally at Seluxit A/S with the purpose of recruitment. Your personal data will be shared only with the necessary people involved in the recruitment process and will not be shared with other people.
3.10 Data Collected by Seluxit Products Stakeholders
3.10.1 Personal data may be collected from applications, devices, or third-party APIs in conjunction with Seluxit products. The categories of data collected are dependent on the application, device, or third-party API from which they originate and may, as the case may be, include special types of personal data.
3.10.2 Seluxit Products Stakeholders Responsibilities
With regards to Seluxit products stakeholders, it is the responsibility of Seluxit product stakeholders to adhere to the relevant GDPR laws regarding the handling and processing of this data.
3.10.3 Though the responsibility lies in Seluxit product stakeholders, Seluxit will take certain measures to ensure their compliance. These measures will be in the form of terms-and-conditions documents which legally stipulate the legal requirements and obligations. In the case of Wappsto, Seluxit will also undertake audits of the Wappsto Web Apps (Wapps) to ensure that no malicious Wapps are distributed, including the improper handling of personal data.
4 How we protect the data?
4.1 Transference of data
Transference of data from devices into the Seluxit IoT Platform requires the existence of Seluxit issued (self-signed) SSL certificates that the server recognizes as legitimate using a private and public key pairing. Note that Seluxit cannot prevent hacking into the hardware to obtain the certificate on the device. In this case, however, the scope of the breach is still limited to the individual product.
Transference of data from a front-end user interface involves trust from Seluxit’s side, which is established based on the encrypted transference of the user’s username and password. The client trusts Seluxit based on SSL certificates issued by the service “Let’s Encrypt” which mediates the authentication. As with the connection with devices into Seluxit products, the scope of potential security breaches is limited to the individual user in this case.
4.2 Storing of data
A consideration of the securing of stored data can be considered in three layers: getting into the system, accessing the data in the system, and reading the data in the system.
Data is stored on Seluxit’s hosting partner’s equipment, Hetzner and OVH. Security of the data on the servers that Seluxit uses is state-of-the-art. Seluxit may use additional server partners in the futures that also meet the high standards of security that Hetzner and OVH offers.
The most sensitive data that is stored in our databases (username and password) is encrypted. Based on the functionality of Seluxit products and with an eye to the anonymization of data, data is stored in such a manner that universally unique IDs (UUIDs) are assigned to every architectural layer and piece of data stored.
5 For how long will we retain your personal data?
5.1 Email address (username) and password.
This information is kept indefinitely until you actively delete your account. Upon deletion of your account, the information is deleted immediately.
5.2 Additional optional personal details
This information is kept indefinitely until you actively delete it or until you delete your account. Upon deletion of your account, the information is deleted immediately.
5.3 IP Addresses and Cookies
IP addresses, which are saved in logs, are rotated regularly. The duration is linked to the traffic generated on our servers and thus can vary significantly.
Cookies are only stored locally on the user’s browser, and they remain on the user’s computer until they expire as stipulated by the issuer of that cookie, or until the user deletes cookies from their browser.
There are special considerations with regards to backups, which has already surfaced as a point of contention of the GDPR. The issue is that if a user requests the deletion of their data, it can have an implication for the ability to backup and restore data for a much larger scope of people. Backups are compressed in binary format, so restoring is a resource-intensive process. Therefore, Seluxit reserves the right to keep backups of data, which we deem responsible regarding the relatively non-sensitive nature of the personal data we hold.
5.4 Email Newsletters
Data collected for email newsletters is only kept internally by Seluxit and/or with our email newsletter services partners for the purposes of operating the email newsletter. No external party not involved with these operations will be given access to this data.
5.5 Email correspondence
This information is kept indefinitely and deleted at the discretion of Seluxit. Upon request, we can delete emails, as long as the purpose Seluxit had with the mail (for example support that may affect other users) is no longer present. Mails may also be kept in the context of settling potential disputes between Seluxit and Seluxit’s stakeholders that may arise.
5.6 Data Collected by Seluxit Products Stakeholders
This is at the discretion of Seluxit products stakeholders, and Seluxit products stakeholders will be required, as per the GDPR regulations, to make clear their handling of the data.
6 Your rights
In accordance with the GDPR, we highlight here that you have the right to:
Request for information on your stored data and the purpose of such data storage – also in relation to the origin and recipients of the data.
Request correction of your personal data where the data is incorrect. In Seluxit products, you may simply log into your account and correct the data.
6.3 Delete user data
Request to have your data deleted by sending an email to email@example.com. Deletion of your account is also enabled in the user interface of Seluxit products. Note that personal information may persist in backups.
Request a transfer of your personal data. Refer to the note on the export of your personal data above in this document.
6.5 Further rights and information
You have more rights regarding the processing of your personal data. Refer to the GDPR for more information (EU GDPR Information).
Please do not hesitate to contact us if you think there may be a problem with the privacy of your personal data, for any clarification on the protection of your privacy or for any request to use your rights as a data subject, at firstname.lastname@example.org. (Seluxit A/S, Sofiendalsvej 74, DK-9200 Aalborg SV).
8 Changes in the Privacy Notice
This privacy notice has been last updated on the 4th of April, 2022.
Seluxit retains the right, in its sole discretion, to change this Privacy Notice at any time. You may access and print this Privacy Notice at any time via www.seluxit.com. As a change of legislation, as well as changes in our internal procedures, may affect the adoption of this Privacy Notice, we kindly ask you to check this Privacy Notice on a regular basis.