This Privacy Statement explains ComatReleco's practices, including your choices regarding the collection, use and disclosure of certain information, including your personal information.

This document is applicable with respect to the ComatReleco CMS-10R messaging system, i.e. both CMS-10R-D/.., CMS-10R-DA/.. and CMS-10R-DAC/.. devices as well as the ComatReleco IoT. Devices and theComatReleco IoT Portal.

contact with us

If you have general questions about your account or how to contact our customer service for support, please visit our Support Centre or contact us directly by email at support@comatreleco.com or by phone at +41 31 838 55 10. For specific questions about this Privacy Policy or the use of your personal data, please contact our Data Protection Privacy Office by email atsupport@comatreleco.com.

The controller of your personal data is ComatReleco AG. If you contact us, please note that we may need to pre-authenticate your identity before fulfilling your request for your protection and ours.

data collection

We receive and store information about you, including:

Information that you provide to us:
We collect information that you provide to us, including:

• Your name, email address, address and postcode, payment methods and telephone number. In certain countries, we collect your identity card number for billing and tax purposes. We collect this information in a variety of ways, including when you enter it while using our service, when you communicate with customer service, or when you participate in surveys or promotions;
• Information when you choose to indicate your preferences, account settings (including account or device settings in the ComatReleco IoT Portal), or when you otherwise provide information to us through service support or elsewhere.
• Data we collect automatically: We collect information about you and about your use of our Service, about your interactions with us and the people or companies you have chosen to manage the device, and information about your computer and other devices you use to access our Services.

This information includes:

• Your activities in the cloud as device installation details;
• Your interactions with our emails and texts and with our notifications, such as SMS; email and via online messaging channels (push notifications via an Android app or iOS app);
• Details of your interactions with our customer service, such as the date, time and reason for contacting us, transcripts of chat conversations and, if you call us, your phone number, address and call recordings;
• Device ID or other unique identifiers;
• Resettable device identifiers, such as those on mobile devices and tablets;
• Device and software characteristics (such as type and configuration), connection information, IP address (which may also inform us of your general location), browser and default web server log information;

Information from other sources:
We also collect information from other sources. We protect this information in accordance with the practices described in this Privacy Policy and any restrictions imposed by the source of the data. These sources vary over time, but may include the following:

• Service providers that help us determine a location based on your IP address in order to customise our services and for other purposes in accordance with this Privacy Policy;
• Payment service providers who provide us with payment information or update such information based on their relationship with you
• Online and offline data providers from whom we receive general and technical cluster-specific interests and/or online advertising data;
• Publicly available sources, such as open government databases.

use of information

We use information to provide, analyse, manage, improve and personalise our services or marketing activities, to process your registration, your orders and your payments, and to communicate with you on these and other topics. For example, we use this information for the following purposes:

• Determine your general geographic location, provide you with localised content, provide you with tailored and personalised recommendations that we believe may be of interest to you, and respond quickly and efficiently to enquiries and requests;
• Preventing, detecting and investigating potentially prohibited or unlawful activities, including fraud, and enforcing our terms and conditions (including determining eligibility for free trials or change of ownership of registered devices);
• Analysing and understanding our customers, improving our product, including the Service, and optimising functionality, content selection, system usability, recommendations and service delivery;
• Collecting feedback from you and other users for the purpose of analysing current system malfunctions or limitations, improving the system and our marketing offering in general.
• Communicating with you about our service so that we can send you news about the devices, details of new features, technical advice for ease of use, special offers, promotional announcements, customer surveys and to assist you with your operational requests, such as password reset requests. This communication may take place using various methods, such as email, push notifications, text messages, online messaging channels, but also through traditional correspondence and telephone conversations.

Our lawful basis for collecting and using personal data as described in this Privacy Policy will depend on the personal data concerned and the specific context in which it is collected and used.

We will normally collect personal data from you where we need such personal data to perform a contract with you (for example, to provide you with our services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, our marketing activities in line with your interests) or where we have your consent to do so (for example, for your participation in consumer engagement activities such as specific surveys and focus groups). In some cases, we may also have a legal obligation to collect or otherwise collect your personal data to protect your vital interests and those of another person (e.g. to disguise payment fraud and confirm your identity). For questions about our use of your personal data (including the legal basis on which we act and the transfer mechanisms we use), please see the next sections of this Privacy Policy. For further questions, please contact the ComatReleco Privacy Office (Data Protection Officer) by email atsupport@comatreleco.com.

disclosure of data

We may disclose your information for certain purposes and to third parties as described below:

Service Providers: We engage other companies, distributors and contractors ("Service Providers") to perform services on our behalf or to assist us in providing the Services to you. For example, we engage Service Providers to provide marketing, advertising, communications, infrastructure and IT services to complete and optimise our Service to you, to process credit card transactions or other payment methods, to provide customer service, to collect, analyse and optimise data (including data about user interactions with our Service) and to process and administer customer surveys. In the course of providing such services, these service providers may gain access to your personal data or other information. We do not authorise these companies to use or disclose your personal information except in connection with the provision of their services. Please note that these third parties are responsible for their own privacy practices.

Partners: We may share certain information with one or more of our partners (e.g., outside companies that participate or have participated in the development and/or maintenance of the Notification System) for the purpose of coordinating with them to improve ComatReleco's service to you and other users. For example, depending on the type of improvement required, we may share with them information about the settings you have defined in the ComatReleco IoT Portal, details of your installation and evidence of your previous actions and signals, etc.

Protection of ComatReleco and other: ComatReleco and the Service Providers may disclose or otherwise use your personal and other information if we or they reasonably believe that such disclosure is necessary to (a) comply with any applicable law, regulation, legal process or governmental request, (b) enforce applicable Terms of Use, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address unlawful or suspected unlawful activity (including payment fraud), security or technical issues; or (d) protect against threats to the rights, property, or safety of the ComatReleco IoT Portal and the Connected Services as a whole, its users, or the public as required or permitted by law.

Business Transfers: In connection with any reorganisation, restructuring, merger or sale of ComatReleco or transfer of other assets, we will transfer information, including personal data, provided, however, that the receiving party agrees to respect your personal data in a manner consistent with our Privacy Policy. If we transfer your personal data to countries outside the European Economic Area and other regions with comprehensive data protection laws as part of a data exchange, we will ensure that such data is transferred in accordance with this Privacy Policy and applicable data protection laws.

access to the user account

After creating your account, you can select your web browser to save your username and password for easy access. You will then log in automatically without having to re-enter the password and user identification as soon as your browser visits the ComatReleco IoT portal again. However, we recommend that you do not save the password or your user account in your browser in order to prevent misuse of your account in the ComatReleco IoT portal, especially if several users are using your PC or tablet.

You should know that most of the popular browsers offer an option to clear the browser memory. This is generally possible in the settings or in the Extras area. You can find out more about this in the browser's help function or in the support area.

Where possible, users of public or shared computers or tablets should log out after each visit to the ComatReleco IoT portal. If you sell or return a computing device, you should log out and delete any personal information stored on the device.
If you do not maintain the security of your account password or username, or if you log out without deleting your login credentials, subsequent users will be able to access your account, including your personal information.

If you share your account or otherwise provide access to it to other users, they may see your information (including, in some cases, personal information), such as user history and account information (including your email address or other information in the account section of our ComatReleco IoT Portal).

promotional offers and interest-based adverts

We may notify you of marketing offers, special offers and interest-based adverts, but only if you have selected the specific option when defining your account on the ComatReleco IoT Portal.

We may send you interest-based adverts, which may be online adverts, postal adverts or email adverts tailored to your potential interests and based on the use of the device and the setting in the ComatReleco IoT portal and apps.

Please note that the default choice for promotional offers and interest-based ads in the IoT portal is set to "I do not agree" for all users. This means that all users must read and proactively confirm this option if they wish to receive such notifications from ComatReleco. Note, however, that you can change your choice directly in the IoT portal at any time. For further questions, please contact the ComatReleco Privacy Office (Data Protection Officer) by email atsupport@comatreleco.com.

deletion of user data

To delete your personal data from the ComatReleco IoT portal, you must proceed as follows: If you are the owner of one or more devices, please follow steps (a) and (b) below. Otherwise, only step (b) needs to be carried out.

(a) Log in to the ComatReleco IoT portal and perform one of the following steps for each device you own:

• Define a new device owner, i.e. transfer full ownership of the device to him/her, including the option to select the preferred service profile (e.g. the subscription plan) for the next operating period of your device,
• decouple the device from your account in the ComatReleco IoT portal and finally delete your device account in the ComatReleco IoT portal.

These measures must be repeated for all devices of which you are the owner.

For additional information and instructions, please refer to the user manual, the link to which is available in the ComatReleco IoT portal, in particular with regard to the definition of a new device owner and/or the decoupling of the device.

(b) Send an email to support@comatreleco.com with the request to delete your account and all your user data.

Note 1: Please note that your data may not be deleted immediately.

Note 2: Please note that deleting your data will prevent future use of your devices and that the process cannot be undone.

Note 3: If you are the installer of the device, please note that your link will be deleted when you retrieve the ComatReleco IoT portal overview of all the devices you have installed.

Note 4: Please note that deleting your data as a message recipient for one or more devices will prevent messages from such devices from being sent to you. We therefore recommend that you share this information directly with the owners or managers of such devices so that they can replace you with other message recipients if necessary.

your choices

You define your choices in the ComatReleco IoT portal during your account registration and device configuration, as described below.

By defining your account in the ComatReleco IoT portal
When you define your account in the ComatReleco IoT portal, you must read this Privacy Policy and proactively select "I agree" because "I agree" is selected by default for all users. Please note that if you have not agreed to this privacy policy, you will not be able to make any account settings or configure your device later.

While defining your account on the ComatReleco IoT portal, you can also make your choice regarding "Promotional offers and interest-based ads" (see specific section). Please note that the choice is yours: Without the appropriate input from your side, you will not receive any offers or advertisements from ComatReleco.

By configuring your account in the ComatReleco IoT portal
During the device configuration in the ComatReleco IoT portal, you or the installer define the notification parameters used by the device during operation, provided that the specific operating conditions are matched (e.g. an input signal exceeds a pre-definable threshold). In particular, the message recipients, the message content and the message type(s) to be used are defined. With regard to the latter, the following options ( 1) or ( 2) are available.

(1) E-mail or SMS with text messages. These messages are sent to the message recipients and can be repeated if this has been correctly defined in the device configuration in the ComatReleco IoT portal. You can choose to be selected by other users to receive such messages. If the latter is the case, you can accept or decline an invitation at any time.

If you no longer wish to receive such messages from the ComatReleco IoT portal via email or SMS, simply contact the device owner or installer and agree with them to deactivate you as a message recipient from the relevant device. If the owner or installer has not processed and implemented this request, please send an email to support@comatreleco.com with a request to stop sending email and/or SMS, including the following data: (a) the device ID, (b) the device name, (c) the owner's name. (d) Installer name, if defined, and (e) the date on which you requested the owner and/or installer to delete you as a message recipient.

Please note that you cannot stop service-related correspondence from us, such as messages or information to improve device usage, as long as you are a user of at least one device.

(2) Push notifications: You can choose to receive mobile push notifications from the ComatReleco IoT portal or other device owners or installers can select you accordingly. This applies to both iOS and Android app notifications. These push notifications are sent to the recipients and can be repeated if this has been set correctly in the device configuration in the ComatReleco IoT portal. You can decide to be selected by other users to receive such messages. If the latter is the case, you can accept or decline an invitation at any time.

If you no longer wish to receive such push notifications, simply contact the device owner or installer and agree with them to deactivate you as a message recipient from the relevant device. If the owner or installer has not processed and implemented this request, you can use the relevant settings on your mobile device to switch off the receipt, provided that the operating system of your mobile device allows this. If the above measures could not be successfully implemented, please send an email to support@comatreleco.com with a request to stop the sending of push notifications, including the following data: (a) the device ID, (b) the device name, (c) the name of the owner. (d) Installer name, if defined, and (e) the date on which you requested the owner and/or installer to delete you as a message recipient.

By defining the payment method
ComatReleco AG has commissioned specialised third parties to process online payments in the ComatReleco IoT portal if you have selected "credit card" as the payment method. All these companies are specialised in this type of online transaction and they ensure smooth processes and full protection of your personal data. These companies act in full compliance with the EU General Data Protection Regulation (GDPR) and are all recognised as payment service providers by the major credit card companies (VISA, Mastercard, etc.).

These companies send a data protection identifier to ComatReleco AG and we use this identifier to finalise an instant payment or to activate recurring payments. The latter, however, only if you have consented to such automatic recurring credit card payments. A privacy identifier is a security code that links all our customers to their credit card details (if provided). This data is stored exclusively in the secure database of these companies and only for security purposes.

ComatReleco AG hereby declares that we do not store any specific data regarding credit cards used or currently used by customers for payment transactions, with the exception of this data protection identifier. ComatReleco will only use this identifier for recurring payments, provided that you have chosen this type of payment and have selected a credit card payment method in the ComatReleco IoT portal.

your data and your rights

You may at any time request access to your personal data or to authorise or update any outdated or inaccurate personal data that we hold about you.

You can do this simply by accessing your account settings in the ComatReleco IoT portal. There you can access and change a lot of information about your account, including your contact information, your payment information, and various other information about your account. You must be logged in to access the account section. In this way, privacy is guaranteed, provided that you follow the instructions under "Accessing the user account".

To make a request or if you have any questions about our privacy practices, please contact our Data Protection Privacy Office by email atsupport@comatreleco.com. We will respond to all requests from individuals who wish to exercise their privacy rights in accordance with applicable data protection laws.

If you wish to reset your payment method and not make future payments by credit card, simply select payment by invoice for all future payments and for all your devices directly in the ComatReleco IoT portal. No further action is required because ComatReleco does not store any information about your credit card other than the data protection identifier.

You can object to the processing of your personal data and ask us to delete your personal data. Please refer to the section "Deleting user data", however, please note that such action will disrupt the functionality of your device.

We may retain information in accordance with applicable laws and regulations, including to fulfil a choice you have made, for billing and record-keeping purposes and to fulfil the purposes described in this Privacy Policy. We will take reasonable steps to destroy or de-identify in a secure manner any such personal information that is no longer required.

other websites, platforms and applications

We take appropriate administrative, logical, physical and managerial measures to protect your personal data from loss, theft, unauthorised access, use and modification. These measures are designed to provide an adequate level of protection against the risks associated with the processing of your personal data.

security

The Services may be provided through and/or utilise features operated by external platforms or may contain links to websites operated by third parties whose policies regarding the handling of information may differ from ours. These websites and platforms may have separate and independent privacy or data policies, privacy statements, terms of use and terms and conditions: In such a case, you will receive a corresponding notification and we recommend that you exercise caution when dealing with such websites/platforms.

children

You must be at least 18 years of age to subscribe to a service profile as a device owner and to manage a CMS-10R device. In certain jurisdictions, you may be over the age of 18 and, in such cases, you must be of that age to manage or own a device.

changes to this Privacy Policy

We will amend this Privacy Policy from time to time in accordance with changing legal, regulatory and operational requirements. We will notify you of such changes (including when they come into effect) in accordance with the law. Your continued use of the ComatReleco IoT Portal and relevant services after the effective date of such changes will constitute your consent and acceptance of such changes, if any. If you do not agree to such updates to the Privacy Policy or do not wish to accept them, you can delete your user account. Please refer to the section "Deleting user data", although we would like to point out that such an action will interrupt the functionality of your device.

Please refer to the "Last update" section below for information on the last update of this privacy policy.

last update

Worb - Switzerland | 22 December 2022