Data Protection Declaration
Data protection declaration smart-me AG
Effective from June 15, 2021 | Download PDF
- How we protect your data
- What information we collect for what reason
- How we use this information
- The choices we offer, including how information can be accessed and how it can be updated.
The protection of your data is important to smart-me and therefore we ask you, regardless of whether you are a new or long-standing user, to take the time to get to know our practices – if you have any questions, please contact us.
How we protect your data
Every access to your data in the smart-me cloud is SSL (TLS) encrypted. All access attempts are logged and analyzed. Passwords and other sensitive data are only stored in encrypted form. All connections between the devices (meters, modules, e-charging stations and gateways) and the smart-me cloud are encrypted. Each device has its own unique key (128 bit). AES is used as the algorithm.
Make an active contribution to the even more secure protection of your data by encrypting your WiFi network with a strong password.
The measurement data of the various devices (e.g. electricity meters) of the user are recorded in the smart-me cloud and processed further in anonymised form. The user also has the option of making his measurement data visible to other users. The smart-me servers are located in secure data centers in Switzerland and are only accessible to authorized personnel.
Information We Collect
We collect information to provide better services to all of our users – from determining basic issues such as the language you speak to more complex issues such as energy consumption (electricity, water, gas, heat). We collect information in the following ways:
Visiting the smart-me websites
You can visit our website without having to provide any personal information. We save your access data without personal reference.
However, when you access content provided by smart-me, we collect and save certain data in server logs. These logs include, among other things:
Details on the way in which you have used our services, for example the pages you have visited on smart-me.com
Data on device events such as crashes, system activity, hardware settings, browser type, browser language, date and time of your request and referral URL
Location related information
Local storage: We may collect and store information (including personal data) locally on your device using mechanisms such as your browser’s web storage (including HTML 5) and application data caches.
Cookies and Similar Technologies
We and our partners use various technologies to collect and store data when you call up a smart-me service. This may also include cookies or similar technologies that are used to identify your browser or device. You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
To secure the smart-me server and optimize loading times, CloudFlare is used as a CDN (“Content Delivery Network”). Therefore, all requests are forcibly routed through the CloudFlare server and consolidated into statistics that cannot be deactivated. According to the company, the collected raw data is usually deleted within 4 hours, at the latest after 3 days. Here you will find information about the data collected there and about security and data protection at CloudFlare. Cloudflare also works within the framework of the Privacy Shield Agreement between the EU and the USA.
If you use the contact and registration forms offered on our website, you should not enter any sensitive or particularly sensitive data. Information that is transmitted over the Internet (such as online forms) and content received online may, under certain circumstances, be transmitted via third-party networks and be visible to everyone.
Use of the smart-me web portal and the smart-me app
Data you share with us
To use the smart-me cloud services, you must first create a smart-me account. For this we ask you to provide personal data. This is at least your e-mail address that will be saved.
Data that we receive due to your use of our services
Device-related information: The meter data recorded in your smart-me account (electricity, water, gas, heat, etc.) are saved in relation to the email address you provided.
By using the smart-me cloud services, which require consent to this data protection declaration, you also agree that smart-me may inform you about all innovations, all changes, restrictions or changes necessary for the proper operation and effective use of the portal Extensions informed. You can withdraw your consent at any time.
Customers of service providers who use smart-me
If your smart-me account is managed for you by an energy billing service provider, the billing service provider and the sales partners who provide customer service for your organization have access to the information on your smart-me account (including your e-mail address and your meter data). Your measurement data can and will be viewed by the creator of the energy bill. In any case, the total energy consumption is recorded by the creator of the energy cost bill at the end. This is done on the basis of our instructions and in accordance with our data protection declaration and other appropriate confidentiality and security measures.
Your utility or energy service provider may have the option:
- View statistics related to your account
- block or terminate access to your account
- access or store data stored as part of your account
- To receive information from your account in order to comply with applicable laws, regulations or applicable procedural law or to comply with an enforceable official order
- Limit your ability to delete or edit data or privacy settings
For more information, please refer to the data protection declaration of your utility or energy service provider.
If you would like to prevent your energy billing center from viewing your energy data in detail, please contact smart-me and your billing center. Under certain circumstances (e.g. due to contractual ties in a self-consumption community) a suitable follow-up solution for billing your energy data must be found.
General business software
We process the data you provide exclusively to fulfill and process your order as well as for the purpose of using the smart-me cloud, for advice, for advertising and market research for our own purposes and to tailor our services to your needs. Your personal data will only be collected for specified, clear and legitimate purposes and will not be stored longer than necessary.
In every e-mail from us you have the option to unsubscribe from further product information or e-mails. Exceptions are those e-mails that are necessary for the customer relationship or its termination, e.g. updating of our general terms and conditions. We use systems from Mailchimp Inc, Atlanta, Georgia, United States to send e-mails. Your first name, last name, country, language, company and, if necessary, information on your customer segment are transmitted to Mailchimp for processing. You can find more information about Mailchimp’s data protection guidelines here.
Transactional emails (such as order confirmations) are sent via the US service provider SendGrid. Shipping via a specialized service provider is required here to guarantee the delivery of the e-mails and, if possible, also to reduce the probability that these e-mails will be classified as “spam”. An adequate level of data protection is guaranteed at all times. SendGrid does not store any message content, only data for sending e-mails, and the storage is limited in time. You can find out more about Sendgrid’s data protection guidelines here.
Enterprise Resource Systems
In order to use third-party technical or organizational services that we need for our business activities, personal data can be stored in third-party systems. For example, surname, first name, company, language, address, information on the customer segment and bank details in our business software from bexio AG, Rapperswil, Switzerland. You can find more about the data protection guidelines of bexio AG here.
To provide customer support, smart-me uses the systems from Freshworks Inc., San Mateo, California, United States. So that smart-me can help you optimally, the following information is stored exclusively for the purpose of support services: Name, first name, company, delivery address, email, serial number, product type, language, telephone number. smart-me stores the exchange between you and our customer support regardless of how we communicate with you (phone, email, etc.). This in order to be able to better support you with future inquiries. Questions that are asked via the Apple App Store, the Google App Store or social media (such as LinkedIn or similar) also trigger a Freshworks ticket and are saved. The data stored in this way are stored in accordance with the applicable data protection regulations. You can find more information here.
We process payments via Stripe and Paypal, among others. In this respect, your data will be passed on to them. As part of the payment process via PayPal, you will be directed to the PayPal website. You only enter your confidential data on the payment provider’s website. There is then a secure connection there. You can find out more about the security of payment transactions from PayPal or Stripe.
We use business tools from Google Workspace (Google, Mountain View, California, United States). We also store personal data in it, for example email addresses. You can find out more about the data protection guidelines of Google Workspace here.
Access and update your personal information
Whenever you use our services, we aim to give you access to your personal data. If this data is incorrect, we will endeavor to give you the opportunity to quickly update or remove it – unless we need to keep this data for legitimate business or legal purposes.
We strive to provide our services in a way that protects the data from accidental or willful destruction. For this reason, we may not immediately delete remaining copies of data that you have deleted from our services from our active servers and do not remove this data from our backup systems. Please contact us by post or email if you would like information, correction, blocking or deletion of your stored data free of charge.
Safeguarding the public interest
We will pass on personal data to companies, organizations or persons outside of smart-me if we can assume in good faith that access to this data or its use, storage or disclosure is reasonably necessary in order to
- Comply with any applicable law, regulation, or legal process, or comply with an enforceable governmental order
- To protect the rights, property or safety of smart-me, our users or the public from harm, to the extent permitted or required by law
In the event of a company restructuring
If smart-me is involved in a business combination, a company acquisition or a sale of assets, we will continue to ensure the confidentiality of all personal data and we will notify users concerned before personal data is transmitted or the subject of another data protection declaration.
Scope of the data protection declaration
Our data protection declaration applies to all services offered by smart-me and its affiliated companies, including eCarUp. This date
The protection declaration does not apply to services for which separate data protection declarations apply, which do not include this data protection declaration.
Working with regulators
We regularly check compliance with our data protection declaration. Your customer data will be stored, processed and passed on in compliance with the relevant provisions of Swiss legislation (Federal Data Protection Act), Federal Data Protection Acts (BDG) and the EU General Data Protection Regulation (GDPR). The responsible supervisory authority is the Federal Data Protection and Information Commissioner.
Responsible for data protection
Legally represented by Management: David Eberli
Telephone: +41 41 511 09 99, email: [email protected]
Data Protection Declaration
smart-me AG (hereinafter ‘smart-me’) respects the privacy of every person who uses the smart-me device, visits the smart-me website or uses smart-me cloud functions. When you use smart-me services, you trust us with your data. You can use your data in a number of different ways – to monitor, visualise control and to bill energy supply. By consenting to this Data Protection Declaration, you agree to your meter data being stored and processed in the smart-me cloud. This Data Protection Declaration outlines the data that we capture, the purposes for which we capture it, and what we do with the captured data. The security of your data is our highest priority. Our Data Protection Declaration explains:
- How we protect your data
- What information we capture and why
- How we use this information
- The options we offer, including ways of accessing information and how it can be updated.
smart-me cares about the protection of your data, so whether you are a new or long-standing customer, we would request that you take the time to get to know our practices – and if you still have questions, please get in touch with us.
1 How we protect your data
All access to your data in the smart-me cloud is SSL (TLS) encrypted. All access attempts are logged and analysed. Passwords and other sensitive data are only stored in encrypted form. Any links between devices (meters, modules and gateways) and the smart-me cloud are encrypted. Each device has its own unique key (128 bit). AES is used for encryption algorithms. Help make your data even more secure by encrypting your wife network with a strong password.
1.2 Access protection
The measurement data from the user’s various devices (e.g. electricity meter) is captured in the smart-me Cloud and processed in anonymised form. Users also have the option of making measurement data visible to all users. The smart-me servers are located in secure computing centres in Switzerland and are only accessible to authorised personnel.
2 Information we gather
We capture information to provide better services to all our users – from basic information such as the language you speak to more complex areas such as energy consumption (electricity, water, gas, heat). We capture information in the following ways:
2.1 Visiting the smart-me website
You can visit our internet site without having to provide details about yourself. The access data we store does not include references to individual users.
2.2 Log data
When you retrieve content supplied by smart-me, we capture and store certain data in server logs. These logs contain such things as:
- Details on the way you use our services, for example the pages you visit on smart-me.com
- IP address
- Data on device events such as crashes, system activity, hardware settings, browser type, browser language, time and date of your query and referral URL
2.3 Location-specific information
Local storage: we may capture information (including personal data) locally on your device by using mechanisms such as the web storage of your browser (including HTML 5) and application data caches. Cookies and similar technologies: we and our partners use various technologies for capturing and storing data when you use a smart-me service. These may include cookies or similar technologies that can be used to identify your browser or device. You can configure your browser so that all cookies, including those linked to our services, are blocked, or you can choose to receive an alert whenever we set a cookie. However, please bear in mind that many of our services may not function properly if you have deactivated cookies. For instance, we will be unable to store your preferred language settings.
2.4 Google Analytics
We also use Google Analytics, a web analysis service of Google Inc. (‘Google:). Google Analytics uses ‘cookies’, text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie concerning your use of our website (including your IP address) is transferred to a Google server in the USA and stored there. Google uses this information to evaluate your use of the website, to compile reports on website activities for the website operator and to provide other services associated with website and internet use. Google may also transfer this information to third parties if required by law or insofar as third parties process this data on behalf of Google. Google will never associate your IP address with other Google data. You can prevent the installation of cookies by changing your browser software settings; in this case, however, please be aware that you may not be able to fully use all the features of this website.
To safeguard the smart-me server and optimise loading time, Cloudflare is used as a CDN (‘content delivery network’). This means that all queries to the server are compulsorily routed through the Cloudflare server and consolidated into statistics; this function cannot be deactivated. The collected raw data is generally deleted within 4 hours, at most after 3 days. Here you can find information on the collated data and the Cloudflare security& privacy. Cloudflare also operates within the framework of the Privacy Shield Agreement between the EU and the USA.
3 Using the smart-me energy management system
3.1 Data that you share with us
To use smart-me cloud services, you must first set up a smart-me account. To do this, we ask you to enter personal data. At a minimum, this will include your email address, which is stored.
3.2 Data that we receive based on your use of our services
Device-related information: the meter data (electricity, water, gas, heat, etc.) captured in your smart-me account is stored in association with the email address you provide. By using smart-me cloud services that require your consent to this Data Protection Declaration, you further provide your consent for smart-me to inform you of any new features, any changes, restrictions or extensions required for proper operation and effective usage of the portal. You may revoke your consent at any time.
4 How we use the information we gather
We process the data that you share solely to fulfil and process your order as well as for purposes related to use of the smart-me cloud, for advice, for our own advertising and market research purposes and to tailor our services to customer needs. Once the processing of your contract is complete and paid in full, your data is blocked from any further use and deleted upon expiry of any time limits related to our fiscal and commercial law obligations unless you have given your express consent for the further use of your data. Your personal data is only gathered for defined, clear and lawful purposes and not retained any longer than necessary in personalised form. If you have a smart-me account, we share your account name and your meter data with your billing service provider as long as there is a valid agreement between you and your billing service provider for the charging of energy consumption. If you contact smart-me, we will record your communication in order to assist you with solving any problems you may have. Information on your use of our services, including information on forthcoming changes and improvements, will be sent to your email address. Before using your information for any purpose other than those defined in this Data Protection Declaration, we will request your consent.
4.1 Accessing and updating your personal data
Whenever you use our services, we always endeavour to provide you with access to your personal data. Should this data be incorrect, we endeavour to provide you with the opportunity to update it quickly or to remove it, unless we are obliged to retain this data for legitimate commercial or legal purposes. We endeavour to make our services available in a way that protects data from accidental or wilful destruction. For this reason, we may not immediately delete any remaining duplications of data on our services that you have deleted from our servers, nor will we remove this data from our backup systems.
4.2 Information that you share with others
Our service allows you to share information with others, particularly for the purpose of billing your energy consumption. We do not share personal data with companies, organisations or people external to smart-me, except in the following circumstances: your personal data will be transferred to third parties or otherwise communicated if this is required for the purposes of contractual processing – in particular, communication of meter data to service providers – or if you have given your prior, express consent. However, in these cases, the scope of the transferred data is restricted to the required minimum.
We process payments through Stripe and PayPal. Your data is transferred to these service providers for payment purposes. When you pay with PayPal, you will be directed to the PayPal website during the transaction. You only enter your confidential data on the payment service provider’s page. This will have a secure connection. Consult PayPal or Stripe for more about the security of payment transactions through these services.
4.4 Customers of energy cost billing services (who use smart-me)
If your smart-me account is administered for you by an energy cost billing service provider, the service provider and the operational partner responsible for customer service in your organisation will have access to the information on your smart-me account (including your email address and your meter data). Your measurement data can and will be viewed by the person who generates the energy cost bill. In each case, energy cost billing will be generated at the end of total energy usage. This is carried out according to our instructions and in accordance with our Data Protection Declaration as well as other relevant confidentiality and security measures. Your energy cost billing service provider also has the option to:
- View statistics related to your account
- Block or terminate access to your account
- Access or store data saved as part of your account
- Receive data from your account in order to comply with applicable laws, regulations and applicable procedural law or to fulfil an enforceable official order
- Restrict your ability to delete or process data or data protection settings
- Please consult the data protection declaration of your energy cost service provider for further information.
Should you wish to prevent your detailed energy data being viewed by your energy billing centre, please consult smart-me and your billing centre. In some cases (for example, due to a contractual relationship with a private consumption community), we will need to find an alternative solution for billing your energy data.
4.5 Safeguarding the public interest
We will transfer personal data to companies, organisation or persons external to smart-me if we can assume in good faith that access to this data or the usage, storage or transferral of this data is reasonably required to
- Comply with applicable laws, regulations or procedural law or to fulfil an enforceable official order
- Protect the rights, property or security of smart-me, our users or the public from damage to the legally permissible or required extent
4.6 Market research
We may also share non-personal data with the public or our partners, for example with publishers, advertisers or associated websites. For instance, we may publish information to demonstrate trends in overall usage.
4.7 In the event of company restructuring
Should smart-me become subject to a company merger, acquisition or disposal of assets, we will continue to ensure the confidentiality of any personal data and we will inform affected users before personal data is transferred or becomes the object of another data protection declaration.
5 Scope of the Data Protection Declaration
Our Data Protection Declaration applies to all services offered by smart-me and associated companies, including eCarUp. This Data Protection Declaration does not apply to services to which separate data protection declarations apply that do not encompass this Data Protection Declaration. Our Data Protection Declaration does not apply to services offered by other companies or persons that may contain smart-me services, or other websites linked to our services. Our Data Protection Declaration does not extend to the handling of information by other companies or organisations that acquire our services.
6 Compliance with regulations and cooperation with regulatory authorities
We regularly monitor compliance with our Data Protection Declaration. Your customer data will be stored, processed and transferred in consideration of the relevant provisions of Swiss legislation (Federal Data Protection Act) and the EU’s General Data Protection Regulation (GDPR). The relevant supervisory authority is the Federal Data Protection and Information Commissioner. You have the right to free information, rectification, blocking and, if necessary, deletion of your stored data at any time. Please get in touch with us or send us your concerns by mail or email. Your stored personal data will be deleted if you revoke your consent to storage, if your information is no longer required to fulfil the purpose for which it was stored, or if its storage is inadmissible for other legal reasons.
represented by management:
David Eberli, tel: +41 41 511 09 99, email: info(at)smart-me.com