Data Protection Declaration
smart-me AG (hereinafter ‘smart-me’) respects the privacy of every person who uses the smart-me device, visits the smart-me website or uses smart-me cloud functions. When you use smart-me services, you trust us with your data. You can use your data in a number of different ways – to monitor, visualise control and to bill energy supply. By consenting to this Data Protection Declaration, you agree to your meter data being stored and processed in the smart-me cloud. This Data Protection Declaration outlines the data that we capture, the purposes for which we capture it, and what we do with the captured data. The security of your data is our highest priority. Our Data Protection Declaration explains:
- How we protect your data
- What information we capture and why
- How we use this information
- The options we offer, including ways of accessing information and how it can be updated.
smart-me cares about the protection of your data, so whether you are a new or long-standing customer, we would request that you take the time to get to know our practices – and if you still have questions, please get in touch with us.
All access to your data in the smart-me cloud is SSL (TLS) encrypted. All access attempts are logged and analysed. Passwords and other sensitive data are only stored in encrypted form. Any links between devices (meters, modules and gateways) and the smart-me cloud are encrypted. Each device has its own unique key (128 bit). AES is used for encryption algorithms. Help make your data even more secure by encrypting your wife network with a strong password.
1.2 Access protection
The measurement data from the user’s various devices (e.g. electricity meter) is captured in the smart-me Cloud and processed in anonymised form. Users also have the option of making measurement data visible to all users. The smart-me servers are located in secure computing centres in Switzerland and are only accessible to authorised personnel.
We capture information to provide better services to all our users – from basic information such as the language you speak to more complex areas such as energy consumption (electricity, water, gas, heat). We capture information in the following ways:
2.1 Visiting the smart-me website
You can visit our internet site without having to provide details about yourself. The access data we store does not include references to individual users.
2.2 Log data
When you retrieve content supplied by smart-me, we capture and store certain data in server logs. These logs contain such things as:
- Details on the way you use our services, for example the pages you visit on smart-me.com
- IP address
- Data on device events such as crashes, system activity, hardware settings, browser type, browser language, time and date of your query and referral URL
2.3 Location-specific information
Local storage: we may capture information (including personal data) locally on your device by using mechanisms such as the web storage of your browser (including HTML 5) and application data caches. Cookies and similar technologies: we and our partners use various technologies for capturing and storing data when you use a smart-me service. These may include cookies or similar technologies that can be used to identify your browser or device. You can configure your browser so that all cookies, including those linked to our services, are blocked, or you can choose to receive an alert whenever we set a cookie. However, please bear in mind that many of our services may not function properly if you have deactivated cookies. For instance, we will be unable to store your preferred language settings.
2.4 Google Analytics
We also use Google Analytics, a web analysis service of Google Inc. (‘Google:). Google Analytics uses ‘cookies’, text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie concerning your use of our website (including your IP address) is transferred to a Google server in the USA and stored there. Google uses this information to evaluate your use of the website, to compile reports on website activities for the website operator and to provide other services associated with website and internet use. Google may also transfer this information to third parties if required by law or insofar as third parties process this data on behalf of Google. Google will never associate your IP address with other Google data. You can prevent the installation of cookies by changing your browser software settings; in this case, however, please be aware that you may not be able to fully use all the features of this website.
To safeguard the smart-me server and optimise loading time, Cloudflare is used as a CDN (‘content delivery network’). This means that all queries to the server are compulsorily routed through the Cloudflare server and consolidated into statistics; this function cannot be deactivated. The collected raw data is generally deleted within 4 hours, at most after 3 days. Here you can find information on the collated data and the Cloudflare security& privacy. Cloudflare also operates within the framework of the Privacy Shield Agreement between the EU and the USA.
3.1 Data that you share with us
To use smart-me cloud services, you must first set up a smart-me account. To do this, we ask you to enter personal data. At a minimum, this will include your email address, which is stored.
3.2 Data that we receive based on your use of our services
Device-related information: the meter data (electricity, water, gas, heat, etc.) captured in your smart-me account is stored in association with the email address you provide. By using smart-me cloud services that require your consent to this Data Protection Declaration, you further provide your consent for smart-me to inform you of any new features, any changes, restrictions or extensions required for proper operation and effective usage of the portal. You may revoke your consent at any time.
We process the data that you share solely to fulfil and process your order as well as for purposes related to use of the smart-me cloud, for advice, for our own advertising and market research purposes and to tailor our services to customer needs. Once the processing of your contract is complete and paid in full, your data is blocked from any further use and deleted upon expiry of any time limits related to our fiscal and commercial law obligations unless you have given your express consent for the further use of your data. Your personal data is only gathered for defined, clear and lawful purposes and not retained any longer than necessary in personalised form. If you have a smart-me account, we share your account name and your meter data with your billing service provider as long as there is a valid agreement between you and your billing service provider for the charging of energy consumption. If you contact smart-me, we will record your communication in order to assist you with solving any problems you may have. Information on your use of our services, including information on forthcoming changes and improvements, will be sent to your email address. Before using your information for any purpose other than those defined in this Data Protection Declaration, we will request your consent.
4.1 Accessing and updating your personal data
Whenever you use our services, we always endeavour to provide you with access to your personal data. Should this data be incorrect, we endeavour to provide you with the opportunity to update it quickly or to remove it, unless we are obliged to retain this data for legitimate commercial or legal purposes. We endeavour to make our services available in a way that protects data from accidental or wilful destruction. For this reason, we may not immediately delete any remaining duplications of data on our services that you have deleted from our servers, nor will we remove this data from our backup systems.
4.2 Information that you share with others
Our service allows you to share information with others, particularly for the purpose of billing your energy consumption. We do not share personal data with companies, organisations or people external to smart-me, except in the following circumstances: your personal data will be transferred to third parties or otherwise communicated if this is required for the purposes of contractual processing – in particular, communication of meter data to service providers – or if you have given your prior, express consent. However, in these cases, the scope of the transferred data is restricted to the required minimum.
We process payments through Stripe and PayPal. Your data is transferred to these service providers for payment purposes. When you pay with PayPal, you will be directed to the PayPal website during the transaction. You only enter your confidential data on the payment service provider’s page. This will have a secure connection. Consult PayPal or Stripe for more about the security of payment transactions through these services.
4.4 Customers of energy cost billing services (who use smart-me)
If your smart-me account is administered for you by an energy cost billing service provider, the service provider and the operational partner responsible for customer service in your organisation will have access to the information on your smart-me account (including your email address and your meter data). Your measurement data can and will be viewed by the person who generates the energy cost bill. In each case, energy cost billing will be generated at the end of total energy usage. This is carried out according to our instructions and in accordance with our Data Protection Declaration as well as other relevant confidentiality and security measures. Your energy cost billing service provider also has the option to:
- View statistics related to your account
- Block or terminate access to your account
- Access or store data saved as part of your account
- Receive data from your account in order to comply with applicable laws, regulations and applicable procedural law or to fulfil an enforceable official order
- Restrict your ability to delete or process data or data protection settings
- Please consult the data protection declaration of your energy cost service provider for further information.
Should you wish to prevent your detailed energy data being viewed by your energy billing centre, please consult smart-me and your billing centre. In some cases (for example, due to a contractual relationship with a private consumption community), we will need to find an alternative solution for billing your energy data.
4.5 Safeguarding the public interest
We will transfer personal data to companies, organisation or persons external to smart-me if we can assume in good faith that access to this data or the usage, storage or transferral of this data is reasonably required to
- Comply with applicable laws, regulations or procedural law or to fulfil an enforceable official order
- Protect the rights, property or security of smart-me, our users or the public from damage to the legally permissible or required extent
4.6 Market research
We may also share non-personal data with the public or our partners, for example with publishers, advertisers or associated websites. For instance, we may publish information to demonstrate trends in overall usage.
4.7 In the event of company restructuring
Should smart-me become subject to a company merger, acquisition or disposal of assets, we will continue to ensure the confidentiality of any personal data and we will inform affected users before personal data is transferred or becomes the object of another data protection declaration.
Our Data Protection Declaration applies to all services offered by smart-me and associated companies, including eCarUp. This Data Protection Declaration does not apply to services to which separate data protection declarations apply that do not encompass this Data Protection Declaration. Our Data Protection Declaration does not apply to services offered by other companies or persons that may contain smart-me services, or other websites linked to our services. Our Data Protection Declaration does not extend to the handling of information by other companies or organisations that acquire our services.
We regularly monitor compliance with our Data Protection Declaration. Your customer data will be stored, processed and transferred in consideration of the relevant provisions of Swiss legislation (Federal Data Protection Act) and the EU’s General Data Protection Regulation (GDPR). The relevant supervisory authority is the Federal Data Protection and Information Commissioner. You have the right to free information, rectification, blocking and, if necessary, deletion of your stored data at any time. Please get in touch with us or send us your concerns by mail or email. Your stored personal data will be deleted if you revoke your consent to storage, if your information is no longer required to fulfil the purpose for which it was stored, or if its storage is inadmissible for other legal reasons.