Effective Date: May 24, 2018
We at SmartThings Inc. (“SmartThings”) know you care about how your personal data is used and shared, and we take your privacy seriously. SmartThings is the data controller with respect to personal data collected in connection with our websites, products, services, mobile applications, IoT plug-ins and other software (collectively, the “Services”). Please read the following to learn more about our privacy practices that govern your use of the Services.
- to provide basic functionality of our services,
- to personalize and improve our services,
- to allow you to set up a user account and profile,
- to allow you to post ratings and reviews of various products and services,
- to contact you and allow other users to contact you,
- to fulfil your requests for certain products and services, and
- to analyse how you use the Services.
In certain cases, we may also share certain personal data with third parties, as described below.
SmartThings collects personal data about you for the purposes described above because we have a legitimate business interest in providing, improving and personalizing our Services, which is not overridden by your interests, rights and freedoms to protection of your personal data. We also may process personal data about you when necessary for SmartThings to perform a contract with you or because we are required to do so by law, or it is necessary for the establishment, exercise or defence of legal claims.
What information does SmartThings collect?
Personal Data You Provide To Us
It is not mandatory to provide any of the personal data described above to SmartThings, but if you choose not to, you may not be able to receive any of the Services described below, access certain parts of our websites, or receive information from us that you have requested.
Personal Data Collected Automatically
Whenever you interact with our Services (whether via a mobile application, our IoT plug-ins, third party services, SmartApp, browser, or other application, connecting a physical device to our services, connecting a third party service to our services, or otherwise), we automatically receive and record information on our servers, logs and databases from your browser, application, services or device(s). In particular, our Services are designed to allow you to connect various physical devices (e.g., the SmartThings Hub, and associated SmartThings and third party sensors and other devices) to the Services. While connected to the Services, these devices automatically report information to our servers (including information that you may have provided when setting up or configuring that device), which may include personal data. For example, if you connect a temperature sensor to the Services, the temperature information from that sensor will be transmitted to the Services, along with any identifying information that you have chosen to associate with that sensor (e.g., the device name, group name, and location name that you have assigned to the sensor within the Services). The type of information that is collected from each device will vary depending on the device type.
Will SmartThings share any of the personal data it receives?
We share your personal data with third parties as described in this section:
Aggregated personal data that's no longer personally identifiable. We may anonymize your personal data so that you cannot be individually identified, and provide that information to our partners such as Samsung or use that information for marketing or promotional items (“aggregate information”). We may also provide aggregate information to our partners, who may use such information to understand how often and in what ways people use our Services. However, except as described below, we do not disclose aggregate information to a partner in a manner that would identify you personally, as an individual.
Partners, Affiliated Businesses and Third Party Websites We Do Not Control: In certain situations, partners, businesses or third party websites we're affiliated with ("Affiliated Businesses") may sell items or provide services to you through the Services (either alone or jointly with us), including reselling or providing SmartThings devices free of charge, providing third party devices, or delivering unique or custom SmartApps. You can recognize when an Affiliated Business is associated with such a transaction or service based on the presence of their brand or a transaction you are conducting directly with that Affiliated Business. We will share your personal data with that Affiliated Business only to the extent that it is related to such transaction or service, and to the extent that you have explicitly accepted incremental terms with that Affiliated Business whereby you acknowledge and authorize us to share your personal data. These incremental terms may be presented as part of promotional offers (either on the Affiliated Businesses' site or on SmartThings-branded properties including our commerce site at shop.smartthings.com, or within customized setup steps that appear in the Services). We have no control over the policies and practices of Affiliated Businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an Affiliated Business, please review all such business' or websites' policies. If you decide you no longer want to share personal data with an Affiliated Business, you may no longer be entitled to receive certain benefits from the Affiliated Business or have access to the Services without establishing a new account or relationship with SmartThings.
Agents: We employ other companies and people to perform tasks on our behalf and need to share your personal data with them to provide our products or services to you. When we disclose your personal data to third parties who perform services on our behalf, we ensure that such service providers use personal data only in accordance with our instructions, and we do not authorise them to use or disclose personal data except as necessary to perform services on our behalf or to comply with applicable legal obligations.
User Profiles and Submissions Any content you upload to your public user profile, along with any personal data or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others. Your user name may also be displayed to other users if and when you send messages or comments or upload content through the Services and other users can contact you through messages and comments. Additionally, if you sign into the Services through a third party social networking site or service, your list of "friends" from that site or service may be automatically imported to the Services, and such "friends,"" if they are also registered users of the Services, may be able to access certain non-public information you have entered in your Services user profile. Again, we do not control the policies and practices of any other third party site or service.
Business Transfers: In the event that we sell or transfer all or a portion of our assets, we may disclose personal data to third parties in connection with such sale or transfer. Also, if we go out of business, enter bankruptcy, or go through some other change of control, personal data may be one of the assets transferred to or acquired by a third party.
Protection of SmartThings and Others: We may also disclose personal data about you if necessary (i) to comply with law or a court order or a request from a law enforcement agency; (ii) to enforce or apply our conditions of use and other agreements; (iii) to protect the rights, property, or safety of SmartThings, our employees, our users, or others; or (iv) in connection with an investigation of suspected or actual fraudulent or other illegal activity.
Is Personal Data about me secure?
Your account is protected by a password or a PIN number for your privacy and security. If you access your account via a third party site or service, you may have additional or different sign-on protections via that third party site or service. You must prevent unauthorized access to your account and personal data by selecting and protecting your password, PIN number and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser or application by signing off after you have finished accessing your account.
We endeavour to protect the privacy of your account and other personal data we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
International Transfers of Your Personal Data
When SmartThings transfers personal data outside of the European Economic Area (“EEA”), whether within our group of companies or to a third party, SmartThings only transfers such personal data: (i) to a country that the European Commission considers to have adequate data protection laws; (ii) to a company that has a current and valid U.S.-EU Privacy Shield certification in relation to the category of personal data being transferred; or (iii) where we have put in place an appropriate data transfer mechanism, such as EU Standard Contractual Clauses, to ensure that your personal data is adequately protected. You may obtain a copy of the relevant data transfer mechanisms that we have put in place by contacting us as stated below.
How long will SmartThings keep my Personal Data?
We will hold your personal data on our systems for as long as is necessary for the relevant activity unless a longer retention period is required or permitted by law.
Generally, if you sign up for our email newsletters or other marketing communications, we will keep your personal data until you ask us to delete your information (if you unsubscribe, we may retain some of your personal data to help ensure that you are not contacted again). We will not keep your personal data in identifiable form for any longer than we need the data to fulfil the purpose for which it was collected for. For further information about deleting your personal data held by SmartThings, please see below.
What Personal Data can I access?
What Personal Data can I access? Through your account and Service settings, you may be able to access, and, in some cases, edit or delete the following personal data you’ve provided to us, which may include:
• name and password/PIN number • shipping address • billing address • credit card information • email address • location, group and device information • user profile information • SmartApp information
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating personal data we have on file about you, please contact us at firstname.lastname@example.org.
What choices do I have?
Communications. If you have consented to receiving promotional communications from us and at any time decide you no longer want to receive promotional communications, you can indicate your preference by clicking 'unsubscribe from this list' or 'update subscription preferences' at the bottom of the email you received.
Services. You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features or the Services in any form.
Your rights. If you are located in the EEA or Switzerland, you may have the following rights in relation to personal data that we hold about you:
- To request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;
- To request that we rectify or update your personal data that is inaccurate, incomplete or outdated.
- To request that we erase your personal data in certain circumstances, such as where we collected personal data on the basis of your consent and you withdraw your consent;
- To request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example a request that we update your personal data;
- Where you have given us consent to process your personal data, to withdraw your consent; and
- To request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.
You may contact us by e-mail or as described below to exercise your rights described above. If you consider that we have processed your personal data in violation of applicable law and failed to remedy such violation to your reasonable satisfaction, you may also lodge a complaint with the data protection supervisory authority in your country.
What if I have questions about this policy?
By phone at 1-800-726-7864 By email at email@example.com In writing at 665 Clyde Avenue, Mountain View, California 94043 and we will try to resolve your concerns.
What if I logged in with my Samsung account?
SmartThings takes the security of our systems seriously, and we value our relationship with our customers and the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.
We require that all researchers:
- Avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing;
- Perform research only within the scope set out below; and
- Use the identified communication channels to report vulnerability information to us; and
In the interest of the safety of our users, staff, the Internet at large and you as a security researcher, the following test types are excluded from scope:
- Findings from physical testing such as office access (e.g. open doors, tailgating)
- Findings derived primarily from social engineering (e.g. phishing, vishing)
- Denial of Service (DoS/DDoS) vulnerabilities
Things we do not want to receive and will not consider:
- Personally identifiable information (PII)
- Credit card holder data
- Out of scope issues
If you follow these guidelines when reporting an issue to us, we commit to:
- Not pursue or support any legal action related to your research;
- Work with you to understand and resolve the issue quickly;
Scope & Reporting a Security Vulnerability
SmartThings has partnered with BugCrowd to help security researchers and our users test for, and alert our security team to, discovered vulnerabilities. The BugCrowd platform allows us to host, triage, and respond to reports in an efficient and effective manner, helping SmartThings continuously improve the security of our products.
To get started: