SMARTHQ APPLICATION PRIVACY NOTICE

For EU and UK Users

Last updated October 2024.

This SmartHQ Application Privacy Policy describes the personal information Fisher & Paykel Appliances Limited and its subsidiaries (“FPA”, “we”, “our”, or “us”) collects when you use the SmartHQ Application (the “Application” or “App”)with your Fisher & Paykel Appliance (“Appliance”) in the EU & UK and your Fisher & Paykel connected appliance (“Connected Appliance”), how we use this information, with whom we share it, and the choices you have in connection with this. If you are using a Fisher & Paykel Appliance in a country outside the EU or UK the following Privacy Policy applies https://www.fisherpaykel.com/privacy-statement-smarthq.

The Data Controller, i.e., the party taking decisions on processing methods and purposes, is Fisher & Paykel Appliances Limited, with its registered office at 78 Springs Road, East Tamaki, Auckland 2013, New Zealand, which can be contacted at privacy@fisherpaykel.com.

You may contact FPA at the contact information provided in the “Your Rights” section of this SmartHQ Application Privacy Policy.

THE INFORMATION WE COLLECT AND USE

Through your use of the Application and/or the Connected Appliance, FPA will collect personal information, which is information that identifies you directly or indirectly, as outlined below;

At certain times we may ask you to provide personal information (being any information about an individual from which that person can be identified) when using the Services, as described below. We may need to collect and use the information because we are either legally required to do so, it is necessary for our legitimate interests or because we need it to provide the requested goods or services to you. If you do not provide the information when requested this may result in certain goods or services not being available to you.

    A. Information Collected from You

    As you use the Application and/or the Connected Appliance, we collect personal information when you:

  • Register for the Application
    When you register for the Application, we collect from you your personal identifiers (preferences, email address, country of residence, and information relating to your account login). You provide these personal identifiers by completing online forms during the Application setup process. The Application also creates a User ID to identify you as a registered user of the Application and the Connected Appliance. We use these personal identifiers to manage your account, provide you the Application and allow you to connect your Connected Appliance using the Application. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the services.
  • Register your Appliance
    Register your appliance for warranty and servicing purposes. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the services.

  • B. Information collected from your mobile device and appliance

    As you use the Application and your Connected Appliance, we collect personal information when you:

  • Connect a Connected Appliance
    When you connect a Connected Appliance to the Application utilising WiFi or Bluetooth, we automatically collect (a) from the Connected Appliance, data related to the Connected Appliance (software version, product information, appliance performance and usage information and diagnostics data), (b) from your mobile device, data related to your mobile device (make, model, operating system, software version), as well as (c) information from both the Connected Appliance and Application about your WiFi network (MAC Address, IP Address, SSID). We use this information to allow you to control your Connected Appliances via the Application, to notify you if your Connected Appliance has an issue, and to determine the version of the Application you are using. The legal basis for this processing is performing the contract with you in particular to provide you with the services deriving from the connection of your Appliance. If you do not provide this information we would not be able to provide you with the relevant service.

    We also ask whether you would like to save your home network SSID and password so that you do not need to re-type it when adding a new Connected Appliance. You are not required to save this information. If you do, it will be used only to autopopulate your login. The legal basis for this processing is your consent. You may revoke your consent any anytime, with effect going forward, by changing your user settings.

  • Utilise a Connected Appliance in conjunction with the Application
    After you have registered your account and provisioned your Connected Appliance, we automatically collect the following information (the “Connected Appliance Data”) as you use your Connected Appliance in conjunction with the Application:
  • Real-time usage information for you Appliance
    This will depend on the type of Appliance and may include the (number of) times an Appliance is turned on or off, the type and/or number of cycles run by an Appliance, different modes used, and the date your Appliance was installed. This information is used to permit you to monitor and control your Connected Appliance and for Fisher & Paykel to monitor the use of your Connected Appliance and the Application for the purpose of troubleshooting and any claims relating to use of Connected Appliance and Application. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
  • Communication Information
    We will collect information from your Appliance such as the Appliance’s IP address, MAC address, RFID and/or wifi connection in order to connect your Connected Appliance and maintain the connection with the Internet. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
  • Status and diagnostic information for your Appliance
    specifically information that permits us to understand and alert you in the event there are issues that need to be repaired or corrected to keep your Connected Appliance operating as it should. This information will also be used for troubleshooting for your Connected Appliance and the Application and for any claims made in relation to use of your Connected Appliance and/or the Application. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
  • Alerts and tips for you Appliances
    Specifically information to provide you with alerts and tips for your use of the Appliances. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
  • Information from other sources
    We obtain information from third party sources, which may include third party data suppliers from which we purchase location data to supplement the data we collect.
  • When you use Digital Assistants to activate interactive functions
    If you use a digital assistant (such as Google Assistant, Alexa or Siri) to activate the voice commands, we will collect and process the information set forth above, as conveyed by the digital assistant. Please bear in mind that the information conveyed by the digital assistant is subject to the relevant digital assistant provider’s privacy disclosures and terms. Please review them carefully.
  • Cameras and microphones
    Some Connected Appliances may contain microphones and cameras. These are currently disabled. If we provide an update that will enable the cameras and/or microphones to be used, you will be given the choice to enable or disable the camera and/or microphone. Prior to any such update occurring you will be notified of your rights in relation to our collection and/or processing of any images or recordings.
  • FPA also uses your personal information collected for the above purposes to efficiently maintain our business, to comply with the law, and for other limited circumstances as described in HOW WE SHARE YOUR INFORMATION.

    C. Information collected automatically from the Application via SDKs

    In addition to the personal information identified above, when you use the Application, we and our third party providers collect via software development kits (“SDKs”) and similar tracking technologies certain information required to authenticate you and your network when you login and use the Application as well as information required to store your preferences for the operation of your Connected Appliance. This information is used to make the app work as you expect it to and to provide enhanced functionality as described below. Some of the SDKs we use will store and retrieve information on your device, like a cookie or other similar tracker would.

    Essential SDKs. We only use essential SDKs that are necessary for the Application to function. The legal basis for the placement of these essential SDKs is that they are necessary for our provision of the Application. If you do not provide this information we would not be able to provide the service.

    For more information on SDKs and other trackers, please see our SDK Notice.

    D. Information collected by Fisher & Paykel otherwise than through the Application or Connected Appliance

    In relation to the personal information identified above, we may also collect your information directly from you through our website, call centre or other means. For more information on the collection of your information through other methods please see the Fisher & Paykel Privacy Notice.

HOW LONG WE RETAIN YOUR PERSONAL INFORMATION

We keep your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) to provide you with services available on the App or with your appliance, (ii) for as long as we have an ongoing relationship with you (such as maintaining your online account or sending you a newsletter); (iii) as required by a legal obligation to which we are subject; or (iv) as is advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).

When you de-register your account through the App your account information is deleted. Personal Data collected in relation to your appliance will be pseudonymized and disassociated from any personal account information. This pseudonymized appliance data will be maintained. Personal information that is collected for appliance registration, customer service matters, promotions, subscription services or any other matters will be retained in accordance with the Privacy Policy it was collected under.

HOW WE SHARE YOUR INFORMATION

FPA may share the personal information identified in this Privacy Policy in the following instances:

  • Within FPA: Where necessary, FPA will share your personal information within the Fisher & Paykel Appliances Group in order to efficiently carry out business and to the extent permitted by law. The legal basis for this processing is our legitimate interest in conducting our operations efficiently. This data processing is not compulsory and you can object to this data processing by sending an email at the contact indicated in paragraph 4 below, unless there is a FPA’s prevailing interest or the interest to defend or claim its rights.
  • With service providers: FPA will share your personal information with service providers that perform services on FPA’s behalf. Service providers include Salesforce, Microsoft and AWS. Information we share includes Connected Appliance Data, account information, Device ID, user registration data (name, email, address, phone), user consent, and User ID. This information is used by our service providers to provide us with information technology services and troubleshooting assistance.
  • With our Application provider: FPA will share your personal information with GE Appliances, which administers the Application. GE Appliances occasionally transfers your personal information, on an as-needed basis, to its support staff in the US and its service provider in India to provide information technology services and troubleshooting. Connected data and account information (Device ID, User registration data (name, email, address, phone), user consent, and User ID) are stored on Salesforce servers located in Germany and France and managed by FPA.

FPA uses HAIER U.S. APPLIANCE SOLUTIONS, INC. D/B/A GE APPLIANCES (“GE Appliances”) and its sub-processors, to provide troubleshooting, system maintenance, and solutions testing as necessary for the proper operation of the App. GE Appliances provides support occasionally and only on an as needed basis. To provide the support GE Appliances personnel in the U.S. and GE Appliances affiliate personnel located in India may access certain parts of your information regarding the appliance and the individual consumer. This information includes: MAC address, Appliance usage, and device ID; User registration data (name, email, address, phone), User ID, user consent); Application Data (version, appliance usage and crash history). Ordinarily GE Appliances will need to access only your email address, User ID, MAC address, and appliance usage data. GE Appliances personnel located in the U.S. and GE Appliance’s affiliate’s personnel located in India may access this information which is stored in a servers located in the EU. The laws of US and India allow, under certain circumstances, access by national authorities to personal data controlled by U.S. or Indian companies, respectively. For the purposes of GDPR and GDPR UK, this transfer of personal data is carried out by adopting a lawful basis under applicable law, which may include EU and UK Standard Contractual Clauses.

In addition, GE Appliances employees from the US and service providers in India can access your personal information and Connected Appliance information in these cloud instances for the purpose of providing technical support and troubleshooting.

The US has been granted adequacy where the data importer is registered under the Data Protection Framework, otherwise data transfers to the US and India have not been granted a recognition of adequacy for the protection of information by the EU, UK or Switzerland as their legal regimes allow, in certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities to access your personal information. In such cases where adequacy status does not apply, we will implement measures to adequately protect your personal data, such as by putting in place Standard Contractual Clauses as approved by the European Commission or the UK Addendum as approved by the ICO, as applicable, unless GDPR provides for an exception (Art. 49 GDPR). If applicable copies of the Standard Contractual Clauses are available upon request to be sent at the contacts of paragraph 4.

Where we rely on the Standard Contractual Clauses as approved by the European Commission, insofar as the transfer is made to a service provider processing personal information on our behalf, Module Two (transfer from controllers to processors) of the standard contractual clauses is relevant; insofar as the transfer is made to recipients which do not process personal information on our behalf but for their own purposes, Module One (transfer from controllers to controllers) is relevant.

If we transfer your personal information from the European Economic Area to a jurisdiction which has been recognized as providing an adequate level of data protection, we will rely on the European Commission's adequacy decision (a list of the adequacy decisions can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) for the UK we will rely on the ICO’s decisions as to adequacy (details are set out here https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/#:~:text=In%20August%202021%2C%20the%20UK,%2C%20Indonesia%2C%20Kenya%20and%20Singapore).

When transferring personal information to recipients in the USA we may rely on the Data Privacy Framework which ensures an adequate level of protection for recipients certified under the Data Privacy Framework.

In addition, we intend to, where necessary, agree on and take additional measures with recipients to ensure an adequate level of data protection.

  • In the event of a corporate reorganization: In the event that FPA enters into, or intends to enter into, a transaction that alters the structure of FPA , such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of its assets, FPA would share your personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. The legal basis for this processing is our legitimate interest in conducting our operations efficiently. This data processing is not compulsory and you can object to this data processing by sending an email at the contact indicated in paragraph 4 below, unless FPA has a prevailing interest related to the transaction or to its ability to defend or claim its rights.
  • For defense of rights and claims: FPA can process your data to bring and defend a right in a potential dispute. The legal basis for this processing is our legitimate interest in protecting our rights. This data processing is not compulsory and you can object to this data processing by sending an email at the contact indicated in paragraph 4 below, unless there FPA has a prevailing interest related to the transaction or to its ability to defend or claim its rights.
  • For legal purposes: FPA will share your personal information where legally required, in response to court orders, law enforcement or legal process; to establish, protect, or exercise our legal rights, as required to contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law. The legal basis for this is our compliance with the law.

YOUR RIGHTS

The law affords you the right to check how your data are processed and, if applicable, to restrict their use. You may exercise these rights at any time and free of charge by contacting our company and writing to the addresses specified below.

Under The EU General Data Protection Regulation, UK GDPR and Swiss Federal act on Data Protection, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

  • Right of Access: You have the right to ask us for information about the personal data we have about you as well as copies of it.
  • Right to Rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to Erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Right to Restriction: You have the right to request restriction of processing in certain circumstances. If the processing of your Personal Data has been restricted, we may only, besides storing the data, process your personal data with your consent, in order to establish, exercise or defend legal claims or to defend rights of others.
  • Right to Object: Where our processing is based on legitimate interest, you have the right to object to the processing of personal data. You can do that by contacting privacy@fisherpaykel.com unless FPA has a prevailing interest in processing the data or to its ability to defend or claim its rights.
  • Right to Data Portability: Where we process your personal information based on the legitimate bases of your consent or the performance of a contract, you may have the right to receive the personal data we hold in a commonly used format and send the data to another controller or use it for your personal purposes.
  • Right to Withdraw Consent: You have the right to revoke your consent at anytime, with effect going forward. Such withdrawal will not impact the lawfulness of any data processing activities prior to withdrawal.
  • Right to Claim to Supervisory Authority: You have the right to bring a claim to the applicable data protection supervisory authority.

In the event of your death the above-mentioned rights regarding to your personal data may be exercised by those who have their own interest in doing so, or act to protect you as an agent, or for family reasons deserving of protection, if applicable by law in your jurisdiction. You may expressly prohibit the exercise of certain rights listed above by those entitled by sending a written statement to FPA at the email address provided below. The statement may be revoked or modified later on using the same procedures.

Please note that requests to erase data are subject to current legal and regulatory obligations on the storage of documents.

To exercise your rights, you may send an email at any time to privacy@fisherpaykel.com or write to:

Legal and Compliance
Fisher & Paykel Appliances Limited
PO Box 58550 Botany
Manukau 2163 Auckland
New Zealand

INFORMATION SECURITY

FPA implements and maintains reasonable security measures to help protect the personal information that FPA collects and maintains in accordance with industry standards, including encryption, access controls and firewalls. These measures include cyber security policies, security incident response processes (PSIRT), penetration and vulnerability testing and annual maturity assessments. While there are adequate process and technical controls in place, however we cannot guarantee that our security measures will prevent malicious attacks to our systems 100% of the time.

AGE RESTRICTION

The Application is not intended for individuals under the age of eighteen (18). If we realise that we have inadvertently obtained the personal data of a minor, we will immediately erase their personal data.

CHANGES TO THIS PRIVACY POLICY

FPA may change this Privacy Policy from time to time. We will notify the changes to this application, through a push notification, by email or through an update of the application and indicate the date the changes go into effect. We encourage you to review our Privacy Policy to stay informed. If FPA make changes that materially affect your privacy rights, we will notify you with a notification sent through the Application and obtain your consent, if required.

CONTACT US

If you have any questions or comments regarding this Privacy Policy, please contact us by email at privacy@fisherpaykel.com.