Customers’ privacy notice (“CIAM”)
October 2020 version
Candy Hoover Group S.r.l., part of Haier Group (from now on, for the sake of brevity, “Haier Europe”) believes that the protection of personal data is a fundamental value for its business activities, and we strive to provide you with all of the information that can help you protect your privacy and control the use made of your data in relation to the various services we offer you and the interactions you may have with us. On this page, you will find information regarding how your personal data are managed.
We explain which personal data we collect and why, how we use them, if we share them with other companies, how you can exercise control over your data and the measures we enact to protect your privacy.
This disclosure applies to the personal data we collect when you make use of our services, such as when you browse on our websites, acquire our products from Haier Europe, use our Apps (such as Candy simply fi, hOn, Hoover wizard or Rosières E-Picurien), request assistance from our technician or interact with us (through the website or over the phone), respond to a survey or receive our promotional messages and participate in market research (as explained below) (henceforth referred to jointly as the “Services”).
This disclosure provides information about the processing and management of your personal data.
2. ABOUT US
Haier Europe will process your personal data in compliance with Regulation (EU) 2016/679 ("GDPR") and regulations in force on the protection of personal data. Our contact information is provided below.
Data Controller and Data Protection Officer
The Data Controller, i.e., the party taking decisions on processing methods and purposes, is Candy Hoover Group S.r.l., with registered office at Via Comolli, 16 - 20861 Brugherio (MB).
The Data Protection Officer (“DPO”) is responsible for supervising the observance of the GDPR in relation to the processing of personal data performed by Haier Europe.
You may contact the DPO at the following email address firstname.lastname@example.org or by post by writing to:
Candy Hoover Group S.r.l.
Via Privata Eden Fumagalli
20861 Brugherio (MB), Italy
f.a.o. Data Protection Officer.
3. WHICH DATA WE PROCESS
When you use our Services, Haier Europe processes some of your personal data. Information about this is provided below.
Type and source of personal data
When you use our Services, we may process the following personal data (i.e., data relating to identified or identifiable people):
a) personal and contact information - such as name, surname, address, telephone number, preferences, email address and information relating to your account login. You provide these data by completing online forms or providing them over the phone, for example to request assistance, or by registering on the App (including the profile photo if you choose to include it);
b) data relating to the products purchased - such as purchase date, code and product line, product price, warranty information, etc. and the type of assistance you have requested (including information contained in the space where you may provide request details). Furthermore, when you purchase a product on our e-shop website, purchasing data may also be collected;
d) data acquired through the use of the App or the connection and use of the connected appliance - in the case of appliances with connectivity technology (such as WiFi), when you connect the device to the App and you are connected to the WiFi network, or another communication technology (such as NFC and/or Bluetooth), Haier Europe receives certain data regarding the functioning and status of the connected appliance (such as on/off, any errors) or geolocation data. These data are sent to the Haier Europe server periodically. Furthermore, Haier Europe could collect data regarding your use of the connected appliance (for example, frequency of washings, use of the appliance, programme used, etc.) and the App services. If you use certain functions of the appliances offered by Haier Europe in the market which allow for the collection and transmission of voice commands, or the recognition of the type of laundry, food or other functions you may use, Haier Europe will need to obtain some essential information in order for the command to be processed (including the conversion of the audio or video file into electronic commands sent to the product). Haier Europe adopts reasonable measures to reduce the processing of information that may be linked to you either directly or indirectly. If the appliance allows the collection and the processing of audio and pictures of the data subject, it is never possible for Haier Europe and for its partners to access such data live.
The data are provided by you, depending on the case, directly when you purchase the product, register your product, visit our website, activate your account, request a Service or activate interactive functions (audio or video) on the products, when you participate in our campaigns, create a review about a product or download or use an application; Haier Europe may also use data obtained from social media, such as Facebook, if you decide to use social media to facilitate access to our Apps (“social log in”). Finally, if the functionality of the product requires it, personal data (commands or suggestions converted into instructions for the machine) may be received and sent via digital assistants connected to it (so-called smart assistants, especially through the hOn Smarthome features). In the event that you decide to use social media or digital assistants in conjunction with Haier Europe products and use their services, we invite you to carefully consult, before using them, the privacy policies and terms of service of each of those services / products.
4. WHY WE PROCESS YOUR DATA
Your personal data may be processed for the following purposes.
a) to respond to your request for assistance about the functioning, use and maintenance of an appliance or to respond to your questions about our products and services. If we ask you to fill out a form to send us your request, remember that the data entered in the fields marked by an asterisk are required as we would not be able to accept the request or respond to it without this information;
b) to allow you to use the App, register the connected appliance and make use of the services and functions offered by its use, for assistance and maintenance purposes, to manage your profile, and thus provide the services you have requested;
c) to allow you to purchase an appliance from us;
d) to allow you to register your appliance, also to take advantage of any additional warranties (ours or those of third parties), receive updates on your appliance and service notices, to enable you to access information regarding registered products and obtain assistance in a more streamlined manner. If to that end we ask you to fill out a form, remember that the personal data entered in the fields marked by an asterisk are required as we would not be able to provide you the service without this information;
e) to meet the obligations arising from current laws, regulations or EU law (e.g., tax and accounting obligations);
f) to receive our newsletter if you register for that service, without prejudice to what is specified in letters j) and k) below in relation to the sending of commercial communications;
(the purposes from letter a) to f) are jointly defined as the “Contractual Purposes”);
g) to enforce and defend the rights of Haier Europe, also as part of debt collection procedures and the assignment of receivables to authorised companies, including through third parties, and to prevent and combat any fraud;
h) for research and development activities aimed at analysing and improving the Services and/or products offered, also proceeding with the anonymisation and/or aggregation of your personal data;
i) in the case of any corporate transactions, to perform activities functional to such transactions (including disposals, leases, transfers, mergers or corporate demergers);
(the purposes from letter g) to i) are jointly defined as the “Legitimate Business Interest Purposes”)
j) to provide you pursuant to article 130, paragraph 4 of Italian Legislative Decree no. 196/2003 as amended (the “Privacy Code”) with marketing communications via email about services and/or products analogous to those that you used, without prejudice to the fact that you will have the possibility to object to the sending of such communications at any time;
k) with your consent, to receive commercial and promotional communications, by automated means such as SMS, as well as through phone calls made by an operator for products of Haier Europe and possibly of other companies in the Candy/Haier group, to participate in market research and surveys to identify the degree of customer satisfaction with the products and assistance received, to invite you to initiatives and events organised by Haier Europe;
l) with your consent, to receive commercial and promotional communications from our partners operating in the assistance sector and offering insurance products (e.g., warranty extensions payable in instalments, insurance policies) for their marketing activities. The list of such third parties is available by contacting Haier Europe using the methods specified in this disclosure;
(the purposes from letter j) to m) are jointly defined as the “Marketing Purposes”);
n) if it is possible to send you communications for Marketing Purposes pursuant to this disclosure and since we want to be sure that we are only sending you communications of interest to you, to perform non-invasive customer segmentation based, inter alia, on the products you have registered with us and your use of our Services.
(the purpose pursuant to letter n) is defined as the “Legitimate Marketing Interest Purpose”)
5. ON WHAT BASIS WE PROCESS YOUR DATA
The processing of your personal data is necessary with reference to the Contractual Purposes given its essential nature in order to:
· perform the contract, with regard to the provision of the products and services requested in relation to the cases set forth in Section 4, letters a) to d);
· adjust to provisions of applicable regulations, as set forth in Section 4, letter e).
If you do not provide the personal data required for the Contractual Purposes, it will not be possible to make use of the services (including assistance and other functions described above).
The processing of your personal data for the Legitimate Business Interest Purposes and the Legitimate Marketing Interest Purposes is carried out pursuant to article 6, letter f) of the European General Data Protection Regulation 2016/679 (the “Privacy Regulation”) to pursue the interest of Haier Europe, which is equally balanced with your interest, as the personal data processing activity is limited to what is strictly necessary for the execution of the economic transactions described.
Processing for Legitimate Business Interest Purposes and Legitimate Marketing Interest Purposes is not required and you may object to that processing with the methods set forth in this disclosure. However, if you object to that processing, your data may not be used for the Legitimate Business Interest Purposes and Legitimate Marketing Interest Purposes, unless Haier Europe can demonstrate the presence of prevailing compelling legitimate grounds or for the exercise or defence of legal claims.
Lastly, the processing for Marketing Purposes is based:
· as regards section 4, letter j), on article 130 of the Privacy Code, which enables Haier Europe to send marketing communications regarding services and/or products analogous to those you have acquired via email, provided you do not object to such communications;
· as regards section 4, letters k) and l), on your consent;
Data processing for Marketing Purposes is not required. However, if you deny or revoke your consent, you may not receive the commercial communications pursuant to Section 4, letters j) to m). You may revoke any consent provided with the methods set forth in this disclosure at any time.
6. HOW WE PROCESS YOUR DATA
We will process your data primarily using registration, extraction, analysis and archiving tools protected with systems that offer security guarantees in line with sector standards.
In particular, we will process your data using primarily IT systems and analysis tools through authorised personnel appropriately trained by Haier Europe. We adopt measures aimed at guaranteeing the application of the principles of accuracy, lawfulness and transparency set forth in applicable regulations on the protection of personal data (including the Privacy Regulation), protecting your privacy through technical and organisational security measures that guarantee an adequate level of security to prevent the loss or unlawful or improper use of as well as unauthorised access to your data.
7. HOW LONG WE STORE YOUR DATA
Your data will be stored for the period of time strictly required to achieve the purposes for which they were collected. In any event, the following storage terms will apply:
i. for the Contractual and Legitimate Business Interest Purposes, the data will be stored for a period equal to the duration of the provision of the services you have requested and for the 10 years after that, without prejudice to cases in which storage for a subsequent period is required for any legal actions and, in the case of disputes, requests from the competent authorities or pursuant to applicable regulations;
ii. for the Marketing Purposes pursuant to letters j) and k) and for the Legitimate Marketing Interest Purpose, the data are stored for a period equal to the duration of the provision of the service requested and a period of 24 months subsequent to the last contact with you, to be understood, inter alia, as the use of a product or Service provided by Haier Europe or the opening of a newsletter (jointly defined as the “Last Contact”);
for the Marketing Purpose pursuant to letter l), the data are stored for a period of 24 months from the creation of your account or the use of a Service.
If the appliance allows the collection and the processing of audio to be converted into instructions for the machine, this, once correctly converted into commands, is immediately deleted. In the event that the Haier Europe appliance detects difficulties in recognizing the instructions given, the same data may be, for purposes of maintenance and troubleshooting, kept for a maximum period of 3 months and then immediately deleted.
Images acquired through the use of the App or the connection and use of the connected appliance, are processed in anonymous form. It is possible that, in certain cases, the App provide for the storage of image files on the memory of the mobile device used for their acquisition. In these cases, Haier Europe does not process such personal data: the images are in the exclusive availability of the user who can decide if and when to delete them.
8. WHO WE SHARE YOUR DATA WITH
Communication and dissemination of data
For the Contractual Purposes, your data may be communicated to authorised Haier Europe personnel who have been appropriately informed and trained, or the personnel of third parties who operate on behalf of and based on instructions from Haier Europe as Data Processors, including companies that provide appliance pre/post-sale assistance, or autonomous data controllers. The third parties that provide services are included in the following categories: (i) providers of assistance and consulting services for the Company, also provided through call centres, with reference to activities in the (including but not limited to) technological, accounting, administrative, legal and insurance sectors, (ii) providers of IT and maintenance services or providers that offer services linked to the CRM system; (iii) providers that help us with appliance assistance and repair services; (iv) providers that provide our e-shop hosting services; (v) companies in the same group as Haier Europe; (vi) parties and authorities whose right to access the data is expressly recognised by law, regulations or measures issued by the competent authorities.
For the Legitimate Business Interest Purposes, the data may be communicated to the following categories of recipients: (i) third-party providers of assistance and consulting services for Haier Europe with reference to activities in the (for example but not limited to) technological, accounting, administrative, legal and insurance sectors; (ii) companies in the same group as Haier Europe; (iii) potential purchasers of Haier Europe and entities resulting from the merger or any other form of transformation regarding Haier Europe; (iv) the competent authorities.
Furthermore, for the Marketing Purposes and for the Legitimate Marketing Interest Purpose, your data may be communicated to the following categories of recipients: (i) third parties responsible for the processing of personal data which provide assistance and consulting services to Haier Europe, also provided through media and marketing agencies, call centres or other data processors, (ii) companies in the same group as Haier Europe.
To obtain more information on the data processors working on behalf of Haier Europe, you may write to the office of Haier Europe for the attention of the DPO or to the email address email@example.com.
If you use Social login or digital assistants and digital platforms in conjunction with Haier Europe products, your personal data may be shared with the providers of such services. In such cases, these providers will act as autonomous data controllers and will operate in accordance with the provisions set out in their privacy policies and terms of service, which we invite you to consult.
Lastly, Haier Europe may transmit your data within its business group for administrative and accounting purposes. The legal basis legitimising the processing of data for this purpose is that described in art. 6, par. 1, letter f) of Regulation (EU) no. 679/2016, or as the processing is necessary to pursue a legitimate interest of the data controller in the circulation of data for administrative purposes within its business group.
For specific requirements connected to the location of the servers of Haier Europe and/or its providers, for the provision of services Haier Europe also relies on providers - in their capacity as data processors - located in third countries outside the European Union. Your data may also be communicated between Candy/Haier group companies with registered office in third countries outside the European Union or be transferred to our service providers and third-party providers acting on our behalf, as set forth in this disclosure. In that case, Haier Europe undertakes to guarantee adequate levels of protection and safeguards, also through contractual agreements, including by entering into standard contractual clauses.
[ITEM: THE RIGHTS YOU ARE AFFORDED BY LAW AND HOW YOU MAY EXERCISE THEM]
The law affords you the right to check how your data are processed and if applicable to restrict their use. You may exercise these rights at any time and free of charge by contacting our company and writing to the addresses specified above. Haier Europe will do all that is necessary to facilitate the exercise of your rights.
Information about this is provided below.
Rights of the data subjects
Pursuant to arts. 15 et seq. of the Regulation, you have the right to:
object to processing in the cases in which this is set forth in the Regulation (right to object). Pursuant to article 2-terdecies of the Privacy Code, in the event of death the above-mentioned rights referring to your personal data may be exercised by those who have their own interest in doing so, or act to protect you as an agent, or for family reasons deserving of protection. You may expressly prohibit the exercise of certain rights listed above by those entitled by sending a written statement to the Company at the email address provided below. The statement may be revoked or modified later on using the same procedures.
Please note that requests to erase data are subject to current legal and regulatory obligations on the storage of documents.
To exercise your rights, you may send an email at any time to firstname.lastname@example.org or write to:
Candy Hoover Group S.r.l.
Via Privata Eden Fumagalli
20861 Brugherio (MB), Italy
f.a.o. Data Protection Officer (DPO).
In contacting us, please make sure to include your name, email address, postal address and/or telephone number(s) to be sure that we can properly manage your request.
If you believe that your data have not been processed in compliance with the regulation or there are objections with regard to their use, you may submit a complaint to the Supervisory Authority of the Member State in which you reside or work or the place where the alleged violation took place.
Additional information - Links - Minors
On the website, you will also find links to third-party websites; therefore, we invite you to view their disclosure to learn about the methods and purposes of the data processing performed through those websites.
For the individual services offered by Haier Europe, we invite you to consult the individual disclosures for all of the details relating to the processing of your data.
When you access the Website section devoted to product registration and the acquisition of the warranty extension on your appliance and you complete the form, your personal data will be processed by partner organizations operating in the field of extended warrant or maintenance and customer care. In this case our partner organizations operate as autonomous data controller. For more information on the processing activities carried out by our partner organizations, we invite you to view their disclosure.
The websites and Apps and Haier Europe products are not intended for minors. If you are a minor, you cannot register as a user on the Website or the App, or otherwise provide us with your personal data. If we realise that we have inadvertently obtained the personal data of a minor, we will immediately erase them.
This privacy disclosure may be updated over time. Therefore, Haier Europe will specify the date of the most recent update at the end of the disclosure.
Latest version: October 2020