Privacy Policy

Nexxtlab is committed to safeguarding the privacy of the visitors on our website and the users of the Nexxtlab Smartbirds Services. In this policy we explain how we will handle and protect your personal data.

Nexxtlab Smartbirds Privacy policy

 

  1. Introduction.

Nexxtlab is committed to safeguarding the privacy of the visitors on our website and the users of the Nexxtlab Smartbirds Services. In this policy we explain how we will handle and protect your personal data.

 

  1. Glossary of terms.

In this Privacy Policy document, the following terms are to be understood as:

 ‘Nexxtlab’:

Nexxtlab NV, with registered office at 12 avenue du Swing 4367 Belvaux Luxembourg

 ‘Customer’:

Any entity (B2C, B2B) that is using the Nexxtlab Smartbirds, Nexxtlab Smartbirds Services or that has or will be having a contractual relationship of whatever nature with Nexxtlab.

 ‘GDPR’:

EU General Data Protection Regulation (GDPR) from 14 April 2016.

 ‘Nexxtlab Smartbirds’:

All Nexxtlab hardware devices that are intended to operate at the site of the user. It also includes the software components that  are installed on these devices.

The solution that consists of the — central and decentral — hardware, software, cloud services, interfaces and communication protocols provided by Nexxtlab. 

This includes:

  • all Nexxtlab Smartbirds
  • the online cloud services that consist of the server infrastructure and the software running on these servers
  • the Apps (iOS, Android) and the websites (such as smartbirds.nexxtlab.lu and ) that provide access to the services
  • the interfaces to other connected IoT services
  • all communication and communication protocols between the listed components

This system is continuously evolving and may include additional components in the future. 

The term ‘Energy’ should here be understood in de broadest sense, including —  but not limited to — electricity, gas, water, light, battery capacity, consumption, production etc.

 ‘Nexxtlab Smartbirds Services’:

The services that are provided by the Nexxtlab Energy Systems.

 ‘Products’:

The subject of one or more sales contracts, in this case – but not exclusively limited to – the Nexxtlab Smartbirds, Nexxtlab Smartbirds Services, other hardware, software, websites and web-based services.

 

  1. Where we process data

In this section we explain in what systems of Nexxtlab we process personal data.

3.1 Website Nexxtlab.lu

We may process data that originates from the Nexxtlab website, such as:

  • Details of the order, invoice and shipment
  • General Payment data.  (However, Nexxtlab does not process credit card numbers or other information that was used to authorize payment transactions.)
  • Data for billing, shipment and logistics
  • Tracking information, such as IP address, connection time, navigation
  • Tracking cookies
  • Newsletter subscriptions
  • Information request and contact forms
  • Partner request forms
  • Webinar subscriptions

We may process data relating to customer orders that the customer provided to Nexxtlab by other means than the Nexxtlab website and webshop.

If you choose to create a webshop user account, we may process the data that you provided for that user account.

3.2 Nexxtlab Energy System

We may process data that are part of  the — central and decentral — Nexxtlab Smartbirds Services.  That refers to data that is being collected and processed by, for example:

  • systems and servers that make up the Nexxtlab cloud systems
  • Apps (iOS, Android)
  • websites and web dashboards that provide access to the Nexxtlab services, such as smartbirds.nexxtlab.lu
  • Nexxtlab Smartbirds
  • interfaces to Third-Party IoT Service
  • all underlying IT infrastructure
  • all communication and communication protocols between the listed components
  • operational systems used for Research & Development and Testing of our services

This data includes, for example:

  • measurements from the Nexxtlab distributed devices, including data that is derived from those measurements
  • internal states and configurations of the Nexxtlab distributed devices 
  • data that you enter in the Nexxtlab  Apps or the Web Dashboards
  • account data and user credentials
  • network control data

3.3 Our Nexxtlab Office Systems

We may process data in the various operational systems of our offices, in particular the systems used by the Support Team, Reception, Research and Development, and Sales and Marketing Team.

This data includes, for example:

  • data that you provided to our office systems during the initial request and further correspondence and follow-up with our staff
  • data that you provided as part of your correspondence
  • emails or other messages that you sent to us
  • communication logs (telephony, network)
  • data from all sources that are in the scope of this Privacy Policy and that is reasonably related to your request, inquiry or correspondence

 

  1. What are the General Categories of Data

In this section we explain the general categories of personal data that we process.

4.1 Account Data

We process account data, which refers to data that identifies you and allows us to get in contact with you.  This includes, for example: your name, address, email, telephone number, general payment data, gender, birthdate, hobbies and interest, relationship status and others.

4.2 Technical Data

We process technical data, which refers to all data that we need to provide good and secure services.

This includes, for example, the serial numbers of your devices, the configuration details internal states of your devices and services, the software version of the system components and others.  This also includes access credentials needed to process the data of the various Nexxtlab systems.

4.3 Usage Data

We process usage data, which refers to all data that are collected from the Nexxtlab Monitors, other distributed devices, apps, and websites, as well as data resulting from actions and activity of the users.

We may combine this data with other data categories of this privacy policy, and process data that is derived from this data.

This incudes, for example, electrical measurements, geo-location data, events, messages, alerts, internal states of the Nexxtlab Monitors or other distributed devices, and data that is manually entered in the Nexxtlab apps or Websites. 

4.4 Interaction Data

We process interaction data, which refers to all data that result from user interaction with our systems, devices, apps, or websites.

This includes, for example, the use of the websites and apps. This also includes browser cookies, for which the Nexxtlab Cookie policy is applicable.

4.5 Network Data

We process network data, which refers to data resulting from network traffic.

This includes, for example, IP address and MAC address.

4.6 Support, Inquiry, Correspondence

We process data for support, inquiry and correspondence, which refers to all data resulting from interaction with our staff, in particular with the Support Team, Reception, Sales Team. 

This includes, for example, data that is provided as part of your correspondence, communication logs (telephony, network).

4.7 Survey Data

We may process data gathered as part of surveys, polls and studies.

This data includes, for example, data that identifies you and data that represents your responses. 

4.8 Derived Data

We may process derived data, which refers to all data that is a result of combining and analysing data.  We may combine data of all of the data categories provided in this Security Policy and data that we received from Third Parties.

4.9 Data from Third Parties

We may process data that we received from Third Parties in order to improve the services and better adapt them to the needs of the users.

4.10 Data of non-customers and prospects

We may process data of persons that are not yet customers of Nexxtlab or Nexxtlab Partners, in order to offer them personal products and services.

4.11 Special Data Categories

Sensitive Data

As required by the privacy law, Nexxtlab does not process sensitive data such as racial or ethnic origin, political opinions, religious beliefs, sexual orientation, and health.

 

Other Persons data

Please do not supply any other person’s personal data to us, unless we prompt you to do so.

 

  1. For what Purpose do we Process your Data

In this section we explain the purposes for which we may process personal data, and the legal bases of the processing.

5.1 Order Fulfilment

Nexxtlab processes data for the purpose of order fulfilment and contract fulfilment:

  • fulfillment of orders (which includes logistics, payment, shipment, invoicing, accounting)
  • supplying the goods and services that are part of the order of contract
  • keeping a proper record of transactions relating to fulfillment of the order or contract

The legal basis for this processing is:

  • the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract or

5.2 Providing and Improving Nexxtlab Smartbirds Services

Nexxtlab processes data for the purpose of providing the Nexxtlab Smartbirds Services and the Web presence, which includes, for example:

  • providing the various parts of the Nexxtlab Smartbirds Services
  • help the user to understand and control energy flows and usage patterns
  • change the user behaviour according to energy flows and usage patterns
  • perform benchmarking of energy flows and usage patterns to the level of appliances and users, using various criteria
  • change the time when energy is used (demand-response and peak-shaving)
  • create or validate invoices and usage records for energy consumption
  • in-app notifications
  • others

These services are continuously evolving and may include new services and features in the future.

The legal basis for this processing is

  • our legitimate interests
  • the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract

5.3 Operating and Improving the Nexxtlab Services

Nexxtlab processes data for the purpose of continuously improving its product, service and web presence.  This includes, for example:

  • improvement of user experience of products, services and web presence
  • optimizing the systems
  • proactively identifying problems
  • security and fraud prevention
  • monitoring of systems and services
  • maintenance of systems
  • analyze specific or general cases of incidents, issues or problem

The legal basis for this processing is

  • our legitimate interests
  • the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract

5.4 Providing Value-Added Services

Nexxtlab processes data for the purpose of providing value-added services:

  • enable Nexxtlab to provide value-added and innovative services to the users
  • enable Third Parties to provide value-added and innovative services
  • send advise and recommendations based on consumption patterns

The legal basis for this processing is

  • our legitimate interests
  • the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract

5.5 Support, Inquiries, Correspondence

Nexxtlab processes data for the purpose of providing support, responding to inquiries and correspondence:

  • support for any contract, product or service provided by Nexxtlab
  • support for the installation, configuration and testing of products or services
  • optimally respond to your support request, inquiry or correspondence
  • resolve issues, incidents and problems effectively and efficiently
  • detecting and preventing similar issues in the same or other components of our systems
  • to proactively reduce occurrence of incidents and problems and improve response to and resolution of further incidents, problems, support requests, inquiries and correspondence
  • customize and optimize its correspondence to the user

In case Nexxtlab detects an issue with the configuration or other data of accounts, services or remote devices, Nexxtlab may modify the configuration or other data for the involved accounts, services or remote devices.

The legal basis for this processing is

  • our legitimate interests
  • the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract

5.6 Direct Marketing

We may process the data that is in the scope of this Privacy Policy for the purpose of

Direct Marketing:

  • send Direct Marketing correspondence
  • customize and optimize our correspondence to the user
  • send recommendations based on consumption patterns
  • contact you to offer, market and sell to you relevant goods and/or services. 

The legal basis for this processing is

  • legitimate interest or
  • taking steps, at your request, to enter into a contract

You have the right to object to this processing. For more information, see section “Your rights“.

5.7 Research and Gaining Insights

We may process the data that is in the scope of this Privacy Policy for the purpose of Research, Investigation and for gaining Business Insights. This includes, for example:

  • energy usage and production patterns
  • user behaviour in Apps and Websites
  • the analysis of long-term trends, evolutions, changes, behaviour and developments
  • user surveys

The legal basis for this processing is legitimate interest.

5.8 Development

We may process the data that is in the scope of this Privacy Policy for the purpose of System Development. This includes, for example:

  • development, testing and validation of new systems, components and features
  • software systems and hardware systems
  • algorithms and data processing methods

The legal basis for this processing is legitimate interest.

5.9 Other purposes

In addition to the specific purposes for which we may process your personal data set out in this Section , we may also process data from all available sources that are in the scope of this Privacy Policy  where such processing is necessary  for compliance with a legal obligation to which we are subject, or  in order to protect your vital interests or the vital interests of another natural person.

 

  1. Providing your Data to Others

This section explains to what external parties we may disclose the personal data.

6.1 Company Group

We may disclose your personal data to any member of our group of companies — this means our subsidiaries, our ultimate holding company and all its subsidiaries — insofar as reasonably necessary for the purposes set out in this policy.

6.2 Business Transfers

We may transfer your personal data as part of a merger, acquisition, divestiture, joint venture, or similar transaction of all or a portion of our business or business assets.  In that case the receiving entity will assume the rights and obligations regarding your personal information as described in this policy.

6.3 Insurers and Advisors

We may disclose data from all available sources that are in the scope of this Privacy Policy to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

6.4 Payment Services

Financial transactions may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

 

6.5 Suppliers and Subcontractors

We may disclose personal data obtained on our Website and Webshop to our suppliers and subcontractors insofar as reasonably necessary for

  • order handling and shipment
  • payments
  • support
  • operational purposes

6.6 Data Processors

We may disclose personal data that are in the scope of this Privacy Policy to our data processors.  The Categories of these Subcontractors are:

  • marketing providers
  • hosting providers
  • integrated third parties
  • logistics providers
  • payment providers
  • problem tracking and support service providers
  • operational services providers

6.7 Partners for Installation and Support

We may disclose personal data available on our Nexxtlab Energy Systems to Partners insofar as reasonably necessary for

  • performing the installation and configuration of our products
  • providing ongoing support

6.8 Partners, Installers, Resellers

If you obtained your Nexxtlab Products or your Nexxtlab Smartbirds Services from any Third Party other than Nexxtlab SA, or if you obtained support for installation, configuration or operations of your Nexxtlab from any other Third Party than Nexxtlab SA, Nexxtlab may disclose your personal data that is in the scope of this Privacy Policy to this Third Party.

Each such Third Party will act as a data controller in relation to the data that we supply to it; and upon contacting you, each such Third Party will supply to you a copy of its own privacy policy, which will govern that Third Party’s use of your personal data.

6.9 Third Party Data Controller

We may disclose the data that is in the scope of this Privacy Policy to selected Third Parties for the purposes that are described in section 5, “For what Purpose do we Process your Data”, in particular — but not limited to — to contact you so that they can offer, market and sell to you relevant goods and/or services .  

Each such Third Party will act as a data controller in relation to the data that we supply to it; and upon contacting you, each such Third Party will supply to you a copy of its own privacy policy, which will govern that Third Party’s use of your personal data.

6.10 Integrated Third Party Services

The Nexxtlab Smartbirds Services allow the user to connect and integrate his or her account with Third Party Services.  We may disclosure your personal data to these services insofar as reasonably necessary for the purpose of making the corresponding features and functions available.

Note: In those cases where these Third Party Services are located outside the European Union, additional safeguards apply.  These safeguards are described in section 1560152871.39, “Integrated Third Party Services”.

6.11 Remote Access

The Nexxtlab Smartbirds Services provide various way to access your data remotely, such as the “Developers API”.  Each of these access methods is protected by an authentication process that requires your password.

As explained in section “10 How you can help to keep your personal data secure”, Nexxtlab will provide access to your data to anyone who has access to your password or other access credentials during the authentication process.

6.12 If you are a Partner, Installer, or Reseller

If you are a Partner, Installer, or Reseller of Nexxtlab products or services, we may publish your contact information on our website and include it in other sales and marketing communication.

If you wish not to be included in this publications, please let us know (see section “Questions and Requests” on page 15).

6.13 Enquiry Data

We may disclose your enquiry data to Installation Partners and selected Third Party suppliers of goods and services for the purpose of enabling them to contact you so that they can offer, market and sell to you relevant goods and/or services.  Each such Third Party will act as a data controller in relation to the enquiry data that we supply to it; and upon contacting you, each such Third Party will supply to you a copy of its own privacy policy, which will govern that Third Party’s use of your personal data.

6.14 Publication

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

6.15 Others

In addition to the specific disclosures of personal data set out in this Section , we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

 

  1. International transfers of your personal data

In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

7.1 General

We may disclose your personal data, as described in the section 6, “Providing your Data to Others”, to entities outside the EEA, provided the transfer is protected by appropriate safeguards, namely:

  • the use of standard data protection clauses adopted or approved by the European Commission
  • participation to the EU-US Privacy Shield
  • binding corporate Rules
  • your explicit consent

For detailed information about these transfers and the safeguards, please contact us by email, as described in section “Questions and Requests” on page 15.

New Group Members

In case Nexxtlab establishes new international group member companies, joint ventures, or similar, Nexxtlab may transfer personal data to these entities. This data transfer will be protected by the appropriate safeguards for international transfers.

Integrated Third Party Services

As explained above, the Nexxtlab Smartbirds Services allow the user to connect and integrate his or her account with Third Party Services. The use of these services may require that personal data will be transferred to countries outside the European Union, where data privacy protection cannot be assured.

In these cases, at the time that a user activates the connection to an integrated Third Party Service, Nexxtlab informs the user about the possible risk of such transfers and obtains the consent of the user for such a transfer.

Examples of those services:

  • IFTTT

 

Remote Access

As explained above, the Nexxtlab Smartbirds Services provide various way to access your data remotely, such as the “Developers API”. 

As explained in section 10, “How you can help to keep your personal data secure”, Nexxtlab will provide access to your data to anyone who has access to your password or other access credentials during the authentication process.

The party who gains this type of access to your data may be located outside the EU, where no data protection laws may apply and where the protection of your personal data cannot be assured.

For that reason, the user is not allowed to share the password or other access credentials with anyone else.

 

  1. Retaining and deleting personal data

This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

In case you wish to delete the personal data related to your Nexxtlab Smartbirds Services, please use the function “Delete All My Data” in the Nexxtlab App. If you require assistance, please contact Nexxtlab Support.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary or reasonable for that purpose or those purposes. We may retain personal data longer than this period if it is in our legitimate interest and not prohibited by law.

Notwithstanding the other provisions of this Section , we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

 

  1. Information Security

Nexxtlab is committed to high standards of information security when handling the data of our customers.

We implement reasonable and appropriate security measures to protect your personal data from unauthorized access, disclosure or destruction.

All communication between your Nexxtlab devices and the Nexxtlab cloud is encrypted by strong encryption protocols.

We use computer safeguards, such as firewalls and data encryption.  We allow access to personal information only for employees that require it to fulfil their job.

 

  1. How you can help to keep your personal data secure

10.1 Do Not Share your Password

Your user account of the Nexxtlab App and the Nexxtlab Dashboard website is protected by your personal password.

Anyone who has access to or can guess your user name and password may get access to your personal data of your user account.

This may result in the transfer of your personal data to third parties, inside or outside the European Union, and you may lose any protection that the European Data Protection Laws provide.

Do not share your password of your user account with anyone else!

10.2 Share your App Data with Trusted Persons Only

The Nexxtlab App allows you to share the measurement data of your smart-meter with other users.  When shared, the other users have full access to your personal data.

You can revoke this sharing at any time using your App.

Use this feature only to share your data with people you trust.

 

10.3 Protect your Local Network

The Nexxtlab Smartbirds use secure protocols with strong encryption when communicating with the Nexxtlab cloud over the internet.

Still, the Nexxtlab Smartbirds, as well as the other Nexxtlab Smartbirds Devices, are intended and designed to be used and operated in secure private local networks.  An unauthorized or untrustworthy intruder to your local network may compromise the security of all your connected systems, including the Nexxtlab Smartbirds, and gain unauthorized access to your personal data.

We strongly recommend to protect your local network and Wi-Fi network.

 

  1. Your rights

In this Section, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

You may exercise any of your rights in relation to your personal data by written notice to

Nexxtlab SA 12 Avenue du Swing 4367 Belvaux Luxembourg

or by contacting us by email, as described in section “Questions and Requests” on page 15.

Your principal rights under data protection law are:

  1. the right to access
  2. the right to rectification
  3. the right to erasure
  4. the right to restrict processing
  5. the right to object to processing
  6. the right to data portability
  7. the right to complain to a supervisory authority
  8. the right to withdraw consent

11.1 The right to access

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. 

11.2 The right to rectification

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

11.3 The right to erasure

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

11.4 The right to restrict processing

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

11.5 The right to object to processing

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

11.6 The right to data portability

To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

11.7 The right to complain to a supervisory authority

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

11.8 The right to withdraw consent

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

 

  1. Amendments

We may update this policy from time to time by publishing a new version on our website.

You should check this page occasionally to ensure you are happy with any changes to this policy.

 

  1. Questions and Requests

If you are a user of a Nexxtlab product and have any requests regarding your personal data, or

if you would like to exercise your rights, or

if you wish to update the information we have about you or your preferences,

please contact us here:

support@Nexxtlab.com

 

  1. Data Protection Officer

If you have any questions or comments regarding the Nexxtlab Privacy Policy, or your rights regarding your personal data, please contact our Data Protection Officer:

Olivier Piraux

Data Protection Officer

Olivier.piraux@nexxtlab.lu

Nexxtlab SA 12 avenue du Swing 4367 Belvaux, Luxembourg

 

 

Effective Date: 01-01-2020