RMI - Remote Monitoring Interface
PRIVACY

In compliance with EU Regulation 2016/679 (the European General Data Protection Regulation, hereinafter the "GDPR"), Mitsubishi Electric Europe B.V., with registered office at Capronilaan 46, 1119 NS Schiphol-Rijk , Holland, and branch office at Viale Colleoni no. 7, Centro Colleoni, Palazzo Sirio, Agrate Brianza, Italy, (hereinafter the "Company", "us" or " our"), as the Data Controller, is committed to protecting the privacy of users.

This privacy policy (the "Privacy Policy") is provided by the Company pursuant to article 13 of the GDPR solely to inform users that we process personal data in compliance with the GDPR and in accordance with the principles of lawfulness, fairness and transparency and the rights of data subjects within the context of providing the products and services referred to in the website dedicated to the RMI (hereinafter call the " Site") and the RMI App which can be downloaded, free of charge, to a mobile device from the Apple App Store and Google Play (the " App")

This Privacy Policy should be read carefully before browsing the Site and before using the App.

THE SERVICE (RMI SITE/APP)

The main purpose of the Site/App is to allow users, who have registered using the appropriate form, to access and to use the Company's RMI (Remote Monitoring Interface) services. Once registered, users can download the App to their mobile device and use the RMI services, not only through a web browser, but also directly from their device, accessing them with the same credentials used for the page dedicated to their services.

This Privacy Policy describes how the Company collects, uses and shares personal data obtained as a result of users registering at and using the Site.

Since the Company reserves the right to add new functionalities to or to remove any functionality from the Site/App and to modify the RMI services and/or products at any time, the Privacy Policy may be updated by the Company at any time and the Company will notify users of any changes made to it.

Since the Site/App can allow access to websites owned and operated by third parties, it should be noted that this Privacy Policy does not apply to such third-party websites and the Company is not responsible for such third parties for the protection of personal data.

PERSONAL DATA

Personal Data processed : «personal data»: means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (C26, C27, C30)

Site Registration.

To use the RMI services, the user must log in for the first time by using the link in the email sent by the Company following a request by the user to activate the RMI services. Once logged in, the user must enter his/her personal data in the registration form and choose a password for subsequent use. The user will also be asked to accept the RMI general terms and conditions of use as well as this Privacy Policy and, in this way, will become a registered user, able to use the RMI services including through the App. Registration can only be done via the Site.


Personal data processed

The Company may collect the following personal data:

• the user's first name and last name,

• the user's domicile or residence address,

• the user's email address,

• details of the RMI services and/or products for which information is requested

• location

Data can be collected by the user voluntarily entering it on the Site/App during registration or, for example, when the user contacts the Company to request information about the RMI services and products. In the event that the user provides personal data concerning a third party, he/she must do whatever is necessary such that sending this personal data to the Company and the subsequent processing of it, for the purposes specified in this Privacy Policy, take place in compliance with applicable legislation. Therefore, for example, before providing the Company with personal data that concerns a third party, the user must inform the third party and must obtain their consent to their personal data being processed, if required by the aforementioned legislation.


Navigation data.

Navigation data includes all data automatically collected through the Site and covers, for example, the types of actions performed by the user on the Site and how the user is using the Site. In addition, the Company may automatically record the user's IP address (i.e. the unique address that identifies the user's device on the internet), which is automatically recognised by our server. Navigation data is only used to obtain anonymous statistical information on how the Site is used and to monitor its proper functioning. Navigation data is deleted immediately after being processed. This data can also be used to ascertain responsibility in the event of a computer crime against the Site or to protect our rights.


Consumption data

The RMI system allows mobile remote management of the user's air conditioning and heating system.

It monitors the performance of equipment, programs functionalities, consults the performance, verifies system consumption and operating status.

1. The DATA CONTROLLER, pursuant to articles 4 and 24 of EU Regulation 2016/679, is Mitsubishi Electric Europe B.V., with registered office at Capronilaan 46 1119NS Schiphol-Rijk, Holland, and branch office at Viale Colleoni no. 7, Centro Colleoni, Palazzo Sirio, Agrate Brianza, Italy, in the person of its legal representative, and contactable via email at privacy@it.mee.com

2. The DATA PROTECTION OFFICER (DPO), pursuant to articles 37 - 39 of EU Regulation 2016/679, duly appointed by the Company, may be contacted at MEU.DMO@mecc.mee.com

3. PURPOSE AND LEGAL BASIS OF PROCESSING

PURPOSES

LEGAL BASIS

A. The Company processes a user's personal data in order to allow the same to register with the Site/App and to use the RMI services/products purchased through the Site and/or the App and in order to respond to or to meet a request made by a user with reference to the RMI services/products including via the App's "help" section.

The Company processes personal data for these purposes in order to execute a contract/service and/or pre-contractual measures adopted following a request from the user.

B. The Company processes a user's personal data in order to ensure that the Site and the App are up to date and meet the needs of users, to analyse, review and improve the RMI services/products on the Site/App, to provide a user-friendly Site/App browsing experience, to ensure compliance with the Site's/App's terms and conditions of use, the security of the Site/App and its users and to protect the Company's rights and assets. The information used for this purpose will remain strictly anonymous and will not be used to identify any user nor will it be aggregated with a user's personal data.

The Company processes personal data for these purposes in order to pursue its legitimate interest in protecting its assets, its business, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of the data subject based on his/her relationship with the controller

C. The Company processes a user's personal data in order to comply with domestic or EU legal obligations or regulations.

The Company processes personal data for these purposes in order to comply with a legal obligation.


4. THE NATURE OF THE PROVISION OF THE DATA AND THE CONSEQUENCES OF ANY REFUSAL TO PROVIDE IT

Providing data for the purposes referred to in points 3.A, 3.B and 3.C is necessary and if a user refuses to provide such data, it will be impossible for the Company to perform its contractual/service obligations and to provide the user with the functions, services and information requested as specified above.

5. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF DATA

Personal data will be sent to recipients who will process the data as processors (article 28 of EU Regulation 2016/679) and/or as natural persons acting under the authority of the Data Controller and the Data Processor (article 29 of EU Regulation 2016/679), for the purposes listed above. Specifically, data will be sent to:

Companies in the Mitsubishi Group . The Company communicates personal data concerning users to the subsidiaries, affiliates and parent companies of the Mitsubishi Electric Group, where necessary, to pursue the purposes described in this Privacy Policy.

Service providers . The Company shares user's personal data with service providers acting as processors or Data Controllers, in order to make using the service possible and/or in order to make receiving the services through the Site/App possible. By way of example, such recipients may include professionals who provide technical, commercial or administrative consultancy services to the Company in the pursuit of its activities and the purposes described in this Privacy Policy, companies that provide management or maintenance services for the IT infrastructure on which the Site/App is based.

The list of Data Processors is constantly updated and is available from the registered office indicated above or by contacting the Data Controller at privacy@it.mee.com.

Third parties in compliance with a legal obligation or to protect the Company's rights . Personal data concerning users may be communicated to institutions, law enforcement agencies, judicial authorities, administrative authorities, regulatory or public security authorities, within the framework of legal or administrative proceedings, or in order to comply with a legal obligation or to protect our rights, including in a court of law.

6. DATA CONCERNING MINORS

The Company does not intentionally collect nor store personal data concerning individuals under the age of 18, nor does it intentionally allow such minors to use the Site and/or the App.

People under the age of 18 are kindly requested not to register with the Site/App and not to provide any personal data.

7. TRANSFERRING DATA TO A COUNTRY OUTSIDE OF THE EU

The Company may need to transfer users' personal data to countries outside of the European Union in order to provide services to users and to pursue the other purposes indicated in this Privacy Policy. Before transferring data outside of the European Union, the Company will take appropriate precautions, including contractual ones, as provided for by applicable privacy legislation, in order to ensure the protection, security and confidentiality of the personal data being transferred. Data will be transferred on the basis of articles 44 et seq. of EU Regulation 2016/679 and, specifically, to third countries or international organisations that have provided appropriate safeguards and where the data subject has enforceable rights and effective legal remedies (article 46 of EU Regulation 2016/679). The data subject may obtain information regarding the safeguards for transferring personal data to a country outside of the EU by emailing privacy@it.mee.com.

8. DATA RETENTION

The Company retains personal data concerning users for the time strictly necessary to provide the RMI services or to achieve the purposes for which this data was collected, or in compliance with legal obligations:

-for example, we retain the personal data needed to exercise our right of defence in the event of a legal dispute, such as the personal data relating to the provision of a service, for up to a maximum of 10 years from the date on which the service is terminated;

- data relating to notices will be kept for 6 months;

- accounting data will be kept for 24 months;

- if the App is not used for a period of 15 months, the Company will send an alert regarding the subsequent storage of personal data;

- personal data concerning users will, in any case, be kept for a maximum of 10 days following the termination of the service.

Once these terms expire, personal data will be deleted or rendered anonymous.

9. COOKIES

With regard to information concerning cookies, refer to the specific cookies policy .

10. DATA SECURITY

The Company has adopted and will continue to adopt appropriate security measures to safeguard the confidentiality of users' personal data. However, due to the nature of the internet, continuous technological advances and other factors beyond our control, the security of data sent via the internet cannot be fully guaranteed. We cannot, therefore, ensure nor guarantee the security of the data and information that users send to us and users acknowledge and agree that sending data over the internet is at their own risk. Users are also advised to take appropriate precautions when using the Site and the App, such as, for example, keeping access credentials strictly confidential and changing them periodically.

11. THE DATA SUBJECT'S RIGHTS

Pursuant to articles 15 et seq. of the GDPR, the user has the right to access the personal data that concerns him/her and that is held by the Company, as well as to have this data rectified or deleted. The user also has the right to oppose, or restrict, certain types of processing (including the right to oppose processing based on legitimate interest), as well as to receive the personal data that concerns him/her in a structured, commonly used, machine-readable format (the right to data portability) and not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or which otherwise significantly affects him/her, unless the decision is necessary to conclude or execute a contract/service between the data subject and the controller, or is authorised by European Union or domestic law, or the data subject has given his/her consent. Finally, the user has the right to lodge a complaint with a competent Supervisory Authority. Exercising the above rights is not absolute and, in the cases established by applicable law, may be delayed, restricted or excluded with justified notification made without delay, where applicable, as in the cases established by article 2-undecies introduced by the Italian Privacy Code 196/2003 as harmonised with the GDPR with Italian Legislative Decree 101/2018.

Furthermore, exercising a right by a data subject has no cost but in the event that we consider exercising such a right to be manifestly unfounded or excessive, we reserve the right to charge the data subject who makes such a request a reasonable processing fee. To exercise a right, as well as to request information or seek clarification regarding this Privacy Policy, users may contact the Data Protection Officer ("DPO") duly appointed by the Company at privacy@it.mee.com.

Updated: 07.10.2019