Privacy notice

Your privacy is important to WiZ.


We have drafted this Privacy Notice (also referred to as "Notice") in an easy and comprehensible way in order to help you understand who we are, what personal data we collect about you, why we collect it, and what we do with it. Keep in mind that personal data (in this Notice also referred to as "Personal Data" or "your data") means any information or set of information from which we are able, directly or indirectly, to personally identify you, in particular by reference to an identifier, e.g. name and surname, email address, phone number, etc.


We strongly encourage you to take some time to read this Notice in full.
If you do not agree to this privacy notice, please do not provide us with your data.

Who is WiZ?

Formed in 2015, WiZ has been a lighting software solutions company based in Hong Kong with an international team of highly skilled software, hardware, firmware and backend engineers ("we" or "us"). Our headquarters are in Hong Kong. WiZ is a wholly owned subsidiary of Signify N.V. since 2019.


Please keep in mind that since WiZ is an international company, this Notice may be replaced or supplemented in order to fulfil local requirements, as well as in order to provide you with additional information on how we process your data through specific WiZ products, services, systems or applications.


In order to receive information about your Personal Data, the purposes, the parties the Personal Data is shared with, questions, concerns or compliant, contact the Owner.

Owner and Data Controller

WIZ CONNECTED LIGHTING COMPANY LIMITED, ENTERPRISE SQUARE - TOWER 2, 20TH FLOOR, 9 SHEUNG YUET ROAD - KOWLOON BAY - HONG KONG


Owner contact email: privacy@wizconnected.com

When does this Privacy Notice apply?

This Notice covers how we collect and use your data e.g. when you:

  • Visit or use our consumer and customer-directed (Pro and/or OEM) websites, applications or social media channels;

  • Purchase and use our products, services, systems or applications;

  • Subscribe to our newsletters;

  • Provide to us your (sample) goods;

  • Contact our consumer and customer support;

  • Join our business events;

or otherwise interact with us in your capacity as consumer, business customer, partner, (sub) supplier, contractor or other person with a business relationship with us.

Types of Data collected

Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, application based, over the phone, etc.) we may process different data about you. We may collect your Personal Data, for example, when you visit or use our consumer and customer-directed websites, applications or social media channels, purchase and use our products, services, systems or applications, subscribe to our newsletters, download a software update, provide to us your goods or services, contact our customer or consumer support, join our business events, participate to our contests, promotions and surveys or otherwise interact with us.


Depending on your privacy choices, your products, or your use of our services, we might process the following data:


WiZ Products:

  • Unique identifiers and configuration of products

  • Product usage and diagnostic information


WiZ Apps:

  • Your integrations

  • Home ID

  • Language preference

  • Timezone and country code

  • Your Guests settings (members)

  • Your device information (e.g. device operating system version)

  • Unique identifiers and configuration of products

  • Usage and diagnostic analytics (e.g. log information and location data)


WiZ Website:

  • Language preference

  • Timezone and country code

  • Usage and diagnostic analytics (e.g. log information and location data)


If you interact with us through Network Services (‘NS’) we might process your personal information in accordance with this Privacy Notice. What data we collect from and through a NS may depend on the privacy settings you have set with the NS and the permissions you grant to us in connection with linking your account with our products or services to your account with an NS. Your interactions with third parties through an NS or similar features are governed by the respective privacy policies of those third parties and your agreement with the NS. You represent that you are entitled to use your NS account for the purposes described herein without breach by you of any of the terms and conditions that govern the NS. If you wish to prevent our websites and apps from recording your activity, you can opt out.


The owner does not provide a list of Personal Data types collected.
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by you, or, in case of Usage Data, collected automatically when using this Application.
Unless specified otherwise, all data requested by this Application is mandatory and failure to provide this data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some data is not mandatory, you are free not to communicate this data without consequences to the availability or the functioning of the Service. If you chose not to provide your data to us, we might not be able to respond to requests you might have.
If you are uncertain about which Personal Data is mandatory please to contact the Owner.

Mode and place of processing the Data

Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.


Legal basis of processing
The Owner may process Personal Data relating to you if one of the following applies:

  • You have given your consent for one or more specific purposes. Note: Under some legislation the Owner may be allowed to process Personal Data until you object to such processing ("opt-out"), without having to rely on consent or any other of the following legal bases;

  • Processing is necessary for the performance of an agreement with the you and/or for any pre-contractual obligations thereof;

  • Processing is necessary for compliance with a legal obligation and to establish, exercise of defend legal claim to which the Owner is subject;

  • Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;

  • Processing is necessary for the purposes of the legitimate interests pursued by the Owner, including but not limited:

    • Ensuring that our networks and information are secure;

    • Administrating and generally conduct business within our company; and

    • Preventing or investigating suspected or actual violations of law, breaches of a contract, or non-compliance with the WiZ policies.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.


Place
The data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.


Due to our global nature and depending on the your location, data transfers may involve transferring the your Personal Data to a country other than your own, if this is necessary for the fulfillment of the purposes described in this Notice. If you are located in a country member of the European Economic Area, we may transfer your data to countries located outside of the European Economic Area. Some of these countries are recognized by the European Commission as providing an adequate level of protection. With regard to transfers from the European Economic Area to other countries that are not are recognized by the European Commission as providing an adequate level of protection, we have put in place adequate measures to protect your data, such as organizational and legal measures (e.g. binding corporate rules and approved European Commission standard contractual clauses).To find out more about the place of processing of such transferred data, you can check the section containing details about the processing of Personal Data in this Notice or inquire with the Owner using the information provided in the contact section.


Retention time
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Owner and you shall be retained until such contract has been fully performed.

  • Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. You may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this Notice or by contacting the Owner.

The Owner may be allowed to retain Personal Data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.


Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Your responsibility

We would like to remind you that it is your responsibility to ensure, to the best of your knowledge, that the data you provide us with, are accurate, complete and up-to-date. If you share with us data of other people (e.g. give access to a friend to control your lights in your house) it is your responsibility to collect such data in compliance with local legal requirements. For instance, you should inform such other people, whose data you provide to us, about the content of this Notice and obtain their consent.

Your rights and how to exercise them

We encourage you to take control of your Personal Data. You may exercise certain rights regarding your Data processed by the Owner. In particular, you have the right to do the following:

  • Withdraw your consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Data.

  • Object to processing of your Data. You have the right to object to the processing of your Personal Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.

  • Access your Data. You have the right to learn if your Personal Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of your Personal Data undergoing processing.

  • Verify and seek rectification. You have the right to verify the accuracy of your Personal Data and ask for it to be updated or corrected.

  • Restrict the processing of your Data. You have the right, under certain circumstances, to restrict the processing of your Personal Data. In this case, the Owner will not process your Personal Data for any purpose other than storing it.

  • Have your Personal Data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of your Personal Data from the Owner.

  • Receive your Data and have it transferred to another controller. You have the right to receive your Personal Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Personal Data is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.

  • Lodge a complaint. You have the right to bring a claim before your competent data protection authority.

We will do our best to address your request in time and free of charge, except where it would require a disproportionate effort. In certain cases, we may ask you to verify your identity before we can act on your request. If you are unsatisfied with the reply received, you may then refer your complaint to the relevant regulator in your jurisdiction.


Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, you may object to such processing by providing a ground related to your particular situation to justify the objection.


You must know that, should your Personal Data be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this Notice.

Cookie policy

This Application uses Cookies. To learn more and for a detailed cookie notice, the User may consult the Cookie Policy.


Do we collect data from children?
We do not intentionally collect information from children under the age of 16.

  • Special note to children under the age of 16: if you are under the age of 16, we advise that you speak with and get your parent or guardian’s consent before sharing your data with us;

  • Special note to parents of children under the age of 16: we recommend you to check and monitor your children's use of our products, systems, services, applications (including websites and other digital channels) in order to make sure that your child does not share personal data with us without asking your permission.

Additional information about Data collection and processing

Legal action
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.


Additional information about User's Personal Data
In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.


System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.


Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.


How "Do Not Track" requests are handled
This Application does not support "Do Not Track" requests.
To determine whether any of the third-party services it uses honor the "Do Not Track" requests, please read their privacy policies.


Changes to this privacy policy
The Owner reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page and possibly within this Application and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.


Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.

California Privacy disclosures

The California Consumer Privacy Act (‘CCPA’) provides California consumer residents with specific rights regarding their personal information. In additional to the above this section describes your CCPA rights and explains how to exercise those rights.


The following is not applicable to de-identified or aggregated personal information or data publicly available.


Information we collect
In the execution of our services and/or when visiting our Website we collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (defined as "data"). In particular, we have collected the following categories of data from our consumers within the last twelve (12) months:


Category

Examples

Collected

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.


Some personal information included in this category may overlap with other categories.

NO

C. Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

NO

D. Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

YES

G. Geolocation data

Physical location or movements.

YES

H. Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

YES

I. Professional or employment-related information

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES


We disclose your data for a business purpose to the following categories of third parties:

  • Service providers.

  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.


Data from children?
We do not intentionally collect information from children under the age of sixteen (16) years as we do not offer services to them. Parent who set up a profile holding information about children under the age of sixteen (16) years can only do so by granting parental consent which consent choices can be changed by the adults in the family. We do not direct services to children under the age of thirteen (13) years old. As a result, thereof we do not knowingly process data or information from children under thirteen 13 years old.


Do not sell?
We do not respond to "Do Not Sell" requests as we do not track your data across third party websites, nor do we sell your data to third parties to provide targeted advertising. Nonetheless, we aim to make your online experience and interaction with our websites as informative, relevant and supportive as possible. One way of achieving this is to use cookies or similar techniques, which store information about your visit to our site on your computer. For more information on how we use cookies and other tracking technologies, read our Cookie Notice (see section "How do we use cookies and other tracking technologies").


Your rights?
"Right to Know": You have the right to request that we disclose to you what personal information of yours that we collect, use, and/or disclose.
"Right to Delete:" You have the right to request the deletion of your personal information collected or maintained by us.


If you have questions about the foregoing or how to execute your Right to Know and/or Right to Delete in our Privacy Notice or specifically with regard to categories and specific pieces of data processed, categories of sources from which your data is collected by us, categories of third parties with whom we share your data in the preceding 12 months of its collection and the business or commercial purpose for collecting please contact our Privacy Office (see section "What are your choices?"). You may also make a verifiable request to exercise your rights by contacting us via the toll-free telephone 1-800-555-0050.


If we cannot verify if you are the California consumer making the request is the consumer about whom we have collected information (or is authorized to act on your behalf) we have the right to deny requests. While verifying your identity we shall generally avoid requesting additional information from you for purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information from you, which shall only be used for the purposes of verifying your identity while you are seeking to exercise your rights under the CCPA, and for security or fraud-prevention purposes. We shall delete any new personal information collected for the purposes of verification as soon as practical after processing your request, except as required to comply with applicable legislation.


An "Authorized agent" means a natural person or a business entity registered with the Secretary of State that a consumer has authorized to act on your behalf and conditioned you have:

  1. Provided the authorized agent written permission to do so and we could verify this; and

  2. Verified your own identity directly with the business.


Subsection 1 does not apply when you have provided the authorized agent with a valid power of attorney.


We endeavor to timely respond to a verifiable individual, free of charge and in a portable format unless it is excessive, repetitive or material unfounded. If we require more time, we will inform you of the reason thereof and extension period in writing.


Non-Discrimination
We will not discriminate against you for exercising your rights under the CCPA. Unless permitted by applicable regulations, we will not charge different prices or rates, deny products or services, provide different products or services or level of quality and/or suggest you may receive the foregoing mentioned.


However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your data’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Definitions and legal references

Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.


Usage Data
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.


Data Subject
The natural person to whom the Personal Data refers.


Data Processor
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.


Data Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.


Application
The means by which the Personal Data of the User is collected and processed.


Service
The service provided by this Application as described in the relative terms (if available) and on this site/application.


European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.


Legal information
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy relates solely to this Application, if not stated otherwise within this document.

Latest update: January 3, 2020