We are proud to comply with the requirements of the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). GDPR is a comprehensive European data protection law that sets the new global standard regarding your personal information.
We offer services to our users, through our:
- Website chipolo.net (the “Website”);
- Website app.chipolo.net (the “Web app”);
- Website support.chipolo.net (the “Support Center”);
- Chipolo mobile application (the “Chipolo app”);
- Social media pages;
- Other associated services that we provide both online and offline.
Services listed above are collectively referred to as the “Services”.
Chipolo d.o.o., Gabrsko 12, 1420 Trbovlje, Slovenia and its fully owned subsidiary Chipolo Inc, Schissel Smallberg 450 7th Ave #2710, NY 10123, USA are the responsible parties and data controllers with respect to personal information collected through the Services. If you want to exercise any of your rights in relation to our processing of your Personal Information, Chipolo d.o.o. shall be the responsible party.
Our primary goals in using your data and information are to create your account, provide Services to you, improve our Services, contact you, conduct marketing and research and create anonymous statistical reports for internal use.
If you do not agree to these terms, please do not use the Service.
For general information and privacy questions please feel free to contact us via [email protected].
How we collect and use your information
Placing an Order
When you place an order on our website, you’ll need to provide an email address, a first and last name, and a shipping and billing address and any other information you voluntarily give to us.
In order to complete your order on our website, you’ll need to provide payment information, such as your credit card, PayPal account, Apple Pay or Google Pay. This information is needed in order to process your order and is not stored on our servers but servers of our 3rd party providers:
Registration for the use of our Services
You can register for the use of our Services by manually creating a Chipolo account or by using an existing social network account, such as Facebook or Google, to create one.
When creating a Chipolo account, you’ll need to provide a display name, a valid email address and a password. You can choose whether or not your display name includes your first and/or last name.
When using an existing social network account, we obtain your profile information and your email address from this account. The information we get from social networks often depends on your settings or their privacy policies, so be sure to check what those are.
We do not identify you personally to other users or make your account information available to any third parties in any way that could identify you without your prior consent.
Information from your use of our Services
Chipolo ID and name
When you activate Chipolo using the Chipolo app, that Chipolo’s unique identifier (or Chipolo ID) will be associated with your account. If you choose to name your Chipolo, this information will also be associated with your account.
Chipolo is designed to tell you where your items are. In order to do that, it’s necessary to collect data about your location. We use the term “Location Information” to refer to the combined location data of your phone or device, and your Chipolo.
While the app is running on your device, it periodically transmits your Location Information (even while running in the background). This allows us to show you, on your map, the last place your Chipolo was seen by your device. It is one of the primary ways Chipolo helps you find your lost items.
We may also collect and update location information for your Chipolo(s) "anonymously" (i.e., we will not disclose your identity to the other user and not disclose the other user's identity to you) from other Chipolo users who are running the app within Bluetooth range of your device. We do this to provide you with the most recent and accurate location of your Chipolos, even if they are out of your devices’ Bluetooth range. The Location Information associated with your Chipolo(s) is never made available to these users.
If you use a computer, phone, or other device in relation to the Services, we use the IP address of that computer or device to determine an approximate location. We do this so that we can provide you with a better, more-personal experience.
We may also use your Location Information to promote the Services or provide you with personalized offers. However, your Location Information is never shared with other users unless you choose to share it through our Services.
These days, whenever you use a website, mobile application, or other internet service, there’s certain information that almost always gets created and recorded automatically. The same is true when you use our Services. We track how, and how often you use our Services. We also collect certain information that your mobile device sends when you use them for Services. This includes information such as your device’s model, operating system type and version, and the dates and times of your requests. We use this information to provide you with optimal Services and customer support, and to collect anonymous statistics that helps us understand our user base.
Information collected through Chipolo’s Support Services
We provide support services via live chat on our website, email request submissions, recorded inbound and outbound telephone calls and direct email. We collect Personal Information you may have to provide to our customer care team in the process. This includes, but is not limited to: your name, email address, phone number, and mailing address. In the absence of such data, we cannot provide you with Support Services. We may use and process your Personal Information, including Location information, to handle your support request and provide you with the best support possible, including quality assurance control.
Purposes of Data Processing
- Operate and Improve our Service:
- Fulfill your online orders and enable registration for the use of our Service;
- Understand you and your preferences to enhance and customize your experience and enjoyment using our Service;
- Respond to your comments and questions and provide support service;
- Send you Service related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;
- Any other processing necessary for the performance of a contract with you.
- Ensure physical, network and information security and integrity:
- This is necessary for our legitimate interest of ensuring that our IT systems and networks are secure and uncompromised, including, for example, backup and archiving, preventing malware, viruses, bugs or other harmful code, preventing unauthorised access to our systems, and any form of attack on, or damage to, our IT systems and networks.
- Deliver marketing and promotional information:
- Communicate with you about our offers, promotions, rewards, upcoming events, and other news about our Services and products only upon your explicit consent.
- For statistical and research purposes:
- We will anonymize your data and use them for our legitimate interests of processing Personal Information for research purposes, including market research, better understanding of our respective customers, and tailoring our respective products and Services to their needs;
- Sharing aggregated data with business partners.
- For purposes of tracking your Location Information:
- We will always store your last known location to operate our Services;
- We will store your historical Location Information and use it for improving and personalizing our Services only upon your explicit consent.
- For compliance and legal purposes:
- Indicating possible criminal acts or threats to public security to a competent authority. This is necessary for our legitimate interest of promoting the success of our business, preventing crime, for compliance with a legal obligation to which we are subject;
- In connection with any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest of promoting and ensuring the success of our business, resolving disputes and making such disclosures as are required by law or which we consider, acting reasonably, are required by law.
- For business or share sale purposes:
- In connection with disclosure requests and in the case of a business or share sale or sale or purchase of a business and/or assets, whether actual or potential. This is necessary for our legitimate interests of selling and/or ensuring and promoting the success of our business.
How we may share your Personal Information with third parties
We may share your data (including Personal Information) with our affiliates or Data Processing Partners, which are:
- IT Services and Infrastructure Providers
- Order Fulfillment Services
- Analytics Providers
- Third Party Advertising Providers
- Referral Program Partners
This list may change from time to time. We may share information that can be used to personally identify your device (e.g. persistent identifiers such as IDFA, IDFV, advertising ID and IP address) for the purposes of delivering our Services, displaying advertisements, conducting analysis and research and for measuring our Data Processing Partners’ advertising campaign performance.
We cannot guarantee that the Data Processing Partners will adhere to the contractual obligations or acceptable business practices. We strive to protect the information provided to our Data Processing Partners. We have no direct control over their use of the collected information. Therefore you acknowledge that we are not liable for any third-party privacy breach and that our liability for Data Processing Partners is limited to the amount we are able to receive as indemnification from Data Processing Partners.
We may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; investigate fraud, respond to a government request, enforce or apply our rights; or protect the rights, property, or safety of us or our users, or others. This includes exchanging information with other companies and organizations for fraud protection.
Cookies and similar technologies
Your rights in relation to your data
You have the following rights in relation to your personal information, which you can exercise by writing to the following address [email protected]:
- To request access to your personal information and information related to our use and processing of your personal information;
- To request the correction or deletion of your personal information;
- To request that we restrict our use of your personal information if technically viable;
- To receive personal information which you have provided to us in a structured, commonly used and machine-readable format (e.g. an Excel spreadsheet) and the right to have that personal information transferred to another data controller (including a third party data controller);
- To object to the processing of your personal information for certain purposes (for further information, see the section below entitled “Your right to object to the processing of your personal information for certain purposes”);
- To withdraw your consent to our use of your personal information at any time where we rely on your consent to use or process that personal information. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal information on the basis of your consent before the point in time when you withdraw your consent.
You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of Slovenia, is the Information Commissioner, the contact details of which are available here: https://www.ip-rs.si
For further information about your rights in relation to your personal information, including certain limitations, which apply to some of those rights please see Articles 12 to 23 of the General Data Protection Regulation (GDPR), which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf.
We will respond to your access request within a reasonable timeframe.
We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
Your right to object to the processing of your data for certain purposes
You have the following rights in relation to your personal information, which you may exercise in the same way as you may exercise the rights in the preceding section (Your rights in relation to your personal information):
- To object to us using or processing your personal information where we use or process it in order to carry out a task in the public interest, where we do so in the exercise of official authority or for our legitimate interests, including “profiling” (i.e. predicting your behaviour based on your personal information) based on any of these purposes;
- To object to us processing your personal information for direct marketing purposes (including any automated evaluation we make about you or any of your characteristics as a person, to the extent that it is related to such direct marketing).
You may also exercise your right to object to us using or processing your personal information for direct marketing purposes by:
- Clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions, which appear in your browser following your clicking on that link; or
- Sending an email to [email protected] asking that we stop sending you marketing communications.
Whenever you object to direct marketing from us by a different communication method to that of the marketing communications you have received from us, you must provide us with your name and sufficient information to enable us to identify you in relation to the communications you have received.
We take appropriate technical and organisational measures to secure your personal information and to protect it against unauthorised or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, your personal information, including:
- Only sharing and providing access to your personal information to the minimum extent necessary and subject to confidentiality restrictions;
- Training our employees about the importance of confidentiality and maintaining the privacy and security of your information;
- Committing to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities;
- Updating and testing our security technology on an ongoing basis;
- Using secure server providers to store your personal information;
- Requiring proof of identity from any individual who requests access to personal information.
Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
We retain your information:
- For as long as you have not deleted your account;
- For any legal obligation to continue to process your information, such as any record-keeping and tax obligations imposed by applicable law or whether we have any legal basis to continue to process your personal information, such as your consent;
- To retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
As indicated above we will store your information for no longer than necessary. When information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at [email protected].
Our policy regarding children
We do not knowingly collect or solicit personal information from or direct or target interest based advertising to anyone under the age of fourteen (14) or knowingly allow such persons to use our Services. If you are under 14, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 14 may provide any Personal Information. In the event that we learn that we have collected personal information from a child under age 14, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the age of 14, please contact us at [email protected].
When we transfer your personal information outside the European Economic Area, the country to which it is transferred will either be subject to an adequacy decision by the European Commission, or if not (or if we transfer your personal information to an international organisation), we will ensure that the transfer takes place on the basis of one or more of the following safeguards:
- Data protection policies adhered to by the data controller and other companies and entities within our corporate group from time to time, which comply with applicable laws, known as “binding corporate rules” or “BCRs”;
- Standard data protection clauses adopted by the European Commission or adopted by the Information Commissioner and approved by the European Commission in accordance with relevant law;
- A code or codes of conduct produced by an association or other body approved by the Information Commissioner;
- An approved certification mechanism (such as the EU-US Privacy Shield); or
- Where authorised by the Information Commissioner, contractual clauses between the data controller or processor and the data controller, processor or recipient of the personal information in the third country or international organisation.
Data protection officer
Our data protection officer is Vesna Stanković - ITLAW, legal consultancy, Vesna Stanković s.p., Kotnikova ulica 34, 1000 Ljubljana.
You can get in touch with our DPO at [email protected] or [email protected].
If you have any questions or concerns about our data privacy practices, or if you have any requests for resolving issues with your personal information, please contact us at [email protected]. Customer support is available in English language.