Privacy Policy - Kasa Smart Home

This Privacy Policy ("Policy") by TP-Link Research America Corporation located at 245 Charcot Avenue, San Jose, CA 95131, USA and its representative TP-Link UK Ltd., Unit 2 & 3 Riverview (142-144), Cardiff Road, Reading, RG1 8EW, UK ("TP-Link", "we", "our") inform you about the personal data we collect when you use the Kasa Smart Home Devices and Services.

Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.

Kasa Smart Home

Kasa Smart Home is our product line for smart home devices. These devices include our Smart Home Routers, Kasa Cam, Smart Wi-Fi LED Bulbs, Smart Wi-Fi Plug, Smart Wi-Fi Light Switch and Range Extender + as well as future developments in the field of home automation (collectively "Devices"). The Devices are supported by the Kasa App and Kasa Care Services (collectively "Services").

Summary of Our Processing Activities

When you use our Devices and/or the Services we collect personal data. Personal data is any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or an online identifier. In this section we will summarize how we collect data and what we do with it. You will find more detailed information under the indicated sections below.

  • When you use the Devices without setting up an account, no personal data will be processed. Please note that without account registration the use of our Devices and Services will be very limited.

  • In case you register a user account for one of our Services ("Kasa Account"), personal data will be processed in order to deliver such services.

  • Your personal data might be disclosed to third parties that are located outside your country of residence; potentially, different data protection standards may apply.

  • We have implemented appropriate safeguards to secure your personal data and retain your personal data only as long as necessary.

Processing Activities

Kasa Account Registration and Delivery of Services

In addition to the above, with regard to the registration of a Kasa Account and its subsequent use, we process:

  • Information (such as your name, user name and email address) that is provided by registration;

  • Information in connection with an account sign-in facility (e.g. log-in and password details);

  • Communications sent by you (e.g. via e-mail or website communication forms);

  • Device data (e.g. Device ID, MAC address, IP address)

  • Location data

  • Device/Service usage data (e.g. device activation (such as friendly name of device), motions of motion sensors);

  • Content data (e.g. we store audio and video recordings);

  • Payment information.

The information which is necessary for the performance of the service is labelled accordingly. All further information is provided voluntarily.

We will process the personal data you provide to:

  • identify you at sign-in;

  • provide you with the Services and information which you request;

  • administer your Kasa Account;

  • communicate with you;

For this, the legal basis is Art. 6 (1) b) GDPR.

Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your Kasa Account is used. After deletion of your account, your personal data will be erased without undue delay. Statutory storage obligations or the need for legal actions that may arise from misconduct within the Services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

Improvement of Our Devices/Services

We further might use your personal data in order to improve our Devices/Services. This might include all data under Section Kasa Account Registration and Delivery of Services above. Your personal data will be anonymized where possible.

For this, the legal basis is Art. 6 (1) f) GDPR. Our legitimate interest pursued is the state of the art development of our products in order to ensure safety and remain competitive.

Your personal data will be stored, for as long as this is necessary for the development of a respective improvement. Once completed your personal data will be deleted immediately.

Marketing

In case you have granted consent, we use your personal data for direct marketing purposes. Legal basis for this is Art. 6 (1) a) GDPR. You might revoke that consent at any time.

In order to provide you with our marketing services, we use The Rocket Science Group LLC d/b/a MailChimp, (Atlanta, GA, USA) as service provider for the processing on our behalf.

We will delete your personal data for marketing purposes, either, if you object to the processing of your data or withdraw the consent immediately.

Use of your video and audio content

As a service provider, we will not access video and audio data without your prior consent (e.g., for troubleshooting in connection with the delivery of our Services to you). Please note that no third-parties have access to such data.

Cookies

The Services use cookies in several cases. Cookies serve to make our offer more user-friendly, more effective, and safer. Cookies are small text files that are stored on your computer. This data does not contain information that we could allocate to a natural person.

Cookies do not harm your computer and do not contain any viruses. You can prevent the use of cookies by adjusting your browser settings. Please note that in this case you may not be able to fully utilize all functions of this website.

We use cookies in order to enhance your customer experience. Legal basis for this is Art. 6 (1) f) GDPR. Our legitimate interest pursued is the sale of further products and/or services to you.

Recipients of your Personal Data

We may transfer your personal data to third-parties, if this is required for the fulfilment of the Services. This is in particular the case, if third-party services form part of our Services (e.g., the hosting and storing of your video data takes place in the AWS virtual private cloud, a service of Amazon.com Inc). At any time, your video and audio data is not accessible by any third-party companies. For the processing of your credit card and billing information your personal data is transferred to Recurly, Inc. (San Francisco, CA, USA) and Stripe, Inc. (San Francisco, CA, USA).

Further, we may engage third-party companies including companies from our corporate family to perform services on our behalf (e.g., software maintenance services, database management, web analytics). These third parties may have access to your personal information. If they do, this access is provided so that they may perform these tasks on our behalf and they are not authorized by us to otherwise use or disclose your personal information, except to the extent required by law.

Other than that, your personal data is only shared with your prior consent (e.g. when using voice integration services of Google LLC or Amazon.com Inc (both US)).

Third-Party Services

Our Services and Devices can be used in combination with third-party services (e.g., when using Amazon Alexa voice assistant to control your Devices). We have no influence on the processing of personal data additionally collected by such third-parties, when using the Services. For more information on the processing of your personal data, please confer their respective privacy policies.

Cross-Border Data Transfers

Your personal data will be transferred to other countries (including countries outside the EEA) which may have different data protection standards than your country of residence. Please note, that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures (e.g. conclusion of EU SCCs or selection of Privacy Shield certified service providers) to keep up an adequate level of data protection also when sharing your personal data with such countries.

When using the Services your personal data (incl. any video footage) will be transferred into and stored in the US. The transfer is necessary for the performance of the contract and delivery of the Services by TP-Link (Art. 6 (1) b), 49 (1) b) GDPR.

Security

We have implemented measures, including encryption and SSL technology, designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Your account's privacy and security is protected by your password. In order to prevent unauthorized access to your account and personal information, you should select a strong password and protect it by limiting access to your computer, device, browser or application and by signing off after you have finished accessing your account. If you use a third-party service to sign into your account, you should protect that account accordingly as well.

While we strive to always protect the privacy of your account and personal information in our records, we cannot always guarantee it will be completely secure. The security of your personal information may be compromised by unauthorized entry, unauthorized use, hardware failure, software failure, and other factors at any time.

Data Retention

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this Policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.

Your Rights

You may receive information about your personal data that we store at any time, free of charge. You do not need to give reasons.

If personal data is inaccurate or no longer needed, you can also restrict, correct or delete such personal data.

In case the processing of your data is based on Art. 6(1)(f) GDPR (Legitimate Interest, cf. above) or your data is processed for direct marketing purposes, you have the right to object to the processing of your personal data.

You have the right to receive your personal data in machine-readable format and to transmit them to another person responsible in accordance with Art. 20 GDPR. You may revoke any consent to the collection and use of data given to us.

If you believe that the processing of personal data relating to you infringes data protection regulations, you may complain to a supervisory authority, in particular in the Member State where you are resident or the place where the alleged infringement occurred, without prejudice to administrative or judicial remedies.

Our Data Protection Officer / Contact

If you have any questions that this policy could not answer, or if you require further information on a particular point, please do not hesitate to contact us at any time. You can reach our data protection officer by writing an e-mail to privacy.tpra@tp-link.com.

De United States?

Obtener productos, eventos y servicios para su región.