Privacy Policy

1. INTRODUCTION

Shelly X Website (the Website) is located at https://x.shelly.com, including any subpages and subdomains, and all associated services.

Shelly X Portal (the Portal) is a developer portal for setting up and configuring Shelly X Modules by creating Products through the functionalities available. The Portal is accessible at https://x.shelly.cloud, including any subpages and subdomains, and all associated services.

Shelly X Service is a digital service accessible online at Shelly X Portal that allows set up and configuration of Shelly X Modules by creating products, monitoring of the hardware device or appliance containing Shelly X Modules, connected to Shelly Smart Control.

  • This Privacy Policy applies to the Shelly X Website and the Shelly X Portal, including all associated subdomains, subpages, and services.

  • This Privacy Policy shall apply to the processing of personal data, that is or might be performed when registering in the Shelly X Portal and using the Shelly X Service, whereas the Shelly X Service might be used as free of charge.


When you interact with the Shelly X Portal and Website, Shelly Europe Ltd. (“We”) is processing your Personal Data. We have developed this Privacy Notice to provide you with information about what information we collect, why we collect it, and what your rights are under the applicable data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”).

2. CONTROLLER


The Personal Data related to Shelly X Portal and Website are processed by Shelly Europe Ltd., UIC: 202320104, having its seat and registered address in Europe, Bulgaria, 1407 Sofia, No 51 Cherni Vrah Blvd., Building 3, floor 2 and 3.

3. PERSONAL DATA


Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as that term is defined under the GDPR.

4. DATA SUBJECT

Data subjects, whose data can be processed – individuals – consumers or representatives of legal entities who are visiting the Website and/or interacting with the Website in any way, including but not limited to browsing through our Marketing website - https://x.shelly.com, submitting support requests etc. (“Client” / “You”).

  • The Data Subjects to whom this Privacy Notice shall apply are also any registered user of the Shelly X Portal (“the Service User” / “You”).

5. DATA PROTECTION OFFICER

 


You may address all your requests about the processing of your Personal Data to our Data Protection Officer via e-mail at dpo@shelly.com

6. ABOUT THE SHELLY X WEBSITE & PORTAL


The Shelly X Website offers information about the products from the Shelly X series, the workflow for Shelly X Portal, a possibility for online purchasing, as well as technical support regarding Shelly Devices, and Marketing activities. The interaction with the Website and its features might be related to the processing of various types of data for different purposes:

Shelly X Portal is a browser-based tool that enables the Service User to set up and configure Shelly X Modules by creating its products through the Portal’s Functionalities and developer resources.

Shelly X Portal sets up and configures exclusively Shelly X Modules. The latter can be set up and configured solely through the functionalities of the Shelly X Portal.

  • Shelly X Module is a small form factor embedded wireless module solution intended for integration into real-world devices and appliances to enhance them with smart connected capabilities, which allow remote control through a mobile phone, tablet, PC, home automation system or API.

The use of Shelly X Portal requires registration of the Service User by the registration of account (“the Account”).

By registering an Account and through the functionalities of Shelly X Portal the Service user may create Product – an electronic configuration for Shelly X Modules created by the Service User to define the behavior of a Shelly X Module when integrated into a hardware device or appliance or running on a Shelly X Developer Board (“the Product”). The product configuration can be applied to the Shelly X Module at Service User discretion either via the Portal, via software tools supplied by the Service Provider, or during the initial provisioning of Shelly X Modules at the factory.

The information that we collect, and how that information is used, depends on how you use our Shelly X Portal and how you manage your privacy controls via the Portal settings and the settings of the Terminal Device on which you use it.

7. TYPES OF PERSONAL DATA THAT WE PROCESS:


7.1. On a contractual basis for the provision of the Shelly X Service in accordance with Art. 6(1)(b) of GDPR, We process data about:Your Account, your Products and Shelly X Module when integrated into a hardware device or appliance or running on a Shelly X Developer Board, the Terminal Devices on which the Shelly X Service is used, as well as data derived from the settings of the Shelly X Service and/or the settings of your Associate Services or browsers, Your interaction with the Shelly X Service.

7.1.1. Account data

We process User’s data that you have directly provided to us when creating Your Account, interacting with the Shelly X Portal using its features or when contacting our support team directly:

  • Names;
  • Email address;
  • Password;
  • Country;
  • City;
  • Phone number;
  • Data generated by you during a customer support request, such as e-mails, messages, history of the correspondence, any correspondence content, sender and recipient information, or data generated during consultations with our business team about Shelly X Portal, Shelly X Service, Shelly X Modules or other Shelly devices.

Purpose for processing Account Data:

We are using the Account data for the purpose of performing the contract in accordance with Art. 6(1)(b) GDPR to:

  • verify the User’s authentication and identification in order to ensure access control to Your Account and Your Products therein;
  • Initiate and provide the Shelly X Service to You and to ensure its proper functioning;
  • Ensure the security of your Account and your Products;
  • Process of customer support rеquests or any correspondence with our business team that You might have send to us in reference to the Shelly X Portal and or Shelly X Service;

Communicate with You in reference to the Shelly X Service, Shelly X Portal, and send you Shelly X Service or Shelly X Portal updates or other relevant information (including reminders, confirmations), as well as providing you the necessary customer support when requested;

7.1.2. Product Data and Service Usage data

For providing You with the functionalities of Shelly X Portal we are also processing information about the Products that are added to Your Account including the information about your interaction with the Shelly X Portal and Shelly X Service, as well as information about of the Shelly X Module(s) when integrated into a hardware device or appliance or running on a Shelly X Developer Board on which you have set up and configured Shelly X Modules, that is technically necessary for the provision of the Shelly X Service.

By adding a Product to Your Account, you are sharing the information generated and stored by this Product (such as Product ID, IP address, MAC Firmware version, set up actions or other configurations that you have set up on the Product). This information is necessary for providing you the Shelly X Service and the functioning of Shelly X Portal features. For stop sharing this information You can always remove the Product from Shelly X Portal.

When You create a Product in Shelly X Portal and adding it to Your User Account, as well as when you share information from the Shelly X Service with other applications and services (Associated Services / Integrators) We automatically process:

  • Information regarding the created Product – name, status, product type, goal, product description, module model, configuration version, date of creation;
  • Information regarding the current configuration of the Product - device name, prefix, inputs, outputs, LED type, WiFi network;
  • Information regarding the development: Latest active devices in development mode - first seen, device Id, IP address, MAC Firmware version.
  • Network and Server credentials;
  • Information about associated Services, browsers and Terminal Devices that You use to access our Shelly X Portal including Terminal Device type and network provider, unique identifiers such as IP address and MAC address, operating system and OS version;
  • Log information such as Service logs, including crash and diagnostic reports, Service launches, taps, clicks, or other information about how the user interacts with Shelly X Portal;
  • Geolocation of the devices or appliances, designed and manufactured by You, enhanced with the capabilities of the Shelly X Modules;
  • Information from reports, such as on/of modes, schedules, actions, device measurements and electricity consumption data depending on the devices or appliances, enhanced with the capabilities of Shelly X Modules (including historical consumption and measurements data);
  • Other information about how you’re using Shelly X Portal or Shelly X Service;

Purpose for processing Data of Your Products and Service Usage data:

  • Provision of the Shelly X Service – to enable You to set up and configuration of Shelly X Modules by creating products, monitoring of the hardware device or appliance containing Shelly X Modules, get precise measurements of the power consumption of the hardware device or appliance containing Shelly X Modules (including historical data), switch them on/off remotely and performing the set up actions, we need information about the hardware device or appliance containing Shelly X Modules and their connectivity to each other, to the network and to our system. Further to provide you with some features of Shelly X Portal and Shelly X Service such as the scheduling and powermetering we need to know the geolocation of the the hardware device or appliance containing Shelly X Modules;
  • Processing of customer support rеquests or correspondence with our business team;
  • Sending notifications through the Shelly X Portal, including push-up, or e-mail system notifications about the Shelly X Portal, Shelly X Service or Shelly X Modules, including event notifications if set-up;


7.2. On the basis of your explicit consent, expressed via the Shelly X Portal settings or by deliberate actions within the Shelly X Portal we may process further Product Data and Service Usage in accordance with Art. 6(1)(a) of GDPR.

For providing You certain specific features of the Shelly X Portal, depending on the type of the available Shelly X Service options We may also process further information about the Your Products that you have manually set using the Shelly X Service settings.

Data derived from the settings of the hardware device or appliance or Shelly X Developer Board, where Shelly X Module(s) were integrated and/or the settings of your Associate Services, Terminal Devices or browsers;

  • Interactions history of the Shelly X Service and Your Products usage (user logs);
  • Other information of your choice, that you provide through the settings of the Service, Associated Service or Terminal Devices;
  • Other information about the way you use the functionalities of the Shelly X Portal;

You may control the processing of these data at any time through the settings of the Shelly X Portal and the Terminal Device on which you use it. These shall not prejudice the legality of the processing based on your interactions with the Shelly X Portal and settings given before their change.

You can initiate and stop sharing information of a selected Product with third parties and services at any time by using the features of the Shelly X Portal. Please take into account that upon sharing Your Data with third parties and services this Privacy Notice shall not apply to the processing of the shared Data by these parties and services.

Purpose for processing Data of your Devices

  • Provide you personalized information and solutions based on your interactions with Shelly X Portal such as monitor and controlling the hardware device or appliance containing Shelly X Modules, precise measurements and consumption, and switching on/off remotely according to the schedule or the set technical criteria;
  • Authentication, verification and control of the access to your Account including enabling and control of device sharing;
  • Sending of notifications (including Shelly X Portal notifications such as push-up or e-mail) based on event log of the Your created Product;
  • Processing of support rеquests;
  • Further Account and Product Data that we process based on your explicit consent:

You may withdraw your consent at any time through the unsubscribe link at the bottom of the relevant marketing message, as well as through the settings of Your Account. Upon withdrawal of the consent, processing of the respective type of personal data shall be terminated for the stated purposes. Withdrawal of consent shall not prejudice the legality of the processing based on consent given before its withdrawal.


7.3. Based on our legitimate interest in accordance with Art. 6(1)(f) of GDPR we may process Your personal data, as described here above to:

  • implement and operate our policies and procedures;
  • respond to any claims against us and to protect the rights, privacy, property, or safety of Shelly Europe Ltd. (including its affiliates and subsidiaries), our Users, or the public as required or permitted by law;
  • enforce legal claims, including investigation of potential violations of the applicable terms of Shelly X Portal;
  • detect, prevent, or otherwise address fraud, abuse, security, or technical issues with Shelly X Portal or Shelly X Service;
  • prevent hacking, frauds and other non-compliant use of Shelly X Portal or Shelly X Service;
  • register, mediate, and resolve possible disputes or irregularities or to enforce our Terms of Use and other policies;
  • maintain adequate security measures and protect against liability, including complying with industry standards and enforcing our policies, detection of spam, malware, illegal content, and other forms of abuse on our systems in violation of our security policies;
  • fulfill the terms and conditions of Shelly X Portal;
  • other legitimate business purposes permitted by applicable law;
  • anonymized and statistic data about the usage of Shelly X Portal and the users experience for the purposes of operating, evaluating, and improving the Shelly X Portal and/or Shelly X Service and our business;
  • maintain Shelly X Service to ensure it is working as intended by performing regular monitoring of our system and activity information to identify and fix problems and avoid interruption;
  • improve Shelly X Portal and/or Shelly X Service through analysis of the usage trends and preferences;
  • When You interact with our Marketing website, we may automatically collect device information, such as the unique device ID number of your device, IP address, wireless connection information, operating system type and version, browser type and version, push notification identifier, and mobile network information. We process your device information, to analyze trends and to track your usage of our Marketing website as necessary to develop and improve it, and provide its users with more relevant and useful content.




7.4. Based on the law, when it is necessary or appropriate, we can process Your Personal data in accordance with Art. 6(1)(с) of GDPR to:

  • comply with applicable laws and regulations, including in the field of tax and accounting;
  • comply with legal procedures;
  • respond to requests or orders from public, government and judition authorities;

Sharing Information with Third Parties:

We may disclose Your Data internally within our business group and to the following entities, but only for the purposes described above. The following categories of Third-Party Service Providers may process your Personal Data as part of our operations:

  • Affiliates - other companies within the corporate group of Shelly Group PLC to which Shelly Europe Ltd. belongs to carry out business activities on a regular basis;
  • Integrators of third-party products or services to which you can connect your created Products to control those products or services. These business partners control and manage Your personal information only upon your explicit consent to share Your Data with them which you can withdraw anytime. These business partners process Your Data in compliance with their own privacy policies and rules and therefore before deciding to share Your access to your Products with them, You should read these carefully;
  • Service providers - carefully selected companies that provide services for or on our behalf, such as providers of cloud services, customer support services, e-mail and messaging services, including direct marketing services, infrastructure supply, and IT services, etc.;
  • Professionals in various fields (such as but not limited to external marketing, product and service consultants, auditors, legal, finance, and accountancy advisors) for maintenance and improvement of the quality of the Shelly X Portal or Shelly X Service, ensuring compliance with regulatory requirements, protection of our legitimate rights and interests in court and administrative proceedings;
  • State bodies and public authorities - to which we might be obliged to disclose Your Data when this is required by law, legal process, administrative or court order to disclose your information.
  • Other parties - in connection with corporate transactions as part of a merger or transfer, acquisition or sale, or in the event of bankruptcy; In this case, you will receive a clear notification via email and/or our website regarding the change of ownership, the incompatibility of new use of personal information, and the choice of personal information.

In addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you separately consent to or request such sharing.

In regards to private individuals, we require and pay attention that the above-stated third parties apply all required technical and organizational measures for the protection of the Personal Data shared with them.

8. CROSS-BORDER DATA TRANSFERS


Personal Data you entrust to us will primarily be processed by us in the European Union. However, some of our Third-Party Service Providers and specifically our providers of e-mail messaging services for direct marketing, are not located in the European Union. The main country outside the European Union where your Personal Data can be processed by such service providers is the United States. All these international data transfers are subject to legal requirements to ensure that your personal information is processed safely and as you would expect, which means your Personal Data is likely to end up in other countries, including outside the European Union. We will process your Personal Data for marketing purposes including by sharing these with these service providers only upon your explicit consent.

9. RETENTION OF DATA


The retention period of the Data depends on the legal basis relied upon to process your Data.

Data processed for providing You the Shelly X Service (Account and Product Data and Service Usage data) is processed for as long as You have an active User Account, or as long as required under our legal obligations in the respective countries we operate.

Data processed based on our legitimate interest is only kept for as long as needed for the specific purposes for which they were collected.

Data processed based on your consent are retained until You withdraw your consent. Upon withdrawal of Your consent, we will stop processing your Data that relies on your consent, but it will not impact the processing of data collected prior to Your withdrawal until the purposes for which such Data were collected have been achieved.

Data processed in compliance with legal obligations, are processed within the statutory retention period as per the applicable law.

Following the expiration of the above-stated time limits, the Data is deleted and may not be retrieved and used any longer.

The data shall not be deleted but shall continue to be processed only for protection of our legitimate rights and interests or in compliance with our legitimate obligations, in the event that as of the date of expiration of the above stated time limit there is pending court, administrative and pre-court proceedings – until its closing.

10. YOUR RIGHTS AS DATA SUBJECT


Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Right to access:

  • You have the right to ask us for copies of your personal information free of charge. This right always applies but there are some exemptions, which means you may not always receive all the information we process;
  • If we are unable to provide you with access to your Personal Data because disclosure would violate the rights and freedoms of third parties, we will notify you of this decision.

Only a person who can be identified by us as Service User has the opportunity to exercise his/her rights under this section. You may contact us and after submitting a written request and verifying your identity the requested information will be provided to you.

If We have legitimate concerns regarding Your identity, we may request the provision of additional information necessary to verify Your identity as a Service User. We reserve the right to refuse access to the required information if we are not in a position to identify the individual submitting a request.

Right to rectification of inaccurate personal data:

You have the right to request the rectification of inaccurate information and completion of incomplete information. This you can accomplish via your Service Account or by contacting us by submitting a written request.

Right to erasure („The right to be forgotten“):

The right to erasure applies to a strictly limited extent as specified under the law. Removal of the need to process. The right only applies in the following circumstances:

  • when your data are no longer necessary for the original reason they were collected or used for.
  • when you initially consented to us using your data, but have now withdrawn your consent.
  • when you have objected to the use of your data, and your interests outweigh our interests in using it.
  • when you have objected to the use of your data for direct marketing purposes.

The right to be forgotten is not an absolute right and might not be respected in cases provided for by the law or because of a lack of reliable verification of Your identity.

You may exercise your right to erasure your data according to the procedure prescribed below or by contacting us, filling out a written request form and verifying your identity. Deleted data cannot be recovered by Shelly Europe Ltd.

Right to restriction of processing:

Right to restriction of processing shall apply to temporarily limit the use of your data when they are considering:

  • the accuracy of Your data is challenged, or
  • an objection to the use of Your Data.
  • unlawful processing of Data but you do not want it to be deleted, or
  • Data are no longer needs your data but you want the organisation to keep it to create, exercise or defend legal claims.

In case of rectification or erasure of processing, we will notify every recipient to whom Your Personal Data has been disclosed unless this is impossible or requires disproportionately huge efforts.

Right of Data portability:

You have the right to get your Personal Data from us in a way that is accessible and machine-readable. You also have the right to ask for transferring Your data to another organisation. Specifically, the right only applies to data that:

  • is held electronically, and
  • you have provided to us.

Data you have provided does not just mean information you have typed in, such as a username or email address. It may include data that We have gathered from monitoring Your activities when you have used the Service. This may include usage history or data processed by connected objects such as the Device.

That right shall not apply:

  • to processing necessary for the performance of a task carried out in the public interest;
  • where this right would affect adversely the rights and freedoms of others.

Right to object to the processing when it’s based on legitimate interest:

You can only object to processing when We are using your data:

  • for legitimate interests;
  • for statistical purposes; or
  • for direct marketing purposes.

The processing of Your data will be ceased, unless there are compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise ordefence of legal claims.

Right to file a complaint with the supervisory authority in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to You infringes the GDPR.

Users have the right to submit complaints or signals to the supervisory authority at any time, in case they believe the processing of their personal data violates the legislation on personal data protection.

Without prejudice to your right of complaint to the supervisory authority at any time, please contact us in advance and we promise to make everything possible to settle any disputes amicably.

11. INFORMATION SECURITY MEASURES


The security, integrity, and confidentiality of your Personal Data are extremely important to us. We have implemented technical, contractual, organisational, and physical security measures that are designed to protect our Users Personal Data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and practices to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.

12. PRIVACY POLICY UPDATES


We may update this Privacy Policy from time to time due to changes in the Service, the applicable laws and our legitimate interest. You can determine when the Privacy Policy was last revised by the date provided at the beginning of this page.

Any changes will become effective upon publishing in the application or making them available to the User in other way.

13. FURTHER INFORMATION


If you have any additional questions, please do not hesitate to contact us at: dpo@shelly.com

Cookie Icon

We use cookies to improve your experience, personalize content, and analyze site traffic. By clicking “Accept all cookies”, you consent to our use of cookies. You can read our Cookie Policy for more information.

Cookie Policy >