We are HYLA d.o.o., a company having its registered office at Brnčičeva ulica 47, 1231 Ljubljana – Črnuče, hereinafter: the “Company”) and we have developed
HYLA application available on our website www.hyla.com, Google Play Store and Apple App Store (hereinafter: “Application”) for the purposes of managing the Aera
appliance and receiving promotional messages.
in the European Union, also by the Regulation (EU) 2016/679 of the European Parliament and the Council, General Data Protection Regulation (GDPR).
Our goal is to protect privacy, confidential information and personal data entrusted to us. We are committed to ensure appropriate security and use of
This policy gives you information about the way we treat your personal data and explains how we collect, use, process, disclose and secure information and
personal data obtained from users including information we collect when you visit our websites or our services. It also tells you about your rights and choices with
respect to your information, and how you can contact us in case you have any questions or concerns.
Who is the data controller of your personal data?
The data controller is generally a person who, alone or together with others, determines the purposes and decides how personal data will be processed.
Company is the data controller of personal data. In other words, we determine the purposes and means of the processing of that personal data.
How do we collect personal data?
We obtain your personal data directly from you during the launch and usage of application in order to use the Application.
The purpose of the processing is to transmit or facilitate the transmission of the message over the network or, if absolutely necessary for the operator as an
information society service provider, to provide the information society service explicitly requested by the website user. Anal ytical cookies allow the operator to
recognize and count the number of users and obtain information about how the website is used (e.g. which pages the user opens most often and whether the user
receives error messages from some sites). This helps the operator to improve the way its website page works, for example, so that the user can easil y find what he is
We are processing personal data - Log data (your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details), Device data (device type, operating system, unique device identifiers, device settings, and geo-location data - of website visitors/users.
Processing is based on Art. 6 par. 1 letter a) of GDPR - consent of the person concerned with retention period adjusted f or a specif ic cookie. We are sharing and
transferring data in cooperation with professional consultants and advisers who are bound by a legal and/or contractual obligation of confidentiality; website
management company; social media companies that use 3rd party cookies and entities to which the controller provides personal data by law.
Which data we collect
- mobile_device_id – Identification number of the mobile device;
- fcm_token - Firebase cloud messaging token, linked to the mobile application;
- role - customer and/or associate;
- country – country, related to the mobile device
- hyla_device_id – ID number of the Hyla device.
What are the purposes and legal basis for processing of personal data?
We will process your personal data lawfully, fairly and in a transparent manner. We collect and process information about you only where we have a legal basis to do
so/for doing so.
This legal basis depends on services you use and how you use them, meaning we collect and use your information only where:
— it's necessary for the performance of an agreement to which you are a party or to take steps at your request before entering into such an agreement (for example, when we provide you with a service you request from us);
— it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
— you give us a consent to do so for a specific purpose; or
— we need to process your data in compliance with a legal obligation.
All legal grounds are defined in the above-mentioned list of personal data collection and processing.
When you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has been already conducted).
How long do we process personal data?
We keep personal data only for a limited time. While we retain personal data, we will protect them within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security.
The Company will keep your personal data for a predefined time period. Once this period has expired, we will delete your data by predefined procedures. All retention periods are defined in the above-mentioned list of personal data collection and processing.
How do we secure processed personal data?
In an effort to maximize the security of your personal data, we are taking the appropriate technical, physical, legal and organizational measures in accordance with applicable laws on privacy and data security. The Company has reasonable security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction.
However, neither method of transmission over the internet nor method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. We encourage you to use precautions such as two-factor authentication, to prevent the use of publicly available networks and use security tools, like antivirus etc.
If you have any reason to believe that your communications with us are no longer secure (for instance, if you feel that the security of any personal data you have entrusted to us has been compromised), please notify us immediately via email address email@example.com.
Transfers to third parties
We will not, in any circumstances, share your personal information with other individuals or organizations without your permission, including public organizations, corporations or individuals, except when applicable by law.
We may disclose personal data to third party service providers (data processors) for the purpose of enabling them to provide their services. All transfers are defined in the above-mentioned list of personal data collection and processing. We will provide you with the full list of processors upon your request.
What are your rights?
We make sure the processing of all personal data is done properly and safely. You can exercise the rights guaranteed to you in this section, or by the GDPR by contacting us via email address firstname.lastname@example.org.
Every user is entitled to the following:
The right to access - You have the right to request the Company for copies of your personal data. We may charge you for this service.
The right to rectification - You have the right to request that the Company corrects any information you believe is inaccurate. You also have the right to request The Company to complete information you believe is incomplete.
The right to restrict processing - You have the right to request that the Company erases your personal data, under certain conditions.
The right to object to processing - You have the right to object to the Company’s processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that the Company transfers data that were collected to another organization, or directly to you, under certain conditions.
At our discretion, we may change our Policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website.
Your continued use of this site after any changes to this Policy will be regarded as acceptance of our practices around privacy and personal data.
If we make a significant change to this Policy, for example changing a lawful base upon which we process your personal data, we will ask you to re-consent to the amended Policy.
Policy questions and enforcement
In case of any questions or when exercising your rights under relevant data protection legislation please contact us via email address email@example.com.
In Ljubljana, date June 1st 2023