Innr values your Privacy
Version: December 14, 2020
Who are we?
“INNR” / is a registered trademark of Lighting Fundamentals IP B.V..
Innr Lighting B.V., registered under number 564 566 70 with the Dutch Chamber of Commerce, VAT number 852134332, provides products and services to consumers under the trademarked name .
Both companies are wholly owned subsidiaries of Coöperatie Lighting Fundamentals Holding U.A.. All three companies are Dutch companies with residence in The Netherlands. Innr Lighting B.V. owns the website on www.innr.com, as well as other domain names that redirect to www.innr.com, such as www.innrlighting.com, www.innr.nl, www.innr.de, etc.
This privacy policy is of Innr Lighting B.V., hereinafter simply called “Innr” or “we”. Our address is Catharina van Renneslaan 20, 1217 CX Hilversum, The Netherlands, and you can reach us by email on service@innr.com, the “Contact us” page on our Website.
Introduction and Definitions
At Innr we consider the privacy of our visitors to be extremely important. In accordance with the EU GDPR (General Data Protection Regulation), in this Privacy Policy we will explain to you in detail what personal data of you we store and process and for what purpose, how long we retain it, with whom we share it, where we store it, how we protect it, and what your rights are as “Data Subject”. To explain that well, we need some definitions first.
App – all versions and variants of Innr’s Light Controller app, used to install, configure, monitor and control an Innr smart lighting system.
Content – all content, including but not limited to pictures, videos, text, and applications, provided by Innr on, in, or through the Website, LA, App, or Services, including User Content.
Data Controller – party responsible for the processing of Personal Data, in this case Innr.
Data Processor – party that performs the processing of Personal Data on behalf of, and according to the instructions of, a Data Controller.
Data Subject – person whose Personal Data is being processed.
LA – LightAdvisor, a tool designed and created by Innr to automatically create light plans, used stand-alone or integrated into a website, app, or other tool.
Personal Data – also known as Personally Identifiable Information, i.e. any data about a person that is identifiable directly or indirectly to that person.
Privacy Policy – this privacy policy.
Products – Innr products, including but not limited to Zigbee or WiFi lights, smart plugs, remote controls, and sensors.
Services – online services provided by Innr for the realization, operation, and maintenance of Innr’s smart lighting system.
Terms of Service – the terms and conditions under which Innr provides the Website, LA, App, Content, and Services; these are available on the Website.
User Content – Content uploaded or otherwise provided to Innr by visitors or users of Innr, or by persons seeking support from Innr.
Website – the website at www.innr.com, or any other domain redirecting to it, including but not limited to, www.innrlighting.com, www.innr.de, www.innrlighting.nl, etc.
This Privacy Policy applies in addition to the Terms of Service and any other terms and conditions that may apply for the Products, Content, Website, LA, App, and Services. If you require any more information or have any queries about this Privacy Policy, please contact us through one of the channels mentioned under “Who are we?”.
Our data collection, storage and processing
Whenever you interact with Innr, we may collect, store and process Personal Data of you. You interact with Innr when you visit the Website, when you buy Products on the Website, when you use the LA, App, and/or Services, when you use 3rd party services in combination with our App, when you contact us by email, telephone, or any other channel including social media, and when a retailer/dealer contacts us on your behalf.
You do not interact with Innr when you use our Products within the system and app of another provider, if such use is not in combination with our App or linked to an Innr account.
When you visit the Website
While you are browsing the Website, we’ll collect:
- Browser type, version, and preferred languages: we’ll use this to display content in a pleasant format and in a language you can understand.
- Location and IP address: we’ll use this for purposes like estimating taxes and shipping, and determining the applicable currency.
- Shipping address: we may ask you to enter this so we can better estimate shipping cost before you place an order.
- Products you’ve viewed: we’ll use this to show you products you’ve recently viewed.
- Cart contents: in order to remember what you have placed in your Cart.
This data is retained for a maximum of 15 days and is not shared with any 3rd party.
Articles on the Website may include embedded content (e.g. videos, images, articles, and social media logos and buttons). Embedded content from other websites behaves in the exact same way as if you had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no Personal Data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
During your visit to the Website, we may process and store the pages you visited, navigations between and within pages, previous and/or following sites visited and the length of your visit. The purpose of collecting this data is to improve our Website and the online shop within it, to enhance our place and ranking in search engines, and sometimes show you advertisements of our products on other websites. This data is retained for 26 months, after which any identifiable fields are anonymized and the data is only used in aggregated form.
To secure the Website, we log the IP address of visitors and user ID of logged in users. The usernames of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.
The Website may be scanned for potential malware and vulnerabilities by 3rd party software. During such scans, the 3rd party software could find personal information that is posted on the Website, such as User Content. Innr will only use 3rd party software for this purpose that guarantees not to use the data for any other purpose than to detect potential malware and vulnerabilities, and not to retain the data longer than 60 days.
When you upload User Content
If you upload User Content to the Website, such as leaving a comment, we collect the data you upload, and also your IP address and browser user agent string to help spam detection. This data is retained for as long as the User Content is visible on the Website. Uploaded User Content may be checked through an automated spam detection service.
If you upload User Content to the Website, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you upload other User Content. These cookies will last for one year.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: automattic.com/privacy. After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you upload images to the Website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the Website can download and extract any location data from images on the Website.
When you subscribe to our mailing list
If you subscribe to our mailing list / newsletter, your email address, first name, last name, birthday (day and month excl. year), country, language, and fields of interest will be added to our Mailchimp distribution list. The Mailchimp privacy policy as applicable to you is available here: mailchimp.com/legal/privacy. Your data will be kept in our Mailchimp distribution list until you unsubscribe, which you can do at any time by clicking on the unsubscribe link in a newsletter email. The purpose of processing this data is to send you inspirational articles and product offers.
When you subscribe to a waitlist
If you don’t have an account with Innr and add your email address to the waitlist of a Product that is temporarily unavailable or on pre-order, we will store your email address in the waitlist until the Product becomes available. At that time we will send an email to all addresses on the waitlist. We may keep the waitlist for a couple of weeks after that to provide a follow-up, after which the waitlist is deleted. Waitlists are not shared with any 3rd party.
When you take part in a promotion
If you take part in a promotion or competition, we store the Personal Data you provide to us to be able to participate, usually name and email address. When the promotion or competition ends, winners may be asked for additional Personal Data. The purpose of storing and processing this data is to execute the promotion or competition according to its terms and conditions. Additional purposes may be specified in those terms and conditions. The retention period of this data and whether this data is shared with any 3rd party is subject to the terms and conditions of the promotion/competition.
When you create an account
If you register (create an account) on the Website, we store the Personal Data you provide in your user profile, such as first name, last name, shipping address, and billing address. We will also store the location (country) and language you chose on the Website within your account, so that these choices are remembered even after the cookies in question expire. You can view and edit your Personal Data at any time. We store your Personal Data for your convenience so that you do not have to fill in your details again when you want to place another order. The Personal Data in your account is not shared with any 3rd party, and is retained indefinitely until you request us to delete it.
Also your order history and waitlists are stored within your account so that you can view them after logging in. The retention period and sharing of this data with 3rd parties is 12 months.
When you buy Products on the Website
When you buy Products on the Website, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details, any comments or remarks you may have about the order, and of course the Products you want to order. If you have an account, you can log in with your username and password so that most of the required information is automatically filled in. We’ll use this information to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Send you the ordered Products
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them.
If you create an account when placing your order, we will store your name, address, email and phone number, which will be used to fill in the checkout for future orders.
We generally retain this data for as long as we need it for the above purposes, and we are not legally required to continue to keep it. For example, we will store order information for at least 10 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will share your data with our partners, as far as required to be able to fulfil your order. This may include payment processing, order picking, delivery, handling returns, etc.
All data collected on the Website is stored in datacentres within the European Union.
When you use the LA
When you register for use of our LA, we request your name, e-mail address and password to create an LA account. The information that you provide to the LA, such as rooms and room names/types, content of rooms such as furniture, etc., and the light plan or light configuration generated by the LA for your situation, is stored in your LA account. The purpose of this data is to provide various services to you such as an automatically created light plan that is suitable for your situation, and automatic installation and configuration of your Innr smart lighting system. The data is stored in datacentres within the European Union, is not shared with any 3rd party and is retained as long as your LA account exists.
*note: any LA account that existed before the publication date of this Privacy Policy has been deleted along with all Personal Data contained in it.
When you use the App and/or Services
As mentioned before, when you use our Products within the system and app of another provider without using our App, you are not interacting with Innr. Consequently, in that case we cannot collect any Personal Data from you.
When you use our App and/or Services, whether in combination with Innr Products or with (compatible) products from another supplier, or even without products, you are interacting with Innr and we will collect, store and process the following Personal Data as applicable, i.e. if you use the system feature in question:
- Account data:
- Email address (= Account ID)
- Password (only a “hash” stored on the server)
- Nickname and avatar
- Region, country, and time zone
- Account creation date and time
- Access control data
- Home WiFi network SSID and password (only stored locally, on the Device that you connect to your home WiFi network, and on your mobile phone if you choose to remember it; this data is not uploaded to any server)
- Date, time, Account ID, and mobile device data of each login
- List of authorized mobile devices (authorized to access your account)
- Unique identifiers (e.g. MAC address, IMEI, serial number and/or other hardware ID)
- Brand and model
- OS and OS version
- IP address
- Current time zone
- Innr App version
- List of Home Shares
- Home name
- Invited user’s e-mail address (Account ID)
- Share name
- App usage data
- User data
- Account ID
- Mobile device
- IP address
- Navigation data, such as, but not limited to
- Screens visited
- Duration of screen visit
- Clicks, taps, swipes and other interactions
- Date and time of each navigation
- User data
- Smart Home configuration data
- Homes and their names
- Home icon
- Geographic location
- List of Rooms
- List of Devices
- List of Routines
- List of Scenes
- List of Automations
- Rooms and their names
- Room icon and type
- List of devices
- Devices and their names
- Unique identifiers (e.g. serial number, MAC address, product UUID)
- Pairing information (WiFi SSID, Zigbee Install Code, etc.)
- Type of Device
- Brand and model
- Firmware version
- Capabilities
- Device icon
- Product time zone
- User configuration of device (e.g. desired state in applicable routines, power-on behaviour of lamp, sensor sensitivity, etc.)
- Routines and their names
- Routine icon
- List of Devices and state of each
- Scenes and their names
- Scene icon
- List of Devices and state of each
- Automations and their names
- Automation icon
- Trigger conditions (days and times, events, etc.)
- Actions (activate Routine or Scene, activate transition in a Room or list of Devices, etc.)
- Homes and their names
- Smart Home usage data
- User data (who performed an action)
- Account ID (main user or invited user)
- Mobile device
- IP address
- Configuration data changes
- Add, rename, move, delete, edit, activate/deactivate, enable/disable etc. of Homes, Rooms, Devices, Routines, Scenes, and Automations
- Manual control
- User actions on Homes, Rooms, Devices, Routines, and Scenes.
- Automatic control
- Executions of Automations
- Device data
- Events (e.g. sensor events, key events, measurements)
- Responses to commands
- State changes
- Online/offline detections
- Date and time of each usage
- User data (who performed an action)
- Services data (i.e. when you visit a webpage of our cloud system to reset your App password, link your account to a 3rd party service, accept a Home Share, etc.)
- User Data
- Browser user agent, name and version
- IP address
- Account ID, Innr authentication tokens, 3rd party authentication tokens
- Action(s) performed
- Page(s) visited, duration of visit, items clicked, and other navigational data
- User Data
- Support info
- Account ID
- Problem description
- Photos/videos
- Affected device(s)
- Date and time of submission.
The purposes of processing this data are as follows:
- To be able to provide the smart home / smart lighting system and service to you
- To safeguard the security of your system and of the platform and the service
- To maintain the platform and service and ensure their proper functioning
- To provide you with support when you need it.
Some of the data may also be used with the purpose of improving the system and service, by performing data analysis on the gathered data. Such data analysis is done by anonymizing (decoupling from Account ID), aggregating, and then analysing the data. The data that is used for these purposes is:
- App Usage Navigation data
- Smart Home configuration data
- Smart Home usage data excl. User Data
- Services data excl. User Data
- Support info excl. Account ID
The data listed above in this section is stored indefinitely until you delete your account or withdraw your consent. Both can be done within the App. Withdrawal of your consent does not result in the deletion of your account, but all data stored under your account will be deleted, including your system configuration settings.
Regular backups are made of all data. After you delete your account or withdraw your consent, Personal Data of you may remain in backups for up to 3 months. Should we be forced to restore a backup, we will take all reasonable precautions to prevent your deleted Personal Data from being restored.
Your Personal Data is not shared with any 3rd party, with the possible exception of when you request support from us. In that case we may need the help from our platform provider to analyse your request, investigate any issue, and find a suitable solution. If that is the case, we will ask your permission to share your Personal Data with our platform provider.
Our platform provider may also access anonymized and aggregated data for data analysis, as mentioned above. This helps them understand how the platform is being used, and make improvements based on the findings.
All data listed above in this section is stored in datacentres within the European Union.
When you use 3rd party services in combination with our App
Data about your activity on your Innr system can be seen by other 3rd party services if you have connected your profile to such a 3rd party independent service or application. If you choose to connect your Innr system with an account of a 3rd party service, we will share with them limited account and profile information. These 3rd party services are offered by independent controllers of this data. Their use of your data is subject to their respective privacy policies. You should carefully review their policies to determine how they will use the data.
When you contact us
When you contact our Customer Service for help with your Innr Products and/or Services, we may collect certain data from you or your Innr Products.
This may include contact information such as your name and address, email address, phone number, social media identifiers and the content of your chats and other communications with Innr. This may also include technical information about your Innr system configuration.
We collect this information to give you the best and most efficient customer support possible. For instance, for customer enquiries and technical questions, we may use your contact information to respond in your preferred contact channel. For technical problems, we may use system diagnostic data to troubleshoot your issue. For product returns, we may use your contact information to verify product receipt and/or delivery. Using these types of data is necessary to fulfil the agreement we have with you.
How do we protect your Personal Data?
We have taken the necessary precautions to protect all parts of the system and all data including your Personal Data stored in the various parts of the system, from misuse, loss, or unauthorized alteration. Our security measures include industry standard technology and equipment to help protect your data. For example, whenever Personal Data is transmitted it will be encrypted with a secure encryption algorithm and with a secure protocol such as TLS (Transport Layer Security).
All our Data Processors are required to uphold at least the same level of security and privacy as we ourselves.
Should there be a breach of security despite all the measures we have taken, we have a defined protocol to deal with such situations with the purpose of limiting the consequences of the breach of security as much as possible.
As a Data Subject, you also have a responsibility to protect your Personal Data. You must decide the security measures that are appropriate for you; common examples are choosing passwords that are not easy to guess, keeping your user name and password secret, keeping your PC and mobile devices updated, and using a virus scanner.
We will not sell or even provide your Personal Data to third parties, with the following exceptions:
- Only within the scope of fulfilment of the agreement between us or as required by law, will we share your data with partners, for example to deliver an order to your home, or to solve a problem of which you notify us.
- To the extent required by law, we will share your data with government authorities if they so require.
- If you use a 3rd party app or other kind of service to control your Innr system, it may be that Innr has an agreement with that third party to share your Personal Data with them. Which data the third party will collect, with what purpose, and what they do with the data, will be subject to the privacy policy of that third party. If you do not agree with the privacy policy of that third party, we recommend you not to use the 3rd party app or service.
Innr uses solutions offered in the market by her partners for the management and storage of her data. These partners may be based in the EU, but could also use servers outside the EU. Innr solely chooses partners that offer an adequate level of protection of personal data according to European regulation.
Your Rights as a Data Subject
You have the right to request inspection, amendment and/or removal of your Personal Data, or to oppose our processing thereof. For the submission of such requests or any queries concerning this Privacy Policy please send an e-mail to us at the following address: service@innr.com. In your request, please specify which data you are writing us about, i.e. data gathered on Website and online shop, in the LA, in the App, or via support.
You may also contact us by ordinary mail at the address mentioned in the section ”Who are we?”.
In the event you request us to remove your Personal Data, we shall use reasonable effort to remove it from our systems as soon as practicable except where we are obligated to store such information in our archives (such as for tax purposes). Please be aware that such removal may not always include removal of copies of your Personal Data in backups. The data may remain there for the retention period of the backups, usually not longer than 3 months.
Note that for data collected and processed through your use of the App, you can easily delete it from within the App.
Should we update, amend or make any changes to this Privacy Policy, the amended version of this Privacy Policy will be posted here and our newsletter will contain a notification of the changes. Please make sure you visit this page regularly to ensure you are aware of the latest version of this Privacy Policy.
Children’s Information
Innr does not target children and does not knowingly collect their personal data. If a parent or guardian believes that Innr has in its database the Personal Data of a child, please contact us immediately at service@innr.com and we will use our best efforts to promptly remove such information from our records.