The company Ksenia Security Spa, with registered office in Ripatransone (AP), SP Valtesino n. 49, VAT number 02027680442, as the Data Controller,
users intending to use the Android / iOS application called “lares 4.0” that the data provided by users or automatically acquired by the app will be processed lawfully and fairly, in compliance with the principles established by EU and Italian regulations.
Purpose and methods of processing
The processing activities concern the operation of the application and connected devices, and the user’s data is collected solely to enable the proper execution of operations between the app and the alarm control panel installed at the user’s residence / office.
During installation, the app collects user device data (device ID, operating system used, device type, IP address, browsing session data, control panel serial number, control panel’s public IP address if applicable, customer’s WiFi connection data, control panel PIN).
The data stored within the app exclusively pertain to the connection with the control panel and, if the user configures this option in the app settings (not recommended), possibly the control panel PIN.
Additional information is collected by Microsoft Inc., acting as an independent data controller, for the management of statistical data related to the use and functioning of the app, through the service known as “appcenter.ms”. Where possible, the data is pseudonymized or processed in aggregated form, without the possibility of identifying the user’s identity, to minimize processing activities.
Event and user activity data
They are stored by the control panel and accessible through the app. They are not stored on the device.
Data of minors are not processed.
Nature of provision
The processing of data is necessary to fulfill the user’s requests. Otherwise, the app would not be able to function and ensure remote control of the control panel. Providing this data is therefore necessary.
The legal basis for processing
The legal basis for processing is the contractual fulfillment related to the installation of the app on the user’s smartphone or tablet, in order to access the offered services.
The app only retains data necessary for connecting to the control panel (control panel serial number, potential public IP address, customer’s WiFi network credentials) and possibly the access PIN if the user has selected this option. All other processed data is stored in the device’s volatile memory only and is deleted at the end of the connection session. Also, connection data and events/commands issued are stored solely by the control panel.
Interaction with external platforms
The app interfaces with external platforms that allow the use of voice assistants and are under the direct control of their respective companies (Google and Amazon). Data exchange occurs through secure communication channels not subject to the control of the Data Controller.
Communication and disclosure
Data processed through the app is of a common nature and is not intended for dissemination. It is exclusively exchanged with the control panel installed at the customer’s premises and with Microsoft Inc. regarding the use of the appcenter.ms service. Data may be communicated to third parties, who, based on the type of relationship, may qualify as independent data controllers or processors under Art. 28 of EU Regulation 679/2016. The updated list of data processors is available at the Data Controller’s headquarters.
Rights of the Data Subject
Data subjects are entitled to the rights specified in Articles 15 to 22 of GDPR 679/2016. In particular, the Data Subject has the right to access their data (Article 15), request its rectification, updating, integration (Article 16), and deletion (Article 17), restrict its use by the Data Controller (Article 18), receive a copy in a structured, commonly used, and machine-readable format (Article 20), object to processing under specific circumstances (Articles 21 and 22). These rights can be exercised to the extent that processing is not mandatory due to legal or regulatory requirements. Requests related to the exercise of Data Subject’s rights can be sent to the Data Controller at the address email@example.com. If the Data Subject is not satisfied with the response provided to their requests, they can lodge a complaint with the Data Protection Authority, headquartered in Rome, Piazza Venezia n. 11. Citizens of other EU Member States have the right to contact the supervisory authority of their country.