Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.
Kasa Smart Home is our product line for smart home devices. These devices include our Smart Home Routers, Kasa Cam, Smart Wi-Fi LED Bulbs, Smart Wi-Fi Plug, Smart Wi-Fi Light Switch and Range Extender + as well as future developments in the field of home automation (collectively "Devices"). The Devices are supported by the Kasa App and Kasa Care Services (collectively "Services").
When you use our Devices and/or the Services we collect personal data. Personal data is any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or an online identifier. In this section we will summarize how we collect data and what we do with it. You will find more detailed information under the indicated sections below.
When you use the Devices without setting up an account, no personal data will be processed. Please note that without account registration the use of our Devices and Services will be very limited.
In case you register a user account for one of our Services ("Kasa Account"), personal data will be processed in order to deliver such services.
Your personal data might be disclosed to third parties that are located outside your country of residence; potentially, different data protection standards may apply.
We have implemented appropriate safeguards to secure your personal data and retain your personal data only as long as necessary.
In addition to the above, with regard to the registration of a Kasa Account and its subsequent use, we process:
Information (such as your name, user name and email address) that is provided by registration;
Information in connection with an account sign-in facility (e.g. log-in and password details);
Communications sent by you (e.g. via e-mail or website communication forms);
Device data (e.g. Device ID, MAC address, IP address)
Device/Service usage data (e.g. device activation (such as friendly name of device), motions of motion sensors);
Content data (e.g. we store audio and video recordings);
The information which is necessary for the performance of the service is labelled accordingly. All further information is provided voluntarily.
We will process the personal data you provide to:
identify you at sign-in;
provide you with the Services and information which you request;
administer your Kasa Account;
communicate with you;
For this, the legal basis is Art. 6 (1) b) GDPR.
Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your Kasa Account is used. After deletion of your account, your personal data will be erased without undue delay. Statutory storage obligations or the need for legal actions that may arise from misconduct within the Services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.
We further might use your personal data in order to improve our Devices/Services. This might include all data under Section Kasa Account Registration and Delivery of Services above. Your personal data will be anonymized where possible.
For this, the legal basis is Art. 6 (1) f) GDPR. Our legitimate interest pursued is the state of the art development of our products in order to ensure safety and remain competitive.
Your personal data will be stored, for as long as this is necessary for the development of a respective improvement. Once completed your personal data will be deleted immediately.
In case you have granted consent, we use your personal data for direct marketing purposes. Legal basis for this is Art. 6 (1) a) GDPR. You might revoke that consent at any time.
In order to provide you with our marketing services, we use The Rocket Science Group LLC d/b/a MailChimp, (Atlanta, GA, USA) as service provider for the processing on our behalf.
We will delete your personal data for marketing purposes, either, if you object to the processing of your data or withdraw the consent immediately.
As a service provider, we will not access video and audio data without your prior consent (e.g., for troubleshooting in connection with the delivery of our Services to you). Please note that no third-parties have access to such data.
We may transfer your personal data to third-parties, if this is required for the fulfilment of the Services. This is in particular the case, if third-party services form part of our Services (e.g., the hosting and storing of your video data takes place in the AWS virtual private cloud, a service of Amazon.com Inc). At any time, your video and audio data is not accessible by any third-party companies. For the processing of your credit card and billing information your personal data is transferred to Recurly, Inc. (San Francisco, CA, USA) and Stripe, Inc. (San Francisco, CA, USA).
Further, we may engage third-party companies including companies from our corporate family to perform services on our behalf (e.g., software maintenance services, database management, web analytics). These third parties may have access to your personal information. If they do, this access is provided so that they may perform these tasks on our behalf and they are not authorized by us to otherwise use or disclose your personal information, except to the extent required by law.
Other than that, your personal data is only shared with your prior consent (e.g. when using voice integration services of Google LLC or Amazon.com Inc (both US)).
Our Services and Devices can be used in combination with third-party services (e.g., when using Amazon Alexa voice assistant to control your Devices). We have no influence on the processing of personal data additionally collected by such third-parties, when using the Services. For more information on the processing of your personal data, please confer their respective privacy policies.
Your personal data will be transferred to other countries (including countries outside the EEA) which may have different data protection standards than your country of residence. Please note, that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures (e.g. conclusion of EU SCCs or selection of Privacy Shield certified service providers) to keep up an adequate level of data protection also when sharing your personal data with such countries.
When using the Services your personal data (incl. any video footage) will be transferred into and stored in the US. The transfer is necessary for the performance of the contract and delivery of the Services by TP-Link (Art. 6 (1) b), 49 (1) b) GDPR.
We have implemented measures, including encryption and SSL technology, designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
Your account's privacy and security is protected by your password. In order to prevent unauthorized access to your account and personal information, you should select a strong password and protect it by limiting access to your computer, device, browser or application and by signing off after you have finished accessing your account. If you use a third-party service to sign into your account, you should protect that account accordingly as well.
While we strive to always protect the privacy of your account and personal information in our records, we cannot always guarantee it will be completely secure. The security of your personal information may be compromised by unauthorized entry, unauthorized use, hardware failure, software failure, and other factors at any time.
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this Policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.
You may receive information about your personal data that we store at any time, free of charge. You do not need to give reasons.
If personal data is inaccurate or no longer needed, you can also restrict, correct or delete such personal data.
In case the processing of your data is based on Art. 6(1)(f) GDPR (Legitimate Interest, cf. above) or your data is processed for direct marketing purposes, you have the right to object to the processing of your personal data.
You have the right to receive your personal data in machine-readable format and to transmit them to another person responsible in accordance with Art. 20 GDPR. You may revoke any consent to the collection and use of data given to us.
If you believe that the processing of personal data relating to you infringes data protection regulations, you may complain to a supervisory authority, in particular in the Member State where you are resident or the place where the alleged infringement occurred, without prejudice to administrative or judicial remedies.
If you have any questions that this policy could not answer, or if you require further information on a particular point, please do not hesitate to contact us at any time. You can reach our data protection officer by writing an e-mail to firstname.lastname@example.org.