Privacy Policy – Symphony Cloud

We operate a cloud-based communication solution focusing on applications for security, safety and productivity that is available through a web interface as well as a mobile application (Symphony). Once you have completed your registration or subscription, we will e-mail you a confirmation message with a link for confirming your registration or subscription. Your registration and your subscription request will be reviewed by an administrator, who will either approve or decline it. You will then be notified by e-mail whether or not your application has been approved.

Registration:

To create your Symphony account, you need to provide the following personal details in course of the registration process:

• First name
• Last name
• Company name
• Company address
• Company country
• E-mail address
• Password

The processing of these personal data is required to set up your Symphony account and therefore necessary for the performance of our (pre)contractual obligations. Not providing the personal data mentioned above will prevent us from establishing your Symphony account.

Subscription:

In course of requesting a fee-based Symphony subscription, you need to provide the following personal details:

• Details of the chosen subscription model
• Payment details

The processing of these personal data is required to handle your Symphony subscription and therefore necessary for the performance of the contract with you. Not providing the personal data mentioned above will prevent us from accepting your Symphony subscription.

Use of Symphony:

We process the following personal data when you use Symphony:

• IP address
• Logfiles, especially configuration changes of claimed devices and systems, historical door calls with subsequent actions such as door open, role sharing, etc.
• Images, videos and audio processed via Symphony and stored in the cloud
• Video-Snapshots
• Pictures of call buttons
• Contact List entries
• User Management on device
• Any free form field entry

The processing of these personal data is required to provide you with the Symphony services and therefore necessary for the performance of the contract with you. Not providing the personal data mentioned above will prevent us from providing you with the Symphony services.

If you use the voice assistant services, we process contact details of the employees managing the services as this is necessary for the performance of the contract with you. Not providing the personal data mentioned above will prevent us from providing you with the Symphony services. Besides, we process as your data controller voice records and transcripts thereof based on the concluded data processing agreement.

Analysis:

To be able to optimise our Symphony services, the following personal details will be collected while you use Symphony:

• Last login
• Number of logins
• Duration of use
• Downloads
• Images, videos and audio processed via Symphony and stored in the cloud
• Configuration changes within the system and on connected devices in case they contain personal information, e.g. contact names

The processing of these personal data is necessary for the purposes of our legitimate interests in optimising and improving our Symphony services.

If you use the voice assistant services and the data subject concerned consented to the processing of voice data for training purposes, we process the following personal data for anonymization and subsequent training:

• Voice recordings
• Transcripts

Sharing:

You have the possibility to share your Symphony services with others. Therefore, you may send invitation e-mails to such persons via our Platform. We process the provided e-mail-address of the invited third party for the purpose of sending the invitation link to the registration form, only.

Personal data in course of our Symphony services will be processed mainly within the European Union. For specific purposes and based on the following legal basic we process personal data also outside the European Union for distribution based on either data processing agreements including supplementary measures or adequacy decision. See specific partners and territories here.

We may entrust your personal data in the extent necessary to the following external service providers (data processors) that support us with the performance of our Symphony services:

• IT-service providers and/or providers of data hosting solutions or similar services;
• Other service providers, providers of tools and software solutions that support us with the performance of our services as well and operate on our behalf (includingp providers of marketing tools, marketing agencies and communication service providers).
• Platform service providers that provide integrated services, or parts of, such as mobile notifications and authorisation tokens.
• Distribution partners.

All our data processors process your data only on our behalf and on the basis of our instructions so that we can provide you with our Symphony services.

Apart from that, we transmit your personal data in the extent necessary to the following recipients (controllers) :

• Potential third parties that are participating in the provision of services to you for the fulfilment of our contractual obligations (e.g. banks for processing of the payment, payment service providers)
• External third parties on the basis of our legitimate interests in the extent necessary (e.g. auditors and tax consultants, insurances in case of insured events, legal representatives in case of incidents);
• Authorities and other public entities in the extent legally necessary (e.g. financial authorities).
• Distribution partners to the extent that such transfer is based on overriding legitimate interests, required for the fulfilment of (pre)contractual obligations or based on data subject's consent.

Your registration data will be stored until you delete your Symphony account.

Your subscription data will be stored until the end of your subscription and afterwards until the end of applicable legal retention periods (seven years from the end of the relevant business year).

Otherwise, we delete your personal data as soon as the purpose for which we have collected and processed the data ceases to apply. Beyond this point in time, data is only stored if this is required by the laws, regulations or other legal provisions of the European Union or of a member state of the European Union to which we are subject.

You may at any time request information about the stored data concerning you. Moreover, you may under certain circumstances request rectification or erasure of your data. You do furthermore have the right to restrict processing as well as the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

Moreover, you have the right to object to the data processing if the processing serves the purpose of direct marketing. As far as we process your data for legitimate purposes, you additionally have the right to object on grounds relating to your particular situation.

In case of violations you have the possibility to lodge a complain with a supervisory authority. The authority responsible for us is: Österreichische Datenschutzbehörde (www.dsb.gv.at)

Should you have any questions, you can of course contact us as well :
Commend International GmbH
Saalachstraße 51
A-5020 Salzburg
Tel. +43-662-85 62 25
Fax. +43-662-85 62 26
E-mail office@commend.com