Privacy AFRISOhome

Your data is yours – in particular, sensitive data like that from your smart home. This is very important to us and that is why we privacy takes centre stage in the architecture of our system.

Our principle: We do not process or store anything that is not necessary for the operation of your system. If processing or storage is necessary, this should not be attributable to you or your AFRISOhome.

Here you will find everything you need to know about privacy and data protection if you use one of our AFRISOhomes.

AFRISO-EURO-INDEX GmbH
Lindenstr. 20
74363 Güglingen
+49 (0)7135 102-0
info@afriso.de
Represented by the managing directors:
Dipl.-VW Elmar Fritz, Jürgen Fritz, Matthias Blasinger, Dr.-Ing. Jan Späth
Persons in charge of data processing:
IT administration Dipl.-Ing. (FH) Uwe Heuschele

Storage of Data

Each AFRISOhome works autonomously, which means that all data is stored locally on your AFRISOhome. Nobody can access this data except you, unless you give access to someone directly (via login) or indirectly (by activating a feature that requires access).

Proxy Server

In order to enable access to your AFRISOhome from outside your own home network, the data is transmitted in encrypted form over the Internet (via a proxy server operated by us). The data is not stored anywhere, but only transferred between your AFRISOhome and the respective application (for example, the AFRISOhome apps). Our proxy server is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information on their data privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).

Theoretically, we can read all communication between the app and the core.

If you do not want to use the proxy server, you can also operate your AFRISOhome in stand-alone mode.

Time

As soon as you have connected an AFRISOhome to the Internet, it updates its time. This is important for various features (time Homeegrams, position of the sun, etc.) and security-related aspects (validity of SSL certificates, etc.). AFRISOhome uses NTP (http://www.ntp.org) (industry standard) for this. You can use your AFRISOhome in stand-alone mode to prevent your AFRISOhome from obtaining the correct time from NTP. In that case, you can use the app to transmit the time of your mobile device to AFRISOhome.

Location (AFRISOhome)

For various features (current time, position of the sun, weather), AFRISOhome requires data about its location. By default, it gets this data via an interface provided by Google (industry standard). AFRISOhome sends the SSIDs of the WLAN networks it has scanned to this interface and thus obtains its location. You can find Google’s privacy policy here (https://policies.google.com/privacy).

If you do not want AFRISOhome to use this interface, you can disable automatic location detection in the privacy settings.

Location (Apps)

If you create a geofence for presence detection in the app, entering and leaving the area will be reported to your AFRISOhome, even if the app is in the background. The location is only stored on the mobile device to enable the geofence function; it is never transmitted.

Weather

In order to provide you with weather forecasts and to be able to use waether data in the programs, your AFRISOhome has to get this information from the Internet. The weather information is provided by Dark Sky (https://darksky.net). We operate our own weather server so that it is not necessary for each AFRISOhome to get the weather data directly from Dark Sky. This is where we store the weather for specific locations. Your homee only discloses its location to our weather server and then receives the weather for this location. So we do not store a relationship between AFRISOhome and location anywhere. Our weather server is hosted on AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information on their data privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).

If you do not want your AFRISOhome to get the weather data, you can simply disable the weather feature in the privacy settings.

Webhooks

The programs allow you to send webhooks. Please be aware that, depending on where you send webhooks, data may be stored there.

Push-Benachrichtigungen/ E-Mail-Benachrichtigungen

The messages are routed through our notification server. It is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information on their data privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).

Since we forward all messages to the respective (iOS/Android/Mail) notification services, we can theoretically see the entire message content,  including the AFRISOhome ID and the IP address. However, we have reduced logging to the bare essentials and only store the AFRISOhome ID to which the message is sent for a period of 3 months. We do not store the content of the messages anywhere.

Third-Party Web Services

All devices that you connect to AFRISOhome via one of the cubes/boards communicate locally with your AFRISOhome.

If you connect other equipment (for example, Netatmo devices), it is possible that your AFRISOhome does not communicate directly with the device, but with a web service behind the respective device. If this is the case, you provide AFRISOhome access data to these services when you add the device. If the service allows it (a good service should) we do not store the access data itself, but only an access token generated with it. This allows you to withdraw access to AFRISOhome from the respective service at any time.

Voice Assistants (Amazon Alexa, Google Assistant)

If you use one of the voice assistants with your AFRISOhome, the other party (Amazon, Google) will have access to an access token to your AFRISOhome. That means there is complete access to your AFRISOhome. You can withdraw this access in the AFRISOhome app at any time by disabling the respective service. In order to be able to connect AFRISOhome and the voice assistants, data is stored in different places. When you link (oAuth), your AFRISOhome ID and an access token with a short validity of one hour are stored on a server provided by us. This server is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information on their data privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).

Your AFRISOhome ID and an access token are stored at Amazon (AWS – https://aws.amazon.com/de/) while the voice assistant is in operation. Their privacy policy can be found here (https://aws.amazon.com/de/privacy/). We (AFRISO) cannot hear what you say.

AFRISOhome Analytics

In order to be able to further develop AFRISOhome in a targeted manner, AFRISOhome sends analysis data (if you have activated Analytics in AFRISOhome) to a server provided by us. This data is anonymised and cannot be traced back to your AFRISOhome. We’re not interested in that at all. We then collect the following statistics:

  • Total number of users and the distribution of the roles
  • Number of logged on to AFRISOhome (smartphone, tablet and web clients)
  • Number of PROgrams
  • Number and type of triggers
  • Number and type of conditions
  • Number and type of actions
  • Number of groups
  • Number of devices broken down by wireless technology
  • Amazon Alexa linked
  • Time zone in which AFRISOhome is located

We store this data for a period of 3 months and then delete it.

This data helps us to optimise AFRISOhome and the AFRISOhome apps. We host our analytics server at AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information on their data privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/). If you do not want that, it is best not to enable AFRISOhome Analytics at all – they are disabled by default. If you have enabled it and no longer want to send it, simply disable it again. You can do this, for example, conveniently in the privacy settings.

AFRISOhome Updates

Since we are constantly optimising AFRISOhome, we regularly publish updates. AFRISOhome checks daily whether an update is available. To do this, it connects to our update server. It is hosted by AWS (Amazon Web Services) in Frankfurt (https://aws.amazon.com/de/). Information on their data privacy policy can be found here (https://aws.amazon.com/de/compliance/data-privacy/).

If there is an update, your AFRISOhome will receive the download link and then download the update. We host the updates at Amazon (AWS – https://aws.amazon.com/de/). [You can find their privacy policy here](https://aws.amazon.com/de/privacy/). Since the installed AFRISOhome version is sent with the update check, we collect statistics on how many AFRISOhome are running with which version.

Support Access

In order to be able to solve a problem with your AFRISOhome, it may, in exceptional cases, be necessary to have direct access to your AFRISOhome. Of course, we cannot and do not want to activate this remotely – you have to do this yourself in the AFRISOhome apps when prompted. As soon as we have received the access data from you, we naturally have full access to your AFRISOhome (SSH). We then use it to diagnose the issue and find a solution. If you no longer want us to have access to your AFRISOhome, you can revoke it us at any time by disabling the support access.

App Analytics

If you use one of the AFRISOhome apps, we collect some statistical information about it. This cannot be traced back to you or your AFRISOhome. For example, it is important to us which version of the respective operating system you are using or whether your device is a smartphone, a tablet or a desktop computer (browser). We use this data to be able to better decide which operating systems etc. we still need to support, as these are still used significantly.

We use Amplitude (https://amplitude.com) as a service for collecting statistical information. You can find their privacy policy here (https://amplitude.com/privacy).

We collect the following statistical information:

  • Device: Manufacturer, model, operating system, language, country
  • App: Version number, name, environment (beta/stable)
  • Number of connected AFRISOhomes in the app
  • App settings: Dashboard welcome text active yes/no, dark mode
  • App events: Opening of specific screens

If you do not want your AFRISOhome app to send this data, you can disable app analytics in the privacy settings.

App Crash Reporting

If your AFRISOhome app crashes, it will send us a crash report so that we can investigate the reason for the crash more closely. We can only see which function was executed when the app crashed, what kind of device you are using and which version of the AFRISOhome app you have. This data cannot be traced back to you or your AFRISOhome.

We use Bugsnag (https://www.bugsnag.com) as the service for collecting the reports. You can find their privacy policy here (https://docs.bugsnag.com/legal/privacy-policy).

If you do not want your AFRISOhome app to send this data, you can disable app crash reporting in the privacy settings.

General

Data will only be passed on to third parties within the framework of statutory requirements. We pass it on if this is necessary for the performance of the contract as per article 6, paragraph 1 (b) GDPR, if we are obliged to do so due to legal obligations as per article 6, paragraph 1 (c) GDPR, or we have a legitimate interest in the economic and effective operation of our business as per article 6, paragraph 1 (f) GDPR. This includes the disclosure of such data to affiliated companies.

Within the scope of processing of personal data by third-party processors as per article 28 GDPR, we use service providers for the operation and maintenance of our information technology systems, who may receive knowledge of your personal data. We have, therefore, taken appropriate legal, technical and organisational measures with such service providers to ensure the protection of your personal data in compliance with the statutory provisions. Your personal data will neither be disclosed to a third country nor to an international organization.

If we process your personal data, you are the data subject within the meaning of the General Data Protection Regulation (GDPR) and have the following rights: right of access (article 15 GDPR), right to rectification (article 16 GDPR), right to erasure (article 17 GDPR), right to restriction of processing (article 18 GDPR), right to data portability (article 20 GDPR), and right to object to processing (article 21 GDPR). In addition, you have the right to complain to a supervisory authority in charge of data protection and privacy. If you request for information and do not do so in writing, we we may request you to provide evidence that proves that you are the person you claim to be.

You can contact our data protection officer by e-mail to datenschutz@afriso.de or via our postal address with the addition “The data protection officer”.

Deletion of Data

We will be happy to delete data that can be traced back to you or your AFRISOhome on request. Simply send us an e-mail with the subject “deletion request” to info@afrisohome.de

Have fun with you AFRISOhome,

AFRISO-EURO-INDEX GmbH