Documentation Index

Fetch the complete documentation index at: https://learn.servitly.com/llms.txt

Use this file to discover all available pages before exploring further.

Preparing Legal Documents

Prev Next

In this article, you can find guidance on the content of the legal documents that users must accept to access the DPS, so you can prepare them before going to production.

The DPS is a web and mobile application that processes personal data during registration, authentication, and service delivery. Before accessing the service, users must explicitly accept the applicable legal documents, primarily the Privacy Policy and the Terms of Service.

In the Console, these documents are managed on the User Agreements page. This article focuses on the content you should prepare for each document and the steps to create, edit, translate, configure consent, and publish them (including their public URLs).

The definition of these agreements is the responsibility of the company to which the DPS belongs, and it is a mandatory step before moving the DPS to production. Use the guidance below as a starting point to discuss the content with your company lawyer.

Beyond the Privacy Policy and the Terms of Service, you can define additional agreements, for example, an acceptable use policy or specific terms governing data sharing with third parties (Data Act).
From the User Agreements page, you can target each agreement to the relevant users (Customer, Channel Partner, Data Recipient, and Organization) and decide whether their acceptance is mandatory and when (self-registration/login or digital plan purchase).

Privacy Policy

A Privacy Policy, in compliance with the GDPR, typically covers the following topics:

  • Introduction about how the company takes care of users' privacy.
  • Kind of collected data (e.g., contact information, GPS, IP, phone numbers).
  • A description of how the collected data is used.
  • Where data is stored or transferred.
  • Links to other websites.
  • Data disposal and update.
  • Personal information rights.
  • Contacts.

Categories of processed Personal Data

Servitly allows configuring properties to collect and manage personal data, such as:

  • Personal data: name, surname, address, company role.
  • Contact details: e-mail, phone number (home phone, mobile phone, fax).
  • Other data that the Console user can decide to add.
  • Other data that may be added from the Console, pursuant to the Servitly license.

Moreover, some of the metrics published by the connected devices may be used to infer user habits. For instance, the thermostat temperature set point can be used to determine when the user is at home.

Categories of stakeholders to whom the Personal Data refer

  • Consumers.
  • End users.
  • Employees of the customers, channel partners, data recipients, or organizations.

Places where treatment operations are carried out

  • Cloud provider Data Centers.
  • Operational offices.

Duration of treatment

  • Duration of the contract stipulated for the provision of the product services, except as provided for by law.

Purpose of the processing

  • Execution of the contract for the provision of the product services.

Controller and Processor entitlement

Within the Privacy Policy, you must clearly report which are:

  • Data Controller: determines the purposes for which and the means by which personal data is processed. Generally, it is the company/organization that owns the DPS application and has a legal contract with the end-users of the DPS.
  • Data Processor: processes personal data only on behalf of the Data Controller. The Data Processor is usually a third party external to the company (e.g., a system integrator or Servitly itself).
Sensitive data management not allowed

In accordance with article 9 of the GDPR, Servitly does not authorize the Customer to use Servitly in such a way that the Customer may collect and record Personal Data belonging to special categories, for instance, those that reveal racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership. The prohibition also includes genetic data; biometric data intended to uniquely identify a natural person; data related to health; and data related to the sexual life, sexual orientation, or judicial status of the person.

Terms of Service

A Terms of Service agreement is required to protect the parties involved in service provisioning and usage. Typically, it contains sections pertaining to one or more of the following topics:

  • Disambiguation/definition of keywords and phrases.
  • User rights and responsibilities:
    • Proper or expected usage; definition of misuse.
    • Accountability for online actions, behavior, and conduct.
    • Payment details such as membership or subscription fees.
    • An opt-out policy describing the procedure for account termination, if available.
    • Arbitration, detailing the dispute resolution process and limited rights to take a claim to court.
  • Disclaimer/Limitation of Liability, clarifying the service's legal liability for damages incurred by users.
  • User notification upon modification of terms, if offered.

Compliance with additional regulations

Depending on how your DPS is used, your legal documents may need to address further regulatory obligations beyond the GDPR. Review these requirements with your company lawyer and reflect them in the Privacy Policy, the Terms of Service, or any additional agreements.

If your DPS enables data sharing with users and third parties under the Data Act, make sure your legal documents also address the following points:

  • The categories of data made available and, where relevant, how they are generated by the connected products.
  • The conditions under which users and authorized third parties (Data Recipients) can access and reuse the data.
  • The terms governing data sharing, including any applicable fees for third-party access.
  • The users' rights to authorize, manage, and revoke third-party access to their data.