In this article you can see how to prepare and configure the terms of service and privacy policy that DPS users must accept in order to gain access.
In the Console, by entering the Service / Agreements page you can configure the content of the Privacy Policy and Terms of Service agreements to be accepted by users during registration and first access to the DPS.
The definition of such agreements is the responsibility of the company to which the DPS belongs, and this is a mandatory step before going to production with the DPS.
Below you can find more details on how to set up agreements that you can discuss with your company lawyer.
Privacy Policy
A privacy policy, compliance to GDPR, typically contains the following topics:
Introduction about how the company takes care of users' privacy.
Kind of collected data (e.g. contact information, GPS, IP, phone numbers).
A description of how the collected data are used.
Where data are stored or transferred.
Usage of the cookies.
Links to other websites.
Data disposal and update.
Personal information right.
Contacts.
Categories of processed Personal Data
Servitly allows configuring properties to collect and managing personal data, like:
Personal data: name, surname, address, social security number, date of birth.
Contact details: e-mail, phone number (home phone, mobile phone, fax).
Data that the Customer can decide to add through the Servitly interface.
Data that may decide to add, pursuant to this mandate, the Customer upon explicit request to the Supplier.
Moreover, some of the metrics published by the connected devices may be used to infer user habits. For instance, the thermostat temperature set point can be used to determine when the user is at home.
Categories of stakeholders to whom the Personal Data refer
Consumers.
End users.
Employees of the customers, partners, or organizations.
Places where treatment operations are carried out
Cloud provider Data Centers.
Operational offices of Servitly.
Duration of treatment
Duration of the contract stipulated for the provision of the product services, except as provided for by law.
Purpose of the processing
Execution of the contract for the provision of the product services.
Controller and Processor entitlement
Within the Privacy Policy, you must clearly report which are:
Data Controller: determines the purposes for which and the means by which personal data is processed. Generally, is the company/organization that owns the DPS application, and that has a legal contract with the end-users of the DPS.
Data Processor: processes personal data only on behalf of the Data Controller. The Data Processor is usually a third party external to the company (e.g. a system integrator, or Servitly itself).
Sensitive data management not allowed
In accordance with article 9 of the GDPR, Servitly does not authorize the Customer to use Servitly in such a way that the Customer may collect and record Personal Data belonging to special categories, for instance, those that reveal: the racial or ethnic origin, political opinions, religious or philosophical convictions, union membership. The prohibition also includes data: genetic, biometrics intended to uniquely identify a natural person (for example, a group of photographs uploaded online, or at the airports where the image of the individual is scanned to identify it), related to health (also the simple one-hand wound), related to the sexual life or sexual orientation of the person, judicial (reveal the existence of criminal provisions susceptible of registration in the criminal register, or the quality of suspect or accused).
Terms of Service
A Terms of Service agreement is required to protect the parties involved in service provisioning and usage, typically it contains sections pertaining to one or more of the following topics:
Disambiguation/definition of keywords and phrases.
User rights and responsibilities.
Proper or expected usage; definition of misuse.
Accountability for online actions, behavior, and conduct.
Payment details such as membership or subscription fees, etc.
An opt-out policy describing the procedure for account termination, if available.
Arbitration, detailing the dispute resolution process and limited rights to take a claim to court.
Disclaimer/Limitation of Liability, clarifying the siteās legal liability for damages incurred by users.
User notification upon modification of terms, if offered.