Product Privacy Notice

This Product Privacy Notice outlines how Phoniro AB (referred to as “We”) will process and protect the personal data of End Users (referred to as “You”) who use Phoniro Care (Software as a Service – SaaS), Phoniro Care (on premise), Phoniro E-visit, Phoniro 6000 (on premise), Phoniro 6000 (SaaS), Phoniro Lock Devices, Home Care App, Senior Living App or the PI App (collectively referred to as the “Services”).


As the Data Controller for the data processing activities described in this notice, We are responsible for processing your personal data in compliance with data protection legislation. Our company, Phoniro AB, is registered in Sweden under number 556636-2538, with a registered address at Rörkullsvägen 4, 302 41 Halmstad.


We are committed to respecting your privacy and will only process your personal data to the extent necessary to provide the Services and for specific purposes. We take measures to anonymize or statistically aggregate the information We collect whenever possible. Please read this notice carefully to understand how We will use and protect your personal data, We determine the processing purposes and means listed in the tables below. 


Please note, additional personal data is processed for further purposes within the Services We offer under your organisation’s Service Administrator’s supervision. Typically, this Administrator is your employer or a related contracting party. In this context they act as own data controller and decide how your data is processed. We act as a service provider or Data Processor on their behalf. Please refer also to their Privacy Notice for more details. 


Personal data We collect, Uses of your data, Lawful basis, and Retention period 


1. Applies to Phoniro Care (SaaS), Phoniro E-visit, Phoniro 6000 (SaaS), Phoniro Lock Devices, Home Care App, Senior Living App, and PI App.


Processing Purposes 

Personal Data 

Lawful basis 

Retention period 

To administer the Services, ensure reliability, and that content is presented in the most effective manner for you and your device 

  • User ID

  • Password

  • Device type and model

  • Browser type and version 

Contract 

3 months

 

To identify aspects of the service which could be improved, ensure quality, and provide you with the latest updates and improvements 

  • Device model and firmware 

  • Operating system, version 

  • System Software, version 

  • Error Logs 

Legitimate Interest 

3 months 

To secure and protect against malicious attempts, identify, and prevent fraud or other unlawful activity 

  • IP address 

  • Session logs 

Legitimate interest 

3 months 

To analyze and evaluate our Services, collect surveys and statistics, crash reports 

  • Analytics data, regarding device information and usage of our services, such as battery status, relying on cookie or similar technologies 

  • Crash data, short event log in the run up to a crash 

Consent 

6 months, then anonymized 

 

3 months 


2. Applies to Phoniro Care (on premise), Phoniro E-visit, Phoniro 6000 (on premise)  


Processing Purposes 

Personal Data 

Lawful basis 

Retention period 

To analyze and evaluate our Services, collect surveys and statistics, crash reports 

  • Analytics data, regarding device information and usage of our services, such as total number of messages sent, relying on cookie or similar technologies 

Consent 

6 months, then anonymized 

 


We may also collect anonymous data regarding the number and type of installed products, service modules, and total number of users in our Services for billing related purposes based on our contract.  


Sharing and Disclosure of personal Information 


We may disclose your personal information to a third party for business purposes related to the processing activities above. When We disclose personal information for a business purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We process your personal data within the EU/European Economic Area (“EEA”). 


We may transfer your personal data for the purposes set out above, 


  • To a relevant ASSA ABLOY group entity, when providing ASSA ABLOY Group internal services. 

  • To third party business partners who provide services connected to the purposes defined above. 

  • Our customers, channel partners or their agents with whom you have engaged in a business relationship or contract. 

We will disclose your personal information to third parties: 


  • In the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets. 

  • If We are under a duty to disclose or share your personal data in order to comply with law or any other legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of us, our customers, or others. 

Security 


We maintain reasonable security measures (including physical, electronic, and administrative) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, We limit access to personal data to authorized employees and contractors who need to know the information in the course of their work tasks. 


We take your safety and security seriously and We are committed to protecting your personal information. All information you provide to us is stored on secure servers. Where We have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 


Please be aware that, although We endeavor to provide reasonable security measures for personal data, the transmission of information via the internet is not completely secure. No security system can prevent all potential security breaches. 


Your rights 


Data protection legislation gives you the right to access, rectify or erase information held about you. Your right of access can be exercised in accordance with the data protection legislation. You can exercise these rights at any time by emailing us at privacy@phoniro.com and request the following: 


  • Where processing of your personal data is based on consent, you can withdraw consent at any time; 

  • To ask for an access to your personal data that has been processed by us; 

  • To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing; 

  • to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest; 

  • To ask for the information We hold about you to be rectified if it is inaccurate or incomplete; 

  • To ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, and there are no overriding legitimate ground for processing, the data is unlawfully processed or the data needs to be erased to comply with a legal obligation; 

  • To ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected, or you exercise your right to object (pending verification of whether there are legitimate grounds for processing); and 

  • To ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract; 

The Regulator 


We designate the Swedish Data Protection Authority as the supervisory authority for the processing of your data. If you have a complaint regarding our processing of your personal data you are entitled to report this to the Swedish Data Protection Authority (IMY) at Box 8114, 104 20, Stockholm, Sweden. Details of the Swedish Data Protection Authority can be found here. 


Links 


This Notice may, from time to time, contain links to and from external websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. 


Changes to our Privacy Notice 


Any changes We make to our privacy policy in the future will be posted on the relevant section of our Service. Please check back frequently to see any updates or changes to our Privacy Notice. 


Contact 


Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to Phoniro AB, Rörkullsvägen 4, 302 41 Halmstad or please email privacy@phoniro.com .  


Last updated January 2025