Last Updated: August 17, 2020
IOTAS, Inc. (“IOTAS,” “we,” “us”) realizes we are a guest in your home and that your home is a sacred place where you retreat to for rest, solace and relaxation. Our goal is to partner with you to use the information and data our products and services collect to keep your home comfortable, safe and secure.
We recognize that you are not our “user,” but a human being. We also recognize that your goals in life may not include the use of IOTAS products and services, but we want to be sure you know we are committed to treating you first and foremost as a human being, not a user. Our commitment not only extends to respecting your privacy, including being transparent about our use of your information, but also about the way you experience IOTAS products and services as a whole.
The collection of information from our smart devices (locks, thermostats, switches, outlets) and sensors (doors and leak detectors) is necessary for us to provide our services, but in a world where data breaches and identity theft make the front page daily, we take the privacy and security of your personal information seriously. We are awed by the ways in which technology can be used to benefit humankind such as through conservation of resources (like water and electricity) and providing greater physical security. With that in mind, everything we learn about you and your home is intended to make your experience better.
We believe transparency inspires confidence and this Privacy Notice is part of our effort to achieve that.
We also want to make clear why we need to use your personal information to make IOTAS Smart Apartments work, with whom we share it and when, and how we keep it safe – along with giving you the necessary tools and options to manage and protect that information.
When you use the IOTAS Connect Hub (the “Hub”), including any integrated smart devices or sensors, sign on to one of the IOTAS Applications (IOTAS Home, IOTAS Connect Pro, or any custom branded IOTAS applications that link to this Privacy Notice, collectively “Apps”), or visit our Websites (https://www.iotashome.com/ or https://property.iotashome.com), you share your personal information with us in various ways. Sometimes we collect it directly from you and other times, we use technology to automatically collect personal information.
This Notice applies to our Hub, Apps, Websites, and any other sites or products that display these terms (collectively, our Services). It does not apply to any website, mobile app, service, or product that does not display or link to this Privacy Notice or that contains its own privacy notice. If you do not agree with our policies and practices, please do not use our Services. By accessing or using our Services, you agree to use of your personal information as described in this Notice.
How we collect personal information
As noted previously, we may collect personal information from you directly or indirectly through various mechanisms including the Hub, Apps, our Websites, from third parties or at industry events you attend.
In addition, through our Hub we collect data, referred to as “event data”, when an integrated device, such as a smart thermostat or switch, or sensor, such as a door sensor or leak detector is activated. For example, when a light is turned on or your door opens, these “events” are then collected by the Hub.
We collect personal information when you provide it
As described previously within this Notice, you may provide certain kinds of personal information directly by interacting with IOTAS though the Hub, Apps, Website, social media, and offline (via phone, email, in person – or even through regular old postal mail).
Whether you’re a resident, property manager, or third-party installer, when you register for an account with us (or one is created for you by your property management company), we will receive certain information that may include your name, email, physical address, and your phone number. You will also create a username and password, information that on subsequent visits helps us confirm your identity and makes it easier to use our services.
We will also collect personal information directly from you when you fill out a form on our Website or if you provide your information to us when you attend an industry event.
We collect personal information from third-party sources
We receive certain event data from third party sources (like Google® and Amazon®) where you agreed to have that data shared with us. We also receive your name, email and move in/out dates from property management companies using a property management solution.
We may also collect personal information about you from third parties, such as online social networks if you take part in a forum, for example, on Facebook or when you click “Share This” or “Like” buttons or otherwise use social media buttons or plug-ins available on our Website.
We collect personal information using automated technologies
Sometimes personal information is collected by automated technologies and shared with us, for example when you use our App or when you visit our Website. We may collect your device ID (typically a phone or tablet identifier), IP address or track your browsing actions.
We will not knowingly collect information from individuals under 16 years old
We will never knowingly collect personal information from anyone younger than 16 years. All Services we offer are for individuals 16 or older. We do recognize that our Hub, and the third-party appliances or devices you integrate with our Hub, have no way to differentiate the behavior of specific smart home residents, some of whom may be younger than 16. However, if we become aware that personal information of anyone younger than 16 has been provided to IOTAS, for any purpose, we will delete the information from our files.
Some web-browsers offer a “Do Not Track” privacy preference. Generally, when a user turns on the Do Not Track Signal, their browser sends a message to websites requesting that the user not be tracked. Our Website currently does not respond to “Do Not Track” signals.
How we use personal information
Our Hub and Apps necessarily require that we use your personal information in order to provide and improve the services we deliver. We also need some personal information to improve our Website, understand what content is relevant to our Website visitors and respond to inquiries. Because we know your personal information is important to you, we want to be as transparent as possible in explaining how we use that information.
Here are the ways we use personal information based upon how we receive it:
|Where Information is Collected||Who||Type of Information||How we use it|
|Hub||Residents||Hub event data.||
|Name, email address, phone number, mailing address, username, password, IP; government issued identification information (only for prospective tenants scheduling a self-guided tour).||
|Third Parties||Residents||Event data,
Contact details (name, email address, physical address, phone number)
|Website||Website visitors||Name, role, email address, phone number, property information including property name and mailing address (where Webforms are used).
IP address, referring page, pages visited on the Website and content viewed
|In Person||Tradeshows or other similar events||Name, email, phone number||To respond to inquiries about our products and services.|
We also use any personal information we collect to:
- To provide access and maintain the security and integrity of the Services.
- To communicate updates regarding the Services and provide marketing information, such as special promotions, etc. (as permitted by applicable law).
- To comply with legal and regulatory requirements applicable to our business and internal policies for maintaining records.
- To protect all parties (residents, managers, installers, IOTAS employees) in the event of disputes.
- For any other legal, business, or marketing purposes that comply with the practices described in this Notice.
When we share personal information
Once your personal information is received by IOTAS, as detailed above, we may share it with other parties for various reasons. Please note that when we share your personal information with a third party, we require that third party to protect the information consistent with this Notice and limit its use of the information to performing the services they provide to us.
Data shared with property owners and managers
We understand you want to control who may have access to your information. Please be assured that the only data we share with property owners and managers is the information you provided to your property management company (limited to name and email address) and aggregated event data (data containing no personal information) except where a leak detection sensor is activated or temperature spike occurs. When this happens, our systems will trigger a notification to the property manager or owner that provides the event data and affected unit number so the property manager or owner can promptly investigate.
We share personal information with select third parties
Event data collected through IOTAS integrated devices and sensors is shared with third party services when you have integrated them, such as Alexa® and Google Assistant®.
We may also share your personal information (name and unit number) with third parties the property manager has chosen to integrate with such as access entry (door lock) solutions.
In addition, for prospective tenants taking advantage of our Prospect Tour self-guided tour service, our Apps may facilitate your ability to provide certain personal information, including government issued identification information, directly with the third-party identity verification provider. This information will be secured by the third-party provider and only used to verify your identity.
Our vendors help us understand how our Website and Apps are used
IOTAS uses the Google® Analytics product Firebase® to study how users interact with our Website and Apps to keep them secure and available.
If you make a public post, other users may see it
We would love for you to promote our products and services, and maybe it goes without saying, but if you choose to make a post on a social media site, such as on Facebook, or by identifying us in your social media feed by tagging us using a hashtag (#iotashome, #iotas) or “at” (@iotashome), your personal information may be publicly available and is subject to the privacy policies of those third-party social media sites. As a reminder, this Notice describes how we will treat your personal information once it is in our possession.
We recommend you review the privacy policies of any third-party sites you visit to understand the data collection and use practices of that third party.
We may share feedback you provide to us
We want to hear how we’re doing. If you have suggestions for improving our products and services, we want those as well. We would be delighted to receive video testimonials from residents and property managers or owners. If you opt in, we may contact you to ask about your experience using IOTAS devices or get your opinion on our systems updates and projects. So please be aware that any feedback relating to our Hub, Apps or Website, or on social media channels may be publicly shared.
Eventual successors may access information
In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, any user information owned or controlled by us may be among the assets transferred to third parties as successors in interest. As part of this type of transaction, we reserve the right to transfer or assign your personal information to third parties. Other than to the extent ordered by a bankruptcy or other court, or as otherwise agreed to by you, the use and disclosure of all transferred user information will be subject to this Notice.
We need to comply with legal requirements
We may disclose your information to government authorities or other third parties if any lawful circumstances arise, including when:
- You have given us permission to share your information;
- We are required to do so by law, or in response to a subpoena or court order;
- We believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, or to protect our property or other rights or those of other users of the Website, Apps, third parties, or the public at large; or
How we secure personal information
We have implemented industry-accepted administrative, physical, and technology-based security measures to protect against loss, misuse, unauthorized access, and alteration of personal information in our systems. These safeguards include using encryption such as Transport Layer Security (TLS) and implementing measures, such as encrypting stored data, that limit access to data both technologically and physically. We ensure that any employee, contractor, or vendor who has access to personal information in our systems is subject to legal and professional obligations to safeguard that personal information.
While we strive to use commercially acceptable means to protect your personal information, no form of electronic storage or method of transmission over the Internet is 100 % secure. Therefore, we cannot guarantee its absolute security.
We understand that you want to protect and control your personal information. This section details how you may review, update, or delete your information.
Viewing or updating your personal information
We strongly encourage you to keep your contact information up to date. You may update your name and phone number by accessing your account on the relevant App or the Website. You can also email us at email@example.com, include “Update My Information” in the subject line and include the information you would like us to update.
Deactivating your account
You may deactivate your account any time after you create it. To deactivate your account, please send an email to firstname.lastname@example.org with “Deactivate Account” in the subject line. Upon receiving your request, IOTAS will deactivate your account and delete personal information where allowed or required by applicable law.
Opting out of Promotional Emails
If you do not wish to receive promotional e-mails from us, you may follow the unsubscribe process at the bottom of the promotional e-mail you received or by emailing us at email@example.com. Please keep in mind that you still may receive transactional e-mails from us (such as e-mails related to the completion of your registration, correction of user data, password reset requests, reminder e-mails you have requested, and other similar communications) that may be necessary for us to make the Services available to you or respond to your inquiries.
European Economic Area, Switzerland, or United Kingdom
We currently do not make our products and services available outside the United States. Specifically, our services are currently unavailable in the European Economic Area (EEA), including Switzerland and the United Kingdom (UK). We do not intend for our Services to be accessed by anyone in those jurisdictions. In the event we make our products and services available to people in those geographic areas, we will update these terms to ensure we reflect any additional rights reserved under applicable laws. Those updates will be made available within this Privacy Notice, in accordance with those regulations.
European Economic Area, Switzerland, or United Kingdom
Individuals from the European Union, including the United Kingdom, and Switzerland have certain rights associated with their personal information based on applicable law.
IOTAS is headquartered in the United States. Your personal information will be transferred to, processed, and maintained on computer systems located in the United States.
The United States currently is not a country the European Union has deemed “adequate” under applicable data protection laws. IOTAS collects, transfers, and processes personal information under terms required by applicable law, including: when you provide your consent, to perform a contract with you (such as to deliver products or services), or to fulfill a compelling legitimate interest of IOTAS in a manner that does not outweigh your rights and freedoms. IOTAS may enter into data protection agreements or other legally approved mechanisms with its vendors to support compliance with applicable law.
We have taken appropriate safeguards to require that the personal information we process will remain protected in accordance with this Notice when transferred internationally, including when processed internationally by third-party service providers and partners. The safeguards we have taken include implementing the European Commission’s Standard Contractual Clauses, relying on a third-party service provider’s EU-U.S. or EU-Swiss Privacy Shield certification or Binding Corporate Rules, for any transfer of personal information to non-EEA third-party service providers or business partners.
Your data protection rights
- In addition to any of the general rights granted to you under this Privacy Notice, you have the following data protection rights:
- You can request access to, correction of, updates to, or request deletion of your personal information.
- You can object to the processing of your personal information, ask us to restrict the processing, or request portability of your personal information.
- You have the right to opt-out of marketing communications we send at any time. You can opt-out by clicking on the “unsubscribe” or “opt-out” link in any of the marketing emails we send you.
- When we have collected and processed your personal information based upon your consent, then you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect processing of your personal information where we have relied on other legal grounds for the processing.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
To make a request, please contact us at firstname.lastname@example.org with “Personal Information Request” in the subject line. Provide full details relating to your request, including your contact information and any other details you believe are relevant. We are committed to responding to requests to exercise data protection rights in accordance with applicable data protection laws.
California Consumer Rights
The California Consumer Privacy Act provides specific rights to those who live in the state of California. If you are a California-based consumer, as that term is defined under California law, this section shall apply in addition to all other applicable rights and information contained in this Notice:
- You have the right to request that we provide you with information about what personal information we collect, use, and disclose.
- You have the right to request that we delete personal information we, or our service providers, store about you.
- We will not discriminate or retaliate against you if you elect to exercise any rights under this section of our Privacy Notice.
- You may request that we not sell your personal information. We do not sell, rent, lease, or trade your personal information with third parties, except as described in this Notice.
- You have the right to designate an authorized agent to make a request on your behalf. Please see the Identity Verification Requirement below for information on our process for verifying we have received a legally valid request.
- If you are a California consumer and have additional questions based on this section of our Privacy Notice, email us at email@example.com, or complete the form available here. Be sure to check this Notice for updates, as we will review it at least every 12 months and make necessary changes.
Identity Verification Requirement
The law requires us to verify that any request submitted was made by someone with the legal right to access the information. Therefore, before accessing or divulging any information pursuant to a data subject access request, we may request that you provide us with additional information so we can verify your identity and legal authority.
To make a request, please contact us at firstname.lastname@example.org with “Personal Information Request” in the subject line and provide full details about your request, including your contact information and anything you believe is relevant. You may also submit a request by completing the form located here. We will provide a response to an access request within the timeframes required by law. If we cannot substantively respond in a timely manner, we will notify you and provide the reason for the delay.
Under certain circumstances, we may not fulfill your request, such as when doing so would interfere with our regulatory or legal obligations, when we cannot verify your identity, if your request involves disproportionate cost or effort, or where the law allows us to retain that information. But we will respond to your request within a reasonable time, as required by law, and provide an explanation.
This Privacy Notice will be updated to reflect our personal information handling practices. We reserve the right to amend this Notice at any time, for any reason, without additional notice to you, other than through posting the updated Privacy Notice. We invite you to periodically return to this page to ensure you are informed of any updates we make about how we collect, use, and protect customer information. You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the beginning of this Notice.
If you have questions about the way we handle personal information or you feel that we have failed to meet the privacy or security standards detailed in this Privacy Notice, please contact us:
1737 NE Alberta St.
Portland, OR 97211