This Data Protection Policy (this Policy) and any other documents referred to in it set out the basis on which NAVIEN LIMITED (the Company) will process any User Data in the course of the provision of the Service.
The following definitions apply in this Policy. Any terms that are not defined in this Policy shall be interpreted in accordance with relevant legislation, regulations and/or plain English explanations.
Agreement: Terms of Service that stipulate the rights and obligations of the Company and the User in relation to the use of the Service provided by the Company.
App: NAVIEN WiFi SMART TOK Room Controller, which is a mobile application software (to be connected to the Boiler Products) available on the Company’s website for the User to download and install onto their smartphone.
Boiler Products: the boiler products connected to the App via smartphones.
DPA: the Data Protection Act 1998.
Data Protection Officer: the individual described and identified in clause 10.
ID: a combination of letters, characters or numbers supplied by the User in order to identify themselves for the purpose of using the Service and protecting User Data.
Navien Smart Care (the Service): the services to be provided by the Company under the Agreement in connection with the User’s downloading and installing of the App which consists of:
Passwords: a combination of letters, characters or numbers supplied by the User for the purpose of logging in to access and use the Service and for protecting User Data.
User: the user who uses the Service provided by the Company under the Agreement.
User Pay Service: any service as part of and/or in addition to the Service which the Company may introduce from time to time for a fee payable by the User to the Company.
User Data: personal information, including financial information, provided by the User to the Company in the course of using the Service and personal information of the User collected by the Company in the course of the provision of the Service. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and behavior.
Processing: any activity that involves use of User Data. It includes obtaining, recording or holding User Data, or carrying out any operation or set of operations on User Data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
The Company shall comply with the eight enforceable principles of good practice as follows:
and User Pay Service for the purpose of conducting the following activities:
4.2 User Data that may be collected and processed by the Company includes, but is not limited to:
The Company may process User Data for a period of up to 3 years immediately after the cancellation or termination of the Service by either the Company or the User. The Company will endeavor to delete the data immediately but where this is not possible in certain cases the data is stored and archived until such time it can be expunged.
Where User Data are not required for the purpose of the provision of relevant services or products provided by the Company, subject to clause 5, the Company shall use reasonable endeavours to destroy User Data in the following manner immediately after the cancellation or termination of the Service howsoever arising:
The Company will take appropriate and proportionate security measures against unlawful or unauthorized processing of User Data, and against the accidental loss of, or damage to, User Data. The Company shall have in place procedures and technologies to maintain the security of all User Data from the point of collection to the point of destruction as follows:
The Data Protection Officer is responsible for ensuring compliance with the DPA and this Policy and dealing with complaints or suggestions from the User. Any questions about the operation of this Policy or any concerns that this Policy has not been followed should be referred in the first instance to the Data Protection Officer. The post is held by:
Name: Jang-Won Kim
Department: Information Management Team
Telephone: +82 2 3489 2280
Email address: firstname.lastname@example.org
The Company reserves the right to change this Policy at any time as required by any relevant legislation, regulations, or its Policy. The Company will notify the User of those changes no later than 7 working days prior to the changes to take effect by way of announcements displayed on the Company’s website (www.navienuk.com) or by emails or SMS.