APIFIRE SYSTEM
PRIVACY POLICY
Effective date: 14 March 2025
Last update: 14 March 2025
1. Introduction and Definitions
At Bertelli & Partners, we know that you care about how your personal
information is used and shared, and we take your privacy seriously.
This policy describes how we process your Personal Data when you use our
Services.
In this policy, the terms and expressions used below have the following
meanings:
-
Personal Data: any information that allows, directly or indirectly,
to identify you;
-
Services: the software, hardware supports, websites, Mobile
Applications, and programming interfaces necessary for the functioning of
the ApiFire System;
-
ApiFire System: advanced control system based on Mobile Applications,
software and hardware components, and cloud platform for remote control,
management, scheduling, and analysis of Smart Devices;
-
Mobile Applications: the ApiFire User App (mobile application that
allows the end consumer user to remotely control and schedule Smart Devices)
and ApiFire Technician App (mobile application that allows the technician
user authorised by the Manufacturer to remotely view and set up Smart
Devices);
-
Smart Devices: non-standard computing devices produced and/or
manufactured by the hardware Manufacturer and equipped with an interface for
wireless data transmission, in particular wood and pellet heating monobloc
fireplaces, wood and pellet stoves, pellet boilers, and insert fireplaces;
- Manufacturer: the manufacturer of your Smart Devices.
Bertelli & Partners SRL with registered office in Angiari, Viale Europa
188/270 (hereinafter "B&P", "we", "us", "our") is the data controller of
the processing described below. As the data controller, we process Personal
Data in accordance with this policy.
2. Processed Personal Data
To provide you with our Services, we process your Personal Data. If you do not
provide the necessary Personal Data, we will not be able to provide you with
the Services.
Information collected with your consent
-
Contact Data (such as name and surname, email address, address, and
phone number): we collect this information when you create an account. The
information is necessary to use the Services;
- Account Credentials: necessary to use the services;
-
Location of smartphone/tablet and IP address (only for ApiFire User
App users): we collect this information when you use the weather service.
You may choose not to provide this information, but we will not be able to
provide you with the relevant Services.
Information collected automatically
The following Personal Data is necessary for the performance of the contract;
if we do not collect this information, we will not be able to provide you with
the Services.
-
Specifications of smartphone, tablet, pc: when you use the Services,
we collect information about your smartphone, tablet, or pc, such as model,
IP address, connection information, type and version of the operating
system, version of the Mobile Applications;
-
Specifications of Smart Devices: when you connect Smart Devices to
our Mobile Applications, we collect information about them, such as model
and ID of the Smart Device, update version, production date, installation
date;
-
Technical Data of Smart Devices: we process information provided by
the Smart Devices, such as ambient temperature, operating temperature,
ignition status, weekly scheduling, activation times;
-
Technical Data of Interventions: we process information related to
interventions performed by authorised technicians on your Smart Devices,
collected by the technicians themselves through the ApiFire Technician App,
such as date and time of the intervention, reported and resolved issues,
actions performed by the technician;
-
Location of Smart Devices (only for ApiFire User App users): when an
authorised technician installs your Smart Device, through the ApiFire
Technician App we collect the location of the Smart Device using the
localization tools on the technician's smartphone or tablet;
-
Location of smartphone/tablet and IP address (only for ApiFire
Technician App users): when you install a Smart Device, we collect your
location using the localization tools on your smartphone or tablet;
-
Usage Data: every time you interact with our Services, we
automatically receive and record information related to visits, clicks,
downloads, cookie information, browser type;
-
Unique Identifiers: when you use the Services through third-party
applications and/or products (e.g., virtual voice assistants), we create a
link between your ApiFire User App account and your third-party application
and/or product account, generating a unique identifier code that we transmit
to third parties.
3. Purposes and Legal Bases
We process your Personal Data for various purposes:
-
Provide and improve the Services: the data provided to create your
account, data related to your smartphone/tablet, your Smart Devices, and
data provided by them, and unique identifier codes allow us to provide you
with our Services. We use the same data to analyse, monitor, develop, and
ensure the operation of the Services, as well as to manage contact and
support requests. The legal basis for these processing activities is the
performance of the contract under our Terms of Use - art. 6 (1) (b) GDPR;
-
Account management and personalization: we process your account
information, location data, usage data, and information provided by Smart
Devices to provide you with additional services (e.g., weather service). The
legal basis for these processing activities is your consent - art. 6 (1) (a)
GDPR;
-
Non-marketing communications: we process your contact data to send
you important information regarding the Services, changes to our terms,
conditions, and policies, and/or other administrative information. Since
this information may be important, it is not possible to opt-out of
receiving such communications. The legal basis for these processing
activities is the performance of the contract under our Terms of Use - art.
6 (1) (b) GDPR;
-
Marketing communications: we process your contact data, even if
transmitted to/from third parties or collected from public lists, to send
you promotional materials or information, even personalised, regarding our
Services that we believe may interest you or for other marketing purposes.
The legal basis for these processing activities is your consent - art. 6 (1)
(a) GDPR.
-
Research and analysis: we process Personal Data, even if transmitted
to/from third parties or collected from public lists, for research,
innovation, and development of new products and/or services, as well as for
internal analysis and audits. The legal basis for these processing
activities is our legitimate interest in improving and developing the
Services and our business - art. 6 (1) (f) GDPR;
-
Improvement of the experience: we process Personal Data, even if
transmitted to/from third parties or collected from public lists, to improve
your user experience. The legal basis for these processing activities is our
legitimate interest in improving the user experience and our Services - art.
6 (1) (f) GDPR;
-
Compliance with legal obligations: we process Personal Data to comply
with laws, regulations, court orders, or other legal obligations or to
assist in an investigation, to protect and defend our rights and property,
or the rights or safety of third parties, to enforce our Terms of Use, this
Privacy Policy, or agreements with third parties, or for crime prevention
purposes. The legal basis for these processing activities is compliance with
legal obligations to which we are subject - art. 6 (1) (c) GDPR
-
Prevention of crimes and contractual breaches: we process your
Personal Data to (a) enforce our terms and conditions; (b) protect our
operations, activities, and systems; (c) protect our rights, privacy,
security, or property and/or those of other users, including yourself; and
(d) enable us to pursue available remedies or limit the damages we may be
liable for. The legal basis for these processing activities is our
legitimate interest in protecting our assets - art. 6 (1) (f) GDPR.
4. Data Sharing
We share your Personal Data with third parties for the following purposes.
-
Operation and maintenance of the Services: we share your Personal
Data
-
with other users of the ApiFire System:
-
if you are a user of the ApiFire Technician App:
-
your contact data is freely visible to users of the ApiFire User
App and the Manufacturer;
-
when you install a Smart Device, we share the relevant location
with the Manufacturer;
-
when you perform an intervention on a Smart Device, we share
your contact data and the intervention data with the
Manufacturer and the technicians who have performed or will
perform interventions on the same Smart Device.
The legal basis for these processing activities is the legitimate
interest of the users of the ApiFire User App to receive technical
assistance and the legitimate interest of the Manufacturer to
conduct analysis activities - art. 6 (1) (f) GDPR;
-
if you are a user of the ApiFire User App:
-
when a technician installs your Smart Device, we communicate the
specifications of the Smart Device and its location to the
technician in question and the Manufacturer.
The legal basis for the processing is the legitimate interest of
the Manufacturer and the technician to carry out analysis
activities - art. 6 (1) (f) GDPR;
-
when you request technical assistance for your Smart Device, we
communicate your contact details to the technician managing the
service centre, the technician who will carry out the
intervention, and the Manufacturer of the Smart Device in
question;
-
when a technician performs an intervention on your Smart Device,
we communicate the specifications and technical data of the
Smart Device and the data of the interventions carried out on it
to the technician; the specifications of the Smart Device and
the data of the interventions carried out are also communicated
to the Manufacturer.
The legal basis for the processing is the necessity to carry out
the requested technical assistance intervention (art. 6 (1) (b)
GDPR) and the legitimate interest of the Manufacturer to carry out
analysis and development activities of the Smart Devices (art. 6
(1) (f) GDPR);
-
we communicate the technical data of your Smart Devices to the
users of the ApiFire System authorised by you;
-
your email address can be searched by other users of the ApiFire
User App to send you requests for remote reading and/or
modification of your Smart Devices.
-
to our third-party service providers who perform certain business
functions for us, such as website hosting, data analysis, payment
processing, infrastructure provision, IT services, customer service,
email delivery services, and other similar services (the processing is
necessary for the operation of the Services - art. 6 (1) (b) GDPR).
-
If you use the weather service available on the ApiFire User App, we
communicate your location to OpenWeather Ltd to provide you with the
geolocation service (https://openweather.co.uk/privacy-policy) (the legal basis is your consent - art. 6 (1) (a) GDPR).
-
To remotely control your Smart Devices through the "Alexa" application
(provided by Amazon Media EU SARL), you must link your ApiFire User App
account to your Amazon user account. To do this, you must (i) download and
enable the so-called "skill" of ApiFire within Alexa; (ii) log in, following
redirection, to your ApiFire account. Once this is done, the Services
automatically generate a unique identifier code for your ApiFire account,
which is communicated to the companies belonging to the Amazon Europe Core
SARL, Amazon EU SARL, Amazon Services Europe SARL, Amazon Media EU SARL, and
Amazon Digital UK Limited (collectively "Amazon Europe").
The processing in question is necessary for the operation of the Services
(art. 6 (1) (b) GDPR).
B&P communicates to Amazon Europe only a unique identifier code of your
ApiFire account, but does not communicate further Personal Data, such as
your contact details, location, specifications of the Smart Devices or your
smartphone/tablet, usage data of the Smart Devices.
B&P and Amazon Europe independently adopt measures to validate the
identity / authenticate access to their respective accounts and to protect
your Personal Data.
The voice commands you give through Alexa to use the Services are processed
exclusively by Amazon Europe; the data processing carried out by Amazon
Europe is subject to the Terms of Use and the privacy policy of Amazon
Europe, over which B&P has no control or responsibility. For information
on how Amazon Europe processes your Personal Data, please refer to the
privacy policy at the following link:
https://www.amazon.it/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ
-
Marketing and interest-based advertising: with your consent, we
communicate contact data to our marketing and advertising service providers,
including interest-based advertising; in particular, we communicate your
data to Mailjet (Mailgun Technologies, Inc.) for sending communications (https://www.mailjet.com/privacy-policy/). Additionally, with your consent, we may share your location with third
parties for on and off platform personalisation and for marketing and
advertising purposes.
-
Legal compliance: we communicate Personal Data to law enforcement,
governments and regulatory bodies, legal authorities or other authorised
third parties in order to comply with laws, regulations, court orders or
other legal obligations or to assist in an investigation, to protect and
defend our rights and property, or the rights or safety of third parties, to
enforce our Terms of Use, this Privacy Policy, agreements with third
parties, or for crime prevention purposes;
-
Corporate transactions: we communicate your Personal Data to
potential or actual buyers, investors or successor entities in connection
with a planned or actual reorganisation of our business, in connection with
financing, a sale or other transactions involving the transfer of all or
part of our business or assets, also for the purpose of enabling the
necessary due diligence to decide whether to proceed with a transaction, in
accordance with sufficient data processing practices and safeguards.
The additional use of your personal data not described in this Privacy Policy
will only take place as required by law or when we have obtained your consent.
5. Data Transfer Abroad
Our Services may be provided using resources and servers located in various
countries around the world to facilitate our operations. Therefore, your
Personal Data may be transferred outside the country where you use our
Services, including to countries outside the European Economic Area (EEA),
where the level of data protection may not be considered adequate by the
European Commission. In such cases, we ensure that adequate protection of your
personal data is provided as required by applicable laws.
When we do so, we will ensure that an adequate level of protection of
information is provided using the following approach: an agreement based on EU
standard contractual clauses approved under GDPR Art. 46.
By using our Services and submitting your personal data, you consent to the
transfer, storage and/or processing of your personal data in third countries.
6. Data Storage Methods
We store Personal Data in electronic format on a cloud platform managed by us.
7. Security Measures
We implement appropriate technical and organisational safeguards to protect
against unauthorised or unlawful processing of personal data and against
accidental or unlawful destruction, loss, alteration, unauthorised disclosure
of, or access to personal data. Please note, however, that we cannot
completely eliminate security risks associated with the storage and
transmission of personal data.
8. Processing Methods
Personal Data is processed at our operational offices and in any other place
where the parties involved in the processing are located. Personal Data may be
accessible to certain types of persons in charge, involved with the operation
of this Application (administration, sales, marketing, legal, system
administration) or external parties (such as third-party technical service
providers, mail carriers, hosting providers, IT companies, communications
agencies) appointed, if necessary, as Data Processors by our company.
9. Data Retention Period
We will retain your personal data for as long as you maintain your account or
as otherwise necessary to provide you with the Services. We will also retain
your Personal Data after the account closure or discontinuation of the
Services if necessary to comply with legal obligations, resolve disputes,
enforce our agreements, or prevent harm.
Data processed for marketing purposes is retained until consent is withdrawn.
Where we no longer need to process your personal data for the purposes set out
in this Privacy Policy, we will delete your personal data from our systems or
anonymise it.
You may withdraw your consent at any time with future effect and without
affecting the lawfulness of prior processing based on consent.
10. Cookies
We use session cookies. The use of these cookies is strictly limited to the
transmission of session identifiers (consisting of random numbers generated by
the server) necessary to allow secure and efficient navigation of the site and
do not allow the acquisition of personal data identifying the user.
11. Third-Party Personal Data
You may provide us with personal data of third parties only if you have their
authorisation. If you provide us with personal data of third parties, you must
inform them of our processing. In any case, you assume all responsibility for
the communication of personal data of third parties.
12. Exercisable Rights
To exercise your rights over Personal Data, contact us via our email
privacy@bertelli-partners.it. Based on applicable law and only in exceptional circumstances, we may
charge you for this service and will respond to reasonable requests as soon as
possible and in any case within the time limits prescribed by law.
You have the following rights:
-
Withdrawal of consent (Art. 7 GDPR): you can withdraw your consent -
where consent is required for processing - at any time. However, this does
not affect the lawfulness of processing carried out before the withdrawal.
In some cases, we may continue to process your information after you have
withdrawn consent if we have another legal basis for doing so or if your
withdrawal of consent was limited to certain purposes;
-
Right of access to your personal data (Art. 15 GDPR):
you have the right to ask us for confirmation about the processing of your
Personal Data (e.g., the purposes of the processing or the categories of
personal data involved);
-
Right to rectification (Art. 16 GDPR): you have the right to
correct/update your Personal Data;
-
Right to erasure (Art. 17 GDPR): you have the right to ask us to
delete your Personal Data. This right can be exercised, among other things:
(i) when your Personal Data is no longer necessary for the purposes for
which it was collected or otherwise processed; (ii) when you withdraw the
consent on which the processing is based under Art. 6 (1) (a) GDPR and when
there is no other legal basis for the processing; (iii) when you object to
the processing under Art. 21 (1) GDPR and there are no overriding legitimate
grounds for the processing, or you object to the processing under Art. 21
(2) GDPR; or, (iv) when your Personal Data has been unlawfully processed;
-
Right to restriction of processing (Art. 18 GDPR): you have the right
to request the restriction of processing by us in limited circumstances,
including: when the accuracy of your Personal Data is contested; when the
processing is unlawful and you oppose the deletion of your Personal Data and
request instead the restriction of the use of your Personal Data; or when
you have objected to the processing under Art. 21 (1) GDPR pending
verification of whether our legitimate grounds override yours;
-
Right to data portability (Art. 20 GDPR): you have the right to
receive the Personal Data you have provided to us, in a structured, commonly
used and machine-readable format, and you have the right to transmit such
information to another data controller, including the right to have it
transmitted directly, where technically feasible;
-
Right to object (Art. 21 GDPR): you have the right to object to our
processing of your Personal Data. This right is limited to processing based
on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on these
provisions and processing for direct marketing purposes. Subsequently, we
will no longer use your Personal Data unless we can demonstrate compelling
legitimate grounds for the processing that override your interests, rights
and freedoms, or are necessary for the establishment, exercise or defence of
legal claims;
-
Right to lodge a complaint with the Data Protection Authority (Art. 77
GDPR):
you have the right to lodge a complaint if you believe that the processing
of your Personal Data violates applicable data protection laws.
13. Changes to the Policy
In order to improve our Services, it may be necessary to amend this Privacy
Policy from time to time. We therefore reserve the right to amend this Privacy
Policy in accordance with applicable data protection laws. Please visit our
website from time to time for information on updates to this Privacy Policy.
14. Contact Us
If you have any questions about our processing of Personal Data or this
policy, you can contact us at the following addresses: