Last updated: 01.02.2022
Data controller responsibilities
Mill is data controller for all processing activities as described below. This means that Mill is the overall responsible for the processing and determines the purposes and means thereof.
What personal data we collect
The following list includes information about the personal data we collect in connection with your use of our App:
User Profile Data: In order to use our App, you must first create a user profile (your “Mill Account“). When you create a Mill Account, we may ask you to provide information such as your name, address, telephone number and email address. We may also ask for other information about you as we continue to develop and improve the App and our Mill Account features. The information requested will be set out on the Mill Account registration page. This web page will also indicate what information is mandatory to provide in order for us to provide you with our services, and which information requests are considered optional. When using certain functions in the App, we may collect data concerning your daily schedule and other information which is necessary to use these functions (as will be apparent to you when activating them in the App).
Usage Data: When you connect the App to your Mill brand products, we will collect data concerning the performance of your products. Some Mill brand products may also collect data concerning the climate conditions in your house (e.g. temperature, air quality etc.).
Device Data: When you first activate and use a Mill device, and when you update the system or software and restore the factory settings etc., we gather your mobile user identification information and the unique identification code for the mobile device.
Location data: The App collects location data to enable sending SSID to Mill devices even when the app is closed or not in use. Our App will request permission to use “location services“ on the phone, this permission is used to fetch the SSID that the phone is currently using. This information is required so that the App can connect to the Mill Wi-Fi products. Once the Mill Wi-Fi product is connected and added to the app, the location services is no longer needed and can be switched off by the customer. If permission to use “location services“ is not given the App will not be able to connect to the Mill W-Fi product.The App does not store or use the location data for anything else and we do not share or send this data to third parties.
Crash Data: When the Mill smart home system works abnormally or collapses, we will be likely to gather some environmental information such as equipment ID, internet protocol address, routing data packets, etc. from the App.
How, and for what purposes we process your personal data
We process your User Profile Data for the purposes of creating and managing your Mill Account, providing the App (including its associated services and features) to you, verifying your identity and preventing and investigating fraud or other improper use.
Your User Profile Data may also be used to communicate with you in the form of email newsletters, text messages or App notifications containing news, recommendations and marketing content concerning our services and other Mill branded products. Our communications may also be tailored for your relevance based on your Usage Data.
Usage Data is processed for the purposes of generating statistical analysis in order to provide certain functionality in the App to you, upon your request.
Your Usage Data may also be combined with Usage Data collected from our other users for the purposes gathering insight into our App user base.
Your Device Data can be used for the purposes of activating your warranty services and specific software licenses.
Device Data may also be used for the purposes of inviting you to participate in product investigations, to improve our products and analyze the efficiency of our business operations, and to ensure the validation of function and safety in our products.
Crash Data will be used for the purpose of running diagnostics, the results of which may be used to improve the App or other products.
What legal basis our processing is based on
Your User Profile Data, Usage Data and Device Data are primarily processed because it is necessary for Mill to fulfill our contract with you, including with respect to providing you with the services in the App and warranty claims for your Mill brand products.
Our use of your User Profile Data to send you newsletters and marketing communications by email or text messages is based on your consent, which will be requested in connection with your use of the App. Such use in connection with in-App marketing notifications is based on it being necessary for the purposes of our legitimate interests in providing useful tips and product news to our users when actively using the App. Tailoring the content of such communications based on your Usage Data is based on it being necessary for the purposes of our legitimate interests in ensuring that our communications are as relevant as possible to their recipients. This processing of Usage Data is mainly limited to identifying characteristics which may indicate a need to add further Mill branded products, or amend how they are used for efficiency.
Our use of your Device Data in connection with product investigations and product improvements etc. is based on it being necessary for the purposes of our legitimate interests in improving and optimizing our products and business operations. The processing of Crash Data is based on it being necessary for the purposes of our legitimate interests in investigating and rectifying potential errors in our products and services. The processing is mainly limited to generating statistical and root-cause analysis.
The processing of your Usage Data in conjunction with the Usage Data of other App users to gather insight into our App user base is based on it being necessary for the purposes of our legitimate interests in understanding the usage patterns of our App users, in order to improve our service offering. This processing of Usage Data is mainly limited to generating overall statistics of App use for analysis.
With respect to our processing based on our legitimate interests (as set out above), we have assessed the nature of the processing as being of a less invasive nature, and therefore not overridden by the interests or fundamental rights of the data subjects concerned.
Other data we collect
When you use the App, we will collect anonymous data concerning your network usage to conduct statistical overview and provide you with a better networking experience based on your needs. In addition, we may also collect and process aggregated and anonymous Usage Data for use in connection with our products and services development or marketing.
When visiting our websites, we collect data concerning our visitors and what products or information they review while visiting. When using our App, we collect data concerning how its features are used, what products it is used with and how frequently it is active (among other data). This is done using cookies and other tracking technology. A cookie is a small text file that is stored on your web browser or on your device. Pixels, web beacons and other technologies are also used to monitor your use of our website and App.
In addition to gathering insight into how our website and App are used, this technology allows us to direct advertising towards our visitors and App users in other channels (including on other websites not operated by Mill), and to define ‘audiences’ for our other advertising. ‘Audiences’ refers to the practice of selecting who we direct our advertising to, based on similarities in their characteristics to those of our visitors and App users.
Use of data processors and transfers to third countries
A personal data ‘processor’ processes personal data on behalf of the data controller. As the controller, we use data processors for the purpose of operating and managing the App. Examples include providers of hosting and maintenance services. Our processors cannot process your personal data in any other way than instructed by us, as described in a separate agreement between us and the data processor (a ‘data processing agreement’). All personal data we process is stored within the EU/EEA. We may give processors residing outside of the EU/EEA access to the personal data we process for the purposes of App maintenance and further development. When engaging a processor outside of the EU/EEA, we will provide appropriate safeguards to ensure that effective legal remedies are available, and your data protection rights are respected, in accordance with the GDPR. This is primarily achieved by entering into agreements with such processors based on the European Commission’s standard contractual clauses (SCC) framework.
Retention and erasure of personal data
Mill Accounts and User Profile Data will be deleted if they remain inactive (i.e. not being used to interact with the App) for a period of two years. Before deleting such personal data, we will send you a notice by email to prevent unwanted deletion.
Other personal data will be deleted or anonymized when they are no longer necessary in relation to the purposes for which they were originally collected or otherwise processed.
We strive to provide protection for our App users, so as to prevent the unauthorized access, tampering, disclosure or damaging of the personal data we process. We have implemented appropriate measures, policies and routines to ensure the security of our processing.
We will continuously review our personal data collection, storage and processing practices (including physical security measures), in order to avoid a variety of systems from unauthorized access.
We only allow Mill employees and other personnel access to the personal data on a need-to-know basis, and always subject to strict confidentiality obligations set out in our service and employment contracts. If they fail to fulfill these obligations, they may be held liable for legal liability or have their relationships with Mill terminated.
We will continue to work hard to protect the confidentiality of your personal data by implementing further technical and organizational security measures to prevent unauthorized disclosure or loss of your personal data.
Disclosure of personal data
Mill may share your personal data under the following circumstances:
– With other service providers upon your request and consent, for example if you want to connect your Mill product to another smart home platform or service through an API.
– With advisors and the relevant transaction parties in case of any restructuring, merger or sale occurring to us, including the associated due diligence processes. In case the App is transferred to a third party not affiliated with the Mill group (meaning Mill will no longer be the controller), we will notify all affected users.
We will not disclose your personal data to any other third parties than the third parties described above, unless we have obtained your consent, are required to do so under applicable law, or if it is necessary in order to establish, exercise or defend legal claims.
We may also share data concerning the overall use of our products or service trends with the public and our partners, however such data will always be anonymous and not personal data.
Rights of the data subject
Under the applicable data protection legislation, you have the right to access, rectify or erase your personal data processed by Mill. Furthermore, you may have the right to request the restriction of any processing activities, or request us to transfer your personal data to you or another controller (data portability). Certain limitations exist in the rights provided by the data protection legislation, and the rights available to you will depend on the particular circumstances of the processing. You can find more information on this topic on the website of your national data protection authority.
Please contact us as described below if you wish to invoke any of your rights described above. Mill will respond to inquiries of access of other rights without undue delay and no later than 30 days from the day we received the inquiry, unless special circumstances make it impossible to respond to the request within this deadline. In such case, Mill will provide a preliminary response with information about the reason for the delay and at what time a response can be expected. Please also note that we may request additional information from you, if such information is necessary to confirm your identity.
If you believe that Mill’s processing of personal data is in violation of the applicable data protection legislation, you have the right to lodge a complaint with your national data protection authority, as described directly below.
Lodging complaints – Supervisory Authorities
You may contact us as described below, at any time, if you have any questions or complaints regarding our processing of your personal data. You may also file a complaint with the data protection supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or the place of the alleged data protection infringement. The EU/EEA supervisory authorities are responsible for supervising the processing of personal data within their territories.
You can obtain the contact details of the supervisory authorities in all EU/EEA Member States here.
You may contact us regarding any data protection related matters or concerns by sending an email to email@example.com. Alternatively, you may contact us by mail at:
Mill International AS
Grini Næringspark 10
In case of major changes, App users will be notified in advance by email or in the App.