Privacy Policy

Last update 12 Jun, 2025.

1. INTRODUCTION

"Onesto Cloud Service" branded "Onesto Cloud" is a digital service that allows remote access, control, and monitoring of Onesto Devices and the appliances to which these are attached. All applications developed by Onesto Electric Co.,LTD. that enable access to, control of, or monitoring of Onesto Devices and process personal data originating from "Onesto Cloud Service" shall be deemed integral to "Onesto Cloud Service", notwithstanding any differing naming. Functional variations between these other applications and Onesto Cloud App may occur.

This Privacy Policy shall apply to the processing of personal data, that is or might be performed when using Onesto Cloud Service accessed by using either Android or iOS mobile application Onesto Cloud App, whereas the Onesto Cloud Service might be used as free of charge referred to in this document in general as "the Onesto Service" / "the Service".

When you interact with the Onesto Service, Onesto Electric Co.,LTD. ("We") are processing your Personal Data. We have developed this Privacy Notice to provide you with information about what information we collect, why we collect it, and what are your rights under the applicable data protection laws.

2. CONTROLLER

The Personal Data related to Onesto Cloud Service are processed by Onesto Electric Co.,LTD., having its seat and registered address in China, Yueqing, No.1 Taishan Road, Wenzhou Bridge Industrial Zone, beibaixiang.

3. PERSONAL DATA

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as that term is defined under the General Data Protection Regulation (GDPR).

4. DATA SUBJECT

The Data Subjects to whom this Privacy Notice shall apply is any registered user of the Onesto Service ("the Service User" / "You").

5. DATA PROTECTION OFFICER

You may address all your requests about the processing of your Personal Data to our Data Protection Officer via e-mail at onesto@onestoelectric.com

6. ABOUT THE ONESTO SERVICE

Onesto Service allows you to monitor and control home and office appliances, get precise measurements of the power consumption of each appliance, and switch it on/off remotely. The Service might be accessed using Your mobile device.

The Service is related to the usage of Onesto Devices which is any smart device branded "ONESTO" or owned by the Controller (Onesto Device(s)) in all models and modifications, that upon adding to a User’s account allows remote monitoring and control of home and office appliances which this device is attached to.

The information that we collect, and how that information is used, depends on how you use our Service and our Onesto Device(s) and how you manage your privacy controls via the Service settings and the settings of the Terminal Device on which you use it.

For security reasons each Onesto device is associated with only one Account, whereas only the account owner may at his/her discretion share or initiate the sharing of Device or Account information with other parties.

7. TYPES OF PERSONAL DATA THAT WE PROCESS FOR THE PROVISION OF THE SERVICE

On a contractual basis for the provision of the Service in accordance with Art. 6(1)(b) of GDPR We process data about:

Your Account, your Onesto Device(s) and the Terminal Devices on which the Service is used, as well as data derived from the settings of the Onesto Service and/or the settings of your Associate Services or browsers, Your interaction with the Service.

Account data

We process Account data that you have directly provided to us when creating Your Account, interacting with the Service using its features or when contacting our support team directly:

Email address;
Password;
Account ID;
Time zone settings;
Language settings;
Data generated by you during a customer support request;
Data related to customer support such as e-mails, messages, history of the correspondence, any correspondence content, sender and recipient information;

Purpose for processing Account Data:

We are using the Account data for the purpose of performing the Service contract in accordance with Art. 6(1)(b) GDPR to:

verify the User’s authentication and identification in order to ensure access control to Your Account and Your Onesto Device(s);
Initiate and provide the Service to You and to ensure its proper functioning;
Ensure the security of your Account and your Onesto Device(s);
Process of customer support rеquests that You might have send to us in reference to the Service and the Onesto Devices;
Communicate with You in reference to the Service and send you Service updates or other relevant Service information (including reminders, confirmations and invoices), as well as providing you the necessary customer support when requested;

Device Data and Service Usage

For providing You with the Service We are also processing information about the Onesto Devices that are added to Your Account including the information about Your interaction with the Service, as well as information about any Terminal Devices on which you have installed and accessed the Service such as computer, laptop, tablet, mobile device, that is technically necessary for the provision of the Service

By adding the Onesto Device to Your Account, you are sharing the information generated and stored by Your Device (such as set up actions, schedules, modes, timers or other configurations that you have set up on the Device). This information is necessary for providing you the Service and the functioning of its features. For stop sharing this information You can always remove the Onesto Device from the Service.

When You install, access or use our Service, including when You are adding a Onesto Device to Your User Account, as well as when you share information from the Onesto Service with other applications and services (Associated Services / Integrators) We automatically process:

Onesto Device identifiers such as access point (SSID), Device IP, Device type, decimal ID, Device name and channel, Version of Device Firmware, Bluetooth data (if available), mac address of the Device, other configuration data;
Network and Server credentials;
Information about associated Services, browsers and Terminal Devices that You use to access our Service including Terminal Device type and network provider, unique identifiers such as IP address and MAC address, operating system and OS version;
Log information such as Service logs, including crash and diagnostic reports, Service launches, taps, clicks, or other information about how the user interacts with the Service;
Geolocation of the Device;
Event logs and event log settings, such as on/of modes, schedules, actions, device measurements and electricity consumption data depending on the Onesto Device type and the available Service options (including historical consumption and measurements data);
Other information about how you’re using our Service depending on the Device type and features;

Purpose for processing Data of Your Devices

Provision of the Service – to enable You to monitor and control your home and/or office appliances, get precise measurements of the power consumption of appliances (including historical data), switch them on/off remotely and performing the set up actions, we need information about the integrated Onesto Devices, the Terminal Device on which you are using the Service and their connectivity to each other, to the network and to our system. Further to provide you with some features of the Service such as the scheduling and powermetering we need to know the geolocation of the Device;
Processing of customer support rеquests;
Sending of In-App, including push-up, or e-mail system notifications about the Service, including event notifications if set-up;

On the basis of your explicit consent, expressed via the Terminal Device settings or by deliberate actions within the Service we may process further Device Data and Service Usage in accordance with Art. 6(1)(a) of GDPR.

For providing You certain specific features of the Service, depending on the type of the Onesto Device and the available Service options We may also process further information about the Onesto Devices that you have manually set using the Service settings.

Data derived from the settings of the Onesto Service and/or the settings of your Associate Services, Terminal Devices or browsers;

Content that you create and upload in the Service (images, videos);
Security access keys such as lock pin, access key;
Device sharing;
Interactions history of the Service and Onesto Device(s) usage (user logs);
Other information of your choice, that you provide through the settings of the Service, Associated Service or Terminal Devices;
Other information about the way you use the Onesto Device(s);

You may control the processing of these data at any time through the settings of the Service and the Terminal Device on which you use it. These shall not prejudice the legality of the processing based on your interactions with the Service and settings given before their change.

You can initiate and stop sharing information of a selected Onesto Device with third parties and services at any time by using the features of the Service. Please take into account that upon sharing Your Data with third parties and services this Privacy Notice shall not apply to the processing of the shared Data by these parties and services.

Purpose for processing Data of your Devices

Provide you personalized information and solutions based on your interactions with the App and the Onesto Devices such as monitor and controlling your home and/or office appliances, precise measurements and consumption, and switching on/off remotely according to the schedule or the set technical criteria;
Authentication, verification and control of the access to your Onesto Device(s) including enabling and control of device sharing;
Sending of notifications (including In-App notifications such as push-up or e-mail) based on event log of the Onesto Device;
Processing of support rеquests;
Further Account and Device Data that we process based on your explicit consent:
E-mail Address and Account Data for sending You In-App, push-up and e-mail marketing notifications about Onesto products and Services, including personalized ones if you have opted-in accordingly;

Based on our legitimate interest in accordance with Art. 6(1)(f) of GDPR we may process Your personal data, as described here above to:

implement and operate our policies and procedures;
respond to any claims against us and to protect the rights, privacy, property, or safety of Onesto Electric Co.,LTD. (including its affiliates and subsidiaries), our Users, or the public as required or permitted by law;
enforce legal claims, including investigation of potential violations of the applicable terms of Service;
detect, prevent, or otherwise address fraud, abuse, security, or technical issues with the Service;
prevent hacking, frauds and other non-compliant use of the Service;
register, mediate, and resolve possible disputes or irregularities or to enforce our Terms of Use and other policies;
maintain adequate security measures and protect against liability, including complying with industry standards and enforcing our policies, detection of spam, malware, illegal content, and other forms of abuse on our systems in violation of our security policies;
fulfill the terms and conditions of the Service;
other legitimate business purposes permitted by applicable law
anonymized and statistic data about the usage of our Service and the users experience for the purposes of operating, evaluating, and improving the Service and our business;
maintain the Service to ensure it is working as intended by performing regular monitoring of our system and activity information to identify and fix problems and avoid interruption;
improve the Service through analysis of the usage trends and preferences;

Based on the law when it is necessary or appropriate, we can process Your Personal data in accordance with Art. 6(1)(с) of GDPR to:

comply with applicable laws and regulations, including in the field of tax and accounting;
comply with legal procedures;
respond to requests or orders from public, government and judition authorities;

Sharing Information with Third Parties:

We may disclose Your Data internally within our business group and to the following entities, but only for the purposes described above. The following categories of Third-Party Service Providers may process your Personal Data as part of our operations:

Affiliates - other companies within the group of Onesto Group SE to which Onesto Electric Co.,LTD. belongs to carry out business activities on a regular basis;
Integrators of third-party products or services to which you can connect the Service to control those products or services. These business partners control and manage Your personal information only upon your explicit consent to share Your Data with them which you can withdraw anytime. These business partners process Your Data in compliance with their own privacy policies and rules and therefore before deciding to share Your Access to the Service or a Onesto Device with them, You should read these carefully;
Service providers - carefully selected companies that provide services for or on our behalf, such as providers of cloud services, customer support services, e-mail and messaging services, including direct marketing services, infrastructure supply and IT services;
Payment service providers – licensed payment institutions which facilitate the payment process for pre-paid subscription Services
Professionals in various fields (such as but not limited to external marketing, product and service consultants, auditors, legal, finance and accountancy advisors) for maintenance and improvement the quality of the Service, ensuring compliance with regulatory requirements, protection of our legitimate rights and interests in court and administrative proceedings;
State bodies and public authorities to which we might be obliged to disclose Your Data when this is required by law, legal process, administrative or court order to disclose your information.
Other parties in connection with corporate transactions as part of a merger or transfer, acquisition or sale, or in the event of bankruptcy; In this case, you will receive a clear notification via email and/or our website regarding the change of ownership, the incompatibility of new use of personal information, and the choice of personal information.

In addition to the disclosures described in this Privacy Notice, we may share information about You with third parties when you separately consent to or request such sharing.

In regards to private individuals, we require and pay attention that the above stated third parties apply all required technical and organizational measures for the protection of the Personal Data share with them.

8. CROSS-BORDER DATA TRANSFERS

Personal Data you entrust to us will primarily be processed by us in European Union. All these international data transfers are subject to legal requirements to ensure that your personal information is processed safely and as you would expect, which means your Personal Data is likely to end up in other countries, including outside the European Union. We will process your Personal Data for marketing purposes including by sharing these with these service providers only upon your explicit consent.

9. RETENTION OF DATA

The retention period of the Data depends on the legal basis relied upon to process your Data.

Data processed for providing You the Service (Account and Device Data) is processed for as long as You have an active User Account, or as long as required under our legal obligations in the respective countries we operate.

Data processed based on our legitimate interest is only kept for as long as needed for the specific purposes for which they were collected.

Data processed based on your consent are retained until You withdraw your consent. Upon withdrawal of Your consent, we will stop processing your Data that relies on your consent, but it will not impact the processing of data collected prior to Your withdrawal until the purposes for which such Data were collected have been achieved.

Data processed in compliance with legal obligations, are processed within the statutory retention period as per the applicable law, for example the invoice information is kept for 10 years in compliance with the applicable accounting regulatory requirements.

Following the expiration of the above-stated time limits, the Data is deleted and may not be retrieved and used any longer.

The data shall not be deleted but shall continue to be processed only for protection of our legitimate rights and interests or in compliance with our legitimate obligations, in the event that as of the date of expiration of the above stated time limit there is pending court, administrative and pre-court proceedings – until its closing.

10. YOUR RIGHTS AS DATA SUBJECT

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Right to access

You have the right to ask us for copies of your personal information free of charge. This right always applies but there are some exemptions, which means you may not always receive all the information we process;
If we are unable to provide you with access to your Personal Data because disclosure would violate the rights and freedoms of third parties, we will notify you of this decision.

Only a person who can be identified by us as Service User has the opportunity to exercise his/her rights under this section. You may contact us and after submitting a written request and verifying your identity the requested information will be provided to you.

If We have legitimate concerns regarding Your identity, we may request the provision of additional information necessary to verify Your identity as a Service User. We reserve the right to refuse access to the required information if we are not in a position to identify the individual submitting a request.

Right to rectification of inaccurate personal data

You have the right to request the rectification of inaccurate information and completion of incomplete information. This you can accomplish via your Service Account or by contacting us by submitting a written request.

Right to erasure („The right to be forgotten“)

The right to erasure applies to a strictly limited extent as specified under the law. Removal of the need to process. The right only applies in the following circumstances:

when your data are no longer necessary for the original reason they were collected or used for.
when you initially consented to us using your data, but have now withdrawn your consent.
when you have objected to the use of your data, and your interests outweigh our interests in using it.
when you have objected to the use of your data for direct marketing purposes.

The right to be forgotten is not an absolute right and might not be respected in cases provided for by the law or because of a lack of reliable verification of Your identity.

You may exercise your right to erasure your data according to the procedure prescribed below or by contacting us, filling out a written request form and verifying your identity. Deleted data cannot be recovered by Onesto Electric Co.,LTD.

ACCOUNT DELETION:

You may request the deletion of Your account:

via your account in the Аpp or in the Browser through the settings. Deleted account and personal data therein cannot be recovered by Onesto Electric Co.,LTD.

Follow our instructions during the process of deletion of your account. Once we have verified your personal identity, we shall proceed further with your request, and shall provide you with the relevant instructions for successful completion of the process for account deletion if the requirements imposed by law are met.

Upon successful completion of the procedure for account deletion, your account data, as well as any other data associated with your account shall be IRREVERSIBLY DELETED.

MANAGE DATA:

In case You do not want to delete Your Account entirely, You may manage Your account data (including the data about a device) through the settings of the Account by choosing to:

Reset the settings of the Device, reboot the Device, enable night mode, enable eco modes, configure the Device to turn on or off, etc.
Remove the information for the Device from your account in the App or in the Browser.
Edit the Account data by changing the e-mail or password associated therewith.

Right to restriction of processing

Right to restriction of processing shall apply to temporarily limit the use of your data when they are considering:

the accuracy of Your data is challenged, or
an objection to the use of Your Data.
unlawful processing of Data but you do not want it to be deleted, or
Data are no longer needs your data but you want the organisation to keep it to create, exercise or defend legal claims.

In case of rectification or erasure of processing, we will notify every recipient to whom Your Personal Data has been disclosed unless this is impossible or requires disproportionately huge efforts.

Right of Data portability

You have the right to get your Personal Data from us in a way that is accessible and machine-readable. You also have the right to ask for transferring Your data to another organisation. Specifically, the right only applies to data that:

is held electronically, and
you have provided to us.

Data you have provided does not just mean information you have typed in, such as a username or email address. It may include data that We have gathered from monitoring Your activities when you have used the Service. This may include usage history or data processed by connected objects such as the Device.

That right shall not apply:

to processing necessary for the performance of a task carried out in the public interest;
where this right would affect adversely the rights and freedoms of others.

Right to object to the processing when it’s based on legitimate interest:

You can only object to processing when We are using your data:

for legitimate interests;
for statistical purposes; or
for direct marketing purposes.

The processing of Your data will be ceased, unless there are compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise ordefence of legal claims.

Right to file a complaint with the supervisory authority in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to You infringes the GDPR.

Users have the right to submit complaints or signals to the supervisory authority at any time, in case they believe the processing of their personal data violates the legislation on personal data protection.

Without prejudice to your right of complaint to the supervisory authority at any time, please contact us in advance and we promise to make everything possible to settle any disputes amicably.

11. INFORMATION SECURITY MEASURES

The security, integrity, and confidentiality of your Personal Data are extremely important to us. We have implemented technical, contractual, organisational, and physical security measures that are designed to protect our Users Personal Data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and practices to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.

12. PRIVACY POLICY UPDATES

We may update this Privacy Policy from time to time due to changes in the Service, the applicable laws and our legitimate interest. You can determine when the Privacy Policy was last revised by the date provided at the beginning of this page.

Any changes will become effective upon publishing in the application or making them available to the User in other way.

13. FURTHER INFORMATION

If you have any additional questions, please do not hesitate to contact us at: onesto@onestoelectric.com