Shelly Fleet Manager ← Back to Home

Privacy Policy

In force from 20 November 2024

Contents

  1. Introduction
  2. Controller
  3. Personal Data
  4. Data Subject
  5. Data Protection Officer
  6. About the Shelly Service
  7. Types of Personal Data That We Process for the Provision of the Service
  8. Cross-Border Data Transfers
  9. Retention of Data
  10. The Service User's Rights as Data Subject
  11. Information Security Measures
  12. Privacy Policy Updates
  13. Further Information

1. Introduction

Shelly Fleet Manager is a digital service enabling remote access, control, and monitoring of Shelly-branded devices and the appliances they are attached to.

This Privacy Policy applies to personal data processed when using Shelly Fleet Manager, accessible via Android/iOS or at https://fleet.shelly.com/. It is applicable whether used as a subscription-based pre-paid service or otherwise.

When users interact with Shelly Fleet Manager, Shelly Europe Ltd. processes their data as detailed herein, ensuring compliance with applicable data protection laws like the European Union's General Data Protection Regulation (GDPR).

2. Controller

The data controller for Shelly Fleet Manager is:

Shelly Europe Ltd.
UIC: 202320104
Registered Address: 103 Cherni Vruh Blvd., Sofia, 1407, Bulgaria

3. Personal Data

Personal data refers to any information that identifies or could identify a natural person, as defined under GDPR. Examples include: name, identification number, location data, online identifiers, and other factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

4. Data Subject

The data subject under this policy is any registered user of the Shelly Fleet Manager service, categorized as either an Admin User or Account User.

5. Data Protection Officer

For inquiries about the processing of personal data, contact the Data Protection Officer:

Email: dpo@shelly.com

6. About the Shelly Fleet Manager Service

Shelly Fleet Manager provides monitoring and control capabilities for appliances via connected Shelly Devices. Key features include remote operation, power consumption measurements, schedule and mode configurations.

The service is accessible via mobile devices, laptops, and tablets. Shelly Devices are linked to only one account. The Admin User can share device data at their discretion.

7. Types of Personal Data That We Process for the Provision of the Service

7.1 Account Data

We process data such as:

  • Email addresses
  • Usernames
  • Passwords (encrypted)
  • Account ID
  • Language preferences and time zone
  • Customer support history and interactions

Purpose: Ensure secure service access, communication, and support.

Legal Basis: Performance of the contract (Art. 6(1)(b) GDPR).

7.2 Device Data & Service Usage

Collected data includes:

  • Shelly device identifiers (e.g., SSID, IP address, MAC address)
  • Configuration data from Shelly Devices (e.g., schedules, timers, operational modes)
  • Terminal device information (IP addresses, OS version, browser type)
  • Network and server credentials

Purpose: Enable device control, user interaction tracking, and system diagnostics.

Legal Basis: Performance of the contract (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

7.3 Data Processed with Explicit Consent

Includes personalized marketing emails and push notifications. Users can withdraw consent anytime via their account settings.

Legal Basis: Consent (Art. 6(1)(a) GDPR).

7.4 Data Processed Based on Legitimate Interest

Data processed for:

  • Fraud prevention and security monitoring
  • Monitoring service functionality and performance
  • Responding to and defending against legal claims

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR).

8. Cross-Border Data Transfers

Your personal data is processed primarily in Bulgaria (EU). For service providers located outside the EU/EEA, we ensure compliance with GDPR by implementing appropriate safeguards, including Standard Contractual Clauses (SCCs) as approved by the European Commission, particularly for providers in regions like the United States.

9. Retention of Data

Data retention depends on the processing ground:

  • Contractual obligations: Data is retained while the account is active and for a reasonable period thereafter.
  • Consent: Data is deleted upon withdrawal of consent.
  • Legitimate interest: Data is retained for the duration of the specific purpose.
  • Legal compliance: Data is retained per statutory requirements and regulations.

Data may be retained longer if linked to unresolved legal disputes or where required by applicable law.

10. The Service User's Rights as Data Subject

Under the GDPR, you have the following rights regarding your personal data:

10.1 Right to Access (Art. 15 GDPR)

You may request a copy of your personal data free of charge.

10.2 Right to Rectification (Art. 16 GDPR)

You may correct inaccurate information through your account settings or by contacting support.

10.3 Right to Erasure — Right to Be Forgotten (Art. 17 GDPR)

You may request deletion of your personal data under applicable conditions. You can delete your account and associated data via account settings.

10.4 Right to Restriction of Processing (Art. 18 GDPR)

You may request temporary restriction of data processing in certain situations.

10.5 Right to Data Portability (Art. 20 GDPR)

You may request your data in a machine-readable format for transfer to another service.

10.6 Right to Object (Art. 21 GDPR)

You may object to data processing based on legitimate interest or direct marketing.

10.7 Right to File a Complaint

You have the right to file a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at: dpo@shelly.com

11. Information Security Measures

We prioritize the security and confidentiality of your data by implementing advanced encryption, regular audits, and comprehensive technical and organizational safeguards in accordance with industry best practices. While no system is entirely impenetrable, we strive for maximum data protection.

12. Privacy Policy Updates

This Privacy Policy may be updated to reflect service changes, legal developments, or compliance requirements. Users are notified of material changes via email or on the platform. Updates are effective upon publishing.

13. Further Information

For questions about this Privacy Policy or data processing, contact us at:

Email: dpo@shelly.com

General Contact: fleet_manager@shelly.com