PRIVACY POLICY

Last updated: 2.12.2025

This Privacy Policy explains how E-Smart Group Oy (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our website e-smart.ai, our smart sockets (ES1000, ES2000), related mobile applications, and any other services we provide.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Finnish data protection legislation.

1. Data Controller

E-Smart Group Oy
Tekniikantie 12
02150 Espoo, Finland
Business ID: FI3338271-1
Email: info@e-smart.ai

2. Personal Data We Collect

2.1 Customer and account data

  • Name
  • Email address
  • Phone number
  • Billing and shipping address
  • Order and payment information
  • Account credentials (email, password stored encrypted)
  • Support messages and communication

2.2 Website usage and device data

  • IP address
  • Browser type, operating system
  • Pages visited and time spent
  • Cookies and similar identifiers (analytics, preferences)

2.3 Smart device (ES1000 / ES2000) data

  • Temperature and humidity readings
  • Device settings and usage logs
  • Local spot electricity price data
  • Approximate location (only when needed to fetch the correct Wi-Fi SSID / pricing region – not stored permanently)
  • Wi-Fi SSID (pseudonymized where possible)

2.4 App technical data

  • Mobile device model
  • Operating system version
  • Crash logs and technical diagnostics
  • App usage statistics

2.5 Non-personal or anonymized data

We also collect aggregated statistics that cannot be used to identify you.

3. Purposes and Legal Basis of Processing

We process your personal data on the following legal grounds:

3.1 Contract performance

  • Processing and delivering your orders
  • Processing payments and refunds
  • Creating and maintaining your user account
  • Providing core smart-device functionality (heating control, automation)

3.2 Legitimate interests

  • Improving our products and services
  • Technical analytics and troubleshooting
  • Preventing fraud and misuse
  • Customer service and relationship management

3.3 Legal obligations

  • Accounting and tax obligations
  • Responding to authorities and regulators
  • Consumer protection and distance selling rules

3.4 Consent

  • Marketing emails and newsletters
  • Analytics and marketing cookies
  • Certain app permissions (e.g. location, notifications)

You may withdraw your consent at any time by contacting us.

4. Cookies

We use cookies and similar technologies to support core site functionality, analytics, and service improvement. You can manage your cookie preferences via your browser settings and any cookie banner we provide.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

  • Order and payment data: generally at least 6 years to comply with accounting laws.
  • Account data: until you delete your account or request erasure.
  • Device logs and usage data: approximately 12–24 months, then anonymized or deleted.
  • Support communications: approximately 24 months.
  • Backups: automatically deleted at the end of their lifecycle.

6. Data Sharing and Transfers

We share data with third parties only when necessary to provide our services:

  • Payment processors (e.g. Stripe, Apple Pay, Google Pay, Klarna)
  • Shipping and logistics partners for order delivery
  • Cloud and hosting providers (e.g. AWS)
  • Technical analytics and support providers

We do not sell your personal data to third parties.

7. International Transfers

If personal data is transferred outside the EU/EEA, we ensure an adequate level of protection using, for example, the European Commission’s Standard Contractual Clauses (SCCs) and other GDPR-compliant safeguards.

8. Data Security

We use technical and organizational measures to protect your data against unauthorized access, alteration, and loss, such as:

  • HTTPS/TLS encryption
  • Encrypted passwords and restricted internal access
  • Regular backups
  • Monitoring and logging

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request deletion of your data (“right to be forgotten”)
  • Restrict processing in certain situations
  • Object to processing based on legitimate interests
  • Receive your data in a machine-readable format (data portability)
  • Withdraw consent at any time

To exercise your rights, contact us at info@e-smart.ai.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence or where the alleged infringement took place. In Finland, this is the Office of the Data Protection Ombudsman.

10. Children’s Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will remove the information.

11. Automated Decision-Making and Profiling

Our smart sockets use automated algorithms to optimize energy consumption (for example, based on price and temperature). These automations do not produce legal effects or similarly significant impacts on you as an individual.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The latest version is always available on our website. We will notify you of significant changes when appropriate.

If you have any questions about privacy or this policy, please contact us at info@e-smart.ai.