Date of last update: 10 July 2025
The European General Data Protection Regulation No. 2016/679 (“GDPR”) states that the party that processes personal data is required to inform the data subject (i.e., the person to whom the data refers) correctly, lawfully and transparently about certain matters related to processing, protecting the confidentiality and rights of the data subject.
With this document (“Circular”) we intend to inform the data subjects, in accordance with Article 13 of the GDPR, about the processing of personal data (“Data”) that Clivet S.p.A. (hereinafter the “Controller” or “us”) acquires through Clivet Eye and the related Services, as defined below.
Clivet Eye is a Cloud-monitoring based IoT system (hereinafter, Clivet Eye, also simply “System”) developed by Clivet S.p.A, a company belonging to the Midea Group. The system provides certain Clivet devices (hereinafter for brevity “Device/Devices”) operated under electronic devices such as PCs, tablets and smartphones, by connecting to the dedicated website www.cliveteye.com (“Portal”) or through the “Clivet Eye” mobile application (“App”). The System may be activated at any time and for as long as desired in the manner set out in the Terms and Conditions of Use of the System (“T&C”), to which reference is made.
Clivet Eye allows remote control and management of the Device by the user, through a set of available mode settings, as well as remote monitoring of the Device’s operating data. The frequency with which operating data is sent can be set according to monitoring requirements. The System also: provides a detailed overview of the Device’s operating status over time and shows current and past faults; allows Clivet and, where applicable, authorised third parties (e.g. service network) to modify the control and advanced mode settings of the Device; sends the user service communications/notifications on statuses and alarms, potential or ongoing faults, new features, operating levels and suggestions for an optimal use of the Device and upcoming expiries (warranty, wear and tear thresholds, scheduled interventions) in order to improve technical support (including possible interventions on the Device) and reduce downtime and costs; and improves CLIVET SPA’s Devices and services. On an entirely optional basis, if the user consents (when accessing the System or subsequently), the System finally allows Clivet S.p.A. to obtain authorisation to process user data for direct marketing purposes (hereinafter, the use of the System by the data subject and the provision to the latter of the above-described services, for brevity simply “Services”).
This Circular Letter does not rule out the possibility that additional information on the processing of the Data may be provided in other ways, including sending specific information after activation or after requesting certain services.
1. IDENTITY AND CONTACT DATA OF THE DATA CONTROLLER
With reference to the processing of the Data referred to in this Circular Letter, Clivet S.p.A., VAT no. 00708410253, with registered office in Via Camp Lonc, no. 25 - 32032 Z.I. Villapaiera, Feltre (Belluno), Italy (“Clivet”) acts as Data Controller.
The data subject may contact the Data Controller at any time, for any queries or clarifications concerning this Circular Letter or to exercise the rights referred to in section 10 below, by emailing privacy@clivet.it or by sending a registered letter to Clivet’s registered office, which is specified above, for the attention of the Privacy contact person. Certain rights may also be exercised by the data subject via the App or Portal (e.g. rectification of Data).
2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER (DPO)
Clivet S.p.A. has appointed a Data Protection Officer, who can be reached via email at: dpo@clivet.it
3. THE DATA AND INFORMATION WE PROCESS
In order to provide the Services, we collect and process the following information and Data:
a) Personal data. In order for the Services to be provided, the data subjects, when connecting the Device to Clivet Eye, must register by creating a user account (“System Activation”) via the Portal or the App. The information collected through the System, during registration or subsequent use, includes some personal information of a common nature. This includes, for example, name and surname; email address; location of the Device (physical installation address). It also includes information which, when associated with the above data, may indirectly constitute data of a personal nature: e.g. IP address of the device used by the user; Date and time of registration; Date and time of acceptance of terms and conditions of use; Date and time when the Device was associated with Clivet Eye. It should be noted that for B2B customers (companies/professionals), the company name is requested. This does not constitute personal data, but the Company undertakes to treat it with the same caution as Personal Data:
Mandatory fields for creating an account are clearly marked.
b) Technical data. During registration/creation of the user account, as well as following Activation of the System, Clivet Eye collects information of a technical nature, some through the user and some automatically. This includes,for example, serial number/hardware ID of the Device; model and serial number; software version; operating status of the Device and components (e.g. compressors, fans, valves); wear warnings and error codes; etc. Please note that technical information does not constitute data of a personal nature within the meaning of current legislation. However, Clivet S.p.A. undertakes to treat the aforesaid information with the utmost confidentiality, applying the same rules as those provided for personal data as far as possible.
4. PURPOSES AND LEGAL BASES OF PROCESSING
Data is processed for three purposes, namely:
1) To provide the services defined under contract with the user: specifically, Clivet processes the information and Data referred to in sections a) and b) above in order to allow
remote control and management of the Device by the user;
remote monitoring of the Device’s operating levels;
a detailed view of the Device’s operational status over time and to consult current and past faults;
modification of the Device’s control and advance mode settings by Clivet and, where applicable, by authorised third parties (e.g. service network);
as well as: at the user’s request, provide assistance on the Device, if necessary also through authorised third parties (depending on the type of request and location of the Device), e.g. Authorised Service Centres. In this case, if necessary to provide the requested service, the Data Controller may disclose the information and the Data to data subjects, in compliance with GDPR safeguards. The Data shall be processed not only in compliance with the privacy circular dedicated to Clivet Eye, but also in compliance with the privacy circular dedicated to the “Rapporti di intervento”, available at www.clivet.it in the privacy section.
For the purposes described above, Data processing is based on the provisions of Article 6.1(b) of the GDPR, according to which processing is necessary for the performance of a contract to which the data subject is party.
2) In order to ensure the optimal provision of Services to the user and the optimal use of the Device, as well as to optimise the Company’s products and services: specifically, Clivet processes the information and Data referred to in sections a) and b):
- to send service communications/notifications on statuses and alarms, potential or ongoing faults, new features, operating levels and suggestions for an optimal use of the Device and upcoming expiries (warranty, wear and tear thresholds, scheduled interventions) in order to improve technical support (including possible interventions on the Device) and reduce downtime and costs;
- by accumulating and analysing information and Data, to carry out research and process statistics, where possible anonymously, in order to improve the Company’s services and products, also in the interest of the customer.
If the Data cannot be made anonymous, the relevant processing is carried out based on the legitimate interest of Clivet Spa (pursuant to Article 6.1(F) of the GDPR), represented by the need to ensure the optimal delivery of Services to the user and the optimal use of the Device, as well as to optimise the Company’s products and services. In order to be able to base the aforementioned processing operations on the pursuit of a legitimate interest, Clivet has first balanced said interests with the data subject’s right to privacy, in accordance with the provisions of Article 6.1(f) of the GDPR and taking into account the reasonable expectations of the data subject based on the relationship with the Data Controller, as stated in Recital 47 of the GDPR.
For direct marketing purposes by Clivet S.p.A. (optional purpose): specifically, Clivet processes the information and Data referred to in sections a) and b):
for the purposes of direct marketing by Clivet S.p.A., i.e. to use email, the System or other means employed by the Data Controller to send the data subject communications of a commercial nature (e.g. promotions, offers, new versions of the System, carrying out market research and customer satisfaction survey activities).
For the aforementioned purpose, the processing of Data is based on the data subject’s explicit consent, who has the right to revoke it at any time, pursuant to Article 6.1(a), GDPR.
5. CATEGORIES OF DATA RECIPIENTS
The Data is not disclosed. It may be processed within the Data Controller’s organisation by personnel duly authorised pursuant to Article 29 of the GDPR or, if outside of Clivet S.p.A., by parties appointed as Data Processors in accordance with Article 28 of the GDPR or, if relevant, by parties who are authorised to access the Data in their capacity as independent Data Controllers. As at the date of updating this circular letter, the categories of Data Recipients are: IT service providers who act, where they have access to Data of a personal nature, as Data Processors pursuant to Article 28 of the GDPR;
customer service providers (CAT; Distributors; Branches), located, where relevant, also outside the EU/ non-EEA area, as Data Processors pursuant to Article 28 of the GDPR;
Midea Group, a company based in China, as the parent company of the Midea Group, to which the Data Controller belongs. It should be noted that Midea Group may have access to the Data in its capacity as Data Controller or, if applicable, Data Processor pursuant to Article 28 of the GDPR. The transfer of Data to the Midea Group is governed by specific Standard Contractual Clauses;
other companies in the Midea Group, including those outside the EU/EEA, only where relevant and subject to the signing of specific data processing agreements with the Data Controller, in order to ensure compliance with the protections provided for by the GDPR.
The up-to-date list of Data Processors is kept at the headquarters of Clivet S.p.A. and is available for consultation on the data subject’s request.
6. DATA TRANSFER
The data may be transferred to countries outside the European Union/EEA Area. The Data Controller guarantees that any transfer of personal data will take place in full compliance with the conditions set out in Chapter V of the GDPR (Articles 44 et seq.), in order to ensure that the level of protection afforded to natural persons by the GDPR is in no way affected. Any transfer will therefore only be made to those Countries that the European Commission has judged can guarantee an adequate level of protection, in accordance with the provisions of Article 44 of the GDPR or in compliance with specific standard contractual clauses approved by the European Commission pursuant to Article 46 of the GDPR, provided that the recipient of the data provides adequate guarantees and that data subjects have enforceable rights and effective remedies. In this case, the data subject is informed that he/she has the right to request a copy of the standard contractual clauses signed by the Data Controller.
Any exceptions to the above will only occur in full compliance with Article 49 of the GDPR. Below are the countries outside the EU/EEA area to which personal data may be transferred as of the date of updating this circular letter, where this is necessary for the provision of the Services: Georgia; India; England; Switzerland. For each third country recipient of the Data, the Data Controller assesses in advance the existence of adequacy decisions (or other agreements deemed equivalent by the European Commission) and, in the absence thereof, enters into appropriate SCCs with the recipients of the Data. Please also note that the Data may be transferred to other companies in the Midea Group (also located outside the EU/EEA), a Group to which the Data Controller belongs, as well as to the Midea Parent Company in China, under specific agreements entered into pursuant to the GDPR. The updated list of non-EU/extra-EEA recipients of the Data, which may change over time, is kept by the Data Controller; the data subject may at any time ask for more information on the transfer of the Data by sending a request to the email address privacy@clivet.it or a registered letter with acknowledgement of receipt to the Data Controller's registered office.
7. NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF REFUSAL
Except for: a) Data that users may choose not to provide to the Data Controller as it is marked as non-mandatory during System Activation (Optional Data); and b) Data and consent for direct marketing purposes set out in section 4.3 (an entirely optional purpose), the provision of the Data is necessary for the provision of Services. If you refuse to provide us all or part of such Data, it will be impossible for us to provide the Services in part or in whole.
8. PROCESSING METHODS
The Data are processed electronically or in paper form, and in such a way as to ensure security and confidentiality. Please note that the processing referred to in this Circular Letter does not involve automated decision-making processes.
9. DATA RETENTION PERIOD
The Data is kept for no longer than necessary to fulfil the purposes for which it is collected and processed, i.e. for the purposes set out in points 4.1) and 4.2), for a maximum period of 10 years; for the purposes set out in section 4.3) (direct marketing) for a maximum period of 5 years, unless consent is renewed. With reference to the user account and its content, it is specified that: in the event that the data subject asks the Data Controller to delete the account, it shall be deactivated within a maximum period of 30 days from the data subject’s request. From then on, the user will no longer be able to remotely control the Device and use the Services, through the System. However, the Information and Data hitherto collected through the System may continue to be processed by the Data Controller to improve the Services and the Devices.
Please note that the user is allowed to delete their account directly through the App without forwarding a specific request to Clivet: this deletion process is irreversible. Furthermore, in compliance with the principle of data retention limitation, the user’s account will be deactivated in the event of prolonged inactivity. In particular, if the Application is not accessed for a continuous period of two years, the user will receive an email notice warning them that their account may be deactivated. The user will have a period of 30 days from receipt of the notice to confirm their interest in keeping the account active through a positive action, such as logging in to the App/Portal or responding to the notice according to the instructions provided. If no response is received by the deadline, the account will be deactivated and the personal data associated with it will be deleted, without prejudice to any retention obligations under applicable law and without prejudice to the processing of the Data/Information collected up to that point for the purpose of improving the Services and Devices. The user’s right to re-register/create an account naturally remains unaffected.
The Data may be retained for longer than stated above, where necessary in order to comply with legal obligations, to fulfil legitimate requests made by Authorities or to settle disputes concerning the processing of the Data.
10. RECOGNISED RIGHTS OF THE DATA SUBJECT
The data subject may exercise the rights granted to him or her by the GDPR against the Data Controller at any time. Specifically, by emailing privacy@clivet.it or sending a registered letter (for the attention of the privacy Contact Person) to the registered office at Via Camp Lonc, n. 25 – 32032 Z.I. Villapaiera, Feltre (Belluno), Italy, they may exercise the following rights:
Right of access
The data subject may ask us whether or not we are processing his or her personal data and, if we are, may be granted access to a copy of such data. In fulfilling a request to access such data, we will also provide additional information, such as the purposes of processing, the categories of personal data concerned, and any other information required to exercise the relevant right.
Right to Rectification
The data subject has the right to request that the Data be rectified if inaccurate or incomplete. If requested, we will correct inaccurate personal data and supplement any incomplete Data, taking into account the purpose of processing. Please note that the rectification of Data can also be requested via the APP.
Right to erasure
The data subject also has the right to request that his or her personal data be erased. The Data can only be erased in certain cases, as mandated by law and listed in Article 17 of the GDPR. This includes cases in which personal data are no longer required for the initial purposes for which they were processed, and cases in which they have been processed in an unlawful manner. For the type of Services referred to in this circular letter, please be advised that it may take some time for backup copies to be erased.
Right to restriction of processing
The data subject has the right to obtain restriction of processing of his or her personal data, which means that we can stop processing the Data for a certain amount of time. This right may apply to circumstances (Article 18 of the GDPR) including situations in which the accuracy of personal data has been questioned, but we may need time to verify its (in)accuracy. This right does not prevent us from continuing to store personal data. We will in any case inform the data subject before the restriction is lifted.
Right to Object
The data subject has the right to object to the processing of their personal data, which means that the data subject can request us to stop processing such personal data for certain purposes (e.g. direct marketing). This right is only granted under specific circumstances (Article 21 of the GDPR) and, specifically, in cases in which the legal basis for processing is the Data Controller’s legitimate interest.
Right to data portability
The right to Data portability entails that the data subject may request us to provide his or her personal data in a structured, commonly used and machine-readable format, and may also request that such data be transmitted directly to another Data Controller, provided this is technically feasible.
Right to withdraw consent
The data subject has the right to withdraw his or her consent to the processing of personal data at any time, if the processing is based on his or her consent (e.g. direct marketing). In any case, the withdrawal of consent does not jeopardize the lawfulness of the processing based on the consent before the withdrawal. In the case of communications for commercial purposes (marketing), it is also possible to object by clicking the link included in communications sent by the Data Controller.
11. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
The data subject may also apply to the relevant Supervisory authority for the protection of personal data if he or she has reason to believe that his or her Data are being processed in violation of his or her rights or of the applicable legislation. The data subject may exercise this right in accordance with the complaint procedures laid down by each National supervisory authority, which are available at: https://www.garanteprivacy.it/web/guest/home/footer/link
12. CHANGES AND UPDATES TO THE CIRCULAR LETTER
This Circular Letter is regularly updated. We will notify the data subjects of any changes by sharing the updated Policy as we deem appropriate (e.g. by posting it on the Portal, on the CLIVET site or through the APP).