WisToolBox Privacy Notice

Last Updated: November 4, 2023

The WisToolBox desktop and mobile applications (the “Applications”) are operated by RAKwireless Technology Limited (“we”, “our”, “us”).

Contact Information

You may contact us via email at dpo@rakwireless.com or our mailing address below.

RAKwireless Technology Limited
Room 506, Bldg B, New Compark,
Pingshan First Road Taoyuan Street,
XiLi Town, Nanshan District Shenzhen (Guangdong Province)
People’s Republic of China.

Data Protection Officer

Please contact us legal@rakwireless.com to receive answers to any data protection-related questions. Please note that we may record any communication to preserve the evidence of your request and our response.

EU representative

RAKwireless has appointed an EU Representative (as required by Article 27 of the GDPR). The representative would act as a contact point for supervisory authorities and data subjects.

Correspondence address: Rickert Rechtsanwaltsgesellschaft mbH; Colmantstraße 15, 53115, Bonn, Germany.

EU Representative’s email: art-27-rep-rak@rickert.law

Personal Data We Collect

We collect and process your personal information in the following cases:

(1) When You Log In to the Applications

If you log in to the Applications with a RAK ID account, we will process your email address associated with the respective RAK ID account. More information regarding the RAK ID account is available in RAK ID Privacy Notice, which is available on the RAK ID website. You may log out from the Applications at any time. The legal basis for processing your email address is the performance of a contract, i.e., to provide you with access to the Applications subject to the Terms of Use.

Please note that you can manage your RAK ID account and respective data within the interface available on the RAK ID website. The data processing of the RAK ID account data is subject to the RAK ID Privacy Notice. We suggest you read the RAK ID Privacy Notice before registering and using a RAK ID account.

When you log in to the Applications, we assign a unique number to your account. This is necessary for technical reasons to consider you our users. This number is used only for internal technical purposes. The legal basis for processing your email address is the performance of a contract, i.e., to provide you with access to the Applications.

(2) When You Contact Us

Within the Applications, you may send a request to our support team. When you submit a request, you provide us with your name and email address; you may also provide certain additional personal data via the text field or in the file you attach to the request. With regard to your name and email address, this data is necessary to contact you back, address you properly, and/or resolve your issue. The legal basis for processing such data (as well as attachments) is our legitimate interest to assist you with using the Applications.

With regard to the personal data that might be in the attached files, such data will be used to resolve your issue only. Please ensure that you only disclose personal data necessary to have your issue resolved. We do not need your sensitive data and kindly ask you to control that no attached materials comprise sensitive data (e.g., state-issued ID details or social security number, information as to your racial or ethnic origin, your credit card data if not necessary to resolve your issue except CVV number, card expiry date and password or PIN or other similar codes, criminal record, etc.) or that any sensitive data is either blurred or otherwise made unidentifiable irreversibly.

When you contact us via the Applications, the provided data is also processed by Zendesk, which helps us to receive and process your inquiries. Zendesk’s details are: Zendesk, Inc. registered at 989 Market Street, San Francisco, CA 94103, United States; for more details please see their Zendesk website. Each time you submit a support request via the Applications, Zendesk creates a ticket on that request for us containing the ticket data (date/time of request and other details), user data who made a request, and the request details.

Note that competent US state authorities may have access to the personal data processed by Zendesk. For more information on how Zendesk processes personal data, please check Zendesk Privacy Documentation.

(3) Automatically via Sentry

We use Sentry within our Applications. Sentry is the error and performance monitoring software offered by Functional Software, Inc.. Sentry provides us with information about crashes and malfunctions in the Applications. In case of malfunction or failure, the following information is transmitted:

1. information about the device and the browser, such as device ID, model and device type, screen parameters, name and version of the operating system, and settings of the device (e.g., language);
2. version and functionality of the Application;
3. date, time and timezone of the crash event;
4. place in the Application where the crash happened.

With the aforementioned information, we do not intend to identify you as an individual, however, according to the applicable data protection legislation, it may be considered personal data.

We use Sentry to improve the Applications and ensure their stability. The legal basis for processing the data collected via Sentry is our legitimate interest and to perform the contract you entered into with us (namely, provide you with the access to the Applications).

For more information regarding the data processing by Sentry, please refer to Sentry’s Privacy Policy.

(4) Device Serial Number

Within the Application we identify devices using their unique serial number, which are assigned to them when they are manufactured. By default, device serial number is not personal data, however, when it is combined with certain other data, it may in some cases constitute personal data.

We don’t use device serial number to identify you as an individual, we use it to identify the specific device if and where it is necessary for technical reasons and if requested by you.

We process this data based on our legitimate interest to ensure better customer experience when you contact us for technical reasons regarding your device.

(5) Generated log files (with raw data) on demand

You are able to generate and download log files that describe the actions that have taken place in the RAK end devices you own or control via the Application. Such logs may contain some technical information that, when combined with other data, may in some cases constitute personal data as follows:

1. Device communication sessions (user app, device model, time of request/response, device LoRaWAN, P2P parameters requests and device LoRaWAN, P2P parameters responses);
2. Device Firmware Upgrade process (device model, firmware file name, upgrade progress, time, fail reason, error code);
3. RAK ID synchronization logs (time of log event, action (for example, sign in, create/update/delete of template/custom firmware file), status (success/error).

We collect this data based on few legal bases depending on the situation. Firstly, we collect this data to provide you with access to the Applications and enable you to operate your RAK end devices, thus relying on the performance of contract legal basis. Secondly, we use this data to monitor performance of the Applications and end devices at all to discover any possible crash or bug, monitor any possible security incidents and ensure timely bug fixes and maintenance works; in this case, we rely on our legitimate interest. Also, we generate and make the log files available for downloading at your request and based on your consent given to us to perform such processing of the log data.

We normally store this data as long as you use the Applications or RAK end device(s).

Storage Period

As a general rule, we store your data as long as it is necessary for the purposes it was collected and according to the requirements of the applicable legislation. Following the expiration of the storage period, such data will be either erased or anonymised. In particular, your personal data will be processed as follows:

1. With respect to the user’s data (such as email address and unique number) is until you delete your RAK account or remove your WisToolBox app from the RAK ID service.
2. Information provided in your support request (name and email address) is 1 year following the resolution of the request.
3. Information collected with Sentry is 90 days from the date when the malfunction took place.
4. We store the device serial number as long as the respective device is connected to the Applications.
5. Log data with data on the RAK ID synchronization are generated for the period of last 30 days; device communication logs can be generated from the start of the device connection session until the request to generate the logs.

How We Share Your Personal Data

We do not sell or rent out your personal data. However, we may share your personal data if it is reasonably necessary for the performance of our undertakings with you and our legitimate interest to maintain and develop the Applications. In particular, your personal information is shared with the following categories of recipients:

1. our affiliates;
2. our subcontractors and team members, e.g., support team, technical team, etc.;
3. third-party solutions integrated in the Applications, e.g., Zendesk or Sentry;
4. government institutions that may request access to your personal data.

Please note that we and the aforementioned recipients are located in jurisdictions that may not ensure the same level of data protection as the country of your residence. We will endeavor to protect your personal data while it is processed, stored, or transferred. If and to the extent we are subject to the European Union General Data Protection Regulation, when we transfer personal data to a country that does not ensure the same level of data protection as the country of your residence, we will use additional safeguards, namely, Standard Contractual Clauses.

Your Rights

According to the applicable data protection legislation, you may have the following data protection rights:

1. right to access:

   You are able to request access to your personal data that we store about you. Among other, you may ask us regarding:

   • the purposes for collecting personal information about you;
   • categories of personal information concerned;
   • who receives your personal information or categories of such recipients;
   • how long we are going to store the information about you and if not possible criteria to determine the storage period;
   • the right to lodge a complaint with a supervisory authority;
   • when your personal information was obtained not from you directly, the source where it came from;
   • the existence of either profiling activities or automated decision-making based on your personal information. Where such activities are performed, we should also inform you about their importance, and expected consequences of them;
   • copy of your personal information processing. For such requests further, we may charge you with a reasonable fee. We generally provide users with an electronic copy of their personal information unless they request otherwise.

2. right to rectification:

   You have the right to correct inaccurate (for example, old or incorrect) personal information related to you.

3. right to erasure or the right to be forgotten:

   You have, under certain circumstances, the right to request the erasure of your personal information. Please note, that this right only applies to the data available at the time of request and is not applicable to future data.

   Request to the erasure of personal information is possible when:

   • personal information is no longer needed for the purposes it was primarily collected or processed;
   • when you have already withdrawn your consent for processing your personal data, and we do not have other legal ground to process it;
   • when your personal data is processed under legitimate interest and you object to such legal ground. Moreover, there is no overriding legitimate interest to proceed processing of your personal data;
   • your personal information was unlawfully processed;
   • when your personal data has to be erased due to legal obligation.

4. right to restrict processing:

   You may request us to stop processing your personal information when:

   • you have reasonable doubts that your information is accurate, and we are verifying the accuracy of such information;
   • your personal information was unlawfully processed;
   • the purpose of your personal information collection no longer exists, but you wish to store it longer to defend a legal claim.

   Moreover, you may request us to stop processing your personal data while we are working on a rectification request or request to object to processing your personal information.

5. right to data portability:

   You have the right to obtain from us and further, reuse your personal data for your own purposes within other services. You will also be able to transfer your personal information from one IT environment to another in a safe and secure way, when certain conditions apply, such as:

   • processing is based on your consent or needed for the contract performance;
   • the processing is made only electronically, without any paper-based files included.

6. right to object:

   You have the right to object the processing your personal information at any time. This allows you to prevent us from processing your personal information. This right is absolute, but applies when one of the following conditions are met:

   • your personal information is used for direct marketing purposes;
   • the processing is based on our legitimate interest;
   • we are performing tasks carried out for the public interest or by governmental authority;
   • your personal information was processed for either research or statistical purposes.

7. right not to be subject to automated decision-making and profiling:

   Currently, neither we nor the Applications use your personal data for profiling or decisions made solely by automated means.

8. right to lodge a complaint with a supervisory authority:

   You have a right to lodge a complaint with a data protection authority in a country you either reside, permanently live, work, or in a country where data protection infringement takes place.

Personal Information of Minors

Application is not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, or solicit data from children. We do not knowingly process, collect, or use the personal data of children, and in case we receive such data, we will erase it within a reasonable timeframe.

Revisions

We keep our Privacy Notice under regular review and may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please, review this Privacy Notice regularly, or follow the updates within the Applications.