Privacy Notice – Plume Services
You have opted to use services provided by Plume Design, Inc. (hereinafter "Plume", "we", "us"), which you either purchase directly from us or through one of our cooperation arrangements with an Internet Service Provider (hereinafter "provider").
When using the services, your personal data will be processed. In doing so, we process them in certain constellations as a so-called processor for the providers with whom we cooperate. In these cases we are subject to the instructions of the provider in accordance with the EU General Data Protection Regulation ("GDPR"). Information about this form of our data processing on behalf of a provider can be obtained from the provider itself.
The following privacy notice informs you about the processing of your personal data by Plume.
1. Who is responsible for processing your personal data?
The controller responsible for the processing of your data described in this privacy notice is
Plume Design, Inc.
290 South California Avenue
Palo Alto, CA 94306
Our Data Protection Officer can be contacted at firstname.lastname@example.org.
When you purchase a Plume product from your Internet Service Provider (ISP), Plume will, to some extent, process Personal Information about you (and other users connected to your Wi-Fi network) on behalf of your ISP, so that your ISP can provide you with the Services. For the PII that Plume processes on behalf and upon instruction of the ISP, the ISP is the data controller. In this regard, the privacy notice of the respective ISP applies.
2. For which purposes do we process your personal data?
a. User account, provision of services
In order to provide you with your user account and to deliver to or provide you with the products or services you have ordered and the corresponding updates, we process your personal data and store it in the Plume managed cloud.
- Plume ADAPT & ACCESS
Adapt manages the communication of your individual end devices in your home network. Access allows you to implement access restrictions (e.g. parental controls or restricted guest access) for individual devices or users and monitor the usage behavior of the devices in your home network. For this purpose, we process device and network information such as the type of device you use, operating system version, device hostnames & nicknames, network address and topology, Wi-Fi operating environment
- Plume GUARD
The connected devices can be equipped with security software via the Plume cloud. This software detects unusual interactions of the devices and prevents them from malicious execution. For this purpose, security and content events are processed such as DNS queries, blocked DNS queries, websites blocked for online/IoT protection, source & destination traffic headers, and IP Flows (source, destination IP and port, protocol, packets and byte counts).
- Plume SENSE
Plume Motion acts as a motion detector by evaluating fluctuations in signal strength between stationary terminals in the network. For this function, network and motion data is processed such as configuration of sounding devices, motion density history.
b. Support, troubleshooting
We process the following personal data to provide customer support and to identify and rectify technical or other faults in the services: Account information, device & network configuration, operating statistics and settings for security and motion features. Support personnel access to data is based on a customer ticket or incident and is audited.
c. Network optimization and protection, network settings
We process the following data to optimize networks: device and network information such as the type of device you use, operating system version, device hostnames & nicknames, network address and topology, Wi-Fi operating environment
We process the following data to provide security features and to protect your network and devices: security and content events such as DNS queries, blocked DNS queries, websites blocked for online/IoT protection, source & destination traffic headers, and IP Flows (source, destination IP and port, protocol, packets and byte counts).
d. Reports, evaluations
Plume collects crash reports for both the Plume Software and the Plume App. These reports can include information such as the type of crash, the software version that is running and the operating system version of the device running the Plume App. We also provide reports to the user such as Plume app statistics, motion history and, usage time for different online applications derived using IP Flow information.
e. Plume App
Based on the performance of the terms and conditions for the Plume app that you have accepted (Art. 6(1) lit. b GDPR)and in order to communicate with you via the Plume app, to display your devices in detail and to create app reports and analyses, we process the following data categories: User account data (clear name or system generated name, login email address, account ID, customer ID, additional email addresses, if applicable, email ID, partner ID, password), operating system information and device screen size.
f. Improvement and analysis of services
On the basis of your explicit consent (Art. 6(1) lit. a GDPR), Plume processes your personal data in connection with your use of the services, including for the improvement and further development of our services, for data analysis, for benchmarking and for IT security. Plume will de-identify these data as far as possible before using it.
Plume processes, among other things, information about device types at specific location, network traffic, connectivity data, data consumed by applications and motion data in order to analyze, calculate and display on dashboards certain findings, benchmarks or trends. The published data is aggregated or anonymized beforehand, but Plume may process individual data at site level (some of which may be associated with personal identifiers such as MAC addresses of individual devices) to produce the aggregated data.
Plume also processes data to improve products and services or to develop new products, to develop or test new algorithms and approaches. Personal data (such as network data containing MAC addresses) may also be used to compare one area with another area ("benchmarking") or to create machine learning models (aggregated/anonymized).
g. Consumer Experience Management (CEM) Platform
We offer providers who cooperate with us in the provision of our services use of our CEM platform (Plume Central and Plume NOC), which allows providers to view network and user data, among other things to make optimizations, provide support (incl. support calls and troubleshooting). For this purpose we collect the following data and share it with the participating providers via the CEM Platform: Account information, device & network configuration, operating statistics and settings for security and motion features. Actions within the CEM are logged for audit purposes. In this regard, Plume operates as a processor for the providers based on a data processing agreement.
When using our services, you are not subject to any automated decision-making (Art. 22 GDPR).
3. How long is your data stored?
While you are a customer of Plume, your data could be stored for up to 2 years. In case of mandatory data retention obligations (such as according to tax or accounting law provisions), Plume will retain the data for a longer period as requested by applicably law. After termination of agreement or earlier upon request, Plume deletes customer, location, device and network data within 48 hours and shall cease use of other identifiable Personal Data within 45 days of the request.
4. Who are the recipients of your data?
If you obtain our services in cooperation with a provider, we will share your personal data with this provider if this is necessary for the provision of the services.
We also transfer your data to other companies that we engage to provide our services (e.g. for hosting and customer support) and with whom we are contractually bound by data processing agreements.
If we transfer your personal data to countries outside the European Union or the European Economic Area (third countries), we have implemented sufficient guarantees in accordance with Art. 44 et seq. GDPR to ensure an adequate level of protection. We monitor the guidance of relevant data protection authorities and will adapt our data processing activities to their guidance, if necessary. We currently use standard contractual clauses for data transfers to third countries, in particular the US.
5. What choices and rights do you have regarding the processing of your data?
In the Plume app you have the possibility to activate the "Privacy Mode" (within the Guard function). This limits the amount of data stored in the Plume cloud. If you enable the "Privacy Mode",
- all Guard functions are disabled (Online Protection, Advanced IoT Protection, Adblocking and Content Filtering). Previously blocked events (malicious domains that were blocked from visiting) are stored and can be retrieved after deactivating the "Privacy Mode" in the Plume app,
- previously quarantined devices will be un-quarantined
- Web connectivity will not be collected at any time so device typing information needed for Guard may not be accurate.
You also have the following rights under the respective legal requirements:
A. Data access (Art. 15 GDPR)
You can request access to your processed personal data at any time. You also have the right to obtain a copy of your processed data.
B. Rectification, erasure (Art. 16, 17 GDPR)
You have the right to request the correction or completion of incorrect or incomplete personal data. You also have the right to request the erasure of personal data concerning you if and to the extent that they are no longer necessary for the purposes of the processing, if you have withdrawn your consent on the basis of which the processing was carried out, or objected to the processing, and if there is no other legal basis for the processing or if the processing was carried out unlawfully.
C. Restriction of processing (Art. 18 GDPR)
Under certain conditions you have the right to restriction of the processing of your personal data.
D. Data portability (Art. 20 GDPR)
You have the right, under certain conditions, to receive the personal data concerning you that you have provided in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance. In so far as this is technically feasible, you have the right to have the personal data transferred directly to another controller.
E. Objection to processing (Art. 21 GDPR)
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6(1) lit. e or f GDPR. Your data covered by the objection will then no longer be processed, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
F. Withdrawal of consent (Art. 7(3) GDPR)
You have the right to withdraw your consent to data processing without giving reasons at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
G. Complaint at supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint with a competent supervisory authority if you take the view that the processing of your personal data is unlawful.
In order to assert your rights, you can contact us using the above-mentioned contact details.
Plume also offers you the opportunity to exercise your rights to data access and erasure directly via the Plume app and the "Privacy Request Form".
6. Changes to this privacy notice
This privacy notice will be updated if this is necessary for factual or legal reasons. As soon as a change is made to the privacy notice, the current version will be made available to you here.
Last update: [11.26.2020]