This Policy details our commitment to protecting the privacy of individuals who visit our Websites (“Website Visitors”), who register to use the products and services which we market for subscription at www.arlo.co (the “Service(s)”), or who attend or register to attend sponsored events or other events at which the Arlo Group participates (“Attendees”). For the purposes of this Policy, the term, “Websites”, shall refer collectively to www.arlo.co as well as the other websites that the Arlo Group operates and that link to this Policy.
2. Scope Of This Policy
In addition to the Websites that link to this Policy, this Policy applies to the following:
- The Arlo Help Centre which is our online knowledge base providing access to support articles, community material, and access to create and manage support tickets.
- The Arlo Developer Portal, which enables Subscribers to create web applications and other integrations with our Services. For the purposes of this Policy, “Subscriber” shall refer to an individual or an entity that has entered into a Service Agreement (defined below) for use of our Services.
In this Policy, personal information means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity. The use of information collected through our Service shall be limited to the purpose of providing the Service for which the Subscribers has engaged.
Our Websites may contain links to other websites and the information practices and the content of such other websites are governed by the privacy statements of such other websites. We encourage you to review the privacy statements of any such other websites to understand their information practices.
With the exception of Account Information (as defined below) and other information we collect in connection with your registration or authentication into our Services (as defined below), this Policy does not apply to our security and privacy practices in connection with your access to and use of the Services. These security and privacy practices, including how we protect, collect, and use electronic data, text, messages, communications or other materials submitted to and stored within the Services by You (“Service Data”), are detailed in and governed by our Master Subscription Agreement, or such other applicable agreement between you and any member of the Arlo Group relating to your access to and use of such Services (collectively referred to as the “Service Agreement”).
Subscribers to our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal information in connection with the use of our Services by individuals (also referred to as “data subjects”) with whom our Subscribers interact. If you are an individual who interacts with a Subscriber using our Services, then you will be directed to contact our Subscriber for assistance with any requests or questions relating to your personal information.
We collect information under the direction of our Subscribers, and have no direct relationship with individuals whose personal information we process in connection with our Subscriber’s use of our Services. If you are an individual who interacts with a Subscriber using our Services (such as a customer of one of our Subscribers) and would either like to amend your contact information or no longer wish to be contacted by one of our Subscribers that use our Services, please contact the Subscriber that you interact with directly.
We process personal information for Subscribers and in doing so we may transfer personal information to companies that help us provide our Services. Transfers to subsequent third parties for these purposes are governed by the Service Agreements with our Subscribers.
In our capacity as a processor of personal information, we agree with each Subscriber to comply with all applicable data protection laws, which may include GDPR (for EU data subjects) and the UK equivalent laws (for UK data subjects).
3. Information That You Provide To Us
Account and Registration Information:
We ask for and may collect personal information about you such as your name, address, phone number, email address, instant messaging ID, and credit card information, as well as certain related information like your company name and website name, when you register for an account to access or utilise one or more of our Services (an “Account”). We also ask for and collect personal information such as an email address and a name or alias from any individual that you authorise to log into and utilise our Services in connection with Your Account.
If you sign-up for a free trial Account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. A third-party intermediary is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
We refer to any information described above as “Account Information” for the purposes of this Policy. By voluntarily providing us with Account Information, you represent that you are the owner of such personal data or otherwise have the requisite consent to provide it to us.
We ask for and may collect personal information from you when you submit web forms on our Websites or as you use interactive features of the Websites, including, participation in surveys, contests, promotions, sweepstakes, requesting customer support, or otherwise communicating with us.
We ask for and may collect personal information such as your name, address, phone number and email address when you register for or attend a sponsored event or other events at which any member of the Arlo Group participates.
When you download and use our Services, we automatically collect information on the type of device you use, and operating system version.
When you install the Arlo for WordPress plugin, we collect anonymised diagnostic and technical data about your server environment to help our engineering team diagnose connection and integration issues. The data we collect does not contain any Personal Data. You may opt out of sharing this information at any time using the settings page of the plugin.
4. Information That We Collect From You on our Websites
Cookies and Other Tracking Technologies:
Web beacons, tags and scripts may be used on our Websites or in email or other electronic communications we send to you. These assist us in delivering cookies, counting visits to our Websites, understanding usage and campaign effectiveness and determining whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our third-party service providers on an individual and aggregated basis.
We use Local Storage Objects (“LSOs”) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs. Third parties with whom we partner to provide certain features on our Websites or to display advertising based upon your Web browsing activity use LSOs such as HTML5 and Flash to collect and store information. For further information on how to manage Flash LSOs please click here.
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.
We collect analytics information when you use the Websites to help us improve them. We may also share anonymous data about your actions on our Websites with third-party service providers of analytics services.
We also use mobile analytics software to allow us to better understand the functionality of our mobile application on your device. This software may record information such as how often you use the mobile application, the events that occur within the mobile application, aggregated usage, performance data, and where the mobile application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
5. Information Collected From Other Sources
Social Media Widgets:
The Websites include social media features, such as the Facebook Like button, and widgets, such as the Share This button or interactive mini-programs that run on our Websites. These features may collect your Internet protocol address, which page you are visiting on the Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Websites. Your interactions with these features are governed by the privacy statement of the companies that provide them.
Information From Third Party Services:
We may also obtain other information, including personal information, from third parties and combine that with information we collect through our Websites. For example, we may have access to certain information from a third party social media or authentication service if you log into our Services through such a service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third party social media or authentication service is in accordance with the authorisation procedures determined by that service. By authorising us to connect with a third party service, you authorise us to access and store your name, email address(es), current city, profile picture URL, and other personal information that the third party service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on these third party services to understand and change the information sent to us through these services. For example, you can log in to the Services using sign-in services such as Facebook Connect or an Open ID provider, as further described below.
You can log into certain Services using sign-in services such as Facebook Connect or an Open ID provider. These services will authenticate your identity, provide you with the option to share certain personal information (such as your name and email address) with us, and pre-populate our sign up form. Services like Facebook Connect give you the option to post information about your activities in the Services to your profile page to share with others within your network.
6. How We Use Information That We Collect
We may use the information we collect about you (including personal information, to the extent applicable) for a variety of purposes, including to (a) provide, operate, maintain, improve, and promote the Services; (b) enable you to access and use the Services; (c) process and complete transactions, and send you related information, including purchase confirmations and invoices; (d) send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages; (e) send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners. You can opt-out of receiving marketing communications from us by contacting us at email@example.com or following the unsubscribe instructions included in our marketing communications; (f) process and deliver contest or sweepstakes entries and rewards; (g) monitor and analyse trends, usage, and activities in connection with the Websites and Services and for marketing or advertising purposes; (h) investigate and prevent fraudulent transactions, unauthorised access to the Services, and other illegal activities; (i) personalise the Websites and Services, including by providing features or advertisements that match your interests and preferences; and (j) for other purposes for which we obtain your consent.
Legal Basis for Processing (EEA only):
If you are an individual from the European Economic Area (EEA) or from the United Kingdom, our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where: (a) we have your consent to do so, (b) where we need the personal information to perform a contract with you (e.g. to deliver the Arlo Services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our (or a third party’s) legitimate interests which are not already described in this Notice, we will make clear to you at the relevant time what those legitimate interests are.
In our capacity as a processor of personal information for Subscribers, we agree to comply with all applicable data protection laws, which may include GDPR (for EU data subjects) and the UK equivalent laws (for UK data subjects).
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided further below in Section 15.
7. Sharing Of Information Collected
Third-Party Service Providers:
We share information, including personal information, with our third-party service providers that we use to provide hosting for and maintenance of our Websites, application development, backup, storage, payment processing, analytics and other services for us. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights:
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Agreement, or as otherwise required by law.
From time to time, we may post testimonials on the Websites that may contain personal information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
If you choose to use our referral service to tell a friend about our products and services, we will ask you for your friend’s name and email address. We will automatically send your friend an email inviting him or her to visit the Websites and will store this information for the purpose of sending this initial email, tracking the success of our referral program and other marketing activities. Your referral may contact us at email@example.com to request that we remove his/her information from our database.
The Websites may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features (“Interactive Areas”). You should be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it. To request removal of your personal information from an Interactive Area, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Arlo Group Sharing:
We may share information, including personal information, with any member of the Arlo Group.
With Your Consent:
We may also share personal information with third parties when we have your consent to do so.
8. International Transfer Of Information Collected
Arlo is a company incorporated in New Zealand which operates globally. New Zealand has held ‘adequacy’ status under GDPR for several years. We primarily store personal information about Website Visitors and Subscribers within the European Economic Area (the “EEA”), the United States, Australia, and New Zealand and in other countries and territories. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which the Arlo Group has operations for the purposes described in this Policy. We may also transfer your personal information to our third party subprocessors, who may be located in a different country to you. Such countries may have laws which are different, and potentially not as protective, as the laws of your own country. Whenever Arlo shares personal information relating to a data subject residing within the European Economic Area (EEA) or within the United Kingdom, with an Arlo entity or third party sub-processor located outside those areas, it will do so on a lawfully compliant basis, including, for Subscribers, by ensuring that any transferee sub-processor is either located in a Country with ‘adequacy’ status under GDPR or by ensuring that the transferee or access recipient has agreed to an appropriate version of the Standard Contractual Clauses under EU Data Protection Law, including the EU Commission’s Implementing Decision 2021/914 dated 4 June 2021 or any update to or replacement of that, or as is applicable from time to time under UK Data Protection Law (if that is the applicable law). If you are visiting our Websites from the EEA or the United Kingdom or other regions with laws governing data collection and use (e.g. not through a Subscriber), please note that by deciding to transfer your personal information to Arlo of your own volition (if you do so), you are agreeing to the transfer of your personal information to the United States, Australia, New Zealand and other jurisdictions in which we operate, including to third party sub-processors we use in those Countries. By providing your personal information, you consent to any transfer and processing in accordance with this Policy, and you acknowledge and accept that the same protections as exist regarding Subscriber supplied personal information as noted above, may not apply. Please see the list of non-production third party processors. Please ensure that you are satisfied with the data protection terms published by each of those ‘non-production’ third parties.
9. Communications Preferences
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to email@example.com.
10. How Long We Retain Your Personal Information
For personal information that we process on behalf of our Subscribers, we will retain such personal information in accordance with the terms of our agreement with them, subject to applicable law.
11. Your Privacy Rights
Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at firstname.lastname@example.org. Subscribers to our Services may update or change their Account Information by editing their profile or organisation record or by contacting email@example.com for more detailed instructions. To make a request to have personal information maintained by us returned to you or removed, please email firstname.lastname@example.org. Requests to access, change, or remove your information will be handled within thirty (30) days.
An individual who seeks access to, or who seeks to correct or, amend inaccuracies in, or delete personal information stored or processed by us on behalf of a Subscriber should direct his/her query to the Subscriber (the data controller). Upon receipt of a request from one of our Subscribers for us to remove the data, we will respond to their request within thirty (30) days. We will retain personal information that we store and process on behalf of our Subscribers for as long as needed to provide the Services to our Subscribers. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at email@example.com.
If you are a Subscriber or otherwise provide us with personal information in connection with your use of our Websites or Services, we will delete this information upon your request, provided that, notwithstanding such request, this information may be retained for as long as you maintain an account for our Services, or as needed to provide you with our Services, comply with our legal obligations, resolve disputes and enforce our agreements.
Additional Rights for EEA and Certain Other Territories:
If you are from certain territories (such as the EEA), you may have the right to exercise additional rights available to you under applicable laws, including:
- Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
- Right to object to processing: You may have the right to request that Arlo stop processing your personal information and/or to stop sending you marketing communications.
- Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
- Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
If you would like to exercise such rights, please contact us at the contact details in Section 16 below. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here.
12. Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through the Websites or Services, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
13. Business Transactions
We may assign or transfer this Policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge.
14. Changes To This Policy
If there are any material changes to this Policy, you will be notified by our posting of a prominent notice on the Websites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Websites or the Services constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of the Websites and the Services.
15. Contact Us
If you have questions regarding this Policy, about the Arlo Group’s privacy practices, or an enquiry for the Data Protection Officer, please contact us by email at email@example.com, or at:
Arlo Software Limited
Attn: Privacy Officer
PO Box 33062
Lower Hutt 5046