Privacy Policy
(In force from 20 November 2024)
1. Introduction
Shelly API Integrator connectivity Cloud-to-Cloud API for integration, control and telemetry collection from our devices.
This documentation is intended for third-party integrators who would like to monitor and control Shelly devices connected to our cloud systems.
It allows centralized streaming of status data from many Shelly accounts to a single point for data ingest. Basic control over the devices is also possible.
When users interact with Shelly API Integrator, Shelly Europe Ltd. processes their data as detailed herein, ensuring compliance with applicable data protection laws like the European Union’s GDPR.
2. Controller
The data controller for Shelly API Integrator is Shelly Europe Ltd., UIC: 202320104.
Registered Address:
51 Cherni Vruh Blvd., Sofia, Bulgaria
3. Personal Data
Personal data refers to any information that identifies or could identify a natural person, as defined under GDPR. Examples include:
- Name
- Identification number
- Location data
- Online identifiers
4. Data Subject
The data subject under this policy is any registered user of the Shelly API Integrator service, categorized as either an Admin User or Account User.
5. Data Protection Officer
For inquiries about the processing of personal data, contact the Data Protection Officer:
Email: dpo@shelly.com
6. About the Shelly API Integrator Service
Integrator API is a Cloud-to-Cloud connectivity API for integration, control, and telemetry collection from our devices.
It allows centralized streaming of status data from many Shelly accounts to a single point for data ingest.
Basic control over the devices is also possible.
7. Types of Personal Data That We Process for the Provision of the Service
7.1 Account Data
We process data such as:
- Email address
- Name
- Company name
- Phone number
Purpose: Ensure secure service access, communication, and support.
7.2 Device Data & Service Usage
Collected data includes:
- Shelly device identifiers
- Network/server credentials
- Terminal device information (IP addresses, OS version)
Purpose: Enable device control, user interaction tracking, and system diagnostics.
7.3 Data with Explicit Consent
Includes personalized marketing emails and push notifications.
Users can withdraw consent anytime via their account settings.
8. Cross-Border Data Transfers
Data is processed primarily in Bulgaria, EU.
For providers outside the EU, measures like Standard Contractual Clauses (SCCs) ensure compliance with GDPR.
9. Retention of Data
Data retention depends on:
- Contractual obligations: Retained while the account is active.
- Consent: Data deleted upon withdrawal of consent.
- Legal compliance: Retention per statutory requirements.
10. The Service User’s Rights as Data Subject
10.1 Right to Access
Users may request a free copy of their personal data.
10.2 Right to Rectification
Users may correct inaccurate information through their account or by contacting support.
10.3 Right to Erasure (Right to be Forgotten)
Users may delete their account (if there is such) and associated data via account settings.
11. Information Security Measures
We employ technical, contractual, and organizational measures to protect user data against unauthorized access.
Regular reviews ensure system security compliance.
12. Privacy Policy Updates
This Privacy Policy is subject to updates.
Users are notified of changes via email or on the platform.
13. Further Information
For additional queries, contact us at: dpo@shelly.com