I. INTRODUCTION AND SCOPE
Graco Inc. (“Graco”), its affiliates and subsidiaries (together “we”, “our”, or “us”) is committed to protecting your privacy. This notice (“Notice”) describes the data processing activities in connection with the use of the Pulse® family of connected fluid management devices, including the web site, cloud software, and related network hardware (hereafter “Pulse”). Pulse has been designed to assist users with bulk fluid management, typically within vehicle service centers. Pulse can therefore be used by different user groups, including company administrators, company users (e.g., service technicians), distributors, and repair centers. This Notice addresses all groups in their capacity as Pulse users. It describes the categories of personal data we process, the purposes for which personal data is collected, the parties with whom we share it and the security measures we take to protect the data. It also informs users about their rights and choices with respect to their personal data, and how they can contact us to inquire about our data protection practices. We encourage our Pulse users to read this Notice carefully. This Notice may change from time to time, for more information about notice amendments see Section XII below.
II. DATA CONTROLLER
For the purpose of this Notice
88-11th Avenue Northeast
Minneapolis, MN 55413
is responsible for the processing of your Personal Data as the data controller. You can contact us by emailing email@example.com, calling either +1 612 379 3654 (US) or +32 (0) 89 770 960 (EU) or mailing:
88-11th Avenue Northeast
Minneapolis, MN 55440-1441
III. PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).
When using our Pulse connected device, you provide us with basic Personal Data relating to you in order to identify your Pulse device. In this context, we collect information you provide to us which includes:
- Account information consisting of first and last name, mobile phone number, email address (“Account Information Personal Data”), and mail address.
However, we do automatically collect certain operational information through your Pulse usage. More information about the categories of Personal Data and the ways in which we collect it are described below.
(1) Personal Data You Give to Us. We, or a third party processing on our behalf, collect information you provide to us which includes:
- Account information comprising first and last name, phone number, email address, account password, country, and language; where applicable, company-related information such as company name, address, phone number, location, website, administrators and users; (Note: account information also typically includes Operational Data that does not qualify as Personal Data, such as Pulse product name, nickname and serial number, job names, and operational metrics including gallons sprayed, system error codes);
- Payment information (with related account and admin information) through our third party payment service (e.g., Recurly), (please note that our payment provider collects your payment information, which is covered by their data protection notice);
- Address information for our third party tax calculation service;
- Submit requests, queries or complaints through email; and
- Give us feedback on our Pulse and its functionalities and features through email.
The obligatory fields are visible as such if the user fails to fill them out. The use of certain features of our Pulse devices is subject to the provision of this information.
(2) Personal Data We Automatically Collect. We automatically collect information about you and your use of our Pulse devices. This information includes:
- Device information: Personal Data about your network and internet connection, hardware and software, unique device identifier information including the network operator; and
- Usage Information: Your use of our Pulse devices and your interactions with the Pulse device features, e.g. functionalities use, use frequency, etc.
(3) Personal Data from other sources. We also obtain information from other sources. These include:
- Other Pulse users who provide us with Personal Data about you when using our Pulse system, e.g., when a company owner enters data about his or her employees to add them as managers or assign them jobs;
IV. HOW WE USE YOUR PERSONAL DATA
We will only process your Personal Data for specific, explicit and legitimate purposes. We will not process your Personal Data for any further purposes than the ones the data was originally intended for, unless the new purpose is compatible with the original one. In the absence of compatibility, the processing of data for further purposes is subject to your prior explicit consent.
We process the Personal Data you provide us with for the purposes listed below:
- Provide you with the features, functionalities and services of our Pulse devices;
- Verify your identity and attempt to prevent fraud or other unauthorized or illegal activity;
- Communicate with you in connection with customer care; and
- Enforce our Terms of Service and other usage policies.
The Personal Data we collect automatically includes statistical data that helps us improve our Pulse features and functionalities in order to deliver a better service, including by enabling us to:
- Observe and analyze the performance of our Pulse devices to improve their features and functionalities according to our target groups preferences;
- Determine time between user visits; and
- Prevent and detect misuse and malfunction of our Pulse devices, including troubleshooting.
The processing of all the Personal Data we collect relating to you is either (i) based on your consent; (ii) necessary to provide you with our products and services at your request prior into entering into a contract with you or necessary for the performance of a contract to which you are party; or (iii) based on our legitimate interests in ensuring and improving the functionality of our Pulse devices, unless these are overridden by your interests and rights.
V. HOW WE SHARE YOUR PERSONAL DATA
To the extent there is any information that is deemed Personal Data, and due to the international scope of our business, your Personal Data can be shared or accessed by Graco-affiliated entities within the company group. You can find more information on data transfers to affiliates in Section VI of Graco’s Global Privacy Notice at https://www.graco.com/us/en/privacy-policy.html.
Subject to applicable law and regulations, we share your Personal Data with:
- Other Pulse account holders with access to your Pulse devices (as is the case, for example, with companies and their administrators having access to their employees’ accounts);
- Public authorities, including law enforcement; and
- Service providers acting on our behalf for the purposes listed above in Section IV. We require these service providers to only process Personal Data in accordance with our instructions and only as long as necessary to perform the requested services or in compliance with applicable law (e.g., administration providers).
VI. INTERNATIONAL TRANSFERS OF PERSONAL DATA
See Section VI of Graco’s Global Privacy Notice at https://www.graco.com/us/en/privacy-policy.html.
VII. DATA RETENTION
Retention periods vary depending on the categories of data concerned. As a general rule, we will not retain your Personal Data for longer than is allowed under the applicable data protection laws or for longer that is necessary in relation to the purposes for which it was originally collected or otherwise processed. Unless statutory retention periods apply, we will delete your Personal Data within a period of 2 years. System-related operational data, however, will be anonymized and retained beyond that period for statistical purposes.
In the absence of statutory retention periods, alternatively after completion of those periods, we will erase your Personal Data. Further, we will erase your Personal Data where one of the following applies: (i) when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; (ii) when you object to the processing and there are no overriding legitimate grounds for the processing; (iii) when your Personal Data has been unlawfully processed; and (iv) when it is necessary to comply with legal obligations.
VIII. YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
You have certain rights regarding the Personal Data we maintain about you and certain choices about what Personal Data we collect from you, how we use it, and how we communicate with you.
- The right to request access to and receive information about the Personal Data we maintain about you.
- The right to rectification or erasure of your Personal Data.
- The right to restriction of processing of your Personal Data.
- The right to data portability in order to transfer your Personal Data easily to another company.
- Where Personal Data processing is based on your consent, the right to withdraw your consent at any time. You can tell us not to send you any further marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below.
- The right to lodge a complaint with a supervisory authority.
- The right to object to processing concerning your Personal Data.
You can submit a request to exercise these rights at any time by contacting our DPC at firstname.lastname@example.org, calling either +1 612 379 3654 (US) or +32 (0) 89 770 860 (EU), or mailing:
88-11th Avenue Northeast
Minneapolis, MN 55413
IX. DATA SECURITY
The security of your Personal Data is important to Graco and we are committed to protection the data we collect. We maintain administrative, technical and physical safeguards designed to protect the Personal Data you provide or we process against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
X. THIRD PARTY CONTENT
Our Pulse online products may contain links to third party websites. The links are provided exclusively for your convenience. Please be aware that this Notice does not apply to those third party websites nor do we have control over the content of linked third party websites. We encourage you to read the data protection policies and terms and conditions of linked or referenced website you enter.
Our Pulse devices and products are not intended for children and we have no intention of collecting Personal Data from individuals under eighteen years of age. If a child has provided us with Personal Data, a parent or a guardian of that child may contact us to request to have such information deleted emailing email@example.com, calling either +1 612 379 3654 (US) or +32 (0) 89 770 860 (EU), or mailing
88-11th Avenue Northeast
Minneapolis, MN 55413
XII. REVISIONS TO OUR DATA PROTECTION NOTICE
We reserve the right to amend this Notice from time to time consistent with applicable data protection laws and regulations. Any changes to this Notice will be posted on this page. If we make material changes to how we treat your Personal Data, the latest version will be posted to this webpage. The date this notice was last revised is identified at the top of the page.