Updated December 2021.
Verisure Arlo Europe DAC, trading as Arlo Europe ("Company", "we" or "us") based at Building 4100, Cork Airport Business Park, Cork, Ireland is responsible for your personal information and we take our data protection and privacy responsibilities seriously. Verisure Arlo Europe DAC is the controller of the data we obtain about you, except as described below.
Important information about the Verisure Group:
Arlo Europe forms part of the Verisure group of affiliates (“Verisure” or the “Group”) and personal information is shared between the entities of Verisure. Any handling of personal information by a Verisure entity will be explained in separate privacy notices made available when your personal information is first collected by that Verisure entity, for example where you or the business you work for engages us to provide a service. You can find out more about our Group at www.verisure.com or by contacting us using the information in the contact us section.
We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business and will place any updates on this webpage. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy notice, we will seek to inform you by notice on our website or email.
In this section you can find out more about:
When we collect information
We collect information about you if you:
(1) Arlo hardware products (“Products”),
(2) Website(s) that may be accessed at http://www.arlo.com/ (“Site”),
(3) Register and/or make a purchase through our online store (“Webshop”),
(4) Services, including technical support and services accessible through the Site(s) (“Web Apps”),
(5) Software that may be downloaded to your smartphone or tablet to access services (“Mobile Apps”), and
(6) Subscription services, including services you can access using the Web Apps and Mobile Apps (“Subscription Services”).
Please Note: Third parties may also integrate Arlo’s Products and Services into their products and services and we are not responsible for this integration. Additional information on our privacy practices may be provided in other documents such as offer descriptions, supplemental privacy statements, or notices provided prior to or at the time of data collection.
Personal information we collect and use if you register with or interact with our websites, online landing pages (including social media), or applications.
We collect personal information about you when you interact with one of our online services. More information about online data collection is found in the Cookie section below.
Download and installation of the application
In order to use our Services, we may ask you to provide certain personal Information when you create an account on www.arlo.com, or when you install and register on Arlo-owned Web Apps and Mobile Apps, register a Product, or sign up to be on our mailing list. We may ask you to submit the following types of personal Information: first and last name, country, email address, product serial number, date of purchase, telephone number, mailing address, and proof of purchase. The legal basis for this processing is Article 6 (1) b GDPR (performance of the contract).
Every time you use our website or app, we collect the access data that your browser or device automatically transmits to allow you to visit the website or app. This data is standard technical data (so-called log files) that are transmitted to our server:
The information stored in the log files does not allow any direct conclusions to be drawn about you – In particular, we only store the IP addresses in a shortened, anonymised form. The legal basis for this processing is Article 6 (1) f GDPR (legitimate interest).
Download and installation of the application
In order to download and install our app from an app store (e.g. Google Play Store or Apple App Store), you must first register with the provider of the app store for a user account and enter into a corresponding usage agreement with the store. We have no influence on this third party and are not party to the contract between you and the store. When downloading and installing the app, the necessary information is transferred to the respective app store, in particular your username, email address and your account's customer number, the time of download and the individual device identification number. We have no control over this data collection and are not responsible for it. We only process this provided data to the extent necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet). In this case, the legal basis for this is Article 6 (1) f GDPR (legitimate interest).
The app can provide you with information through so-called push messages, even if you are not using the app in the foreground (e.g. status messages about the alarm system). The notes can be made using sound, messages (e.g. in the form of screen banners) and/or symbol marks (an image or digit on the app icon). To prevent this, you can disable the sending of push messages about your device setting at any time.
The legal basis for the aforementioned data processing is Article 6 (1) b (performance of the contract) GDPR, as far as push messages related to the contract processing. Otherwise, the legal basis is Article 6 (1) f GDPR, based on our legitimate interest in providing you with product recommendations.
When you participate in one of our surveys, we use your data for market and opinion research purposes. In principle, we evaluate the data anonymously for internal purposes. If, exceptionally, surveys are not evaluated anonymously, the data will only be collected with your consent. In the case of anonymous surveys, the GDPR is not applicable and, exceptionally, in the case of personal evaluations, the legal basis is the aforementioned consent under Article 6 (1) a GDPR. We use various 3rd party providers of satisfaction surveys including Medallia, Kantar, etc We may also collect additional personal information such as your interests or hobbies, your gender or age and or other information that you voluntarily share with us about you or third parties (i.e. friends or relatives).
Information you voluntarily share or post
We may collect personal information that you provide on arlo.com and Arlo-marked Web Apps and Mobile Apps, or post in a public space on our website, such as message boards. As another example, you can choose to share your Arlo camera access through an invitation link that you can send to friends.
Information from a friend
If you choose to provide us with a third party's Personal Information (such as name, email, and phone number), you must ensure that you have the third party's permission to do so. An example would include providing us with the names and images that you associate with account users, forwarding reference or marketing material to a friend. The legal basis for this processing is Article 6 (1) a GDPR (your consent). We rely on the fact that you have obtained the necessary consents for this activity.
If you donate images or videos for #caughtonarlo or our use in developing research or artificial intelligence, the legal basis for this processing is Article 6 (1) a GDPR (your consent). We rely on the fact that you have obtained the necessary consents from third parties for this activity.
Arlo also uses certain providers (“Social Network Providers”) to assist and support operations. For example: If you contact us for support via our Facebook, Twitter or Instagram page, we will pass on your contact details and questions to other services that we use to provide customer support. These Social Network Providers include:
We also operate a page (fan page) on the social networks which is offered, in joint responsibility with the Social Network Provider, to communicate with followers (such as our customers and prospective customers) and to inform about our products and services. We are supported in managing this community by companies such as Merkle Inc.
These Social Network Providers allows us to obtain statistics on how to use our fan page (for example, information about number, names, interactions such as like and comments, as well as aggregated demographic and other information or statistics). More information on the nature and scope of these statistics and their respective responsibilities can be found on their privacy pages.
These Social Network providers have their own responsibilities in accordance with their terms of service towards certain data as a data controller. However, we would like to point out that when you visit the fan page, data from your usage behaviour is transferred from there to them. The can then processes the aforementioned information to create more detailed statistics and for their own market research and advertising purposes over which we have no control.
If you access our Services using your Facebook account login, we may receive personal information about you such as your name, email address, and gender. Any personal information that we collect from your Social Network Provider account may depend on your that account’s privacy settings. The legal basis for this processing where it relates to performance of the contract between us is Article 6 (1) b GDPR (performance of the contract) and in all other cases is Article 6 (1) f GDPR (legitimate interest).
Data processing related to our products
Personal information is collected in connection with our products depending on which products and how you use them. Below are business processes in which we collect and process personal information. This data is either provided to us directly by you or by third parties or collected by your activities on our website or by the use of our products. The legal basis for processing in relation to orders, product usage, videos, recorded calls and customer services is the contract concluded with us under Article 6 (1) b GDPR (performance of the contract). Certain information about your purchase history is also used by us to ensure we can support you in the development of your relationship with us and ensuring you have the products and services that could be of interest to you. The legal basis for this processing is Article 6 (1) f GDPR (legitimate interest).
When you purchase a product in our Webstore, we will collect the following necessary information to process the order and ship your product or products:
For your personal information relating to payment data, such as credit card information or bank details, we rely on a professional payment service provider. The payment service provider is Adyen and they are responsible for securing your internet purchase and we do not store or process any of your payment data.
Personal information relating to shipping address is shared with different parcel services dependent on your location. We will share your shipping and contact information for the purpose of shipping your order.
The legal basis for processing your Purchase Order is Article 6 (1) b GDPR (performance of the contract)
We collect information related to the use our products and devices and statistics about the performance of your Arlo devices for maintenance and troubleshooting purposes. This information includes Internet speed, voltage information, storage information, error rates, and other performance information. The legal basis for this is Article 6 (1) b GDPR (performance of the contract).
Your content belongs to you. We don’t access your content without your knowledge or permission. For our Arlo products, we collect, process, and store the videos that you take with your systems for various time periods depending on your subscription plans, configurations, and settings. This may include capturing and emailing to you portions of the videos as part of a notification or analysing the data to identify motion or other events. We may process personal information from your Arlo cameras so that we can send you alerts when something happens but this processing is done by artificial intelligence and not human monitoring centres.
Contact & Customer Service
You have different ways to get in touch with us through our website or app. This includes contacting our support by email or phone, or through the website. The following data is collected: Your first name, surname, address, email address, payment details & telephone number.
To the extent that the information is required to respond to your request or to initiate or execute a contract, we will process it solely for the purpose of communicating with you. This is necessary in order to be able to make an offer to you; to contact you. In addition, we also collect this data for statistical purposes in order to improve our products and services, as well as for internal purposes, to provide training for our employees and to carry out quality checks. The legal basis for this is Article 6 (1) f (legitimate business interest).
All phone calls are recorded and stored in a secure third-party database. The legal basis is both the contract concluded between you and us under Article 6 (1) b GDPR (performance of the contract), as well as Article 6 (1) c GDPR (legal obligation)
If you link any of your Arlo products or services with any Verisure products or services, your information will be also processed in accordance with the Verisure country entity privacy notice which can be found by identifying your relevant country entity here www.verisure.com
Legal basis for using your personal information
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
If you would like to find out more about the legal basis for which we process personal information, please contact us. See section 9 for full details.
In this section you can find out more about how we share personal information:
We share your personal information in the manner and for the purposes described below:
If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets.
We may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates or advertisers including Amazon LLC, Google LLC. and Facebook Limited.
From time to time we might need to share your personal information with others and for different reasons and in that case we will notify you and obtain your consent prior to the sharing. The legal basis can be necessary for a contract concluded between you and us under Article 6 (1) b GDPR (performance of the contract), or Article 6 (1) c GDPR (legal obligation), or Article 6 (1) f GDPR (legitimate interest).
The data captured on your Arlo devices belongs to you. In some events we may act as a processor in terms of the content that you capture and record on your device(s). We do not access your content for any other reason than to provide you with the service you request.
Data protection and video surveillance laws in your jurisdiction apply to your use of our products and services. How you install your devices is solely your responsibility. If you require guidance please find installation guide here but this is just a guide and in no manner conclusive. Where you have concerns you should engage an expert to install the devices on your behalf. Arlo Europe accepts no liability in relation to a device not correctly installed in accordance with Data Protection guidelines. You are the data controller with respect to personal information you obtain when using our products and services (such as video or audio recordings, live video or audio streams, images, comments, and data our products collect from their surrounding environment to perform their functions) and you are solely responsible for ensuring that you comply with applicable law when you use our products or services. For example, you may need to display a notice that alerts visitors to your home that you are using our products or services. Capturing, recording or sharing video or audio content that involves other people, or capturing others peoples’ facial feature information, may affect their privacy and data protection rights.
In this section you can find out more about:
How we use personal information to keep you up to date with our products and services.
We may use personal information to let you know about our products and services that we believe will be of interest to you. We use the personal information that we may have such as first name, surname, home address, purchase history, telephone number, email address and country of residence. We may contact you by email, post, or telephone or through other communication channels (such as targeted online advertising). We only want to contact you when it makes sense, not for all types of advertising communications.
Where we have your contact details because you have recently bought or expressed an interest in our Products and Services, we will keep you informed about similar products or services (including special offers and discounts). In some cases, we receive personal information from third-party companies such as marketing companies, 3rd party advertising engines (such as Amazon LLC or Google LLC), web search engines and online comparison portals, such as your name, telephone number, e-mail address and IP address. We collect and process this data for the purpose of offering and selling our products and services to you.
We also use your personal information for statistical purposes to collate collected information that we use to improve our products and services and to administer the customer relationship. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you. We do this based on Art. 6 1 (f) (legitimate business interest) and in some cases, Art. 6 1 (a) (your consent).
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us. To understand more about third parties who help with analytics, please see the cookie section below.
When and how we undertake profiling and analytics
We use your data as part of data analysis and market research. In particular, we pursue the purpose of dividing our customers and interested parties into different target and user groups in the context of market research (user segmentation), for insights into different target groups and their respective usage habits and interests, demographics and the marketing of these findings in the context of advertising services provided to third parties. We also use personal information to administer customer relations, for example to handle customer service matters, price adjustments and customer satisfaction surveys. In order to operate with suitable price adjustments for our different customer categories we may look at parameters such as your address, contract duration and your interactions with us. None of the aforementioned processing results in significant or legal decisions being made about you on a wholly automated basis.
Depending on the purpose, we use the data stored with us. For example, we use aggregated, statistical data, and also depersonalized (anonymized) data or pseudonymised data, as well as purchase history data and device and access data, for analytics, and for analysis. This gives us anonymous or pseudonymised insights into the general usage behaviour of our customers and interested parties. For more information please see the Cookie section below.
In this section you can find out more about:
How we operate as a global business and transfer data internationally
We operate on a global basis. Accordingly, your personal information may be transferred and stored in countries outside the EU including the US, India, Switzerland, the UK, Norway, Peru, Argentina, Brazil and Chile that are subject to different standards of data protection.
The arrangements we have in place to protect your personal information if we transfer it overseas
We will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above. The legal basis is both the contract concluded between you and us under Article 6 (1) b GDPR (performance of the contract), as well as Article 6 (1) f GDPR (legitimate interest).
In this section you can find out more about;
Security of your personal information
We have implemented and continuously improve our technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
As the security of your personal information depends in part on the effectiveness of the security of the devices (computer/ laptop/ mobile/ tablet/ etc) you use to communicate with us and the security measures you use to protect your access (User IDs and passwords), we encourage you to take necessary measures to protect this information.
Arlo wire-free cameras connect to the Arlo base station camera network using WiFI Protected Setup (WPS) and WPA2-AES data encryption. The WiFI connection is protected by a random, unique, long password that is not physically visible on the product. This password is programmed at the factory in the base station and re-generated upon factory-reset.
The Arlo base station connects to the backend through the customer’s home router using an Ethernet cable. Protective measures ensure that the base station is not accessible on the LAN.
The data is collected in a secure fashion, and Transport Layer Security (TLS) is used during the transportation of data. Accounts are authenticated using a secure login mechanism. We use one-way hashing in combination with salt for all passwords. Finally, we do not access or share any data unless required to by law or with your permission to help resolve system problems.
Payments: All supplied sensitive/credit information is transmitted via secure communication methods and then securely stored into our payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems. The payment gateway provider must keep the information confidential. Arlo Europe does not store payment information, instead such information is kept with our payment providers who are PCI compliant.
Personal information in the Arlo Communities and online
The Internet is not 100% secure. We cannot promise that your use of our or our partners’ sites will be completely safe. We encourage you to use caution when using the Internet. This includes not sharing your passwords and not signing onto devices that you do not know. If you participate in a discussion forum, local communities, or chat room on an Arlo website, you should be aware that the information you provide there (i.e. your public profile) will be made broadly available to others, and could be used to contact you, send you unsolicited messages, or for purposes neither we nor you have control over. Also, please recognize that individual forums and chat rooms may have additional rules and conditions. We are not responsible for the Personal Information or any other information you choose to submit in these forums.
Storing your personal information
Your personal information is stored for as long as is necessary for the purposes for which it was collected, as described in this privacy notice. Where your information is no longer needed, we will take steps to ensure that it is disposed of in a secure manner or keep it in a form that does not permit identifying you. We have established time limits for certain data deletion, taking into account the type of services provided in the context of the Products and Services, the length of our relationship with you, mandatory retention periods, and the statute of limitations.
In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. For example, we are obliged in certain cases store your personal information for tax and accounting purposes for periods of up to ten years from the end of the year in which business relations with you ends.
A cookie is a small text file containing small amounts of information which is downloaded to / stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.
The legal basis for the data processing described in the following section is Article 6 (1) f GDPR based on our legitimate interest in promoting our products and services in personalised form.
In the following section, we would like to explain these technologies and the vendors used for them in more detail.
Data collected may be, in particular;
However, the collected data is stored only pseudonymously, so that no direct conclusions can be drawn about you. Via corresponding settings on the websites you can abstain from taking part in our analytical and advertising measures, both sides provide the capability to block many advertisers. Both websites allow the listed providers to disable all ads at once using opt-out cookies or, alternatively, to make the settings for each provider. Please note that after deleting all cookies in your browser or later using another browser and/or profile, an opt-out cookie must be set again.
Companies and services we use to enhance your online experience
Google will process the information obtained through the cookies to evaluate your use of the website, to compile reports on website activities for website operators, and to provide additional information related to website use and internet use Services.
You can configure your browser to reject cookies, as shown above, or you can prevent the collection of data generated by cookies related to your use of this website (including your IP address) and Google's processing of that data by using a Google provided Browser Add-On. This prevents data collection by Google Analytics within this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies in this browser, you will need to click this link again.
Our website uses the service Google Fonts. When you visit a page, your browser loads the font you need to display texts correctly and attractively. To do this, your browser must connect to Google's servers. This tells Google that our website has been accessed via your IP address. Such calls run separately from other Google services, which require users to authenticate, according to Google.
Google AdWords Conversion tracking
Our websites use the service "Google Ads. "AdWords conversion tracking" captures customer actions we define (such as clicking on an ad, page views, downloads) and analysing them. "AdWords Remarketing" we use, to show you individualized advertising messages for our products on partner websites of Google. Both services used cookies and similar technologies.
If you use a Google account, Google can link your web and app browsing history to your Google account, depending on the settings stored in the Google account, and use information from your Google account to personalize ads. If you do not want this assignment to your Google account, you may need to log out of Google before using our website.
You can configure your browser to reject cookies, as shown above. In addition, you can enter Google Advertising settings turn off the Personalized Advertising button. In this case, Google will only display general advertising that has not been selected based on the information you collect.
Google Marketing Platform
Our website uses the Google Marketing Platform with the function DoubleClick.
You can prevent cookies from being stored by adjusting your browser accordingly (as described above); However, we would like to point out that in this case you may not be able to make full use of all the functions of the website. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website, as well as Google's processing of that data by Browser plug-in for DoubleClick deactivation. As an alternative to the browser plug-in or within browsers on mobile devices, you can browse the Google Advertising settings turn off the Personalized Advertising button. In this case, Google will only display general advertising that has not been selected based on the information you collect.
Facebook Custom Audience
Our website uses so-called Facebook Custom Audience of the social network Facebook, a service. It is offered to users outside the U.S. and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") and for all other users by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). To do this, a so-called pixel is implemented on our website by Facebook. With the help of the pixel, Facebook is able to determine visitors to our website as the target group for the display of ads (so-called "Facebook ads"). This only shows the Facebook ad we run to those who have shown an interest in our online offering.
In the event that personal information is transferred to the US, Facebook is subject to the EU-US Privacy Shield. Facebook uses this data to match as many customers as possible with Facebook user accounts. These user accounts make up a list of the audiences (custom audiences) we can send ads to on Facebook. Facebook can also create new audiences based on customer data and search for other users that resemble our customer groups.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Click on the links below to learn more about each right you may have:
You can exercise your rights by contacting us using details in section 9. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it. You can also request that we erase your personal information in limited circumstances where:
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
You can ask us to restrict your personal information, but only where:
We can continue to use your personal information following a request for restriction, where:
Right to transfer your personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where;
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority, which in Ireland is the Data Protection Commission, if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
The primary point of contact for all issues arising from this privacy notice is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:
Verisure Arlo Europe DAC, Arlo Europe, Building 4100, Cork Airport Business Park, Cork, Ireland, T22 AP97.
If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.