Shelly Learning

1. INTRODUCTION
Shelly Europe Ltd. operates an online training platform (Shelly training platform) designed for professional installers who wish to obtain an official certificate for working with Shelly products and services. Its purpose is to provide structured training on Shelly smart devices and services, including their key features, technical capabilities, proper installation, and practical use cases. 

The training consists of an online course with a total duration of approximately three hours and includes both text-based and video educational materials. Upon completion of the training content, participants are required to pass a final test. After successful completion of the test, the system automatically generates a certificate of professional qualification  confirming the participant’s competence in working with Shelly products.
For the purposes of this Privacy Policy, “Training” refers to the provision of online educational content and assessment through the Shelly training platform, intended for individuals with relevant technical knowledge, such as electrical engineers and/or qualified installers.

This Privacy Policy applies to the processing of personal data that takes place when you register for and participate in the training organised or administered by Shelly Europe Ltd. It explains what personal data we collect, the purposes for which we process it, and your rights under applicable data protection legislation, including the General Data Protection Regulation (GDPR).

2. ADMINISTRATOR
The personal data related to your participation in the Trainings we conduct is processed by Shelly Europe Ltd., registered in the Commercial Register and the Register of Non-Profit Legal Entities with UIC: 202320104, with its registered office and address of management: Bulgaria, 1407 Sofia, 51 Cherni Vrah Blvd., Building 3, Floors 2 and 3.

3. PERSONAL DATA
Personal data is any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, as defined in the GDPR.

4. DATA SUBJECT
The data subjects to whom this Privacy Notice applies are all persons registered to participate in the Training ("Trainees" "You").

5. DATA PROTECTION OFFICER
All enquiries regarding the processing of your personal data can be sent to our Data Protection Officer by email at the following email address: dpo@shelly.com

6.  TYPES OF PERSONAL DATA WE PROCESS
In the context of organising and conducting the Trainings, we process the following categories of personal data:

6.1. Data collected during registration: 
In order to allow you to register and participate in the Training, we collect and process:

6.1.1.    First and last name – used to identify the Trainee.
6.1.2.    Email address – used to send confirmation, reminders, access links, follow-up information and (where applicable) direct marketing communications.
6.2. Data related to the Certification : 
6.2.1. Certification status of the Installer ;

6.3. Other data that may be processed during the Training: results of knowledge tests, course history, participation in surveys (if any), , questions asked or any other information shared (if any).

7.    PURPOSE OF PROCESSING
We organise and conduct the Training for educational and marketing purposes, presenting our smart devices and services and their features. Your personal data is processed for the following purposes:

7.1.    Registration of participants for Training;
7.2.    Communication before and after the Training – to send you information related to the Training, such as confirmation emails, access emails, reminders, technical instructions for participation, follow-up messages or additional resources related to the topic of the Training, our products or services, etc.;
7.3.    Managing attendance, access to materials and participation in the Training, organising exams to test the knowledge acquired. 
7.4    Issuing certificates. To administer the final test, evaluate test results, and automatically generate a certificate confirming successful completion of the Shelly training program.
7.5. Improving the quality of training (questionnaires, feedback) – to improve our future Training, adapt the content of the Training to the interests of the audience and increase the effectiveness of our marketing and communication strategies.
7.6. Ensuring the security of the Training, including preventing and detecting fraud, abuse or irregularities in the registration, participation and certification process.
7.7.    Direct marketing – to send you information about our products, services, promotions, events or campaigns that we think may be of interest to you, using the contact details you have provided. You can object to or opt out of receiving such communications at any time.
7.8. Statistics and analysis.

8.    LEGAL BASIS FOR PROCESSING:
The processing of your personal data in connection with your participation in the Trainings is carried out on the following legal grounds in accordance with Article 6 of the GDPR:

8.1. Performance of a contract – Article 6(1)(b) of the GDPR:
The processing is necessary in order to register you for participation in the Training, to provide you with access data and relevant materials for the Trainings and to enable you to participate in the Training.
8.2. Compliance with legal obligations – Article 6(1)(c) of the GDPR:
We process this data to fulfil obligations such as:
-    Compliance with legal procedures, applicable laws and regulations.
-    Maintaining records for organisational, audit and other purposes.
-    Responding to lawful requests from regulatory, law enforcement, or other competent governmental or judicial authorities.
Where applicable, processing is limited to what is necessary to fulfil our legal obligations, and we retain such data only for as long as required under the relevant legal or regulatory frameworks. 
8.3. Legitimate interests – Article 6(1)(f) of the GDPR:
We process personal data based on our legitimate interest in certain cases, such as: 
-    for the purposes of our legitimate interests related to organising and improving the Training .
-    maintaining records of Trainees – to keep an internal register of individuals who have registered for and completed our Trainings for purposes such as managing participation history, ensuring accountability and enabling effective follow-up communication. 
-    For direct marketing purposes – including sending newsletters, promotional offers, information about new products, services, joint campaigns with Shelly's partners, and Shelly's services, solutions, and devices, always offering you the opportunity to object to such processing. You can opt out of receiving marketing communications by clicking on the unsubscribe link in each email or by contacting us directly.
-    To bring legal claims or respond to claims against us and protect the rights and legitimate interests of Shelly Europe Ltd. (including companies in its corporate group), our users, as required or permitted by law;

9.    SHARING INFORMATION WITH THIRD PARTIES:
We may disclose your data internally within our business group and to the following entities, but only for the purposes described above. The following categories may process your personal data as part of our operations:

• Affiliated companies – other companies in the Shelly Group SE corporate group, to which Shelly Europe Ltd. belongs, in order to conduct business activities on a regular basis;
• Internal departments: our authorised employees and teams (such as Installers team, Sales, Legal department, Marketing) who need access to the data to perform their duties.
• Service providers and partners: carefully selected companies that provide services with appropriate data protection safeguards, such as platforms (Zoom, Microsoft, Efaktor AS), registration, online training or certification, etc.
• Professionals in various fields (such as, but not limited to, external marketing, product and service consultants, auditors, legal, financial and accounting consultants) to maintain and improve the quality of the Training, ensure compliance with regulatory requirements, protect our legal rights and interests in judicial and administrative proceedings;
• Government bodies and public authorities - to whom we may be required to disclose personal data when required by law, court proceedings, administrative or judicial orders to disclose information.
• Other parties - in connection with corporate transactions as part of a merger or transfer, acquisition or sale, or in the event of insolvency. In this case, you will receive clear notice via email and/or on our website regarding the change of ownership, the incompatibility of the new use of personal information, and the choice of personal information.

10. CROSS-BORDER DATA TRANSFER
Your personal data may be transferred outside the European Economic Area when using global service providers (e.g. Microsoft Teams, Zoom, hosting services, etc.). In such cases, we ensure that appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses, to ensure a level of protection equivalent to EU standards.

11. DATA RETENTION
The data retention period depends on the legal basis on which your data is processed.

The personal data of Participants processed in connection with the training is stored for a period determined by the type and validity of the certificate issued:
When the certificate is temporary or subject to renewal, the data is stored for the entire period of validity of the certificate, the renewed period, and an additional period of 5 years after its expiry to ensure the possibility of verification, renewal, and protection of legal claims.
When the certificate is indefinite, the data is stored for a period of 10 years from the date of issue of the certificate, unless regulatory requirements or the specifics of the training require a longer period.

When no certificate has been issued, the data is stored for up to 5 years after the training, unless regulatory requirements or the need to protect legal interests require a longer period.

Data processed on the basis of your consent shall be stored until you withdraw your consent. Upon withdrawal of your consent, we will cease to process your data based on your consent, but this will not affect the processing of data collected prior to your withdrawal.

After the expiry of the above-mentioned periods, the data is deleted and cannot be restored or used anymore.

The data will not be deleted but will continue to be processed solely for the purpose of protecting our legitimate rights and interests or in accordance with our legal obligations, if there are pending court or administrative proceedings on the date of expiry of the above-mentioned period, until their completion.

12. YOUR RIGHTS AS A DATA SUBJECT
In relation to data processing, you have the following rights:
Right of access:

• You have the right to request a free copy of your personal data. This right applies in all cases, but there are some exceptions, which means that you may not always be able to obtain all the information we process;
• If we cannot provide you with access to your personal data because disclosure would violate the rights and freedoms of third parties, we will notify you of this decision.

Only a person who can be identified by us as a data subject can exercise their rights under this section. You can contact us at and, after submitting a written request and confirming your identity, you will be provided with the requested information.

If we have reasonable doubts about your identity, we may ask you to provide us with additional information necessary to verify your identity. We reserve the right to refuse access to the requested information if we are unable to identify the person making the request.

Right to correct inaccurate personal data:
You have the right to request the correction of inaccurate information and the completion of incomplete information. You can do this by contacting us and submitting a written request.

Right to erasure ("Right to be forgotten"):
The right to erasure applies to a strictly limited extent, as specified in the applicable legislation, and only applies in the following cases:

• when your data is no longer necessary for the original purpose for which it was collected or used.
• when you initially consented to our use of your data, but have now withdrawn your consent.
• when you have objected to the use of your data and your interests override our interests in using it.
• when you have objected to the use of your data for direct marketing purposes.

The right to be forgotten is not an absolute right and may not be complied with in cases provided for by law or due to the lack of reliable verification of your identity.

You can exercise your right to erasure by contacting us and submitting a written request. 

Right to restriction of processing:
The right to restriction of processing applies to temporarily restricting the use of your data when the following cases are considered:

• the accuracy of your data is contested, or
• the processing of the data is unlawful, but you do not want your personal data to be deleted and instead request that its use be restricted;
• the data is no longer needed, but you want us to keep it to establish, exercise or defend legal claims.

In the event of rectification or erasure, we will notify each recipient to whom your personal data has been disclosed, unless this is impossible or involves disproportionate effort.

Right to data portability:
You have the right to receive your personal data from us in a manner that is accessible and machine-readable. You also have the right to request the transfer of your data to another organisation where technically feasible. Specifically, this right applies only to data that:

• is stored in electronic format and
• has been provided to us by you.

This right does not apply:

• to processing necessary for the performance of a task carried out in the public interest;
• where this right would adversely affect the rights and freedoms of others.

Right to object to processing when it is based on legitimate interest:
You may object to the processing only when we use your data:

• for legitimate interests;
• for statistical purposes; or
• for direct marketing purposes.

The processing of your data will be discontinued unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with the supervisory authority in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Data subjects have the right to lodge complaints or reports with the supervisory authority at any time if they consider that the processing of their personal data infringes data protection legislation.

Without prejudice to your right to lodge a complaint with the supervisory authority at any time, please contact us in advance and we promise to do our best to resolve any disputes amicably.

13. INFORMATION SECURITY MEASURES
The security, integrity and confidentiality of your personal data are extremely important to us. We have implemented technical, contractual, organisational and physical security measures designed to protect personal data from unauthorised access, disclosure, use and modification. We regularly review our security procedures and practices to take into account appropriate new technologies and methods. Please note that despite our best efforts, no security measures are perfect or impenetrable.

14. UPDATES TO THE PRIVACY POLICY
We may update this Privacy Policy from time to time due to changes in the Training, applicable laws, and our legitimate interests. You can determine when the Privacy Policy was last updated by the date listed at the top of the document.
All changes will take effect after they are posted on our website or provided to the Trainee in another manner.

15. ADDITIONAL INFORMATION
If you have any further questions regarding the processing of your data, please do not hesitate to contact us at: dpo@shelly.com