AllThingsTalk Cloud - IoT Platform

Data Privacy Policy
In order to continue using Cloud Instance you must accept Data Privacy Policy

The Data Privacy Policy applies to the usage of the AllThingsTalk Cloud IoT Platform and from heron called ‘Cloud Instance’’.

AllThingsTalk will collect personal data e.g. during the registration and will store, process and use such personal data for the purpose of enabling the use of the Cloud Instance according to applicable law.

1. Data categories that are processed

“Personal data” include any information allowing the direct (e.g., name, surname) or indirect  identification of an individual.

The following personal data categories are processed:

  • identification data, e.g. name, address, telephone numbers,
  • personal characteristics, e.g., postal or electronic addresses,
  • economic data on the services provided, if applicable, and
  • information on cookies, e.g., cookies and similar technology devices on websites and apps (see also our Policy on Cookies).

Specially protected data are not processed.

2. Source of the personal data

To fulfill the purposes described hereunder, AllThingsTalk gathers and receives personal data directly from the Users registering for the use of the Cloud Instance.

3. Purpose

AllThingsTalk processes the information that Users provide with the purpose of:

  • Managing the Service,
  • Commercial communications from AllThingsTalk or affiliates of AllThingsTalk.


4. Legal Grounds

The legal grounds for the processing of the User’s personal data are:

  • the User’s consent,
  • the completion of contractual obligations,
  • AllThingsTalk’s legitimate interest, and
  • the completion of legal obligations of AllThingsTalk.

The data requested may be necessary to be able to contract with AllThingsTalk. If all the required information cannot be obtained, it may not be possible to establish the contractual relationship with AllThingsTalk.

5. Data retention

Personal data shall be conserved until the purpose originating the processing of such data ends. Once this occurs, the personal data will be conserved in a blocked manner, in order to heed any possible legal or administrative requirements until those requirements expire.

6. Data Transfer / Recipients

Users’ data may be transferred to AllThingsTalk’s internal entities and departments and/or to AllThingsTalk’s entrusted partners. Every external transfer shall occur in accordance with an autonomous and independent processor agreement.

Aside from the preceding data disclosures, AllThingsTalk relies on the collaboration of some third-party service providers who have access to Users’ personal data and who process said data in the name and on behalf of AllThingsTalk as a consequence of the provision of services.

7. Compelled Disclosure

AllThingsTalk may be forced to disclose Users’ personal data pursuant a legal obligation and/or a judicial injunction or a demand issued by an administrative authority. In such case, Users will be informed by the disclosure of your data to the extent of such disclosure is legally authorised.

8. Rights and exercise of rights

User’s rights towards personal data under GDPR are:

  • the right to request the personal data referring to the User,
  • the right to request the rectification or erasure thereof,
  • the right to request the limitation of the processing thereof,
  • the right to object to the processing, and
  • the right to the portability of the data.

To exercise his/her rights, Users can send an e-mail to

9. Security measures

AllThingsTalk has adopted the necessary technical and organisational measures to guarantee the security and integrity of the data, as well as to prevent the alteration, loss, unauthorised processing or access.

10. Breach Notification

Any security breach that would involve a disclosure or a (partial) loss of Users’ personal data shall be notified to the relevant Data Protection Authority within the 72 hours of the discovery of the security-breach.

11. Review of the privacy policy

AllThingsTalk will review the privacy policy from time to time, unless there are regulatory or other types of demands making it necessary to adapt the policy more frequently. Users are therefore advised to check the contents from time to time.

If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.