1. Guiding principles
Signify takes the protection of our users’ personal data seriously.
When we receive a request by law enforcement or governmental authority (“Agency”) to disclose certain user Information - as described in section 4 below - (“Agency Disclosure Request”), we engage in an individual review of the merits of each Agency Disclosure Request. We will only provide the minimum amount of user information and only when legally compelled to do so in response to a valid and binding Agency Disclosure Request.
We do not volunteer nor proactively disclose personal information to Agencies. If we can deny or limit an Agency Disclosure Request, we will. Also, where possible we will take appropriate measures to challenge or appeal decisions regarding the necessity or validity of the Agency Disclosure Request.
We object to Agency Disclosure Requests it determines to be invalid, informal, vague, over-broad, or inappropriate, as well as Agency Disclosure Requests that do not provide sufficient information to locate the relevant records. An Agency should therefore be as narrow and specific as possible when fashioning its Agency Disclosure Request to avoid misinterpretation or objections in response to an overly broad request. In any event, any transfers of personal data in response to a valid Agency Disclosure Request will not be massive, disproportionate, or indiscriminate in a manner that would go beyond what is necessary in a democratic society.
If an Agency Disclosure Request draws attention to an ongoing violation of our applicable terms, we may take those actions available to us to prevent further violations or abuse.
2. Initiating an Agency Disclosure Request
An Agency Disclosure Request should be initiated via this link. This website is intended solely for use by an Agency for Agency Disclosure Requests.
3. Transparency of Agency Disclosure Request
We will notify the relevant user (via the account contact details known to us) of an Agency Disclosure Request before disclosure unless we are prohibited by law from doing so. For instance, on certain occasions, we might not be legally entitled to inform the user and will be required to keep the Agency Disclosure Request confidential. On some occasions, this confidentiality obligation might lapse after some time – in which case we will inform the user once this period is over.
Following our Binding Corporate Rules (Signify Privacy Rules), we are required to inform our Lead Data Protection Authority (Dutch Autoriteit Persoonsgegevens) if we receive a legally binding request for disclosure of personal data from a law enforcement authority or state security body of a non-EEA country. If notification of an Agency Disclosure Request is prohibited by such authority, we will request the authority to waive this prohibition and will document that we have made this request. Additionally, we are required to provide on an annual basis to our Lead Data Protection Authority general information on the number and type of Agency Disclosure Requests we received in the preceding 12-month period, to the extent permitted by applicable law.
We require a valid legal process before disclosing user information and therefore do not disclose records to Agencies based on the consent of a user. A user can log into its account to access and produce its own information at any time.
4. User Information
Due to our “privacy by design” obligations, we only receive limited information about our users beyond limited account information, usage data or device data.
The following user information is relevant for Philips Hue Secure:
- Encrypted audio and video recordings. The audio and video recordings are end-to-end encrypted; both in transit and at rest with state-of-the-art encryption. The keys to decrypt these files are only held by the home administrator (the user with full Philips Hue Secure access) and any other person they chose to share the keys with. We do not have access to these decryption keys nor can we provide them, as the key used to decrypt the data has been generated so that it cannot be ascertained by available technological means by any person who is not authorized to access the key. Even where we are compelled to produce these encrypted files under an Agency Disclosure Request, we will not have the ability to decrypt those files. We will not create alternative mechanisms or backdoors which enable us or any unauthorized third-party to decrypt the data. Additionally, these encrypted files will only be stored in our cloud environment for as long as determined by the home administrator.
- Other Account, Usage, or Device Data. As with connected lighting and as mentioned in the Philips Hue Privacy Notice, certain usage data, account data and device data are securely stored within our cloud systems. As an example, we might hold data such as a user’s email address, device configuration parameters, the names a user has attributed to the areas/devices (e.g., garden camera, living room light), the software version installed in their devices, information around when a light or device turned on or off, event timeline information, etc.