COWAY India Private Limited (“Coway”, “We”, “Our” or “Us”), the manufacturer and distribution company of home wellness appliances, understand that you are aware of and care about your own privacy and we take that seriously as a data fiduciary of your personal data.
Coway Address: 704 A Wing, Kanakia Wall Street, Chakala, Andheri East, Mumbai, Maharashtra 400093 India
Contact Information: +91-84528-05200
This privacy notice (“Notice”) is intended to provide you with information about what personal data we collect about the users (“you”, “your) of Coway’s IoCare application, its website, as well as other digital touchpoints operated by or on behalf of Coway (the “Platform(s)”), and how it is used and processed. If there is anything you are unsure about in this Notice, feel free to contact our Data Protection Officer (DPO)/Grievance Officer, in the manner specified in the ‘Your Rights’ Section.
We collect personal data directly from you when you:
We collect the following categories of personal data from you for the purposes mentioned below:
IoCare Application: Member Registration (Provisional Member)
Purpose of Collection | Member identification and verification (prevention of duplicate registrations) for use of member services, delivery of notices, provision and guidance of benefits, and handling of customer complaints. |
Personal Data Categories | Name, Residential address, Member ID (Email or Mobile Phone Number), Password, Email, Country Information. |
IoCare Application: Member Registration (Full Member)
Purpose of Collection | Identity verification (prevention of duplicate registration), provision of product purchase service based on age verification, delivery of notices, provision and guidance of benefits, and handling of customer complaints. |
Personal Data Categories | Name, Gender, Nationality Status, Date of Birth, Email, Member ID (Email or Mobile Phone Number), Password, Country Information, Identity Verification Information (CI), Duplicate Registration Information (DI), Unique Identification Information (safekey). |
IoCare Application: Member Registration (SNS Member)
Purpose of Collection | Member identification and verification (prevention of duplicate registration) for member service use, and delivery of service-related notifications. |
Personal Data Categories | Facebook/Google (Email), Apple (Email or Phone Number). |
IoCare Application: Service and Function Use
Purpose of Collection | Use of IoT service, provision of air quality information for the product location, and improvement of service functionality and product quality based on collected data. |
Personal Data Categories | App usage information (Manufacturer, Model Name, OS Version, Device Identifier, IP Address), Product usage information (information related to product operation, including product control, settings, usage time, and reservations), Product environment information (environmental data sensed by product sensors, such as temperature, humidity, and air quality), Product diagnosis information (information regarding product status and error detection), Product and location information (GPS and address information). |
Product Purchase and related Services: Member registration, outreach for sales, implementation / delivery of services, after-sales support, management of payments.
Purpose of Collection | Onboard customers, receive and process purchase orders and managing payments, and schedule installation services. Delivery, installation, servicing, maintenance of appliances, and after-sales support |
Personal Data Categories | Name, contact information, email address, residential address, payment details and payment transaction history (including instalment arrangements), and maintenance service subscription information), Government-issued identifiers such as PAN Card, passport and eFRRO details, service history, maintenance records, and customer support interactions |
Prevention of Fraudulent Use
Purpose of Collection | Prevention of fraudulent use and unauthorized use, provision of feature improvements and customized services through log analysis, such as service usage history and access frequency statistics. |
Personal Data Categories | IP Address, Cookies, Service usage history, Access logs, device information collected when using a mobile device or application. |
Outreach Communication, Marketing and Advertising
Purpose of Collection | To deliver announcements regarding new products and events and to enable customer-tailored advertising. To enable you to submit your contact details via a form on our website when requesting further information about a product, and to allow our authorised sales service providers to contact you in order to facilitate potential purchases or provide information regarding products that may be of interest. |
Personal Data Categories | Name, email address, contact information, Postal Index Number Code |
Events/Prize Draws
Purpose of Collection | Managing events/prize draws, including the notification of winners and prize dispatch. |
Personal Data Categories | Name, email address, contact information, residential address.
|
Compliance
Purpose of Collection | Internal investigations, auditing, compliance, risk management and security purposes. |
Personal Data Categories | Name, email address, contact information
|
The personal data we ask for is necessary for the purposes described in this Notice. It might affect the stated purposes if you don’t provide the personal data we ask for.
We do not collect more personal data than we need to fulfill our purposes mentioned in this Notice. The type of personal data we collect, process and share depend on the nature of your relationship with us and the requirements of applicable laws.
The legal basis for the processing of your personal data is legal obligation, consent and/or legitimate use, as may be permitted by applicable data protection laws.
Specifically, processing of your personal data is carried out only for a lawful purpose defined by applicable law including Digital Personal Data Protection Act 2023 (“DPDP Act”), which includes the following grounds:
Coway does not sell, rent or trade your personal data to third parties for their own marketing purposes.
For the purposes mentioned in this Notice and in compliance with applicable laws, we may share and disclose your personal data to IT service providers (“Data Processors”) who operate website or to provide IT services or technical support on our behalf. We have contracts in place with those Data Processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal data with any organization apart from us. They will hold it securely and retain it for the period we instruct.
We may also share or disclose your personal data when required by law or to respond to legal process; to protect the rights, property or safety of individual; to protect our rights, property or safety; to maintain security.
If you have opted for a twelve months equal instalment plan and fail to make timely payments on the required due date, we will also share your personal and transaction data with credit rating agencies.
Coway services are intended solely for users who are 18 years of age or older. We do not knowingly collect, process, or store personal data from children (individuals under 18) or persons with disabilities.
By using our Platforms, you represent that you are at least 18 years of age and are competent to provide valid consent for the processing of your personal data. If we become aware that we have inadvertently collected personal data from a minor or a person with disability without verifiable consent, we will take immediate steps to permanently delete such information from our systems.
Your personal data will be transferred and stored in the Republic of Korea.
Any transfer of personal data outside India is subject to compliance with applicable law including the DPDP Act. For transfers originating from India, Coway will ensure that such transfers comply with any restrictions imposed by the Central Government.
As a data fiduciary, Coway is obligated to erase personal data upon your withdrawal of consent, or as soon as it is reasonable to assume that the specified purpose is no longer being served, whichever is earlier. This obligation stands unless retention is necessary for compliance with any applicable law for the time being in force (e.g., specific statutory retention periods)
The specified purpose shall be deemed to no longer exist if you do not:
1. approach us for the performance of the specified purpose; and
2. exercise any of your rights in relation to such processing.
Your Rights
Subject to applicable laws, you may have various rights in respect of the processing of your personal data, as listed below:
– Access: Subject to certain conditions, and where we have relied on your consent to process your personal data, or where you have voluntarily provided your personal data for a specified purpose, you have the right to obtain information from us as below, as well as such information as may be further prescribed under applicable laws:
– Summary of personal data and processing activities: You have the right to receive a summary of your personal data that is being processed by us, along with details regarding the processing activities undertaken by us with respect to such personal data; and
– Identities of other entities: You have the right to know the identities of all other entities with whom your personal data has been shared by us. This includes a description of the personal data shared with these entities.
– Rectification/Correction, Completion and Updating: Subject to certain conditions, and where we have relied on your consent to process your personal data, or where you have voluntarily provided your personal data for a specified purpose, you have the right to request that we correct, complete and update any inaccurate, misleading or incomplete personal data that we process or control.
– Erasure: Subject to certain conditions, and where we have relied on your consent to process your personal data, or where you have voluntarily provided your personal data for a specified purpose, you have the right to request that we erase your personal data in certain circumstances, such as when the personal data is no longer necessary for the purposes for which it was collected or there is no statutory obligation to retain such personal data.
– Withdraw Consent: Where we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
– Nominate: You have the right to nominate any other person to exercise the rights mentioned above in case of your death or incapacity.
– Grievance Redressal: You have the right to raise grievances regarding the processing of your Personal Data.
To exercise any of the rights mentioned in this Notice or in case of any grievances, please contact our grievance officer/DPO through the details mentioned below. We will endeavor to respond to your grievances within 90 (ninety) days. However, for exercise of your other rights, if additional time is required due to the nature of the request, we will keep you appropriately informed.
Grievance Officer/DPO’s email: compliance@coway.com.in
If you are unsatisfied with the grievance redressal process you also have a right to make a complaint to the Data Protection Board of India. However, you should contact us in the first instance to remedy any grievances / complaints.
Please ensure your request includes sufficient information to verify your identity (such as your registered phone number or any customer reference number, if applicable). Coway may take reasonable steps to authenticate your identity before acting on your request. We may decline to process requests that are frivolous or unreasonably repetitive or burdensome or risks the privacy or impacts the rights of others.
Your Duties
In exercising your rights under the DPDP Act, you as the data principal have the following duties, such as:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You may access the IoCare application by clicking on the following:
Enter your 6-digit pincode to find out if Coway is available in your area for installation.