Privacy Notice

Effective Date: August 7, 2025

PassiveLogic, Inc. (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains how we collect, use, disclose, and transfer personal data in connection with our smart building services.
This Privacy Policy applies to PassiveLogic, Inc., its U.S. headquarters, and its subsidiaries and affiliates, including PassiveLogic Engineering B.V. and PassiveLogic Netherlands B.V. in the Netherlands, when acting on our behalf to offer products and services, conduct installations, or otherwise process personal data as described in this Policy. These entities act as joint or affiliated Controllers (as defined under the GDPR) where applicable.

1. Purpose & Scope

We collect and process personal data to:

  • Enable and operate our building management system (BMS), including user comfort profiles, environmental preferences, geolocation within facilities, and usage logs;

  • Optimize energy usage, space utilization, and system performance;

  • Provide customer support and technical troubleshooting;

  • Comply with legal, safety, and regulatory obligations;

  • Carry out business development, marketing, and analytics.

This Privacy Policy applies to personal data we collect and process in connection with:

  • Website visitors and marketing contacts – individuals who visit our websites (e.g., www.passivelogic.com) or interact with our social media, advertising, or marketing communications;

  • Customers and end users – individuals who use or are configured into our BMS platform, mobile apps, or other services, whether directly (as customers) or indirectly (as employees or occupants of buildings managed by our customers);

  • Business contacts and event participants – individuals who visit our offices or testbed sites, attend our events, or otherwise engage with us in a commercial context.

2. Who We Are

Data Controllers:

  • PassiveLogic Engineering B.V., Strawinskylaan 4117, 1077ZX Amersterdam; Data Protection Officer: Kevin Christopher, dpo@passivelogic.com

  • PassiveLogic Netherlands B.V., Strawinskylaan 4117, 1077ZX Amersterdam; Data Protection Officer: Kevin Christopher, dpo@passivelogic.com

  • PassiveLogic, Inc., 6510 Millrock Drive, STE 350, Holiday, UT, USA; Data Protection Officer: Kevin Christopher, kevinc@passivelogic.com

We operate globally and may transfer personal data across borders in accordance with applicable data protection laws. This includes transfers from our affiliated companies in the Netherlands to our U.S. headquarters.

PassiveLogic complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. PassiveLogic has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

These mechanisms ensure that personal data transferred to the U.S. is handled with the same level of protection required under European Union data protection law.

3. What We Collect

Personal Data We Collect and Receive

The personal data we collect and receive depends on how you interact with our websites, services, and organization. Some of this information is provided voluntarily, such as when you register for an account or attend an event. Other data is collected automatically from your device or provided by third parties. Below, we describe the categories of personal data we collect for each user group defined in Section 1.

3.1 Website Visitors and Marketing Contacts

Registration, contact, and company information:

  • First and last names

  • Email addresses

  • Phone numbers

  • Company name

  • Your role in your company

Payment information (if applicable):

  • Credit card details

  • Billing and mailing addresses

  • Other payment-related information

Device data:

  • Operating system type and version

  • Device manufacturer and model

  • Browser type and version

  • IP address

  • Screen resolution

  • Unique device identifiers

Service interaction data: 

  • Referring website or source

  • Session duration and time stamps

  • Pages viewed and links clicked

  • Email engagement behavior

  • Navigation paths and clickstream

Third-party source data:

  • Social media profile info

  • Company affiliation and role

  • Email address, phone number, mailing address

  • Approximate geolocation

Typical sources include:

  • Marketing partners

  • Contact enrichment tools

  • Targeted advertising providers

3.2 Customers and End Users

Registration and contact information:

  • First and last names

  • Email addresses

  • Phone numbers

  • Mailing addresses

  • Company name

  • User role/title

Payment information:

  • Credit card details

  • Billing and mailing addresses

  • Other payment-related information

Device and usage data:

  • Operating system, browser, language

  • IP address and device ID

  • Screen resolution

  • Language preferences

  • Activity status (e.g., last seen, contacted)

Service data (from our platform):

  • Application usage logs

  • User comfort profiles and building interaction data

  • Pages/screens visited, click events, and timestamps

  • Intercom-style session tracking (e.g., tags, identifiers, activity logs)

Third-party source data:

  • Company and professional role data

  • Email and phone number

  • Geolocation inferred from IP

Typical sources include:

  • Identity management services

  • Analytics providers (e.g., crash analytics)

3.3 Business Contacts and Event Participants

Registration, contact, and company information:

  • First and last names

  • Email addresses

  • Phone numbers

  • Mailing addresses

  • Company name

  • Your role/title

Visitation and security data (where applicable):

  • Time and date of arrival

  • Signature log

  • Photograph ID (e.g., badge or passport)

  • CCTV footage (for office and demo site security)

Third-party source data (e.g., from event organizers):

  • Name and contact info

  • Professional affiliation

  • Event participation details

3.1 Cookies, Tracking, and Do Not Track Signals

Some device data, usage data, and third-party source data may be collected through the use of first-party and third-party cookies or similar tracking technologies. These tools help us understand how users interact with our services, measure performance, and improve user experience.
Where we embed third-party tools (such as messaging widgets or analytics services), those providers may assign a unique identifier to users within the scope of a single website or application. However, such tools do not collect or retain data that allows cross-site tracking of users across unrelated websites or applications that we do not own or control. IP addresses or similar identifiers that could recognize a specific user across multiple sites are not retained or used for such tracking purposes.
For details on how we use cookies and related technologies, please see our Cookie Policy.
Do Not Track: Some browsers may offer a “Do Not Track” setting to signal your preference not to be tracked across websites. Our systems currently do not respond to these signals. To learn more, visit www.allaboutdnt.com.

4. Permissible Use of Your Personal Data

4.1 Purposes of Processing and Legal Bases
We collect and process your personal data for the following purposes. If you are located in the European Economic Area (EEA), we rely on the legal bases outlined below:

Providing our Services and Platforms: We process your personal data to perform our contract with you, including enabling access to our building management services, comfort control tools, and other platform features. Where no direct contract exists with you, we rely on our legitimate interest in operating and maintaining our services and systems.

Communicating with You and Providing Support: We may use your personal data to send technical or service-related communications (e.g., updates, alerts, availability notices) and to respond to inquiries or support requests. This processing is based on our contractual obligations or our legitimate interest in ensuring reliable customer service.

Improving Our Services and User Experience: We use personal data to understand usage patterns, develop new features, and optimize system performance, based on our legitimate interest in enhancing our services. Where required, we may rely on your consent to collect optional usage data.

Marketing Communications: We may process your personal data to send marketing emails, newsletters, and event invitations about our products or services. This is based on our legitimate interest in promoting our offerings or, where required, your prior consent. See the "Your Rights" section to manage your preferences.

Office and Site Visits: For security, visitor management, and facility access control, we process information about office or demonstration site visits. This processing is necessary to safeguard our personnel, physical premises, and confidential information.

Event Registration and Attendance: We process your data to manage event participation and communicate logistics. This is done under our legitimate interest in organizing professional events and maintaining community engagement.

Security and Abuse Prevention: We process data to monitor, detect, and prevent unauthorized access, security threats, and potential abuse of our services. This processing supports our legitimate interest in maintaining system integrity and user safety.
Personalized Content and Advertising: We may use personal data to deliver customized experiences and relevant advertisements on our platforms or third-party sites. This is done under our legitimate interest or, where required, with your consent.

Business Operations and Compliance: We process data for operational purposes such as billing, audits, legal compliance, fraud detection, and regulatory reporting. This processing may be necessary for contractual performance, compliance with legal obligations, or our legitimate business interests.

Legal and Regulatory Obligations: We may process your personal data to comply with applicable laws, respond to lawful requests, or protect the rights, safety, and property of our company, users, or the public.

4.2 Other Uses and Notices
Where we intend to use your personal data for purposes not described above or not directly compatible with the original purpose, we will provide additional information at the point of collection or in a supplementary notice. This includes disclosure of the relevant legal basis for processing.

4.3 Applicability of Legal Bases
These legal bases apply to processing activities as a resident of the EEA. Other jurisdictions may apply different legal standards.

4.4 Questions or Requests
If you have any questions about our legal bases for processing or how your personal data is used, please contact us using the contact information provided in the "Your Rights" section or submit a request via our Privacy Request Form.

4.5 Federal Trade Commission
The Federal Trade Commission has jurisdiction over PassiveLogic’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF)

5. International Data Transfers

  • Transfers to the U.S. are covered under:

    • EU–U.S. Data Privacy Framework (DPF)

  • If sending to non-DPF countries, we apply EU Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs) with supplementary safeguards such as encryption and pseudonymization.


6. Onward Transfers

We only share your data with third parties (e.g., analytics or HVAC providers) who are either DPF-certified or have signed equivalent data protection agreements ensuring GDPR-level safeguards. We may share personal data with service providers, including cloud and CRM platforms in countries such as the United States and Canada. For international transfers, we rely on recognized legal mechanisms, such as the EU-U.S. Data Privacy Framework, adequacy decisions, and Standard Contractual Clauses, as appropriate.

In accordance with the EU-U.S. Data Privacy Framework Principles, PassiveLogic remains liable for the processing of personal data it transfers to third parties acting as agents on its behalf if those agents process such data in a manner inconsistent with the DPF Principles, unless PassiveLogic can demonstrate that it is not responsible for the event giving rise to the damage.

7. Data Subject Rights

You have the right to:

  • Access, correct, or delete your data

  • Object to processing

  • Request portability

  • Withdraw consent (where given)

  • Lodge complaints with your local supervisory authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

8. Retention

We retain personal data only as long as necessary—typically for the duration of the service relationship plus 3 years for compliance and business purposes.

9. Security

We implement industry-standard technical and organizational measures including encryption, role-based access controls, audit logging, and periodic security reviews.

10. Cookies & Tracking

Cookies are used for essential functionality and analytics. Options are provided via a cookie banner, and details can be found in our Cookie Notice.

11. Dispute Resolution / DPF IRM

PassiveLogic, Inc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. PassiveLogic, Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework Program (DPF Program), and to view our certification, please visit https://www.dataprivacyframework.gov/.

Pursuant to the DPF Program, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States in reliance on the DPF Program should direct their query to dpo@passivelogic.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to dpo@passivelogic.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

For complaints regarding data transfers, you may contact our independent dispute resolution provider: BBB National Programs (no cost to you). If unresolved, binding arbitration before the DPF Panel is available.

In compliance with the DPF Principles, PassiveLogic, Inc commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our handling of personal data in reliance on the DPF should first contact PassiveLogic, Inc at dpo@passivelogic.com.

In compliance with the EU-U.S. DPF, PassiveLogic commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit BBB Programs for more information or to file a complaint. The services of BBB National Programs are provided at no cost to you.

You as an individual have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms Read the Data Privacy Framework ANNEX-I for additional information.

12. Changes to this Policy

We may update this Privacy Policy periodically. We will notify users via email or system notice and update the date above.

13. Contact Us
Data Protection Officer (DPO): 

dpo@passivelogic.com
6510 Millrock Ave. STE 350
Holladay, UT 84121

passivelogic logo

Company

Careers
Blog
Newsroom
Legal
Contact
Terms of Use

Hardware

Hive
Sense

Software

Building Studio
Quantum Lens
Differentiable Swift

Social

© 2024 PassiveLogic, Inc. All Rights Reserved. Privacy Notice