Difference between revisions of "Tado"

From Wiki IoT
Jump to: navigation, search
Line 8: Line 8:
 
|topics=Consumer, Contract
 
|topics=Consumer, Contract
 
|correlated=https://www.tado.com/de-en/, https://support.tado.com/hc/en-gb
 
|correlated=https://www.tado.com/de-en/, https://support.tado.com/hc/en-gb
|notes=tado° is a consumer-oriented (''“When these General Terms and Conditions refer to "consumers", these are deemed to be natural persons placing orders that cannot be attributed to
+
|notes=tado° is a consumer-oriented (''“When these General Terms and Conditions refer to "consumers", these are deemed to be natural persons placing orders that cannot be attributed to commercial, independent or freelance activity”''), always-on (''“In order to use the full range of functions offered by the applications of the Supplier, a working, always-on Internet connection must be available at the place of installation”'') Smart Thermostat. As a thermostat, it has a potential impact on real world.
commercial, independent or freelance activity”''), always-on (''“In order to use the full range of functions offered by the applications of the Supplier, a working, always-on Internet connection must be available at the place of
+
installation”'') Smart Thermostat. As a thermostat, it has a potential impact on real world.
+
  
 
Components:
 
Components:
Line 36: Line 34:
 
  residence shall apply in addition, provided that it offers more comprehensive protection.”
 
  residence shall apply in addition, provided that it offers more comprehensive protection.”
 
|CC1=Yes
 
|CC1=Yes
|notesCC1=“[T]he Supplier shall not be liable for damage to terminal equipment of third parties connected to the terminals of the Supplier or damage to the
+
|notesCC1=“[T]he Supplier shall not be liable for damage to terminal equipment of third parties connected to the terminals of the Supplier or damage to the terminal devices of the Supplier, as well as devices that are not fit for use, when this is attributable to false or incomplete information provided by the Customer at the time of the compatibility check or failure to observe the instructions of the Supplier.”
terminal devices of the Supplier, as well as devices that are not fit for use, when this is attributable to false or incomplete information provided by the Customer
+
“[T]he Supplier shall not accept any liability for damage to equipment connected to terminal devices unless the damage is demonstrably attributable to the operation of one of the terminal devices of the Supplier. The burden of proof lies with the Customer. If no proof is available due to the actions of the Customer (e.g. '''if the Customer carries out a repair himself'''), the liability of the Supplier shall be excluded.” - - > incompetence trap
at the time of the compatibility check or failure to observe the instructions of the Supplier.”
+
“[T]he Supplier shall not accept any liability for damage to equipment connected to terminal
+
devices unless the damage is demonstrably attributable to the operation of one of the terminal devices of the Supplier. The burden of proof lies with the Customer. If no proof is available due to the actions of the Customer (e.g. '''if the Customer carries out a repair himself'''), the liability of the Supplier shall be
+
excluded.” - - > incompetence trap
+
 
|notesCC2=We must verify if the Reports available on the apps must be deleted by the Supplier. Terms and Conditions say nothing about that.
 
|notesCC2=We must verify if the Reports available on the apps must be deleted by the Supplier. Terms and Conditions say nothing about that.
 
|CC3=Yes
 
|CC3=Yes
|notesCC3=“The
+
|notesCC3=“The personal data supplied by the Customer, order data and operating data provided by the terminal equipment shall be stored electronically by the Supplier.”
personal data supplied by the Customer, order data and operating data provided by the terminal equipment shall be stored electronically by the Supplier.”
+
 
Nothing is said in the Terms and Conditions, but on the website it is stated that “tado° only stores the minimum data required to intelligently control your heating system and deletes all unnecessary data”. - - > But this can be seen as a beneficial behavior for consumer's information security. Moreover, the website also states – in answer to the question “tado° uses a signal from my smartphone to control my heating based on my presence or absence. Does that mean tado° always knows where I am?” – “tado° does not know exactly where you are – it merely calculates how far you are from home. This data is then analysed anonymously and encrypted before being transferred to control your heating. Once this is done, the data is deleted immediately.”
 
Nothing is said in the Terms and Conditions, but on the website it is stated that “tado° only stores the minimum data required to intelligently control your heating system and deletes all unnecessary data”. - - > But this can be seen as a beneficial behavior for consumer's information security. Moreover, the website also states – in answer to the question “tado° uses a signal from my smartphone to control my heating based on my presence or absence. Does that mean tado° always knows where I am?” – “tado° does not know exactly where you are – it merely calculates how far you are from home. This data is then analysed anonymously and encrypted before being transferred to control your heating. Once this is done, the data is deleted immediately.”
 
Considering that Reports on the temperature at home and the heating times, and also information about how much you have spent are available through the Apps, we must  verify if this other information which is deleted or anonymised is really necessary for the consumer.
 
Considering that Reports on the temperature at home and the heating times, and also information about how much you have spent are available through the Apps, we must  verify if this other information which is deleted or anonymised is really necessary for the consumer.

Revision as of 18:08, 10 June 2015

Nature Real
ID Name tado° Smart Thermostat
Provider tado° GmbH
Description Prova
Country Germany
Release Date 20.03.12
Link https://www.tado.com/de-en/, https://support.tado.com/hc/en-gb
Topics Consumer, Contract
Correlated texts https://www.tado.com/de-en/, https://support.tado.com/hc/en-gb

Notes

tado° is a consumer-oriented (“When these General Terms and Conditions refer to "consumers", these are deemed to be natural persons placing orders that cannot be attributed to commercial, independent or freelance activity”), always-on (“In order to use the full range of functions offered by the applications of the Supplier, a working, always-on Internet connection must be available at the place of installation”) Smart Thermostat. As a thermostat, it has a potential impact on real world.

Components:

a. thermostat (hardware): you can see the current temperature and set or alter the setpoint temperature; it is compatible with almost all manufacturers and systems (list of manufacturers provided); it is connected to the Internet via your Internet access at home (through a device – the tado° Bridge – plugged into your router; the Bridge and the thermostat are communicating inside your house via a wireless radio connection); “[i]n order to use the full range of functions offered by the applications of the Supplier, a working, always-on Internet connection must be available at the place of

installation”; “[y]our home network must be configured such that tado° will automatically get an IP address (DHCP) once connected”; if your Internet connection goes down, you can't remotely control the temperature, but you can still control it via the Smart Thermostat; “[t]he Smart Thermostat and your mobile devices are connected via our secure cloud server.”; “[t]he Supplier's server infrastructure is the central link between the applications and from the applications to the devices”.

b. embedded software: it is subject to auto updates if the device is connected to the Internet; there is no EULA concerning it;

c. “service”:

1. tado° servers: “[t]he Smart Thermostat and your mobile devices are connected via our secure cloud server.”; “[t]he Supplier's server infrastructure is the central link between the applications and from the applications to the devices”; “[t]he tado° servers are all located in Europe and have the following [security] certificates: SOC 1/SSAE 16/ISAE 3402, FISMA Moderate, PCI DSS Level 1, ISO 27001, FIPS 140-2”; “[w]e have a multiple redundant server setup, so a crash is extremely unlikely. Nevertheless, should our service be interrupted, we will receive a message within minutes so that we can resolve the problem. In case the connection to the server is lost, tado° will remain in the mode that was previously set. For example, if tado° was in Sleep mode, it will remain in this mode. Of course, you can press the Home button on the Generation one tado° box at any time to heat your house up to your preset home temperature. If you have the new Smart Thermostat you can still change the temperature by switching to manual mode and afterwards setting your desired temperature”.

2. web app (tado.com/login): “The Smart Thermostat and your mobile devices are connected via our secure cloud server.”;“The Supplier's server infrastructure is the central link between the applications and from the applications to the devices.”; on the web app you can find a report of the temperature at home and the heating times, and also information about how much you have spent today. On the website it is stated that all the functions of the mobile app are also accessible through the web app.

3. mobile app: tells the smart thermostat where you are, always displays the temperature at home and lets you change the settings or switching to manual mode remotely; “The Smart Thermostat and your mobile devices are connected via our secure cloud server.”;“The Supplier's server infrastructure is the central link between the applications and from the applications to the devices.”; on the mobile app you can find a report of the temperature at home and the heating times, and also information about how much you have spent today; “The mobile apps are made available through the various stores for mobile applications (iOS App Store, Android Play Store, Windows Store, etc.).”; “In order to use all the features of the mobile applications a mobile data connection is required.” The mobile apps are currently available for iOS from version 7.0 (iPad2 and iPhone 4 or more recent), Android from version 2.3.3, Windows Phone 8.1 or above. “If you have no network coverage [on your mobile phone] then tado° will maintain the status it had from before the connection was lost. tado° automatically resumes its normal functions once you have network coverage again.”

4. tado° Care: a free additional service designed to prevent heating system breakdowns and offer immediate help in case of malfunctions (it also offers a boiler check later in summer, notified to the consumer via the tado° App)

FAQ can be found at https://support.tado.com/hc/en-gb. Contact form (which the consumer can use e.g. to ask information about his personal data collected by tado° GmbH)can be found at: https://support.tado.com/hc/en-gb/requests/new.

In the Terms and Conditions we can find this clause, which shows how tado° GmbH takes care of consumers: “The laws of the Federal Republic of Germany to the exclusion of the UN Convention on the Sale of Goods (CISG) shall apply exclusively, including to cross- border deliveries. If the Customer is a consumer, the mandatory consumer protection legislation valid in the country in which the Customer has his habitual

residence shall apply in addition, provided that it offers more comprehensive protection.”

Contractual characteristics

Links to Terms&Conditions:

Date of Terms&Conditions:

1. Is the consumer allowed to modify the software and/or hardware without retaliation? Yes
“[T]he Supplier shall not be liable for damage to terminal equipment of third parties connected to the terminals of the Supplier or damage to the terminal devices of the Supplier, as well as devices that are not fit for use, when this is attributable to false or incomplete information provided by the Customer at the time of the compatibility check or failure to observe the instructions of the Supplier.”

“[T]he Supplier shall not accept any liability for damage to equipment connected to terminal devices unless the damage is demonstrably attributable to the operation of one of the terminal devices of the Supplier. The burden of proof lies with the Customer. If no proof is available due to the actions of the Customer (e.g. if the Customer carries out a repair himself), the liability of the Supplier shall be excluded.” - - > incompetence trap

2. Does the provider reserve to himself the right to modify/delete his own content?
We must verify if the Reports available on the apps must be deleted by the Supplier. Terms and Conditions say nothing about that.
3. Does the provider reserve to himself the right to modify/delete consumer content? Yes
“The personal data supplied by the Customer, order data and operating data provided by the terminal equipment shall be stored electronically by the Supplier.”

Nothing is said in the Terms and Conditions, but on the website it is stated that “tado° only stores the minimum data required to intelligently control your heating system and deletes all unnecessary data”. - - > But this can be seen as a beneficial behavior for consumer's information security. Moreover, the website also states – in answer to the question “tado° uses a signal from my smartphone to control my heating based on my presence or absence. Does that mean tado° always knows where I am?” – “tado° does not know exactly where you are – it merely calculates how far you are from home. This data is then analysed anonymously and encrypted before being transferred to control your heating. Once this is done, the data is deleted immediately.” Considering that Reports on the temperature at home and the heating times, and also information about how much you have spent are available through the Apps, we must verify if this other information which is deleted or anonymised is really necessary for the consumer.

4. Is the title on software explicitly transferred to the consumer?
5. Is the title on hardware explicitly transferred to the consumer?
6. Is the consumer forbidden from reselling the device?
7. Is the consumer forbidden from transferring the account?
8. Is there an explicit prohibition to use the device in combination with a third party service?
9. Are there explicit duration boundaries to consumer’s enjoyment of the device?
10. Are there explicit duration boundaries to consumer’s enjoyment of the service?
11. Are there explicit terms and conditions allowing the consumer to access (view only) his data?
12. Are there explicit terms and conditions allowing the consumer to delete his data?
13. Are there explicit terms and conditions allowing the consumer to export (with proprietary format) his data?
14. Are there explicit terms and conditions allowing the consumer to export (with open format) his data?
15. Does the provider reserve to himself the right to unilaterally modify terms and conditions?
16. Does the provider reserve to himself the right to unilaterally modify the software?

Technical characteristics

1. Which is the duration of the provider role?
2. Is the branded hardware necessary for product usability?
3. Is the branded software necessary for product usability?
4. Is the branded "service" necessary for product usability?
5. Do the device's administration rights belong to the product provider?
6. Which possibilities does the consumer have to dispose of his data?

Usability

1. Can the consumer enjoy the product for an unlimited period?
2. Can the consumer sell the device?
3. Can the consumer transfer the account?
4. Can the consumer delete his data?
5. Can the consumer delete his account?
6. Can the consumer use his data?
7. Can the consumer use the HW and SW in combination with third party SRV?
8. Can the consumer use the HW and SRV in combination with third party SW?
9. Can the consumer use the SW and SRV in combination with third party HW?
10. Can the consumer use the HW in combination with third party SW and SRV?
11. Can the consumer use the SW in combination with third party HW and SRV?
12. Can the consumer use the SRV in combination with third party HW and SW?