Skip to main content

Ergotron EU Data Act Notice

This notice contains mandatory information to be provided publicly under the EU Regulation 2023/2854 (EU Data Act) and applies to the following products/services of Ergotron, Inc.:

  • Mosaic mobile workstations
  • Other workstations enabled by RhythmConnect Link hardware to interact with RhythmConnect software
  • RhythmConnect software

Data Collected by Connected Devices/Related Services

The following device data is generated and collected continuously and in real-time from the connected Mobile Workstations:

  • battery health data (SoC, cycles, voltage, temperature),
  • device status (online/offline, charging, usage patterns) and
  • location context (BLE gateways and WIFI Radio MAC addresses / IP addresses).

This device data will be transmitted to and stored on Ergotron’s servers located in the EU and locally on the relevant device. Device data will be stored by Ergotron for at least 3 years in anonymized format.

The above data will be collected as binary string data packets that are encrypted in transit over HTTPS, and at rest in a database, using industry standard encryption (i.e. AES-256). The data packets are no more than 1.5 KB per transmission and are sent at a maximum frequency of every 2.5 minutes using a proprietary (trade secret) key-value protocol.

How to access connected device / related service data and make available to third parties

Users of Mosaic mobile workstations can use the RhythmConnect software offered by Ergotron to access and monitor the device data in real time.

The RhythmConnect software also allows users to grant access to the device data to third parties.

Further requests to retrieve, erase or share device data can be addressed via the below communication channels.

For which purposes does Ergotron use connected device / related service data

Ergotron will use the device data for the following purposes:

  • provide the services to customers,
  • ensure security and help users manage its fleet of Mosaic mobile workstations and
  • understand and improve the use and functioning of Ergotron’s own products.

Data Categories that can be migrated to new service provider or self-hosted infrastructure

The above device data as well as user account data can be migrated to a new service provider offering equivalent services or to a self-hosted infrastructure of the customer.

How to migrate data

Migration requests can be addressed via the below contact channels.

Upon request, Ergotron will enable the customer to download the data from a secure download portal free of charge. The data will be made available in a commonly used file format (e.g. .xml or .csv).

Interoperability Standards

Ergotron will monitor the establishment of interoperability standards and once in operation.

Jurisdictions Applicable to Ergotron’s Data Hosting Infrastructure

The data collected from devices and stored for providing the services is stored on servers located in the EU. The servers are hosted by our service provider Microsoft Corporation (Microsoft Azure). Since Ergotron and Microsoft are established in the USA, it may be possible that their servers and the data stored on them may be subject to such US laws, regardless of the server location.

Measures Implemented by Ergotron to Prevent Unlawful Government Access to Stored Data

Ergotron applies measures to physically protect its systems against unauthorized access, including governmental authority access. These measures include encryption at rest and during transit, strict access limitations and tracking, firewalls and other tools to prevent cyber-attacks and similar forced access attempts. No automated access or backdoors to data stored by Ergotron is granted to any third party, including governmental authorities. Additional protection measures applied by Microsoft can be found here.

In case of a request by foreign (including US) authorities to access the data stored on EU servers not meeting access requirements under EU laws, Ergotron will:

  • notify respective authority that the data originates from users in the EU and it would violate applicable EU laws to grant access to the data;
  • refer the respective authority to direct any access request directly to the relevant customer;
  • refer the relevant authority to alternatively rely on international legal assistance treaties (LATs) in place with the EU;
  • challenge any unlawful access request and use legal procedures to defend against such access requests;
  • where permitted, notify the customer upfront of any access request relating to their data.

Microsoft has similar procedures in place in case they receive a respective data access request.

Right to Lodge a Complaint

Client is also entitled to lodge a complaint to a competent supervisory authority in case of a violation of the provisions of the EU Regulation 2023/2854 (EU Data Act) by Ergotron.

Contact Details

Client may contact Ergotron by email to [email protected] in case of any uncertainties or requests (including requests regarding transfer of Device Data to third parties).