PRIVACY STATEMENT
for dormakaba’s skyra Cloud Service and/or skyra Mobile App – for Pre-Series Pilot Projects
Version: July 2024
1. SCOPE AND SUBJECT OF THIS PRIVACY STATEMENT
1.1 “skyra Service” is a cloud-based access control service, as updated, upgraded or newly released from time to time. The “skyra Cloud Services”, “skyra Portal” and “skyra Mobile App” are components of the skyra Service and are individually and collectively herein also referred to as “skyra Service” or “Service”.
1.2 dormakaba or one of its affiliated companies may (i) designate You as an end user of a Service, or (ii) have entered into an individual agreement with one of its customers, suppliers or service-providers (“Company”), under which Company (or one of Company’s subcontractors or service-providers) may designate You as an end user of a Service. “You” are an individual person using a Service.
1.3 This Privacy Statement gives You an overview of what types of personal data we collect from You in connection with the scope described above, for what purposes this data is processed and what rights You have in relation to the processing of Your data.
1.4 Data of third parties provided by You. The Service provides functionalities that may allow You to enter personal data of third parties within the Service and/or to grant or revoke access of individuals or third parties to Service. Please be aware that we will collect and process data of such third parties which You provide to us within the Service, as well as statistical data related thereto (e.g., type of mobile device, version OS). You are responsible to comply with the related legal obligations regarding data protection.
1.5 Country Specific Terms. In addition, deviation or replacement of the general terms set out herein, there may be country specific terms which apply to You. Such country specific terms, if any, are set out in clause 10 – Country Specific Terms or in a country specific Privacy Statement for skyra Services.
2. CONTROLLER, CONTACT INFORMATION, EU REPRESENTATIVE
2.1 The data controller responsible for processing Your personal data in connection with the Services is the company that designates You as End User of the skyra Service.
2.2 The data controller may be Your employer, account owner, account manager, administrator or another company.
2.3 When that company is dormakaba then the data controller is dormakaba Switzerland Ltd., Mühlebühlstrasse 23, 8620 Wetzikon, Switzerland ("we"). dormakaba Switzerland Ltd. is also the data controller for the processing of your personal data, insofar as analysis tools mentioned in clause 5 - Use of Analysis Tools - if any - are used.
2.4 The competent supervisory authority in Switzerland for dormakaba as data controller is the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern, Switzerland (http://www.edoeb.admin.ch).
2.5 As dormakaba’s data protection representative in the European Union within the meaning of Art. 27 GDPR we have designated dormakaba Deutschland GmbH, DORMA Platz 1, 58256 Ennepetal, Germany ("EU Representative").
2.6 You can reach dormakaba’s data protection officer at data.protection@dormakaba.com or at the above postal address of the EU Representative, with the addition of "the data protection officer".
2.7 When the data controller is not dormakaba Switzerland Ltd., then, in this case, You should contact the data controller to obtain additional and detailed information on its privacy declaration.
3. OUR DATA PROCESSING PRINCIPLES
We process personal information in accordance with the applicable data protection laws and regulations, as amended from time to time (“Applicable Data Protection Laws”). Applicable Data Protection Laws include but are not limited to the Swiss Federal Act on Data Protection Act (“FADP”) and the EU General Data Protection Regulation (“GDPR”).
4. DATA COLLECTED, PROCESSING PURPOSES AND LEGAL BASES
4.1 Download of the skyra Mobile App (if applicable to You). When the skyra Mobile App is downloaded from the app store, the information required for the transaction is transferred to the app store, i.e., in particular the username, e-mail address and customer number for Your account, time of the download, payment information, if any, and individual device code. We have no influence over these data collections, nor are we responsible for them. We only process this data if necessary for downloading the skyra Mobile App to Your mobile device.
4.2 Registration. When you register in the in Service You may need to enter Your email address and define a password. Also, the skyra Service may use Your email or mobile phone to send You an activation code to be able to use the Service.
We process Your registration data to permit us to provide the service offered and / or to perform a contract with You.
4.3 Requests / queries through the Services. We also process the data You provide in the Service to send requested information or respond to queries raised. The legal basis for this processing is to permit us to provide the service offered and/or to perform a contract with You.
4.4 Pilot Feedback Request. We may process Your personal information which You have provided in Service, to contact You to carry out satisfaction surveys, receive feedback with regard to Your use of the Service and/or to improve our services on the basis of our legitimate interest, where those legitimate interests are not overridden by Your rights or interests.
4.5 Access Log Data. The Company as well as certain of its authorised users (admin users or operator users) have the technical possibility to see in the Service information about which access point (skyra lock) has been used with which access medium at which point in time. The data controller will be responsible to inform you in advance about the processing. For questions relating to the processing of such access log data by Company or its authorised users, You should contact the data controller (as per clause 2 – Controller, Contact Information, EU Representative) to obtain additional and detailed information on its privacy declaration.
We process such access log data to the extent required (a) to provide technical support to a user of such door and/or (b) to permit us or one of our affiliates to provide the service offered and/or to implement an agreement with You and/or the company who has designated You as End User. We may further process Your personal information, where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, where those legitimate interests are not overridden by Your rights or interests. Our legitimate interests include but are not limited to analysis of the Service for further improvement.
4.6 If You contact us by email, Your email address, including the information provided by You, will be stored by us for the purposes of processing the request and in case of follow-up questions. The data transmitted by You by email is processed on the basis of Your consent. You may withdraw this consent at any time. An informal notification to us by email suffices for such purposes. If the aim of the contact request is to clarify problems with the Service or to provide other services as part of the customer service provided by us, the legal basis for the processing of Your personal data is the performance of our contractual obligation.
5. USE OF ANALYSIS TOOLS
The skyra Services is not yet fully developed and not yet released for full commercial use. It is currently being tested in selected pilot projects. You understand and accept that the skyra Service is a test product and may not be free of errors.
The skyra Services use development tools to call up via API data stored in the skyra Service to analyse (i) message traffic, (ii) errors, (iii) data generated or provided by skyra keys, skyra locks and skyra Mobile App, and (iv) the performance and stability of the skyra Service, all for the purpose of improving the skyra Service and skyra products.
Such tools are used on the basis of your consent. If you do not consent, you should not use the Service.
6. LOCATION OF DATA PROCESSING AND THIRD COUNTRY TRANSFERS
The data that we collect from You may be processed in, transferred to, and/or stored in:
Applicable Data Protection Laws may contain restrictions for the transfer of personal data to third countries. Where we transfer Your personal data to a third country, we must comply with the Applicable Data Protection Laws and implement data transfer mechanisms and safeguards in accordance with such Applicable Data Protection Laws, if and to the extent required for such cross-border transfer. With regard to a transfer of personal data from the EU to Switzerland, the EU Commission has decided that Switzerland offers an adequate level of data protection. A copy of the documentation or further information on the measures taken by us is available from us on request.
7. STORAGE DURATION AND DELETION
We store Your personal data in accordance with the applicable data protection laws if and for as long as this is required for the processing purposes referred to in this Privacy Statement. We then delete Your personal data in accordance with our data retention and deletion policies or take measures to properly anonymise the data. An exception to this is where we are legally obliged to keep Your personal data longer (e.g., for tax, accounting and auditing purposes). The data transmitted by You by email is kept by us until the purpose for the data storage ceases to apply (e.g., once Your request has been processed).
8. YOUR RIGHTS
As a data subject, You have the rights vis-à-vis the data controller (see clause 2 – Controller, Contact Information, EU Representative). When the data controller is us, You have the following rights vis-à-vis us or our EU Representative regarding Your personal data by sending an email to data.protection@dormakaba.com :
8.1 You may at any time withdraw any consent once given by You to the processing by us of Your personal data. As a result, we may in future no longer process Your personal data on the basis of Your consent. The withdrawal will not affect the lawfulness of any processing done on the basis of the consent up until the said withdrawal.
8.2 You can request information about Your personal data as processed by us. In particular, You can request information about the purposes of processing, the category of personal data, the categories of recipients to whom Your data was or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of Your data if it was not collected directly from You, and the existence of automated decision-making including profiling and, if necessary, meaningful information on the details of the same.
8.3 If and to the extent, as part of Your use of the Service You may input, retrieve, correct or delete Your personal data, You are responsible for the correction, retrieval or deletion of Your data in or from the resivo Access Solution. In any other cases:
A) You can request the immediate rectification of inaccurate personal data or the completion of Your personal data as stored by us and You also have the right, taking into consideration the purposes of the processing, to request the completion of incomplete personal data - including by means of an additional declaration.
B) You can request the erasure of Your personal data as stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, whereby the right to erasure may be limited by national law.
C) You can request the restriction of the processing of Your personal data insofar as You contest the accuracy of the data, the processing is unlawful, but You object to its erasure and we no longer need the data, but it is required by You for the establishment, exercise or defence of legal claims, or You have objected to the processing.
D) You have the right to receive Your personal data that You have provided to us in a structured, commonly used and machine-readable format and to transmit that data to another controller ("Right to data portability").
8.4 You can complain to a supervisory authority. As a rule, You may for such purposes contact the supervisory authority at Your usual place of residence, Your place of work or the headquarters of our EU Representative.
If Your personal data is processed on the basis of legitimate interests, You also have the right to object to the processing of Your personal data, provided there are grounds for this arising from Your particular situation.
If personal data is processed for direct marketing purposes, You have the right to object at any time to the processing of Your personal data for such marketing, which includes profiling insofar as it is related to such direct marketing.
9. CHANGES TO THIS PRIVACY STATEMENT
We may amend this Privacy Statement from time to time for any reason. We will notify You of any changes by posting the new Privacy Statement in the Service and changing the “Version” date. You should consult this Privacy Statement regularly for any changes. In case of relevant amendments, we may further notify You by email or other appropriate means.
10. COUNTRY SPECIFIC TERMS
10.1 Australia. Where the location of the dormakaba entity which has concluded the agreement with company is Australia, or dormakaba Australia Pty Ltd (dormakaba Australia) is otherwise involved in the collection, disclosure, storage or use of personal information, the following applies in addition to the clauses above.
A) “Applicable Data Protection Laws” includes the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APP), as applicable;
B) If we do not collect, hold, use or disclose Your personal information, or if You do not consent, then we may not be able to answer Your enquiry, complete the agreement or transaction into which You have entered, or provide access to the Service, as applicable;
C) You can reach dormakaba Australia’s Privacy Officer at 12-13 Dansu Court, Hallam, Victoria, 3803 or at the following email address: Privacy.AU@dormakaba.com;
D) dormakaba Australia is affiliated with organisations located overseas and is likely to or will disclose some of Your personal information to overseas recipients, but will only do so where: (i) it is necessary for the purposes of giving effect to an agreement with You; and (ii) where You have provided consent or we believe on reasonable grounds that the overseas recipient is required to deal with Your personal information by enforceable laws similar to the requirements under the APPs or where it is otherwise permitted by law. Our overseas affiliates are located in Germany and Switzerland; and
E) dormakaba Australia’s privacy policy is located here: https://www.dormakaba.com/au-en/privacy-policy .
dormakaba skyra Service (Pre-Series Pilot Projects) Privacy Statement/