Effective date: November 09, 2018
Keymitt S.A. ("us", "we", or "our") operates the https://www.keymitt.com/ website and the Keymitt App mobile application (hereinafter referred to as the "Service").
This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data. Those responsible for data processing in accordance with the basic data protection regulations (“GDPR” as amended) and other national data protection laws of the member states as well as other data protection regulations, are we:
29, Boulevard Grande-Duchesse Charlotte
Service means the https://www.keymitt.com/ website and the Keymitt App mobile application operated by Keymitt S.A.
- Personal Data
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
- Usage Data
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small files stored on your device (computer or mobile device).
- Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
- Data Processors (or Service Providers)
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
- Data Subject (or User)
Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
We process those of your personal data that we receive in the course of our business relationship with you. Personal data include details of your person (name, address, contact details, etc.) and your credentials (such as ID data). In addition, this may include order data (e.g. payment orders), advertising and sales data, documentation data (e.g. consulting protocols), offers, and data for the fulfilment of legal obligations. These data are either obtained directly from you or provided to us by third parties, such as our partner companies.
We either process your data for
- the implementation of pre-contractual measures or for the fulfilment of our contractual obligations (Art 6 Para. 1 lit. b GDPR) in the context of our business relationship.
- on basis of your consent (Art 6 Para. 1 lit. a GDPR), if you have given us your consent for contacting you to send offers, advertisements (promotional purposes) or for the transfer of data to the manufacturer/importer, or for the
- fulfilment of our legal obligations (Art 6 Para. 1 lit. c GDPR) or
- due to rightful interest in data processing (Art. 6 Para. 1 lit. f GDPR).
Processing of your data supports the establishment and implementation of our business relationship or the execution of the corresponding order. If you don’t provide us with data, we generally have to refuse to sign a contract or implement an order or we can no longer execute an existing contract and consequently have to terminate it.
Should consent be required for data processing, we will ask for it. In any case, consents are voluntary. If you have given us consent for the processing of your personal data for specific purposes, processing based on this consent will be carried out in accordance with what was specified in the consent declaration and to the extent agreed therein. A granted consent can be revoked at any time with effect for the future in writing or by email. This will not adversely affect the legality of any processing of data till that time.
You are not obliged to give consent to the processing of those data that are not relevant or required for the fulfilment of the contract or the corresponding commission.
Furthermore we inform you that we do not use automated decisions, according to Art 22 GDPR, to reach decisions regarding the establishment and conduct of a business relationship.
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We may use and store information about your location if you give us permission to do so ("Location Data"). We use this data to provide features of our Service, to improve and customise our Service.
You can enable or disable location services when you use our Service at any time by way of your device settings.
Tracking & Cookies Data
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
User data collected in this way will be pseudonymised by means of technical procedures. This makes it impossible to associate data with a visiting user. Data are not stored with other personal data of users.
Server Log File
For each visit to our website, our system automatically collects data and information about the computer system of the visiting computer.
The following data are collected:
- information about the browser (“User Agent”)
- IP (“Internet Protocol”) address
- date and time of visit
- exact address of requested page (“Request Path” and “Request Type”)
- status of response to requested page (“Response Status”)
These data will only be stored in the webserver logfiles (“access log”). It is impossible to associate the data with a particular user. There is no storage of these data together with other personal data of the user.
Use of Data
Keymitt S.A. uses the collected data for various purposes:
- To provide and maintain our Service
- To notify you about changes to our Service
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer support
- To gather analysis or valuable information so that we can improve our Service
- To monitor the usage of our Service
- To detect, prevent and address technical issues
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information
Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)
Retention of Data
Keymitt S.A. will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
Transfer of Data
Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside Luxembourg and choose to provide information to us, please note that we transfer the data, including Personal Data, to Luxembourg and process it there.
We will only pass on your data to the extent necessary for the fulfilment of the objective of the agreement.
Within our company only those departments or employees will receive your data who need them for the fulfilment of contractual and/or legal obligations. Furthermore we pass on your data within our group only to the extent required for the fulfilment of contractual and/or legal obligations, for instance because a certain brand is only available from a certain company of our group.
In order to fulfil the purpose, it might be necessary that your personal data have to be disclosed to the following recipients. This disclosure might be by means of transfer, dissemination or any other kind of provision.
- IT companies for provision, maintenance and support of our IT system as well as for IT-based implementation for the purpose of data processing,
- related group companies,
- tax advisers and public accountants for the purpose of, and as a support for the fulfilment of our fiscal obligations (Austrian Commercial Code, Federal Fiscal Code, etc.),
- insurance companies or request portals for insurance damage, for the purpose of claims settlement and billing vis-à-vis the latter as well as for the settlement of our insurance cases,
- marketing partners (graphic designers, advertising agencies, printing houses, shipping companies, phone-marketing, newspaper publishers), for forwarding advertising material, should you have given your consent,
- after-sales partners
- legal representation, safety authorities, competent courts or authorities for prosecution.
Disclosure of Data
Disclosure for Law Enforcement
Under certain circumstances, Keymitt S.A. may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Keymitt S.A. may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Keymitt S.A.
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Keymitt S.A. aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Keymitt S.A. relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyse the use of our Service.
Google Analytics is Web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”) It is offered by Google that tracks and reports website traffic. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
Google Analytics uses so-called “Cookies”, text files that are stored on your computer and enable analysis of your use of the website. Information about your use of the website (including your IP address) that is created by means of the cookie is transmitted to a server in the US and stored there. To protect the interests of users regarding protection of their personal data, this is done by anonymising the data, meaning that your IP address will be unrecognisable when passed on to Google.
You can prevent the storage of cookies by means of a corresponding setting in your browser software; however, we draw your attention to the fact that, in this case, you might not be able to use all of the functions of this website to the full extent. Furthermore, you can prevent transmission of data created by the cookie and referring to your use of the website (including your IP address) to Google as well as the processing of these data by Google, by downloading and installing the browser plug-in available via the following link: tools.google.com/dlpage/gaoptout
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
The following data are collected during the registration process:
- User’s encrypted IP address
- Date and time of access
- Frequency of page visits
- Use of website functions
- User’s operating system
- User’s Internet service provider
- Age, sex, languages, interests, country of residence
- Websites from which the user’s system has reached our website
- Websites accessed by the user’s system via our website
- Operating systems used by user devices
Firebase is an analytics service provided by Google Inc.
We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.
For more information on what type of information Firebase collects, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
There is a facility on our website to subscribe to free newsletters. During the process of registering for a newsletter, data from the input form are passed on to us:
(1) Email address
In addition, the following data are collected during registration:
(2) Date and time of registration
During the process of registration, your consent to the processing of your data is sought and your attention is drawn to this data protection declaration. Before your newsletter subscription can begin, we send you an email for confirmation (“double opt-in”).
In connection with data processing for the despatch of newsletters, the data you provide are passed on to our newsletter provider “Mailchimp”, operated by The Rocket Science Group, LLC with headquarters in Atlanta, USA. In this context, we have concluded a processing contract in accordance with Art 28 GDPR. Your data are used exclusively for dispatching newsletters.
- Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Twitter remarketing service is provided by Twitter Inc.
You can opt-out from Twitter's interest-based ads by following their instructions: https://support.twitter.com/articles/20170405
Use of Facebook Custom Audiences
Subject to your consent, this website also uses “Custom Audiences from customer lists” of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Using these, Facebook can target our advertisements at newsletter subscribers who are registered with Facebook. As a result we are able to run targeted advertising for people who have already expressed their interest in our products or our company. These data are passed to Facebook hashed and encrypted. Facebook compares the hash values on the customer list with the hash values of its own stored user data. Facebook then checks the matching data for instances of persons who have not yet liked our Facebook page and delivers our adverts to these Facebook users. You can get more information about the collection and use of the data, the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your options for settings to protect your privacy and rights, from Facebook’s data protection guidelines, accessible via https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation among other links.
These personal data are passed on to the following recipients for the above-mentioned purposes:
Keymitt SA 29, Boulevard Grande-Duchesse Charlotte
Data processor of the Facebook Custom Audiences service
Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA
Facebook Custom Audiences service provider
With your consent, we use Facebook Custom Audiences of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, to place advertising on Facebook. This involves passing your data to Facebook Inc. in the USA. Facebook Inc. is a company that has had itself registered in the Privacy Shield list. The EU-US Privacy Shield was passed by the European Commission through Implementing Decision C(2016) 4176 final of 12/07/2016. In accordance with this, Facebook Inc. offers corresponding guarantees for data transferred to the USA. You can get more detailed information from the official Privacy Shield website, www.privacyshield.gov.
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
The payment processors we work with are:
- Apple Store In-App Payments
- Google Play In-App Payments
- PayPal / Braintree
Use of Keymitt app
A user can make use of the Keymitt-developed apps for using the door lock.
The following personal data can be collected and subsequently processed in the course of registering and then using Keymitt:
- Telephone number
- Email address
- Product, service and contract data
- The user’s Internet service provider
- Date and time of access
- Websites from which the user’s system has accessed our website
- Websites the user’s system has accessed via our website
- Operating systems of user devices
- Age, sex, languages, interests, country of residence
- Data for fulfilment of legal and regulatory requirements
Inclusion of third-party services and content
We include third-party content and services in our online provision on the basis of our justified interests (i.e. interests in the analysis, optimisation and commercial operation of our online provision in accordance with Art. 6 Para. 1 lit. f GDPR), in order to include their content and services, such as maps and fonts (hereafter summarised as “content”). This always requires that the third-party-providers of this content have access to the users’ IP addresses, because without the IP addresses they would not be able to send the content to the users’ browsers. So the IP address is necessary in order to display this content. We take care only to use content whose corresponding providers use the IP address solely for the delivery of content. Furthermore, third-party providers can use so-called pixel-tags (invisible graphics, also called “web beacons”) for statistical marketing purposes. “Pixel-tags” can be used to collect information such as visitor traffic to the pages of a particular website. Such pseudonymous information can also be stored in cookies on users’ devices, containing technical information such as browser and operating system, referring websites, time of visit and other data about use of our online provision, which are also linked to such information from other sources.
The following description offers an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information about the processing of data and possibilities to object (so-called “opt-out”) mentioned to some extent already:
- In the event that our customers make use of third-party payment services (e.g. Sofort, Paypal, etc.), the terms and conditions and data protection notices of the relevant third-party providers apply, these being available on the corresponding websites and/or payment applications.
Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
- By email: firstname.lastname@example.org