(Effective as of: 30 June 2021)
The company that provides you with access rights to premises, a home, building or other similar location through the mobile access application (“mobile access app”) is the data controller responsible for processing your personal data in connection with the use of the mobile access app. The data controller may be your employer, account owner or manager, property manager, administrator, or another company or an individual (a “company”). When that company is dormakaba then the data controller is:
dormakaba Switzerland Ltd.
CH-8620 Wetzikon ("we").
As dormakaba’s data protection representative in the Union within the meaning of Art. 27 GDPR we have designated dormakaba Deutschland GmbH, DORMA Platz 1, 58256 Ennepetal, ("representative").
dormakaba’s data protection officer at firstname.lastname@example.org or at the above postal address of our representative, with the addition of "the data protection officer".
1. Data collected, processing purposes and legal bases
When the mobile access app is downloaded from the app store, the information required for the transaction is transferred to the app store, i.e. in particular the username, e‑mail address and customer number for your account, the time of the download, payment information and the individual device code. We have no influence over these data collections, nor are we responsible for them. We only process this data if it is necessary for downloading the mobile access app to your mobile device.
We need and process your telephone number in order to be able to provide the virtual key service offered (Art. 6 para. 1 sentence 1 lit. b GDPR).
We also process the data you provide in the mobile access app (telephone number) on the basis of Art. 6 para. 1 lit. b) GDPR to send requested information or respond to queries raised. In the event that we contact you to carry out satisfaction surveys or to improve our services, the legal basis will be the legitimate interest (Art. 6 para. 1 lit. F)
In the mobile access app, you have the option of recording communication data between the smartphone and the door components for support purposes. This function is optional and must be activated by the user. dormakaba cannot access this data unless it is shared by the user with dormakaba.
The mobile access app is loaded onto your mobile device and can be used - with limited functionality - without access to the Internet. Apart from the data described in sections 1.2 and 1.3, no further personal data is collected during its use.
If you contact us by email, your email address, including the information provided by you, will be stored by us for the purposes of processing the request and in case of follow-up questions.
The data transmitted by you by email is processed on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You may withdraw this consent at any time. An informal notification to us by email suffices for such purposes.
If the aim of the contact request is to clarify problems with the mobile access app or to provide other services as part of the customer service provided by us, the legal basis for the processing of your personal data is the performance of our contractual obligation (Art. 6 para. 1 sentence 1 lit. b GDPR).
2. Use of analysis tools
With your consent, the mobile access app uses the analysis tools Google Analytics for Firebase and Firebase Crashlytics (collectively “Google Analysis Tools”) from Google Ireland Ltd., as described in more detail below, to analyze user behavior and to report on the stability and improvement of the mobile access app.
Such tools are used on the basis of your consent (Art. 6 para. 1 lit. a GDPR): When you start the mobile access app for the first time, you can decide whether you do or do not wish to consent to the use of one or both Google analysis tools. After starting for the first time, you can withdraw your consent(s), where given, at any time by disabling the corresponding Google analysis tool in the settings of the mobile access app. The Google analysis tools can also be (re-)enabled at any time in these settings.
The information generated with the aid of the Google analysis tools is transmitted to a server operated by Google in Ireland and stored there. In individual cases, personal data may also be transmitted to Google LLC in the USA, and we have no influence over this.
More information about both Google Analytics tools may be found at:
Enabling Google Analytics for Firebase permits data about the user of the mobile access App to be collected for the purposes of analysis.
Through Google Analytics for Firebase, Google collects data on the device (in particular the Mobile Advertising Identifier), IP addresses and app activities on our behalf to evaluate the use of the mobile access app, to compile reports on the activities performed within the mobile access app and to permit it to offer us other services related to the use of the mobile access app.
Google Analytics for Firebase automatically uses IP anonymization. This means that the IP address of Google users within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area are abbreviated. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and abbreviated there.
In addition to disabling Google Analytics for Firebase in the settings of the mobile access app, you may limit the use of the above-mentioned Google Play Services Advertising ID (Android) or IDFA (iOS) in the device settings of your mobile device:
For Android: Settings> Google> Ads> Disable personalized advertising
For iOS: Settings> Privacy> Advertising> Limit Ad Tracking
You can find more information on data protection, in particular on the personal data involved in specific cases, at:
The personal data will be deleted after 14 months.
We use the Google analysis tool Firebase Crashlytics to receive error reports following any crash of the mobile access app and to measure and improve the performance of the app. If the mobile access app crashes, information about the crash, such as device type, operating system version and some technical data, is sent to Google via the mobile device, which enables us to diagnose and solve problems (so-called crash reports). The data is stored anonymously.
More information about Firebase Crashlytics can be found at:
The personal data will be deleted after 90 days.
3. Data transfers outside the EEA
If we transfer your personal data to countries outside the European Economic Area (EEA) that do not have an adequate level of data protection, we will implement appropriate guarantees to protect your personal data. More specifically, we conclude data protection agreements based on those issued by the European Commission (e.g. standard data protection clauses (2010/87/EU, 2001/497/EC or 2004/915/EC)) with the recipients, or take other statutorily prescribed measures. A transfer of data to the USA cannot be completely prevented. A copy of the documentation on the measures taken by us is available from us on request.
4. Storage duration and deletion
5. Your rights
As a data subject, you have the following rights vis-à-vis us or our representative regarding your personal data by sending an email to email@example.com:
You may at any time withdraw any consent once given by you to the processing by us of your personal data. As a result, we may in future no longer process your personal data on the basis of your consent. The withdrawal will not affect the lawfulness of any processing done on the basis of the consent up until the said withdrawal.
You can request information about your personal data as processed by us. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected directly from you, and the existence of automated decision-making including profiling and, if necessary, meaningful information on the details of the same.
You can request the immediate rectification of inaccurate personal data or the completion of your personal data as stored by us and you also have the right, taking into consideration the purposes of the processing, to request the completion of incomplete personal data - including by means of an additional declaration.
You can request the erasure of your personal data as stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims, whereby the right to erasure may be limited by national law.
You can request the restriction of the processing of your personal data insofar as you contest the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, but it is required by you for the establishment, exercise or defense of legal claims, or you have objected to the processing.
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit that data to another controller ("Right to data portability").
You can complain to a supervisory authority. As a rule, you may for such purposes contact the supervisory authority at your usual place of residence, your place of work or the headquarters of our representative.
If your personal data is processed on the basis of legitimate interests, you also have the right to object to the processing of your personal data, provided there are grounds for this arising from your particular situation.If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling insofar as it is related to such direct marketing.
Previous version date: April 2019