Privacy Policy

(effective since June 30, 2021)

The company who provides you with the right to use and access the services through the dormakaba evolo smart application (“evolo smart app”) is the data controller responsible for processing your personal data in connection with your use of the evolo smart app. The data controller may be your employer, account owner or manager, property manager, administrator, or another company or an individual (a “company”). When that company is dormakaba then the data controller is:

dormakaba Switzerland Ltd.

Mühlebühlstrasse 23

CH-8620 Wetzikon ("we").

When that company is not dormakaba Switzerland Ltd., then, in this case, you should contact the human resources manager or administrator of that company to obtain additional and detailed information on its privacy policy.

As dormakaba’s data protection representative in the Union within the meaning of Art. 27 GDPR we have designated dormakaba Deutschland GmbH, DORMA Platz 1, 58256 Ennepetal, ("representative").

dormakaba’s data protection officer at data.protection@dormakaba.com or at the above postal address of our representative, with the addition of "the data protection officer".

The following privacy policy gives you an overview of what types of personal data we collect from you in connection with the use of the evolo smart app, for what purposes this data is processed and what rights you have in relation to the processing of your data. All data processing is done on the basis of the GDPR.

1. Data collected, processing purposes and legal bases

1.1

When the evolo smart app is downloaded from the app store, the information required for the transaction is transferred to the app store, i.e. in particular the username, e mail address and customer number for your account, the time of the download, payment information and the individual device code. We have no influence over these data collections, nor are we responsible for them. We only process this data if it is necessary for downloading the evolo smart app to your mobile device.

1.2

When using the evolo smart app, you have to register using your email address. You will then receive a confirmation code via this number. By registering in the app, you consent to the processing of your personal data by the respective provider in accordance with their terms of use and privacy policy (Art. 6 para. 1 sentence 1 lit. a GDPR).

1.3

We need and process your email address in order to be able to provide the door, virtual key and user management services offered (Art. 6 para. 1 sentence 1 lit. b GDPR).

We also process the data you provide in the evolo smart app (telephone number) on the basis of Art. 6 para. 1 lit. b) GDPR to send requested information or respond to queries raised. In the event that we contact you to carry out satisfaction surveys or to improve our services, the legal basis will be the legitimate interest (Art. 6 para. 1 lit. F)

In the evolo smart app, you have the option of recording communication (traceback) data between the smartphone and the door components for support purposes and this data is stored locally in the app on your mobile device. This function is optional and must be activated by the user. dormakaba cannot access this data unless it is shared by the user with dormakaba.

1.4

The evolo smart app is loaded onto your mobile device and can be used - with limited functionality - without access to the Internet. Apart from the data described in sections 1.2 and 1.3, no further personal data is collected during its use.

1.5

If you contact us by email, your email address, including the information provided by you, will be stored by us for the purposes of processing the request and in case of follow-up questions.

The data transmitted by you by email is processed on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You may withdraw this consent at any time. An informal notification to us by email suffices for such purposes.

If the aim of the contact request is to clarify problems with the evolo smart app or to provide other services as part of the customer service provided by us, the legal basis for the processing of your personal data is the performance of our contractual obligation (Art. 6 para. 1 sentence 1 lit. b GDPR).

2. Use of analysis tools

With your consent, the evolo smart app uses the analysis tools Google Analytics for Firebase and Firebase Crashlytics (collectively “Google Analysis Tools”) from Google Ireland Ltd., as described in more detail below, to analyze user behavior and to report on the stability and improvement of the evolo smart app.

Such tools are used on the basis of your consent (Art. 6 para. 1 lit. a GDPR): When you start the evolo smart app for the first time, you can decide whether you do or do not wish to consent to the use of one or both Google analysis tools. After starting for the first time, you can withdraw your consent(s), where given, at any time by disabling the corresponding Google analysis tool in the settings of the evolo smart app. The Google analysis tools can also be enabled or re-enabled at any time in these settings.

The information generated with the aid of the Google analysis tools is transmitted to a server operated by Google in Ireland and stored there. In individual cases, personal data may also be transmitted to Google LLC in the USA, and we have no influence over this.

More information about both Google Analytics tools may be found at:

https://firebase.google.com/support/privacy/ as well as in Google’s privacy policy.

2.1

Enabling Google Analytics for Firebase permits data about the user of the evolo smart App to be collected for the purposes of analysis.

Through Google Analytics for Firebase, Google collects data on the device (in particular the Mobile Advertising Identifier), IP addresses and app activities on our behalf to evaluate the use of the evolo smart app, to compile reports on the activities performed within the evolo smart app and to permit it to offer us other services related to the use of the evolo smart app.

Google Analytics for Firebase automatically uses IP anonymization. This means that the IP address of Google users within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area are abbreviated. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and abbreviated there.

In addition to disabling Google Analytics for Firebase in the settings of the evolo smart app, you may limit the use of the above-mentioned Google Play Services Advertising ID (Android) or IDFA (iOS) in the device settings of your mobile device:

For Android: Settings> Google> Ads> Disable personalized advertising

For iOS: Settings> Privacy> Advertising> Limit Ad Tracking

You can find more information on data protection, in particular on the personal data involved in specific cases, at:

https://support.google.com/firebase/answer/6318039 .

The personal data will be deleted after 14 months.

2.2

We use the Google analysis tool Firebase Crashlytics to receive error reports following any crash of the evolo smart app and to measure and improve the performance of the app. If the evolo smart app crashes, information about the crash, such as device type, operating system version and some technical data, is sent to Google via the mobile device, which enables us to diagnose and solve problems (so-called crash reports). The data is stored anonymously.

More information about Firebase Crashlytics can be found at: https://firebase.google.com/docs/crashlytics.
The personal data will be deleted after 90 days.

3. Data transfers outside the EEA

If we transfer your personal data to countries outside the European Economic Area (EEA) that do not have an adequate level of data protection, we will implement appropriate guarantees to protect your personal data. More specifically, we conclude data protection agreements based on those issued by the European Commission (e.g. standard data protection clauses (2010/87/EU, 2001/497/EC or 2004/915/EC)) with the recipients, or take other statutorily prescribed measures. A transfer of data to the USA cannot be completely prevented. A copy of the documentation on the measures taken by us is available from us on request.

4. Storage duration and deletion

We store your personal data in accordance with the applicable data protection laws if and for as long as this is required for the processing purposes referred to in this privacy policy. We then delete your personal data in accordance with our data retention and deletion policies or take measures to properly anonymize the data. An exception to this is where we are legally obliged to keep your personal data longer (e.g. for tax, accounting and auditing purposes). The data transmitted by you by email is kept by us until the purpose for the data storage ceases to apply (e.g. once your request has been processed).

5. Your rights

As a data subject, you have the following rights vis-à-vis us or our representative regarding your personal data by sending an email to data.protection@dormakaba.com

5.1

You may at any time withdraw any consent once given by you to the processing by us of your personal data. As a result, we may in future no longer process your personal data on the basis of your consent. The withdrawal will not affect the lawfulness of any processing done on the basis of the consent up until the said withdrawal.

5.2

You can request information about your personal data as processed by us. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected directly from you, and the existence of automated decision-making including profiling and, if necessary, meaningful information on the details of the same.

5.3

You can request the immediate rectification of inaccurate personal data or the completion of your personal data as stored by us and you also have the right, taking into consideration the purposes of the processing, to request the completion of incomplete personal data - including by means of an additional declaration.

5.4

You can request the erasure of your personal data as stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims, whereby the right to erasure may be limited by national law.

5.5

You can request the restriction of the processing of your personal data insofar as you contest the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, but it is required by you for the establishment, exercise or defense of legal claims, or you have objected to the processing.

5.6

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit that data to another controller ("Right to data portability").

5.7

You can complain to a supervisory authority. As a rule, you may for such purposes contact the supervisory authority at your usual place of residence, your place of work or the headquarters of our representative.

5.8

If your personal data is processed on the basis of legitimate interests, you also have the right to object to the processing of your personal data, provided there are grounds for this arising from your particular situation.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling insofar as it is related to such direct marketing.