Help Go to Shop Go to Shop

Privacy

Our Privacy Policy

This Privacy Policy describes the collection, use, disclosure, storage and protection of your personal data by Nuki Home Solutions GmbH. Appropriate data security measures are taken to ensure the security of the processed data and to ensure that it is processed properly and not made accessible to unauthorized persons. During processing, we comply with the provisions of the Austrian Data Protection Act (DSG), the EU General Data Protection Regulation (GDPR) and the Telecommunications Act 2003 (TKG 2003).

Below, you will find explanations of how we use your personal data.

The most important terms in data protection, quickly explained

Our Privacy Policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our Privacy Policy aims at being easy to read, and simple to understand for everyone. To make sure that this is the case, we will briefly explain the most important terms in advance.

  1. Personal data
    Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, especially by reference to an identifier such as a name. In short: Personal data is information that can be linked to a natural person.
  2. Data subject
    A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
  3. Processing
    Processing refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making it available in any other way, alignment or combination, restriction, erasure or the destruction of data.
  4. Controller
    The controller, for the processing of personal data, is the natural or legal person, public authority, agency or other body who, or which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  5. Processor
    The processor is a natural or legal person, public authority, agency or other body who, or which processes personal data on behalf of the controller;
  6. Recipient
    is a natural or legal person, public authority, agency or another body, to whom, or which the personal data are disclosed, whether a third party or not.
  7. Consent
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by giving a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Who we are: Our name and address as the controller

The controller within the meaning of the General Data Protection Regulation (Article 4(7) GDPR) is:

Nuki Home Solutions GmbH

Münzgrabenstraße 92/4, 8010 Graz

Tel.: +43 316 22 84 09

Email: contact@nuki.io

Website: nuki.io

Should you have any questions about data protection, you can also contact our data protection officer:

Tel.: +43 316 22 84 09

Email: privacy@nuki.io

Which personal data do we process about you?

First of all: In many cases, processing is based on a legal obligation or is necessary in order to fulfill a contract or it takes place as part of pre-contractual measures. In addition, your personal data is often processed on the basis of a declaration of consent.

Depending on whether you visit our website, subscribe to our newsletter, register as a customer in our Nuki App or web services, are our supplier or business partner, or apply for a job with us, we process your data in different ways.

When does the processing of your data require your consent?

Some of our services require your consent. If consent is required for processing, you will be asked to provide this actively and voluntarily.

How can you revoke your consent?

Once you have given us your consent to process your personal data for specific purposes, processing will be based on this consent in accordance with the purposes and to the extent agreed in the Declaration of Consent.

Any consent given can be revoked at any time with effect for the future. This can be done in writing or by email to contact@nuki.io. This does not affect the legality of the data processing carried out up to this point in time.

Your data protection rights

You have the right of access to personal data concerning you, the right to rectify inaccurate data, the right to restrict processing, the right to erase unlawfully processed data and the right to data portability.

Furthermore, the GDPR also provides for a right to object to the processing of personal data if this processing is carried out to protect our overriding legitimate interests. If you have consented to the processing of your data, you can revoke this consent at any time. Please note that rights under the GDPR may be subject to other legal restrictions if the exercise of rights under the GDPR would impair the fulfillment of legal obligations.

How can you exercise your rights under the GDPR?

To assert your rights under the General Data Protection Regulation, please contact us as follows:

  • by email to privacy@nuki.io

Please attach adequate proof to clearly identify your person or provide us with relevant information that enables us to identify you.

In order to process your request as efficiently and quickly as possible, please state in your request the factual context in which you suspect that your personal data are being used.

Information on the right to lodge a complaint with the data protection authority

If, contrary to expectations, you are of the opinion that the processing of your data violates data protection law or your data protection claims have been violated in any way, you can file a complaint with the Austrian Data Protection Authority.

You can find the current contact information on the Austrian Data Protection Authority here:

Contact data protection authority (dsb.gv.at)

Data security

At Nuki, we take appropriate technical and organizational measures in accordance with Article 32 GDPR in order to protect your data. In doing so, we take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the likelihood and severity of potential risks to the rights and freedoms of natural persons.

Among other things, the following measures are taken to protect your data and to secure it against loss, destruction, access, modification and dissemination by unauthorized persons:

  • Pseudonymization and encryption of personal data;
  • Ensuring the confidentiality, integrity, availability and resilience of systems and services in connection with processing;
  • Ensuring rapid recovery of the availability of personal data in the event of a physical or technical incident;
  • Implementing procedures to regularly review, assess and evaluate the effectiveness of the technical and organizational measures that are taken to ensure the security of the processing.

Please also note that you should treat your access data for our services such as the Nuki App or the Nuki webshop as confidential and you should protect your computer against unauthorized access.

To give you a better overview, we have itemized our processing operations as follows:

Processing when you visit our website or store

When you visit our website, we store the access data in so-called web server log files. The following data is collected about you:

  • Date and time of access
  • Directory protection user
  • Protocols
  • Referrer
  • Website that was accessed
  • Amount of data that was transferred
  • Status code
  • User agent
  • Requested host name
  • IP address

Purpose of the processing

The processing of this data is necessary for technical reasons. In addition, access to our website is statistically evaluated. This is done to further improve the website and make it more user-friendly, to find and rectify errors more quickly and to manage server capacities. We will only use this data in a personal form for the purpose of legal prosecution if there is a specific indication that our website has been used illegally.

In the Nuki Shop, we process the personal data that you have made available in order to process your purchases. Your data is also required in this context, especially for payment processing and the delivery of the ordered product(s).

Legal basis

The legal basis for the processing of access data (web server log files) is the legitimate interest (online service offering and data security) in accordance with Article 6(1)(f) GDPR. In the Nuki Shop, we also refer to Article 6(1)(b) GDPR (necessary for the performance of the contract / for pre-contractual measures), Article 6(1)(c) GDPR (necessary for compliance with legal obligations), Section 132 BAO (Federal Fiscal Code) (necessary for compliance with legal obligations), Section 190 UGB (Austrian Commercial Code) (necessary for compliance with legal obligations) as well as Section 212 UGB (necessary for compliance with legal obligations).

Storage period

The user name and IP address are stored for a period of maximum 14 days. Error logs, which record incorrect page views, are erased after a maximum of 14 days. In addition to the error messages, these also contain the IP address making the access and, depending on the error, the website that is accessed.

Your personal data will be safeguarded for the duration of the entire business relationship (from the initiation and execution to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. Among others, these periods result from the GDPR (immediately after revocation), GDPR (3 years), BAO (7 years) and UGB (7 years). In addition, the statutory limitation periods must be taken into account for the storage period. In certain cases, these can be up to 30 years in accordance with the Austrian General Civil Code (ABGB) (the general limitation period is 3 years).

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by means of transmission, dissemination or any other form of provision. In the event of a cyberattack, the information is also made available to the law enforcement authorities.

Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information

Cookies and tracking tools on our website

We use various cookies and similar technologies (hereinafter collectively referred to as "cookies") to improve the user-friendliness of our website and our online services. These cookies include those which are strictly necessary, performance cookies – which are used for analysis and statistical purposes – and cookies for marketing purposes – such as personalization and advertising. These enable you to make the best possible use of our website and online services and help us to optimize our online presence and advertising.

Cookies which are strictly necessary or functional are always stored. All other cookies are only stored after you have given your consent.

These cookies are sometimes used by us and third-party providers to process personal data. These third-party providers include Google LLC and YouTube LLC, which are based in the USA and in other third countries and process data there. The USA has not been certified by the European Court of Justice as having an adequate level of data protection. In particular, there is a risk that your data may be subject to access by US authorities for control and monitoring purposes and that no effective legal remedies are available against this.

By clicking on "Accept all cookies", you agree that we may use the technologies mentioned to the full extent and may also transfer your data to third party providers in third countries (including in the USA). Under "Cookie preferences" you will receive further information and can also edit your cookie settings and decide whether and which cookies you wish to accept (with the exception of functional cookies required for correct display and security, which cannot be deselected). This allows you to decide whether or not you wish to give your consent to the transfer of data to a third country (including the USA). Please note that you may not be able to use all the functions of our website and our online services as a result of the settings you have made yourself.

You can withdraw your consent at any time with effect for the future. You can deselect the use of cookies (statistics, tracking, marketing) via "Cookie preferences".

List of strictly necessary cookies:

Cookie

Domain

Category

phpbb3_bc7eb_k

forums.raspberrypi.com

Strictly Necessary Cookies

phpbb3_bc7eb_sid

forums.raspberrypi.com

Strictly Necessary Cookies

phpbb3_bc7eb_u

forums.raspberrypi.com

Strictly Necessary Cookies

PHPSESSID

shop.nuki.io

Strictly Necessary Cookies

PHPSESSID

nuki.io

Strictly Necessary Cookies

PHPSESSID

nuki.io

Strictly Necessary Cookies

PHPSESSID

shop.nuki.io

Strictly Necessary Cookies

woocommerce_cart_hash

shop.nuki.io

Strictly Necessary Cookies

woocommerce_items_in_cart

shop.nuki.io

Strictly Necessary Cookies

woocommerce_number_of_items_in_cart

shop.nuki.io

Strictly Necessary Cookies

wordpress_test_cookie

pro.nuki.io

Strictly Necessary Cookies

wp_woocommerce_session_2643afe675a068265e56ad999e651b21

shop.nuki.io

Strictly Necessary Cookies

wp-wpml_current_language

shop.nuki.io

Strictly Necessary Cookies

wp-wpml_current_language

pro.nuki.io

Strictly Necessary Cookies

_6e0a5

pro.nuki.io

Strictly Necessary Cookies

_d32c4

nuki.io

Strictly Necessary Cookies

_ff881

shop.nuki.io

Strictly Necessary Cookies

List of functional cookies

Cookie

Domain

Category

__cf_bm

action.com

Functional cookies

__cf_bm

raspberrypi.com

Functional cookies

__cf_bm

digitalocean.com

Functional cookies

__cf_bm

thingiverse.com

Functional cookies

__cfruid

support.nuki.io

Functional cookies

__cfruid

nuki.zendesk.com

Functional cookies

__Host-nc_sameSiteCookielax

files.nuki.io

Functional cookies

__Host-nc_sameSiteCookiestrict

files.nuki.io

Functional cookies

__zlcid

static.zdassets.com

Functional cookies

__zlcmid

nuki.io

Functional cookies

__zlcstore

nuki.io

Functional cookies

_cfuvid

thingiverse.com

Functional cookies

_cfuvid

action.com

Functional cookies

_help_center_session

support.nuki.io

Functional cookies

_pin_unauth

shop.nuki.io

Functional cookies

_pin_unauth

nuki.io

Functional cookies

_pin_unauth

support.nuki.io

Functional cookies

actual_source

nuki.io

Functional cookies

AWSALB

widget-mediator.zopim.com

Functional cookies

AWSALBCORS

widget-mediator.zopim.com

Functional cookies

cf_clearance

support.nuki.io

Functional cookies

csrftoken

domaintools.com

Functional cookies

d_id

docplayer.org

Functional cookies

destination_url

developer.nuki.io

Functional cookies

dtsession

domaintools.com

Functional cookies

first_source

nuki.io

Functional cookies

first_source

shop.nuki.io

Functional cookies

first_source

shop.nuki.io

Functional cookies

first_source

nuki.io

Functional cookies

oc_sessionPassphrase

files.nuki.io

Functional cookies

oc3alltnkl7f

files.nuki.io

Functional cookies

ttconv

shop.nuki.io

Functional cookies

List of performance cookies

Cookie

Domain

Category

__utma

shop.nuki.io

Performance cookies

__utmb

shop.nuki.io

Performance cookies

__utmc

shop.nuki.io

Performance cookies

__utmt

shop.nuki.io

Performance cookies

__utmz

shop.nuki.io

Performance cookies

_ga

nuki.io

Performance cookies

_ga_xxxxxxxxxx

nuki.io

Performance cookies

_gat

nuki.io

Performance cookies

_gclxxxx

nuki.io

Performance cookies

_gid

nuki.io

Performance cookies

country

docplayer.org

Performance cookies

route

www.bedienungsanleitu.ng

Performance cookies

sbjs_current

pro.nuki.io

Performance cookies

sbjs_current_add

pro.nuki.io

Performance cookies

sbjs_first

pro.nuki.io

Performance cookies

sbjs_first_add

pro.nuki.io

Performance cookies

sbjs_migrations

pro.nuki.io

Performance cookies

sbjs_session

pro.nuki.io

Performance cookies

sbjs_udata

pro.nuki.io

Performance cookies

uid

docplayer.org

Performance cookies

zte2095

nuki.io

Performance cookies

List of marketing cookies

Cookie

Domain

Category

__exponea_etc__

nuki.io

Marketing cookies

__exponea_time2__

nuki.io

Marketing cookies

_fbp

nuki.io

Marketing cookies

_gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxxx

nuki.io

Marketing cookies

_gat_UA-XXXXXX-X

nuki.io

Marketing cookies

_pinterest_ct_ua

ct.pinterest.com

Marketing cookies

_tt_enable_cookie

nuki.io

Marketing cookies

_ttp

nuki.io

Marketing cookies

_ttp

tiktok.com

Marketing cookies

_utmv#########

shop.nuki.io

Marketing cookies

21162_lantern

roeye.com

Marketing cookies

8lcfmzhxc8d6_uid

redintelligence.net

Marketing cookies

AnalyticsSyncHistory

linkedin.com

Marketing cookies

ar_debug

pinterest.com

Marketing cookies

bcookie

linkedin.com

Marketing cookies

bscookie

www.linkedin.com

Marketing cookies

cf_chl_3

support.nuki.io

Marketing cookies

dicbo_id

nuki.io

Marketing cookies

dicbo_id

shop.nuki.io

Marketing cookies

dicbo_id

support.nuki.io

Marketing cookies

fr

www.facebook.com

Marketing cookies

IDE

doubleclick.net

Marketing cookies

lantern

nuki.io

Marketing cookies

li_gc

linkedin.com

Marketing cookies

li_sugr

linkedin.com

Marketing cookies

lidc

linkedin.com

Marketing cookies

muc_ads

t.co

Marketing cookies

outbrain_cid_fetch

nuki.io

Marketing cookies

outbrain_cid_fetch

shop.nuki.io

Marketing cookies

outbrain_cid_fetch

support.nuki.io

Marketing cookies

outbrain_cid_fetch

tr.outbrain.com

Marketing cookies

personalization_id

twitter.com

Marketing cookies

test_cookie

doubleclick.net

Marketing cookies

TESTCOOKIESENABLED

www.youtube.com

Marketing cookies

UserMatchHistory

linkedin.com

Marketing cookies

VISITOR_INFO1_LIVE

youtube.com

Marketing cookies

VISITOR_PRIVACY_METADATA

youtube.com

Marketing cookies

xnpe_55106924-27b5-11ed-8cb5-f6b7bda25bda

api.eu1.exponea.com

Marketing cookies

YSC

youtube.com

Marketing cookies

Data processing when using our Customer Support

When you contact our Customer Support, the following personal data about you will be processed by us:

  • Name
  • Email address
  • Country of origin and language
  • Address
  • Product, service and contract data
  • Phone number
  • Device-ID
  • Smartphone model and operating system

Purpose of the processing

When you use our Customer Support, the personal data you provide is required by us to fulfill the contract or to carry out pre-contractual measures so that we can answer your request in the best possible way and forward it to our employees and the relevant organizational units.

Legal basis

The legal basis for the processing of access data and your personal data by Customer Support is the legitimate interest of Nuki pursuant to Article 6(1) f GDPR.

In addition, the processing of your personal data is also based on Article 6(1)(c) GDPR (necessary for compliance with legal obligations). As a result, the personal data you provide is required to fulfill the contract or to carry out pre-contractual measures.

Storage period

Your personal data will be safeguarded for the duration of the entire business relationship (from the initiation and execution to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. These are derived from the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO), among others. In addition, the statutory limitation periods must be taken into account for the storage period. These can be up to 30 years in certain cases according to the Austrian General Civil Code (ABGB) (the general limitation period is 3 years).

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by means of transmission, dissemination or any other form of provision. In the event of a cyberattack, the information is also made available to the law enforcement authorities.

Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information

Processing when you use the Nuki App

You can set up, operate and manage all your Nuki products using the Nuki App. As the user of the Nuki App, you can easily lock and unlock the electronic door lock from your smartphone or smartwatch and do so from the comfort of your wrist. You can assign access authorizations and use the log to keep track of who has locked and unlocked the door.

The following data is processed within the Nuki App:

  • Device data and settings of your Nuki devices
  • Access authorizations of your Nuki devices
  • Location data of Smart Lock and end user (optional)
  • Security PIN of the end devices (optional)
  • Warnings and information concerning Nuki products
  • Connection data to other Nuki applications such as Nuki Web and Wearables (optional)
  • Access logs pertaining to your Nuki devices
  • Error logs and crash reports

For customer support purposes, the App also collects, processes and transmits historical data from Nuki devices (activity logs, battery data and network data).

As part of the Nuki beta program, the App also optionally collects App analysis data and usage data relevant to current product development. This is subject to consent.

Purpose of the processing

The personal data you provide will be processed in order to provide you with the full functionality and performance of the Nuki applications that are available to you. In the event of an error, the data you provide will be used for the purpose of error analysis and product improvement.

Legal basis

We process your personal data within the scope of the use of the Nuki App and this is based on its necessity for the fulfillment of the contract pursuant to Article 6(1)(b) GDPR and legitimate interests (Article 6(1)(f) GDPR).

Storage period

The data collected in the App is stored for the duration of your use of the application and is automatically deleted when you delete the App. Specific data points such as access authorizations and activity logs are only stored for as long as it is necessary for use by the users.

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by transmission, dissemination or other form of provision. In the event of a cyberattack, the information is also made available to the law enforcement authorities.

Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information

Processing in connection with online marketing

We process the data of interested parties and/or users or customers with respect to our performance as well as customer retention and customer acquisition services.

Purpose of the processing

We want to use marketing activities to attract new customers as well as potential for what we have to offer, win back former customers and build long-term customer relationships by maintaining and further improving customer satisfaction. In addition, we want to address our existing and prospective customers in a needs-based, interest-oriented, targeted manner. To do this, we want to get to know and understand our customers in the best possible way.

This is why we infer certain interests or needs from the usage behavior of our customers with regard to our products and we take all this into account in our marketing activities.

Legal basis

The processing of your personal data is based on the legitimate interest in carrying out direct advertising (Article 6(1)(f) GDPR or Recital 47 GDPR, last sentence). In addition, we only process the personal data from your activities relating to our offers, especially data that also identifies you by name as a user, together with your online usage behavior, whether you have given us your consent to do so and whether you have previously consented to the cookies. You can revoke your voluntary consent to the use of cookies at any time without having to give reasons.

Storage period

You can find detailed information concerning the storage periods in the detailed description of the tools we use.

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by means of transmission, dissemination or any other form of provision. Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

In the event of a cyberattack, the information is also made available to the law enforcement authorities.

List of third-party providers (tools) used and detailed data protection information

Processing in connection with our Nuki Club

As a user of Nuki Smart Locks or Nuki Openers, you can also register as a member of the Nuki Club. Free registration is possible when you buy products in the Nuki online store, once the order process has been completed. Registration is also possible using the Nuki App. This can be done either during the installation process or following completion by way of the sidebar menu in the Nuki iOS or Android App.

Purpose of the processing

The information you provided when registering with Nuki Club will be used for the purposes of user verification, user profile management, customer management and the creation, management and updating of data within the Nuki Club. In order to continuously improve the quality of our service and our products, we also process your data within the context of surveys that we send to you with a request that you respond.

Legal basis

We process your personal data within the framework of the Nuki Club and this is based on its necessity for the fulfillment of the contract pursuant to Article 6(1)(b) GDPR and legitimate interests (Article 6(1)(f) GDPR).

Storage period

The data processed for the purposes of user verification and user profile management will, at most, be stored for the duration of an active business relationship with us and registration with Nuki Club. The data processed for the purposes of creating, managing and updating master data from the existing registration will generally be stored for the duration of the existing business relationship. After termination of the business relationship or registration, only the data that is absolutely necessary due to the applicable legal provisions or retention obligations (UGB, ABGB, etc.) will be stored for the duration of the legally permissible period.

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by means of transmission, dissemination or any other form of provision. In the event of a cyberattack, the information is also made available to the law enforcement authorities.

Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information

Processing in connection with Nuki Web

You will have to register before you are able to use certain services on our website such as Nuki web. You will have to provide your name and an email address and then you will become a “registered user” with a user account.

Purpose of the processing

The information you provided when registering for the Nuki web will be used for the purposes of user verification, the management of the user profile as well as the creation, management and updating of data in Nuki web.

Legal basis

We process your personal data within the scope of the use of Nuki web and this is based on its necessity for the fulfillment of the contract pursuant to Article 6(1)(b) GDPR and legitimate interests (Article 6(1)(f) GDPR).

Storage period

The data processed for the purposes of user verification and user profile management will, at most, be stored for the duration of the registration with Nuki web. The data processed for the purposes of creating, managing and updating master data from the existing registration will generally be stored for the duration of the existing registration. After termination of the registration, only the data absolutely necessary due to the applicable legal provisions or retention obligations (UGB, ABGB, etc.) will be stored for the duration of the legally permissible period.

Any consent given can be revoked at any time with effect for the future. This can be done in writing or by email to contact@nuki.io. This does not affect the legality of the data processing carried out up to this point in time.

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by means of transmission, dissemination or any other form of provision. In the event of a cyberattack, the information is also made available to the law enforcement authorities.

Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information

Processing in connection with the Nuki Developer Forum

You will have to register before you are able to use the Nuki Developer Forum. You will have to provide your name and an email address and then you will become a “registered user” with a user account.

Purpose of the processing

The personal data collected in the course of using the Forum serves the purpose of providing and managing an online platform for the exchange of information, for discussions and for interaction between registered users.

Legal basis

The processing of personal data in the context of the use of the Forum is carried out on the basis of Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract to which the data subject has consented as a registered user of the Forum.

Storage period

Personal data that is collected in the course of using the Forum is stored for as long as it is required for the provision of the services of the Forum.

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by means of transmission, dissemination or any other form of provision. Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

In the event of a cyberattack, the information is also made available to the law enforcement authorities.

List of third-party providers (tools) used and detailed data protection information

Processing when you subscribe to our newsletter service

When you sign up for our newsletter, we process your email address, the selection of topics you wish to follow and your IP address.

Purpose of the processing

The personal data you provide when registering to receive the newsletter will be processed for the purposes of sending/communicating information about our products and current offers and evaluating the click behavior of email recipients in order to optimize the editorial content. This enables us to determine how the newsletters we send are opened and used (e.g. clicks on links in a newsletter) in order to record and measure the success of certain marketing measures.

This information is used to improve our website, our newsletter and related marketing measures. In particular, this is done to adapt offers and information on other websites to the interests and wishes of users.

Legal basis

Your data will be exclusively processed on the basis of your registration for the newsletter (consent pursuant to Article 6(1)(a) GDPR). If you no longer wish to receive newsletters, you can unsubscribe at any time. The revocation of consent does not affect the legality of the processing carried out prior to the revocation.

Storage period

The data processed for the aforementioned purposes will generally be stored until you revoke your consent to receive the newsletter. Beyond this, data that absolutely necessary due to the applicable statutory provisions or retention obligations will only be stored for the purpose of proving your consent or revocation.

Recipient

In order to achieve the purposes listed above, it may be necessary for us to disclose your data to certain recipients on a case-by-case basis. This disclosure may be by means of transmission, dissemination or any other form of provision. In the event of a cyberattack, the information is also made available to the law enforcement authorities.

Detailed information concerning the transmitted data, the recipients of the transmission and the purposes, legal bases and storage periods associated with the transmission can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information

Processing as part of our business relationship with you as a customer

As part of our business relationship, we process some of your personal data as a customer. This especially includes master and contact data (e.g. name, address, email, phone number) as well as the order data of invoiced recipients.

Within Nuki, your data will be given to those departments or employees who need it to fulfill contractual, legal and supervisory obligations and to protect legitimate interests.

Purpose of the processing

As part of our customer administration, your data is processed for the purpose of contract processing. The personal data you provide is required to fulfill the contract or to carry out pre-contractual measures.

Legal basis

The processing of your personal data by us in the context of our business relationship is based on Article 6(1)(b) GDPR ("necessary for the performance of the contract").

Storage period

Your personal data will be safeguarded for the duration of the entire business relationship (from the initiation and execution to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. These deadlines are derived from the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO), among others. In addition, the statutory limitation periods must be taken into account for the storage period. These can be up to 30 years in certain cases according to the Austrian General Civil Code (ABGB) (the general limitation period is 3 years).

Recipient

In order to achieve the purposes already mentioned, it may be necessary for your personal data to be disclosed to the recipients listed below. This disclosure may be by means of transmission, dissemination or any other form of provision.

  • IT service providers for the provision, maintenance and support of our IT system and for IT-related processing of the purpose of processing,
  • affiliated companies in the Group,
  • marketing partners (graphic designers, advertising agencies, printers, mail order companies, telephone marketing companies, newspaper publishers, social media services, online services) for the transmission of advertising, provided you have given your consent to this,
  • logistics companies to process your orders,
  • insurance companies or claim portals for insurance claims in order to process and settle claims and to process our insurance claims,
  • tax consultants and chartered accountants for the purpose and in the interest of supporting us in fulfilling our tax obligations (UGB, BAO etc.),
  • legal representatives, security authorities, competent courts or authorities for legal prosecution.

Detailed information concerning the transmitted data and the recipients, the associated purposes, the legal bases and storage periods can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information

Job Applications

https://nuki.io/en/service/privacy-policy-regarding-data-processing-in-the-application-process/

Overview of the Nuki recipients or processors

Adobe Typekit

Used in: Website, shop, customer support

Operated by

Adobe Systems Incorporated 345 Park Avenue, San Jose, California 95110-2704, USA

Adobe Systems Software Ireland Limited 4–6 Riverwalk, City West Business Campus, Saggart, Dublin 24, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.adobe.com/at/privacy/policies/typekit.html

Purpose of the processing

We use web fonts provided by Adobe for the correct and uniform display of fonts.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

When you access the page, the fonts are loaded into your browser cache. To do this, your browser must establish a connection to the Adobe servers, which gives Adobe information about your IP address.

Data subjects

Users of the website, shop, customer support

Storage period

Nuki does not store personal data. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

You can configure your browser so that the fonts are not loaded from the Adobe servers (e.g. by installing add-ons such as NoScript or Ghostery). If your browser does not support Adobe fonts or you prevent access to the Adobe servers, the text will be displayed in the default font of the system.

Adverity

Used in: Website, shop, customer support, online marketing

Operated by:

Adverity GmbH, Rathausstraße 1 / 2. OG, 1010 Vienna, Austria

Processing location

Austria, EU

Transfer to third countries

No

Privacy policy of the operators

https://www.adverity.com/de/datenschutzerklaerung

Purpose of the processing

We use Adverity’s data connectors to process anonymous data and store it in our internal databases for further anonymized analysis.

Legal basis

Data transferred

Data subjects

Users of the website, shop, customer support

Storage period

Note:

Only anonymized data is processed.

Apple Services

Used in: Nuki App (iOS & watchOS)

Operated by

Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA

Processing location

USA

Transfer to third countries

Yes

Privacy policy of the operators

https://www.apple.com/legal/privacy/en-ww/

Purpose of the processing

Provision of core functionalities: Location and map data for the Auto Unlock function, push notifications and essential Apple App Store functionalities.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

Location data, push messages, App ratings

Data subjects

Users of the Nuki App for iOS and watchOS

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Awin

Used in: Website, shop, customer support, online marketing

Operated by

AWIN AG, Landsberger Allee 104 BC, 10249 Berlin, Germany

Processing location

Germany, EU

Transfer to third countries

No

Privacy policy of the operators

https://www.awin.com/us/privacy

Purpose of the processing

We use the Awin affiliate platform to display advertising within the Awin network. If you visit our website via an advertising medium from the Awin network, Awin collects your data and stores it in a cookie.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

The following data is used by Awin: Identification number of the affiliate, order number of the website visitors and the advertising material clicked on as well as information about the end device and browser.

Data subjects

Users of the website, shop, customer support

Storage period

Awin stores the data until the processing purposes have been implemented and as long as it is required for accounting and reporting purposes. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Bloomreach Engagement

Used in: Website, shop, customer support, Nuki Club, Nuki Web, Nuki Developer Forum, newsletter, business and customer relations

Operated by

Bloomreach B.V, Fred. Roeskestraat 109, 1076 EE, Amsterdam, The Netherlands

Processing location

The Netherlands, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

Bloomreach Privacy Center

Purpose of the processing

We use the Bloomreach Engagement service (formerly Exponea) to evaluate and support online marketing measures, in particular to process newsletter mailings. Bloomreach enables us to assess how the newsletters we send out are opened and used (e.g. clicks on links in a newsletter). This allows us to record and measure the success of certain marketing measures. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchaser of a product on our website) has taken place after clicking on a link in the newsletter.

This list shows the purposes of data collection and processing:

● marketing purposes based on interest

● retargeting

● optimization of our website offering (onsite personalization)

● analysis of surfing behavior

● automation of marketing campaigns

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

The information is in the form of user profiles. Bloomreach Engagement processes data (e.g. the e-mail address) exclusively in accordance with our instructions and will not use data for its own purposes, will not sell it and will not pass it on to third parties.

Bloomreach Engagement make use of the following data about you: Email address, first and last name (optional), information regarding responses to newsletters, IP address, operating system and platform, information about website interactions (e.g. clicks), about your activities, browsing on websites, about visits including URL and information about what you have viewed on our site, information about purchased products and other information related to purchases, timestamps.

Data subjects

Users of the website, shop, customer support, Nuki Club, Nuki Web, Nuki Developer Forum, newsletter as well as our customers

Storage period

We will store your personal data for as long as it is necessary to send you our newsletter. We will delete your data immediately as soon as you unsubscribe from our newsletter or revoke your consent.

Note:

Cloudiax (Hosting)

Used in Website, shop, customer support, online marketing, Nuki Web, newsletter, business and customer relations

Operated by

Cloudiax AG, Kastanienallee 11, 23899 Gudow, Germany

Processing location

Germany, EU

Transfer to third countries

Yes (by the operator)

Privacy policy of the operators

https://www.cloudiax.com/privacy-policy/

Purpose of the processing

Cloudiax is a technical service provider for SAP Cloud Hosting, which provides the technical infrastructure that enables us to provide our services for the logistics and billing process.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

Personalized access data of our employees, order data and billing data in relation to our customers, shipping data in relation to our customers, contact data of suppliers

Data subjects

Customers, suppliers and employees

Storage period

For the duration of the entire business relationship and beyond in accordance with the statutory retention and documentation obligations.

Note:

No personal customer data is passed on to Cloudiax directly; Cloudiax only provides the SAP hosting.

Facebook Ads

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Meta Platforms Ireland Limited, 4 Grand Canal Harbour, Dublin 2, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.facebook.com/privacy/explanation/

Purpose of the processing

If our newsletter subscribers have registered with Facebook, we can place targeted advertisements on Facebook. This enables us to target advertising to people who have already expressed an interest in our products or our company.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

Your hashed email address and phone number

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

180 days per website visit and if you belong to a so-called Custom Audience (i.e. a specific target group). The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Your data is hashed and transmitted to Facebook in encrypted form. A method of encryption in accordance with SHA-256 is used for hashing. Facebook compares the hash values of our customer list with the hash values of our own usage data already stored. Facebook then checks the matching data to see if anyone has not yet added a like to our Facebook page and delivers our ads to these Facebook users.

Facebook Custom Audience

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Meta Platforms Ireland Limited, 4 Grand Canal Harbour, Dublin 2, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.facebook.com/privacy/explanation/

Purpose of the processing

If our newsletter subscribers have registered with Facebook, we can place targeted advertisements on Facebook. This enables us to target advertising to people who have already expressed an interest in our products or our company.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

Your hashed email address and phone number

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

180 days per website visit and if you belong to a so-called Custom Audience (i.e. a specific target group). The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Your data is hashed and transmitted to Facebook in encrypted form. A method of encryption in accordance with SHA-256 is used for hashing. Facebook compares the hash values of our customer list with the hash values of our own usage data already stored. Facebook then checks the matching data to see if anyone has not yet added a like to our Facebook page and delivers our ads to these Facebook users.

Google Ads

Used in Website, shop, customer support, Nuki App, online marketing, Nuki Club

Operated by

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://policies.google.com/privacy?hl=en

Purpose of the processing

We use Google Ads to evaluate advertisements that are displayed via Google Ads and to display suitable advertisements using Google Ads, including retargeting. Google Ads with Google Enhanced Conversions enables us to show you our advertisements in the Google search engine as well as on topic-relevant pages when you enter certain keywords.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

If you are redirected to our website via a Google Ads ad, a cookie will be stored on your computer. The cookie contains the information that you have reached our website via the Google Ads ad and how you use our website (for example, whether you have purchased the advertised product or one of the advertised products). In this context, information about your usage behavior – e.g. which offers you were interested in and whether you purchased them – is transmitted to Google and evaluated by Google. Should Google recognize you on other websites, Google may show you personalized advertising from us. In this context, we process your shortened IP address.

Data subjects

Users of the website, shop, customer support, Nuki App, online marketing, Nuki Club

Storage period

The cookies have a duration of up to 180 days. Google anonymizes your data after 18 months at the latest. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Google Analytics

Used in Website, shop, customer support, online marketing, Nuki Club, Nuki Web, Nuki Developer, Nuki App (Beta)

Operated by

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://policies.google.com/privacy?hl=en

Purpose of the processing

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website as well as advertising activities.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

Cookies from Google contain a randomly generated user ID with which you can be recognized on future visits to the website.

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club, Nuki Web, Nuki Developer, Nuki App (Beta)

Storage period

Google Analytics stores cookies in your web browser for the duration of 2 years after your last visit. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data.

Google Firebase

Used in Website, shop, customer support, Nuki App, Nuki Web

Operated by

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://policies.google.com/privacy?hl=en

https://firebase.google.com/support/privacy

Purpose of the processing

The purpose of data processing by Google Firebase is to collect error and crash logs in order to identify and resolve problems in our applications. This data is also used to analyze possible improvements to application performance and user experience.

Legal basis

Article 6(1)(f) GDPR. Processing is necessary to protect legitimate interests, in particular with regard to improving the stability, reliability and user-friendliness of our applications.

Data transferred

As part of error and crash logging, personal data such as device information, operating system version, App version, IP address (in anonymized form), crash reports and log-based information may be collected. No personal data is collected that could contain directly identifiable information, unless it is absolutely necessary for error diagnosis and correction.

Data subjects

Users of the Nuki App

Storage period

90 days

Note:

Google Maps

Used in Website, shop, customer support, Nuki App, Nuki Web

Operated by

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://policies.google.com/privacy?hl=en

Purpose of the processing

We use both the API of the Google Maps map service and maps from Google Maps on our website to display interactive maps with information about partners. The use of Google Maps is in the interest of providing an appealing presentation of our online and offline offers and for making it easy to find the places we have indicated on the website.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

To use the functions of Google Maps, it is necessary to store the IP address.

Data subjects

Users of the website, shop, customer support, Nuki App, Nuki Web

Storage period

2 years to indefinite. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Google Play Services

Used in Nuki App (Android & Wear OS)

Operated by

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes

Privacy policy of the operators

https://policies.google.com/privacy?hl=en

Purpose of the processing

Provision of core functionalities: Location and map data for the Auto Unlock function, push notifications and essential functionalities of the Google Play Store.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

Location data, push messages, App ratings

Data subjects

Users of the Nuki App for Android and Wear OS

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Huawei Services

Used in Nuki App (Android devices from Huawei)

Operated by

Aspiegel SE, 3rd floor, Mespil Court, Mespil Road, Ballsbridge, Dublin 4, D04 E516, Ireland; Registration number 561134

Processing location

Requested from operators

Transfer to third countries

Requested from operators

Privacy policy of the operators

https://www.huawei.com/en/privacy-policy

Purpose of the processing

Provision of core functionalities: Location and map data for the Auto Unlock function, push notifications and essential functionalities of the Huawei AppGallery

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

Location data, push messages, App ratings

Data subjects

Users of the Nuki App for Android on Huawei end devices

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

IONOS (Hosting)

Used in Website, shop, customer support, Nuki App, online marketing, Nuki Club, Nuki Web, Nuki Developer Forum, newsletter, business and customer relations

Operated by

1&1 IONOS SE, Elgendorfer Strasse 57, 56410 Montabaur, Germany

Processing location

Germany, EU, USA, UK, Switzerland

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.ionos.com/terms-gtc/privacy-policy/

Purpose of the processing

IONOS is a technical service provider that provides the technical infrastructure we need to provide our services.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

IP addresses, access logs, usage data, application data

Data subjects

Users of the website, shop, customer support, Nuki App, online marketing, Nuki Club, Nuki Web, Nuki Developer Forum, newsletter as well as our customers

Storage period

Log files (IP addresses and detailed access information) are safeguarded for a maximum of 8 weeks. All of the customer data that is necessary for the provision of the service is safeguarded for this period of time on the systems provided by IONOS for Nuki.

Note:

LinkedIn Ads

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.linkedin.com/legal/privacy‐policy?trk=homepage‐basic_footer‐privacy‐policy

Purpose of the processing

We use LinkedIn Ads to place and evaluate our advertisements on LinkedIn Advertising and to display corresponding advertisements by means of retargeting.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

We process your URL, your browser data and your IP address.

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

7 or 90 days. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

A cookie is set by LinkedIn if you have reached our site via a LinkedIn advertising ad. The information that is collected using the conversion cookie is used to generate conversion statistics for LinkedIn Advertising.

Mailchimp (Mandrill)

Used in Website, shop, customer support, online marketing, Nuki Club, newsletter, business and customer relations

Operated by

The Rocket Science Group LLC d/b/a Mailchimp, Bird & Bird GDPR Representative Services Ireland, Deloitte House, 29 Earlsfort Terrace, Dublin 2, DO2 AY28, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes

Privacy policy of the operators

https://www.intuit.com/privacy/statement/

Purpose of the processing

We use the Mailchimp service to send and manage selected newsletters. Mailchimp enables us to assess how the newsletters we send out are opened and used (e.g. clicks on links in a newsletter). This allows us to record and measure the success of certain marketing measures.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

The process following data from you: Email address, first and last name (optional), response to the newsletter, IP address, timestamp (optional).

Data subjects

Registered users of our newsletter

Storage period

For the duration of use. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

It is possible to subscribe to our newsletter on our website. Before you regularly receive our newsletters, we will send you a confirmation e-mail (double opt-in). We erase your data immediately as soon as you revoke your consent. You can object to direct marketing at any time.

Matomo

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

ePrivacy Holding GmbH, Grosse Bleichen 21, 20354 Hamburg, Germany

Processing location

Germany, EU

Transfer to third countries

No

Privacy policy of the operators

https://matomo.org/matomo-cloud-privacy-policy/

Purpose of the processing

Web analysis and analysis of user behavior on our websites and use of the Matomo Tag Manager to continuously improve our offers, services and technology.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

Anonymized data

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

Note:

Microsoft Ads

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.microsoft.com/en-us/trust-center/privacy

Purpose of the processing

We use Microsoft Ads to distribute and analyze advertisements on Microsoft Advertising and to display corresponding advertisements by means of retargeting.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

We process the unique click ID of the Microsoft advertising network, the IP address, information about the end device such as browser type, timestamp as well as information to clearly recognize your browser.

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

30 days for cookies and up to 18 months for log data. The details of the data stored by the operators are described in more detail in their privacy policy.

Note:

A cookie is set by Microsoft if you have reached our site via a Microsoft advertising ad. The information collected using the conversion cookie is used to generate conversion statistics for Microsoft Advertising.

Mollie (payment service provider)

Used in Website, shop, customer support, business and customer relations

Operated by

Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, The Netherlands

Processing location

EU

Transfer to third countries

No

Privacy policy of the operators

https://www.mollie.com/privacy

Purpose of the processing

Payment processing for Nuki

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

Invoice and order data

Data subjects

Customers

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

OneTrust (consent tool)

Used in Website, shop, customer support, online marketing, Nuki Club, newsletter, business and customer relations

Operated by

OneTrust Technology Limited, 82 St. John Street, London, EC1M 4JN, UK

Processing location

UK

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.onetrust.com/privacy-notice/

Purpose of the processing

We use OneTrust as a consent tool, with which we ensure that consent to the storage of cookies or the revocation of consent is given in accordance with the regulations. For proper use, cookies are used that store the settings you have chosen. In this way, the cookie settings can be retrieved on a subsequent visit and retained accordingly.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Our legitimate interest lies in ensuring that the use of cookies complies with data protection regulations.

Data transferred

So that the cookie consent tool can clearly assign page views to individual users and individually record, log and store the consent settings made by the users for the duration of the session, certain usage information (including the IP address) is collected by the cookie consent tool when our website is accessed, transmitted to OneTrust servers and stored there.

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club, newsletter as well as our customers

Storage period

1 year. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

You can adjust your settings at any time. The software is operated by OneTrust as SaaS (Software-as-a-Service) in the cloud. There is an adequacy decision for the United Kingdom with regard to data transfer.

Outbrain Conversion Tracking

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Outbrain UK Limited, 100 New Bridge St, London, EC4V 6JA, UK

Processing location

UK

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

Privacy Center (English)

Purpose of the processing

We use Outbrain to display advertising on other pages.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

We process your hashed click ID from Outbrain, information about the end device (browser type etc.), your surfing behavior and your IP address (shortened by the last octet).

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

Erasure after the purpose has been achieved. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

We only transmit hashed data to Outbrain for conversion tracking in order to ensure the measurement of advertising effectiveness.

OVH (Hosting)

Used in Website, shop, customer support, Nuki App, online marketing, Nuki Club, Nuki Web, Nuki Developer Forum, newsletter, business and customer relations

Operated by

OVH GmbH, Christophstrasse 19, 50670 Cologne, Germany

Processing location

Germany, EU

Transfer to third countries

Yes (through OVH)

Privacy policy of the operators

https://www.ovhcloud.com/en/terms-and-conditions/privacy-policy/

Purpose of the processing

OVH is a technical service provider that provides the technical infrastructure we need to provide our services.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

IP addresses, access logs, usage data, application data

Data subjects

Users of the website, shop, customer support, Nuki App, online marketing, Nuki Club, Nuki Web, Nuki Developer Forum, newsletter as well as our customers

Storage period

All of the customer data necessary for the provision of the service is safeguarded for this period of time on the systems provided by OVH for Nuki.

Note:

Parcel Perform

Used in Website, shop, customer support, business and customer relations

Operated by

Parcel Perform Pte Ltd., 138 Cecil Street, Singapore 069538, Singapore

Processing location

Singapore

Transfer to third countries

Yes

Privacy policy of the operators

https://www.parcelperform.com/privacy

Purpose of the processing

Parcel Perform enables tracking by entering the tracking number for orders placed with us without contacting the transport company. Parcel Perform also sends shipping notifications and delivery status updates.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

We process your email address, your first and last name, the tracking number and your address.

Data subjects

Users of the website, shop, customer support as well as our customers

Storage period

Until shipping is complete.

Note:

PayPal (payment service provider)

Used in Website, shop, customer support, business and customer relations

Operated by

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg, Luxembourg

Processing location

EU

Transfer to third countries

Yes (by the operator)

Privacy policy of the operators

https://www.paypal.com/us/legalhub/privacy-full

Purpose of the processing

Payment processing for Nuki

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

Invoice and order data

Data subjects

Customers

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Pinterest Ads

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes

Privacy policy of the operators

https://policy.pinterest.com/en

Purpose of the processing

We use Pinterest Ads to display and analyze advertisements on Pinterest Advertising and to display corresponding advertisements by means of retargeting.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

The following data is processed: Usage behavior, device information, IP address, conversion data

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

A cookie is set by Pinterest if you have reached our site via a Pinterest advertising ad. The information collected using the conversion cookie is used to generate conversion statistics for Pinterest Advertising.

Rakuten

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Rakuten Marketing LLC, 215 Park Avenue, 2nd floor, New York, NY 10003, USA

Processing location

USA

Transfer to third countries

Yes

Privacy policy of the operators

https://go.rakutenadvertising.com/hubfs/Website-Privacy-Policy-English.pdf

Purpose of the processing

We use the Rakuten affiliate network to display advertising within the Rakuten network.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

The process following data from you: IP address, geographical position data, browser language, ID of the end device, network member websites visited.

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

Rakuten stores the data until the purposes have been completed. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

If you visit our website via an advertising medium from the Rakuten network, Rakuten collects your data and stores it in a cookie. Within the Rakuten affiliate network, the data is only processed anonymously.

Reddit Ads

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Reddit Inc., 520 Third Street, Suite 305, San Francisco, CA 94107, USA

Processing location

USA

Transfer to third countries

Yes

Privacy policy of the operators

https://www.reddit.com/policies/privacy-policy

Purpose of the processing

We use RedditAds to playout and analyze advertisements on Reddit Advertising and to display corresponding advertisements by means of retargeting.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

The process following data from you: Conversion data, IP address, device data.

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

Your data will be stored for the duration of the purpose for which it was collected. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

A cookie is set by Reddit with the necessary information if you have reached our site via a Reddit advertising ad. The information collected using the conversion cookie is used to generate conversion statistics for Reddit Advertising.

Salesforce

Used in Website, shop, customer support, business and customer relations

Operated by

Salesforce, Inc.

Processing location

USA

Transfer to third countries

Yes

Privacy policy of the operators

https://www.salesforce.com/company/privacy/full_privacy/

Purpose of the processing

Management of business customer data and communication support. Implementation of business customer service and sales activities.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

Data of business partners in the context of the business relationship

Data subjects

Customer support, business and customer relations

Storage period

For the duration of the fulfillment of the purpose and the legal retention periods.

Note:

SimplyBook.me

Used in Website, shop, customer support

Operated by

SimplyBook.me ltd., 4 Riga Feraiou str., Omega Business Center, 3095 Limassol, Cyprus

Processing location

Cyprus, EU

Transfer to third countries

No

Privacy policy of the operators

https://simplybook.me/en/policy

Purpose of the processing

We use the SimpleyBook.me appointment booking tool to book appointments for selected products on our website. You can use this tool to make appointments with our employees.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

The process following data from you: Name, email address, phone number and IP address.

Data subjects

Users of the website, shop, customer support

Storage period

For the duration of the fulfillment of the purpose and the legal retention periods.

Note:

SurveyMonkey

Used in Website, shop, customer support, online marketing, Nuki Club, business and customer relations

Operated by

Momentive Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Rd, Ballsbridge, Dublin 4, Ireland

Processing location

Ireland, USA

Transfer to third countries

Yes (by the operator)

Privacy policy of the operators

https://www.surveymonkey.com/mp/legal/privacy/

Purpose of the processing

The purpose of use is to conduct online surveys. The surveys are used to analyze the subjective user experience as well as the opinions and wishes of the users of our products. Participation in online surveys is possible via a link and is voluntary.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

As part of the service, the following data is processed about you: Contact information (for example name or an email address), usage data, data about the software and IT system used, IP address, UUID ("Universally Unique Identifier") when a mobile device is used, log data, referral data (external recommendation or referral), data from third parties and integration partners.

Data subjects

Users of SurveyMonkey

Storage period

13 months. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

You can find up-to-date information on third country transfers made by the operators in their privacy policy. When participating in an anonymous survey, SurveyMonkey collects information about the device and application used by the data subject in order to be able to participate in the survey.

Taboola Ads

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin, Germany

Processing location

Germany, EU

Transfer to third countries

Yes

Privacy policy of the operators

https://www.taboola.com/policies/privacy-policy

Purpose of the processing

Cookies from Taboola are used on our website: These cookies allow us to target visitors to our website by displaying personalized advertisements to them. We use Taboola to display targeted advertising and to measure the effectiveness of advertising.

Legal basis

Article 6(1)(a) GDPR (consent)

Data transferred

The process following data from you: Information about the operating system, web pages accessed, website from which you accessed our website, the dates and times at which our website was accessed from the website or platform, conversion tracking data, IP address, unique ID.

Data subjects

Users of the website, shop, customer support, online marketing, Nuki Club

Storage period

13 months. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

Twilio

Used in Website, shop, customer support, business and customer relations

Operated by

Twilio Inc., 25–28 North Wall Quay, Dublin 1, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://www.twilio.com/en-us/legal/privacy

Purpose of the processing

We use the services of Twilio Inc., a provider of communication services, to provide telephone services.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

We process your phone number.

Data subjects

Customer Support

Storage period

7 days. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

X Ads

Used in Website, shop, customer support, online marketing

Operated by

Twitter International Unlimited Company, One Cumberland Place, Fenian Street, D02 AX07 Dublin 2, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://twitter.com/en/privacy

Purpose of the processing

We use X to playout and analyze advertisements on X Advertising and to display corresponding advertisements by means of retargeting.

Legal basis

Article 6(1)(a) GDPR (consent)

Data subjects

Users of the website, shop, customer support, online marketing

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

A cookie is set by X with the necessary information if you have reached our site via a X advertising ad. The information collected using the conversion cookie is used to generate conversion statistics for X Advertising. However, the data is stored and processed by X itself as the controller, so that a connection to the respective user profile on X is possible and X can use the data for its own advertising purposes in accordance with the X privacy policy.

Whereby

Used in Website, shop, customer support

Operated by

Whereby AS, Gate 1 no. 107, 6700 Måløy, Norway

Processing location

Norway, EU

Transfer to third countries

No

Privacy policy of the operators

https://whereby.com/information/gdpr/

Purpose of the processing

Provision of a video chat function for sales initiation and support purposes.

Legal basis

Article 6(1)(f) GDPR (legitimate interest)

Data transferred

The process following data from you: Email address, chat messages, IP address, files, live video data (image and sound).

Data subjects

Users of the website, shop, customer support

Storage period

The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

YouTube

Used in Website, shop, customer support, online marketing, Nuki Club

Operated by

Google Ireland LTD, Gordon House, Barrow Street, Dublin 4, Ireland

Processing location

Ireland, EU, USA

Transfer to third countries

Yes (adequacy decision)

Privacy policy of the operators

https://policies.google.com/?gl=en&hl=en

Purpose of the processing

We use the YouTube video function to provide video content on our pages. The videos are embedded on our website to give our customers a better understanding of our products and to present product features in a more comprehensible way.

Legal basis

Article 6(1)(a) GDPR.

Data transferred

As part of this technical process, YouTube and Google receive information about which specific Nuki website you are visiting. If you are logged in to YouTube at the same time, this information is collected by YouTube and Google and assigned to your YouTube account, regardless of whether you click on a YouTube video or not. By logging out of your YouTube account, you can prevent YouTube and Google from assigning the information that has been collected to your YouTube account.

Data subjects

Users of the website, shop, customer, online marketing, Nuki Club

Storage period

Nuki does not store personal data. The storage period of the data stored by the operators is described in more detail in their privacy policy.

Note:

The videos are displayed using cookies and storage entries that can be used for targeted product recommendations, video recommendations and interest-based advertising. As well as playing our videos, it is also possible to analyze the how they are used.

Zendesk

Used in Website, shop, customer support, Nuki App

Operated by

Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA

Processing location

USA

Transfer to third countries

Yes

Privacy policy of the operators

https://www.zendesk.de/company/agreements-and-terms/privacy-notice/

Purpose of the processing

We use Zendesk to provide a ticketing system for customer support as well as for support chats and for the help section.

Legal basis

Article 6(1)(as-a) GDPR (legitimate interest)

Data transferred

All of the data required for the provision of comprehensive support services. This includes data such as names, addresses, email addresses, data on end devices and other data provided by you as part of the support.

Data subjects

Users of the website, shop, customer support, Nuki App

Storage period

For the duration of the fulfillment of the purpose and within the scope of the statutory retention periods for a maximum period of 7 years.

Note:

Zendesk is a provider of solutions of this type. It is a complete cloud-based solution.