Data protection declaration
Nuki Home Solutions GmbH

Version 1.4, 16 November 2022


We at Nuki Home Solutions GmbH consider the protection of our stakeholders’ and customers’ personal data to be an important matter. This data protection declaration serves to inform you about the manner, scope and purpose of our collecting your personal data. Those responsible for data processing in accordance with the basic data protection regulation (“GDPR” as amended) and other national data protection laws of the member states as well as other data protection regulations, are we:

Nuki Home Solutions GmbH
Münzgrabenstraße 92/4, 8010 Graz
Tel.: +43 316 22 84 09

Contact details of our data protection officer:

Tel.: +43 316 22 84 09

What are personal data?

Personal data means information relating to persons who are personally identifiable or have been identified (such as name, address, email address, telephone number, etc.).

Which of your personal data do we process and where do we get these data from?

We process those of your personal data that we receive in the course our business relationship with you. Personal data include details of your person (name, address, contact details, etc.) and your credentials (such as ID data). In addition, this may include order data (e.g. payment orders), advertising and sales data, documentation data (e.g. consulting protocols), offers, and data for the fulfilment of legal obligations. These data are either obtained directly from you or provided to us by third parties, such as our partner companies.

For what purpose and on what legal basis are the data processed?

We either process your data for

  • the implementation of pre-contractual measures or for the fulfilment of our contractual obligations (Art 6 Para. 1 lit. b GDPR) in the context of our business relationship.
  • on basis of your consent (Art 6 Para. 1 lit. a GDPR), if you have given us your consent for contacting you to send offers, advertisements (promotional purposes) or for the transfer of data to the manufacturer/importer, or for the
  • fulfilment of our legal obligations (Art 6 Para. 1 lit. c GDPR) or
  • • due to rightful interest in data processing (Art. 6 Para. 1 lit. f GDPR).

Processing of your data supports the establishment and implementation of our business relationship or the execution of the corresponding order. If you don’t provide us with data, we generally have to refuse to sign a contract or implement an order or we can no longer execute an existing contract and consequently have to terminate it.

Should consent be required for data processing, we will ask for it. In any case, consents are voluntary. If you have given us consent for the processing of your personal data for specific purposes, processing based on this consent will be carried out in accordance with what was specified in the consent declaration and to the extent agreed therein. A granted consent can be revoked at any time with effect for the future in writing or by email. This will not adversely affect the legality of any processing of data till that time.

You are not obliged to give consent to processing of those data that are not relevant or required for the fulfilment of the contract or the corresponding commission.

Furthermore we inform you that we do not use automated decisions, according to Art 22 GDPR, to reach decisions regarding the establishment and conduct of a business relationship.

Will your data be passed on?

We will only pass on your data to the extent necessary for the fulfilment of the objective of the agreement.

Within our company only those departments or employees will receive your data who need them for the fulfilment of contractual and/or legal obligations. Furthermore we pass on your data within our group only to the extent required for the fulfilment of contractual and/or legal obligations, for instance because a certain brand is only available from a certain company of our group.

In order to fulfil the purpose, it might be necessary that your personal data have to be disclosed to the following recipients. This disclosure might be by means of transfer, dissemination or any other kind of provision.

  • IT companies for provision, maintenance and support of our IT system as well as for IT-based implementation for the purpose of data processing,
  • related group companies,
  • tax advisers and public accountants for the purpose of, and as support for the fulfilment of our fiscal obligations (Austrian Commercial Code, Federal Fiscal Code, etc.),
  • insurance companies or request portals for insurance damage, for the purpose of claims settlement and billing vis-à-vis the latter as well as for the settlement of our insurance cases,
  • marketing partners (graphic designers, advertising agencies, printing houses, shipping companies, phone-marketing, newspaper publishers), for forwarding advertising material, should you have given your consent,
  • logistics provider in order to process your order,
  • after-sales partners,
  • legal representation, safety authorities, competent courts or authorities for prosecution.

How long do we store your data?

We will store your data only for as long as necessary for the purpose for which we collected your data. In any case, we will store your data for as long as there are legal retention times (Austrian Commercial Code, Federal Fiscal Code, among others) or periods of limitation for potential legal claims have not yet expired (in certain cases up to 30 years).

What are your rights regarding data processing?

According to the applicable law, amongst other considerations you are entitled to

  • verify whether and which personal date we are processing and to receive copies of these data,
  • require correction, amendment or deletion of personal data that are being processed wrongly or not in conformity with the law,
  • require that we limit the processing of data,
  • disagree with the processing of personal data,
  • require data portability and
  • be informed about the identity of third parties to whom personal data are passed.

Provided we process your data on the basis of your consent, you have the right to recall this consent at any time via email or postal letter. However, this will not compromise the legality of data processing till that date.

Furthermore you have the right to make a complaint to the Austrian data protection authority or to another data protection supervisory authority in the EU, in particular at your place of residence or place of work.

Information about services we are using on our website


Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer system of the user. When a user visits a website, a cookie can be stored on the operation system of the user. This cookie contains a characteristic series of symbols that enable clear identification of the browser when visiting the website again. Cookies that are already in the computer can be deleted at any time. You will find information about how to do this in your browser menu under the item ‘help’.

We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser can be identified after having switched site.

This involves the following data being stored and passed on in the cookies:

  1. language setting
  2. auto-fill function for input forms

Furthermore, on our website we use cookies that allow analysis of users’ surfing behaviour.

In this way following data can be passed on:

  1. entered search terms
  2. frequency of page views
  3. use of website functions

User data collected in this way will be pseudonymised by means of technical procedures. This makes it impossible to associate data with a visiting user. Data are not stored with other personal data of users.

Server Log File

For each visit to our website, our system automatically collects data and information about the computer system of the visiting computer.

The following data are collected:

  1. information about the browser (“User Agent”)
  2. IP (“Internet Protocol”) address
  3. date and time of visit
  4. exact address of requested page (“Request Path” and “Request Type”)
  5. status of response to requested page (“Response Status”)

These data will only be stored in the webserver logfiles (“access log”). It is impossible to associate the data with a particular user. There is no storage of these data together with other personal data of the user.

Web analysis

To increase efficiency, on our website we use the services of Google Analytics, a Web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”). Google Analytics uses so-called “Cookies”, text files that are stored on your computer and enable analysis of your use of the website. Information about your use of the website (including your IP address) that is created by means of the cookie is transmitted to a server in the US and stored there. To protect the interests of users regarding protection of their personal data, this is done by anonymising the data, meaning that your IP address will be unrecognisable when passed on to Google.

You can prevent the storage of cookies by means of a corresponding setting on your browser software; however, we draw your attention to the fact that, in this case, you might not be able to use all of the functions of this website to the full extent. Furthermore, you can prevent transmission of data created by the cookie and referring to your use of the website (including your IP address) to Google as well as the processing of these data by Google, by downloading and installing the browser plug-in available via following link:

This website also uses cookies to address visitors via remarketing-campaigns with online advertising at a later time in the Google advertising network. In order to place remarketing advertisements, third-party providers like Google use cookies based on a visit to our website. As a user, you have the facility to deactivate Google’s use of cookies by accessing this Google deactivation page:

The following data are collected during the registration process:

  1. User’s encrypted IP address
  2. Date and time of access
  3. Frequency of page visits
  4. Use of website functions
  5. User’s operating system
  6. User’s Internet service provider
  7. Age, sex, languages, interests, country of residence
  8. Websites from which the user’s system has reached our website
  9. Websites accessed by the user’s system via our website
  10. Operating systems used by user devices

Social Media plug-ins

This website uses social plug-ins (“plug-ins”) of the social network, operated by Facebook Inc., CA 94304, USA (“Facebook”). The plug-ins can be recognised by the Facebook logo (white “f” on blue background or a “thumbs-up” sign), or are labelled with the endorsement “Facebook Social Plugin”. The list of and appearance of Facebook social plug-ins can be viewed here:

If you access a website that is part of our Internet presence and contains such a plug-in, your browser makes a direct connection to Facebook servers. The plug-in content is passed by Facebook directly to your browser, which embeds it in the website. We therefore have no influence over the scope of data collected by Facebook with the aid of this plug-in and consequently offer the information below according to our state of knowledge

As a result of integration of the plug-ins, Facebook receives the information that you have accessed the corresponding page of our Internet presence. If you are logged into Facebook, it is possible for Facebook to link your visit to your Facebook account. If you interact with the plug-ins, for example by clicking the Like button or adding a comment, the corresponding information is passed from your browser directly to Facebook and stored there. If you are not a Facebook member, it is nevertheless possible that Facebook determines and stores your IP address.

For details of the purpose and scope of data collection and subsequent processing and use of the data by Facebook as well as your rights in this connection and options for settings to protect your privacy, please consult Facebook’s data protection information on:

If you are a Facebook member and do not want Facebook to collect data about you via our Internet presence and link them with your membership data stored at Facebook, you have to log out of Facebook before visiting our Internet presence.

It is also possible to block Facebook social plug-ins using add-ons for your browser, with Facebook Blocker for example.


It is possible to subscribe to our newsletter on our website. Before you regularly receive our newsletters, we will send you a confirmation e-mail (double opt-in).

In connection with data processing for the despatch of newsletters, the data you provide are passed on to our newsletter provider “Mailchimp”, operated by The Rocket Science Group, LLC with headquarters in Atlanta, USA. In this context, we have concluded a processing contract in accordance with Art 28 GDPR. Your data are used exclusively for dispatching newsletters.

Use of Bloomreach Engagement/Exponea

We use the Bloomreach Engagement/Exponea service to send and manage our newsletters; we have concluded an order processing agreement with this provider.

Our newsletters sent with Bloomreach Engagement/Exponea allow us to analyse the behaviour of newsletter recipients. Among other things, this allows us to analyse how many recipients have opened the newsletter message and how often a certain link in the newsletter has been clicked. With the help of so-called conversion tracking, we can also analyse whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking the link in the newsletter.

The legal basis for this data processing is your consent pursuant to Article 6 (1) a) of the GDPR.

Insofar as we are entitled to process your personal data for a specific purpose on the basis of your consent, we will delete this data immediately if you withdraw your consent.

Use of Facebook Custom Audiences

Subject to your consent, this website also uses “Custom Audiences from customer lists” of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

Using these, Facebook can target our advertisements at newsletter subscribers who are registered with Facebook. As a result we are able to run targeted advertising for people who have already expressed their interest in our products or our company. These data are passed to Facebook hashed and encrypted. Facebook compares the hash values on the customer list with the hash values of its own stored user data. Facebook then checks the matching data for instances of persons who have not yet liked our Facebook page and delivers our adverts to these Facebook users. You can get more information about the collection and use of the data, the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your options for settings to protect your privacy and rights, from Facebook’s data protection guidelines, accessible via and among other links.

These personal data are passed on to the following recipients for the above-mentioned purposes:

Nuki Home Solutions GmbH, Münzgrabenstrasse 92/4, A-8010 Graz, Austria

Data processor of the Facebook Custom Audiences service

Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA

Facebook Custom Audiences service provider

With your consent, we use Facebook Custom Audiences of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, to place advertising on Facebook. This involves passing your data to Facebook Inc. in the USA.

Use of chatbot / messenger service

This website uses a chatbot. The activity undertaken with the chatbot or digital assistant in the messenger service is required for fulfilment of the contract and preliminary agreement, because the information given is used for the purpose of identification and demonstrates your interest in clearly defined compliance with obligations (contract completion).

Use of Nuki apps and Web services

A user can make use of the Nuki-developed apps and Web services for using the door lock.

The following personal data can be collected and subsequently processed in the course of registering and then using Nuki:

  1. Name
  2. Telephone number
  3. Email address
  4. Password
  5. Product, service and contract data
  6. The user’s Internet service provider
  7. Date and time of access
  8. Websites from which the user’s system has accessed our website
  9. Websites the user’s system has accessed via our website
  10. Operating systems of user devices
  11. Age, sex, languages, interests, country of residence
  12. Data for fulfilment of legal and regulatory requirements

Inclusion of third-party services and content

We include third-party content and services in our online provision on the basis of our justified interests (i.e. interests in the analysis, optimisation and commercial operation of our online provision in accordance with Art. 6 Para. 1 lit. f GDPR), in order to include their content and services, such as maps and fonts (hereafter summarised as “content”). This always requires that the third-party-providers of this content have access to the users’ IP addresses, because without the IP addresses they would not be able to send the content to the users’ browsers. So the IP address is necessary in order to display this content. We take care only to use content whose corresponding providers use the IP address solely for the delivery of content. Furthermore, third-party providers can use so-called pixel-tags (invisible graphics, also called “web beacons”) for statistical marketing purposes. “Pixel-tags” can be used to collect information such as visitor traffic to the pages of a particular website. Such pseudonymous information can also be stored in cookies on users’ devices, containing technical information such as browser and operating system, referring websites, time of visit and other data about use of our online provision, which are also linked to such information from other sources.

The following description offers an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information about the processing of data and possibilities to object (so-called “opt-out”) mentioned to some extent already:

  • In the event that our customers make use of third-party payment services (e.g. Sofort, Paypal, etc.), the terms and conditions and data protection notices of the relevant third-party providers apply, these being available on the corresponding websites and/or payment applications.
  • External fonts from Adobe Typekit (
    The inclusion of Adobe Typekit Fonts takes place through reference to a server at Adobe (generally in the USA). Data protection declaration:
  • Web analysis and optimisation with the aid of Hotjar services (
    We use Hotjar in order better to understand our users’ needs and to optimise what is on offer on this website. With the aid of Hotjar technology, we gain a better understanding of our users’ experience (e.g. how much time users spend on which pages, which links they click on, what they do and don’t like, etc.), and that helps us to adjust what we offer in line with our users’ feedback. Hotjar works with cookies and other technologies to collect information about our users’ behaviour and about their devices (specifically IP address of the device (collected and stored only in anonymised form), screen size, type of device (Unique Device Identifiers), information about the browser being used, location (country only), preferred language when viewing our website). Hotjar stores this information in a pseudonymised user profile. The information is not used either by Hotjar or by us to identify individual users, nor is it combined with other data about individual users. You can read more information in Hotjar’s data protection declaration ( You can prevent the storing of a user profile and of information about your visit to our website by Hotjar, and the placing of Hotjar tracking cookies on other websites, by clicking on this opt-out link (
  • Web and app analysis and optimisation with the aid of Webtrekk services
    Nuki Home Solutions GmbH uses the services of Webtrekk GmbH. Webtrekk GmbH is a company with headquarters at Robert-Koch-Platz 4, D-10115 Berlin, Germany, which collects, stores and analyses usage data. It is data-protection-certified in Germany for the area of Web controlling, given that its data processing has been tested for data protection conformity and data security. If you use web pages of Nuki Home Solutions GmbH, Webtrekk GmbH places a cookie, which enables the collection, storage and analysis of usage data by Webtrekk GmbH. The usage data collected are anonymised, in that the IP address is trimmed. Thus any tracing of you as a visitor to the website of Nuki Home Solutions GmbH by Webtrekk is impossible. The trimmed IP address is needed solely for the purpose of session tagging and for geographic localisation (down to the level of city). You can read further information about data protection at Webtrekk on To deactivate Webtrekk and prevent the collection of usage data, a cookie (called “webTrekkOptOut”) must be placed. If the cookie is placed, usage data are not collected.
  • Bloomreach Engagement/Exponea
    We use the services of Bloomreach B.V, Fred. Roeskestraat 109, 1076 EE, Amsterdam, Netherlands for the evaluation and support of online marketing measures, in particular for the processing of the newsletter dispatch. This enables us to determine how our sent newsletters are opened and used (e.g. clicks on links in a newsletter) in order to record and measure the success of certain marketing measures. This information is used in the form of pseudonymous user profiles to improve our website and our newsletter and related marketing measures, in particular to adapt offers and information also on other websites to the interests and wishes of the users. Bloomreach Engagement/Exponea processes data (e.g. the e-mail address) exclusively in accordance with our instructions and will not use data for its own purposes or for the purposes of third parties, will not sell it and will not pass it on to third parties. Cookies can be stored on your computer for these purposes. You can prevent cookies from being stored by setting your browser software accordingly. You can also object to the collection and evaluation of data by means of the newsletter described here by unsubscribing from our newsletter. You will then no longer receive any newsletters from us.

When you contact Nuki, personal data is collected, which can also be seen in the relevant contact form. This data is stored and processed for the sole purpose of answering your request or for establishing contact and performing the associated administration. For the benefit of a fast and customer-friendly communication and the technical administration, we use the following applications and services for legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR:
  • We process and save enquiries we receive via our contact form using an application from Zendesk, a customer service platform by Zendesk Inc., 1019 Market Street, San Francisco, CA 94103. For more information, please refer to Zendesk’s data protection information:

  • Our international support and hotline staff are provided by the service provider 5CA International B.V., Catharijnesingel 30E, 3511 GB Utrecht, Netherlands. We have concluded an order processing contract to this effect in accordance with Art. 28 GDPR. Your data will only be used to process your enquiry.

Disclosure of data to insurance service providers

We work with external partners (e.g., Europ Assistance) to provide the 24/7 locksmith insurance as part of the “Nuki Care & Protect” product. These insurance service providers receive the following data from us for the purposes of creating the insurance policy:
  • First name
  • Last name
  • Postal address
  • Email address
  • Telephone number
The legal basis is Art 6 Para. 1 lit. b GDPR (fulfilment of contractual obligations within the scope of the business relationship). Personal data is processed for the purposes of fulfilling the contract. The disclosure of this data to third parties is necessary to ensure our partners can provide insurance coverage. All data will be automatically deleted by the insurance company 7 years after termination of the insurance contract.