Privacy Policy ixalo Key App
The BKS GmbH, Heidestr. 71, 42549 Velbert, takes the protection of its customers’ and interested parties’ personal data very seriously and complies with the rules of data protection laws. Under no circumstances will the collected data be sold. The following statement provides an overview of how BKS GmbH ensures this protection and what type of data is collected for which purpose.
Personal Data
Personal data includes all data that can be related to the user personally, e.g. name, address, email addresses.
Controller and Data Protection Officer
The controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) within the meaning of data protection laws is BKS GmbH, Heidestr. 71, 42549 Velbert.
Data Protection Officer
Our external data protection officer is available to provide information on data protection at the following contact details:
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Web: www.datenschutz-sued.de
Email: datenschutz.de.gub@g-u.de
If you contact our data protection officer, please also state the responsible entity.
User Rights
The user has the following rights regarding their personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification or erasure (Art. 16 and 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
The user also has the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data by us. The complaint can be lodged in particular with a supervisory authority in the Member State of your residence, workplace, or the place of the alleged infringement.
If the user has given consent to the processing of their data, they can revoke this at any time. Users can inform us of their revocation at the following contact details: datenschutz.de.gub@g-u.de
Such revocation affects the permissibility of processing the personal data after it has been communicated to us, without affecting the lawfulness of processing carried out on the basis of the consent until revocation.
If we base the processing of your personal data on the balancing of interests according to Art. 6 para. 1 sentence 1 lit. f) GDPR, users may object to the processing in accordance with Art. 21 GDPR. This is the case if the processing is not necessary in particular for the performance of a contract with the users, which is explained by us in the following description of the functions. When exercising such an objection, we ask for the reasons why we should not process the personal data as we have done. In the event of a justified objection, we will examine the situation and either stop or adjust the data processing or demonstrate our compelling legitimate grounds for continuing the processing.
Of course, users can object to the processing of their personal data for advertising and data analysis purposes at any time. Users can inform us of their objection to advertising at the following contact details: datenschutz.de.gub@g-u.de
Data Security
BKS GmbH takes all necessary technical and organizational security measures to protect personal data from loss and misuse. Data is stored in a secure operating environment that is not accessible to the public.
Log Data
Only the following log data is stored:
- App ID
- Error date
- Application version
- Error message
- Device model
- Operating system version
- Operating system
- Device type
- Manufacturer
- System identification
- Unique key ID
The collection and storage of the App ID is necessary for the installation of this app and thus for the fulfillment of the usage contract regarding this app. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
The collection and storage of log data is based on our legitimate interest, namely our interest in analyzing and eliminating program errors (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Retention period: The log data is automatically deleted within 7 days after collection. Your App ID is deleted when this app is uninstalled.
Registration in KeyManager
To use this app and the function of the digital key, you must register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The following data is collected during the registration process:
- Name
- Device designation
- Email address
Optionally and voluntarily, further data can be entered during registration:
- Mobile number
- Message language
- First name
- Person
The legal basis for processing the data during registration is Art. 6 para. 1 sentence 1 lit. b) GDPR. The legal basis for processing the optional information is Art. 6 para. 1 sentence 1 lit. a) GDPR.
As part of the double opt-in procedure, you will receive a registration invitation via email. If you click the included link or scan the included QR code, the registration can be finalized with this confirmation. Please note that the registration invitation expires after 3 days and a new registration invitation would then have to be created.
No further checks of your entered data are carried out. Pseudonyms can also be used for the fields “Name”, “First name” and “Designation”.
As a user, you can cancel the registration at any time. The data stored about you can be changed at any time by the KeyManager administrator or the optional information can be revoked (see 4. User Rights).
Key Details
In connection with your unique key ID, you can see which rooms or doors you have access to with your device (smartphone) and how long your digital key is still valid.
The legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. f) GDPR, to provide you with the service, manage and transport access management.
The data is stored as long as the digital key is used.
Please also note that the events/log data of the access points are stored for 90 days and are only available in end-to-end encrypted form and cannot be read by the app or by us. Only the data from the access point is transmitted to the KeyManager. In the KeyManager, the information can only be accessed by authorized persons, possibly with further restrictions such as a four-eyes principle. Responsibility for handling the data lies with the respective customer.
Help
Here you will find the contact information for the responsible KeyManager administrator, provided that this data has been stored by the customer in the KeyManager. The following data can be provided here:
- Designation
- Telephone
- Mobile
- Email address
- Address
The legal basis for processing this optional information is Art. 6 para. 1 sentence 1 lit. a) GDPR. The entry of this data is voluntary. The data stored here can be changed, deleted, or revoked by the customer at any time (see 4. User Rights).
Profile
Under the profile information, you can view the designation, name, and first name stored for your key in the KeyManager. The additionally displayed QR code contains only this information again.
The legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. f) GDPR, to enable a security service to check the persons encountered and the actual owner of the digital key.
Since the data displayed here is transferred from the KeyManager, the processing of the data depends on storage in the KeyManager. A change or deletion of the data in the KeyManager has an immediate effect on this function.
Support
Via the support form, you can create a new ticket in our support portal. By clicking on “Create ticket”, the log files stored on the device from the last 7 days are transmitted.
The log files contain:
- Unique key ID
- System identification
- Time of key update
- Time of door openings
- Error message
- App ID
- Error date
- Application version
- Device model
- Operating system version
- Operating system
- Device type
- Manufacturer
To process your ticket, we first need the data marked as mandatory fields (email address, summary, description). We use this data on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR to answer your request.
If you provide us with additional information, this is voluntary and not required for support. We process your voluntary information on the basis of your consent.
The data you provide with the ticket will be deleted after 60 days. Our experience shows that after this time, regular processing and answering is completed and no further queries arise.
For the purpose of troubleshooting and support management, we use the product “Jira Service Management” from Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000 (Australia). Atlassian has been carefully selected by us as a processor. There is no adequacy decision by the European Commission for Australia and therefore no data protection level comparable to that of the European Union. We have concluded so-called standard contractual clauses with Atlassian, by which Atlassian is obliged to comply with European data protection standards. In addition, we have carried out a risk assessment for this process. Please contact our data protection officer if you would like more information about this.
The privacy policy of Atlassian can be found here: https://www.atlassian.com/legal/privacy-policy
Further information on “Jira Service Management” can be found here: https://www.atlassian.com/de/software/jira/service-management
Further information on the Transfer Impact Assessment by Atlassian can be found here: https://www.atlassian.com/legal/data-transfer-impact-assessment
Existence of Automated Decision-Making
Automated decision-making or profiling does not take place.
Retention Period
Unless we have already provided information on the retention period in individual cases, we delete personal data when it is no longer required for the aforementioned processing purposes and no statutory retention obligations prevent deletion.
Further information
The trust of users is very important to BKS GmbH. Therefore, we are happy to answer any questions regarding the processing of personal data. If there are any questions that this privacy policy could not answer or if users would like more detailed information on any point, they can contact the following email address at any time: datenschutz.de.gub@g-u.de.
