Zum Hauptinhalt springen

Sprachauswahl

Privacy Policy of WILKA easyApp

We undertake to comply with the statutory provision on data protection and strive to always take into consideration the principles of data avoidance and data minimisation.

1. Name and address of the Controller

The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other provisions under data protection law is: 

WILKA Schliesstechnik GmbH

Represented by the Managing Director: Robert Schlieper

Mettmannerstr. 58-64 42551

Velbert Germany

Tel.: +49 (0)2051/20810

Fax: +49 (0)2051/2081151

E-mail: info(at)wilka.de

Website: https://www.wilka.de

2. Definition of terms

We have designed our privacy policy in accordance with the principles of clarity and transparency. However, if uncertainties exist with respect to the use of various terms, the corresponding definitions can be viewed here [https://dsgvo-gesetz.de/art-4-dsgvo/]

Legal basis for the processing of personal data We process your personal data such as your first and last name, your e-mail address and your IP address only if a legal basis for this exists. In accordance with the General Data Protection Regulation, the following provisions, in particular, come into consideration:

  • Art. 6 Par. 1 S. 1 Lit. a GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Art. 6 Par. 1 S. 1 Lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Art. 6 Par. 1 S. 1 Lit. c GDPR: The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Art. 6 Par. 1 S. 1 Lit. d GDPR: The processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Art. 6 Par. 1 S. 1 Lit. e GDPR: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Art. 6 Par. 1 S. 1 Lit. f GDPR: The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

But we will point this out to you once more at the respective portions of this privacy policy on which legal basis the processing of your personal data is being performed.

3. Passing-on of personal data

The passing-on of personal data also constitutes a processing within the meaning of the preceding Section 3. At this point, however, we would like to inform you separately about the subject of disclosure to third parties. We care very much about protecting your personal data. For this reason, we are particularly cautious where passing on your data to third parties is concerned. For this reason, a passing-on to third parties only takes place if a legal basis for the processing exists. We do, for example, pass your personal data on to persons or companies that are working for us as processors in accordance with Art. 28 GDPR. Anybody who processes personal data on our orders – i.e., who, in particular, is in an instruction and control relationship with us – is a processor. In accordance with the provisions of the GDPR, we are concluding a contract with each of our processors to obligate the latter to compliance with data protection regulations and, as such, ensure a comprehensive protection of your data.

4. Duration of storage and erasure

We are storing all personal data that you transmit to us only as long as they are needed to fulfil the purposes for which these data were transmitted, or as long as prescribed by law. Upon fulfilment of the purpose and/or expiration of the statutory retention period, we will erase or restrict the data.

5. Collection and storage of personal data as well as its type and purpose of utilisation

a) Downloading the app

Upon downloading the mobile app, the required information is transmitted to the App Store or Play Store, i.e., in particular, user name, e-mail address and customer number of your account, point in time of the download, payment information, and the individual device ID. We do not have any influence on the collection of these data and are not responsible for it. We only process the data to the extent it is necessary for downloading the mobile app to your mobile end device. 

b) Utilisation of the app

aa) Processing by WILKA

Once the app instance has been installed, WILKA easyApp assigns a random unique user identifier (UUID) to the user. Said UUID is stored locally on the user’s smartphone only for the duration of the installation. This UUID is neither transmitted to us nor processed by us in any other way. The processing is based on Art. 6 Par. 1 S. 1 Lit. b) GDPR for the fulfilment of the contractual obligations.

bb) Processing by the administrator 

Within the app, personal data can be processed by an administrator. Said administrator is responsible for the processing in compliance with the provisions of the GDPR. The administrator must instruct the users accordingly and obtain their consent, where applicable. Below, please find a brief explanation of the functions relevant under privacy law. Within the app, an administrator of a locking cylinder can upload and download the keying plan data and the events from the locking cylinder. In addition to the unique IDs of the transponders / easyApp instances (UIDs/UUIDs) and their authorisations, which are stored on the cylinder, this also includes the user names assigned to the IDs which are only stored locally on the administrator smartphone. These data are utilised within the administrator’s app for the presentation of the user list (keying plan) and the event list (which user has opened or tried to open the door at what date and time). These data can, furthermore, be stored in and recovered from a database backup by the administrator. It is mandatory that the administrator encrypt these data. 

c) Cookies

The mobile app does not use any cookies.

d) Location determination

The app can determine the user’s location via GPS/Wi-Fi, if the user consented to granting access to this functionality in the operating settings when the app was installed. Thereafter, the user can disable and enable access to this functionality within the operating system at any time. If access to this functionality is disabled, the functionality of the app is restricted since no cylinders can be found via Bluetooth anymore. 

e) Contact button

You have to option to send us an e-mail via the “Contact” button in our app. In this case, we store and process your email address as well as the information provided by you as part of the e-mail in accordance with Art. 6 Par. 1 S. 1 Lit. b and f GDPR to process your message. The inquiries as well as the data associated therewith will be deleted no later than 3 months after receipt, unless they are needed for a further contractual relationship.

6. Rights of the data subject

You have the following rights:

a) Information

In accordance with Art. 15 GDPR, you have the right to demand information about your personal data that we are processing. This right to information does include information about

• the purposes of the processing

• the categories of personal data

• the recipients or categories of recipients to whom the personal data have been or will be disclosed

• the planned storage period or at least the criteria used to determine that storage period

• the existence of a right to request rectification, erasure, restriction of processing or to object

• the existence of a right to lodge a complaint with a supervisory authority

• where the personal data were not collected by us, any available information as to their source

• the existence of automated decision-making, including profiling, and, where applicable, meaningful information about their specifics

b) Rectification

In accordance with Art. 16 GDPR, you have right to rectification, without undue delay, of incorrect or incomplete personal data stored by us.

c) Erasure

In accordance with Art. 17 GDPR, you have the right to demand erasure by us, without undue delay, of your personal data unless the further processing is necessary for one of the following reasons:

  • the personal data are still necessary in relation to the purposes for which they were collected or otherwise processed
  • for exercising the right of freedom of expression and information
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the area of public health in accordance with Art. 9 Par. 2 Lit. h and i as well as Art. 9 Par. 3 GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
  • for the establishment, exercise or defence of legal claims

d) Restriction of processing

In accordance with Art. 18, you can demand restriction of the processing of your personal data for one of the following reasons:

  • You contest the accuracy of your personal data.
  • The processing is unlawful and you oppose the erasure of the personal data.
  • We no longer need the personal data for the purposes of processing but you still need them for the establishment, exercise or defence of legal claims.
  • You are objecting to the processing pursuant to Art. 21 Par. 1 GDPR.

e) Notification

If you have requested the rectification or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 Par. 1 and Art. 18 GDPR, we will communicate this to recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You can demand from us that we inform you about those recipients.

f) Portability 

You have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine readable format. You also have the right to demand transmission of these data to a third party to the extent that the processing was carried out with the help of automated processes and is based on consent pursuant to Art. 6 Par. 1 S. 1 Lit. a or Art. 9 Par. 2 Lit. a or on a contract pursuant to Art. 6 Par. 1 S. 1 Lit. b GDPR.

g) Right to object

In accordance with Art. 7 Par. 3 GDPR, you have the right to withdraw the consent you declared towards us at any time. The withdrawal of consent shall not affect the lawfulness of the processing performed based on consent before its withdrawal. For the future, we may no longer carry out that data processing which was based on your withdrawn consent.

h) Complaint

In accordance with Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data infringes upon the GDPR.

i) Right to object

If your personal data are processed based on legitimate interests in accordance with Art. 6 Par. 1 S. 1 Lit. f GDPR, you shall have the right pursuant to Art. 21 GDPR to object to the processing of your personal data if grounds exist for this that result from your particular situation or if the objection is directed against direct marketing. In the latter case, you shall have a general right to object which will be implemented by us without specification of the particular situation. If you would like to exercise your right to withdraw or right to object, an e-mail to info(at)wilka.de will be sufficient.

j) Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that similarly affects you significantly. This shall not apply if the decision

i. is necessary for entering into, or performance of, a contract between you and us

ii. is authorised by European Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests

iii. is based on your explicit consent

However, these decisions shall not be based on special categories of personal data referred to in Art. 9 Par. 1 GDPR unless Art. 9 Par. 2 Lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With respect to the cases referred to in i) and iii), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

Version 18.03.2019