Privacy Policy

Effective date: November 09, 2018

Keymitt S.A. ("us", "we", or "our") operates the website and the Keymitt App mobile application (hereinafter referred to as the "Service").

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data. Those responsible for data processing in accordance with the basic data protection regulations (“GDPR” as amended) and other national data protection laws of the member states as well as other data protection regulations, are we:

Keymitt S.A.

29, Boulevard Grande-Duchesse Charlotte

L-1331 Luxembourg



We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.


  • Service
    Service means the website and the Keymitt App mobile application operated by Keymitt S.A.
  • Personal Data
    Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
  • Usage Data
    Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Cookies
    Cookies are small files stored on your device (computer or mobile device).
  • Data Controller
    Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
    For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
  • Data Processors (or Service Providers)
    Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.
    We may use the services of various Service Providers in order to process your data more effectively.
  • Data Subject (or User)
    Data Subject is any living individual who is using our Service and is the subject of Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

We process those of your personal data that we receive in the course of our business relationship with you. Personal data include details of your person (name, address, contact details, etc.) and your credentials (such as ID data). In addition, this may include order data (e.g. payment orders), advertising and sales data, documentation data (e.g. consulting protocols), offers, and data for the fulfilment of legal obligations. These data are either obtained directly from you or provided to us by third parties, such as our partner companies.

We either process your data for

  • the implementation of pre-contractual measures or for the fulfilment of our contractual obligations (Art 6 Para. 1 lit. b GDPR) in the context of our business relationship.
  • on basis of your consent (Art 6 Para. 1 lit. a GDPR), if you have given us your consent for contacting you to send offers, advertisements (promotional purposes) or for the transfer of data to the manufacturer/importer, or for the
  • fulfilment of our legal obligations (Art 6 Para. 1 lit. c GDPR) or
  • due to rightful interest in data processing (Art. 6 Para. 1 lit. f GDPR).

Processing of your data supports the establishment and implementation of our business relationship or the execution of the corresponding order. If you don’t provide us with data, we generally have to refuse to sign a contract or implement an order or we can no longer execute an existing contract and consequently have to terminate it.

Should consent be required for data processing, we will ask for it. In any case, consents are voluntary. If you have given us consent for the processing of your personal data for specific purposes, processing based on this consent will be carried out in accordance with what was specified in the consent declaration and to the extent agreed therein. A granted consent can be revoked at any time with effect for the future in writing or by email. This will not adversely affect the legality of any processing of data till that time.

You are not obliged to give consent to the processing of those data that are not relevant or required for the fulfilment of the contract or the corresponding commission.

Furthermore we inform you that we do not use automated decisions, according to Art 22 GDPR, to reach decisions regarding the establishment and conduct of a business relationship.


Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").

This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so ("Location Data"). We use this data to provide features of our Service, to improve and customise our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings.

Tracking & Cookies Data

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer system of the user. When a user visits a website, a cookie can be stored on the operation system of the user. This cookie contains a characteristic series of symbols that enable clear identification of the browser when visiting the website again. Cookies that are already in the computer can be deleted at any time.However, if you do not accept cookies, you may not be able to use some portions of our Service. You will find information about how to do this in your browser menu under the item ‘help’.

We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser can be identified after having switched site.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

User data collected in this way will be pseudonymised by means of technical procedures. This makes it impossible to associate data with a visiting user. Data are not stored with other personal data of users.

Server Log File

For each visit to our website, our system automatically collects data and information about the computer system of the visiting computer.

The following data are collected:

  1. information about the browser (“User Agent”)
  2. IP (“Internet Protocol”) address
  3. date and time of visit
  4. exact address of requested page (“Request Path” and “Request Type”)
  5. status of response to requested page (“Response Status”)

These data will only be stored in the webserver logfiles (“access log”). It is impossible to associate the data with a particular user. There is no storage of these data together with other personal data of the user.


Use of Data

Keymitt S.A. uses the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), Keymitt S.A. legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Retention of Data

Keymitt S.A. will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Keymitt S.A. will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

Transfer of Data

Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside Luxembourg and choose to provide information to us, please note that we transfer the data, including Personal Data, to Luxembourg and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Keymitt S.A. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

We will only pass on your data to the extent necessary for the fulfilment of the objective of the agreement.

Within our company only those departments or employees will receive your data who need them for the fulfilment of contractual and/or legal obligations. Furthermore we pass on your data within our group only to the extent required for the fulfilment of contractual and/or legal obligations, for instance because a certain brand is only available from a certain company of our group.

In order to fulfil the purpose, it might be necessary that your personal data have to be disclosed to the following recipients. This disclosure might be by means of transfer, dissemination or any other kind of provision.

  • IT companies for provision, maintenance and support of our IT system as well as for IT-based implementation for the purpose of data processing,
  • related group companies,
  • tax advisers and public accountants for the purpose of, and as a support for the fulfilment of our fiscal obligations (Austrian Commercial Code, Federal Fiscal Code, etc.),
  • insurance companies or request portals for insurance damage, for the purpose of claims settlement and billing vis-à-vis the latter as well as for the settlement of our insurance cases,
  • marketing partners (graphic designers, advertising agencies, printing houses, shipping companies, phone-marketing, newspaper publishers), for forwarding advertising material, should you have given your consent,
  • after-sales partners
  • legal representation, safety authorities, competent courts or authorities for prosecution.


Disclosure of Data

Business Transaction

If Keymitt S.A. is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, Keymitt S.A. may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Keymitt S.A. may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of Keymitt S.A.
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Keymitt S.A. aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.

If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where Keymitt S.A. relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


We may use third-party Service Providers to monitor and analyse the use of our Service.

Google Analytics
Google Analytics is Web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. (“Google”) It is offered by Google that tracks and reports website traffic. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

Google Analytics uses so-called “Cookies”, text files that are stored on your computer and enable analysis of your use of the website. Information about your use of the website (including your IP address) that is created by means of the cookie is transmitted to a server in the US and stored there. To protect the interests of users regarding protection of their personal data, this is done by anonymising the data, meaning that your IP address will be unrecognisable when passed on to Google.

You can prevent the storage of cookies by means of a corresponding setting in your browser software; however, we draw your attention to the fact that, in this case, you might not be able to use all of the functions of this website to the full extent. Furthermore, you can prevent transmission of data created by the cookie and referring to your use of the website (including your IP address) to Google as well as the processing of these data by Google, by downloading and installing the browser plug-in available via the following link:

This website also uses cookies to address visitors via remarketing-campaigns with online advertising at a later time in the Google advertising network. In order to place remarketing advertisements, third-party providers like Google use cookies based on a visit to our website. As a user, you have the facility to deactivate Google’s use of cookies by accessing this Google deactivation page:

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:


The following data are collected during the registration process:

  • User’s encrypted IP address
  • Date and time of access
  • Frequency of page visits
  • Use of website functions
  • User’s operating system
  • User’s Internet service provider
  • Age, sex, languages, interests, country of residence
  • Websites from which the user’s system has reached our website
  • Websites accessed by the user’s system via our website
  • Operating systems used by user devices


Firebase is an analytics service provided by Google Inc.
You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy:
We also encourage you to review the Google's policy for safeguarding your data:
For more information on what type of information Firebase collects, please visit the Google Privacy & Terms web page:


There is a facility on our website to subscribe to free newsletters. During the process of registering for a newsletter, data from the input form are passed on to us:

(1) Email address

In addition, the following data are collected during registration:

(2) Date and time of registration

During the process of registration, your consent to the processing of your data is sought and your attention is drawn to this data protection declaration. Before your newsletter subscription can begin, we send you an email for confirmation (“double opt-in”).

In connection with data processing for the dispatch of newsletters, the data you provide are passed on to our newsletter provider “Mailchimp”, operated by The Rocket Science Group, LLC with headquarters in Atlanta, USA. In this context, we have concluded a processing contract in accordance with Art 28 GDPR. Your data are used exclusively for dispatching newsletters.

In connection with data processing for the dispatch of newsletters, the data you provide are passed on to our newsletter provider “Mailchimp”, operated by The Rocket Science Group, LLC with headquarters in Atlanta, USA. In this context, we have concluded a processing contract in accordance with Art 28 GDPR. Your data are used exclusively for dispatching newsletters.



Behavioral Remarketing

Keymitt S.A. uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our Service.

  • Google Ads (AdWords)
    Google Ads (AdWords) remarketing service is provided by Google Inc.
    You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page:
    Google also recommends installing the Google Analytics Opt-out Browser Add-on - - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
    For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:
  • Twitter
    Twitter remarketing service is provided by Twitter Inc.
    You can opt-out from Twitter's interest-based ads by following their instructions:
    You can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy page:
  • Facebook

Use of Facebook Custom Audiences

Subject to your consent, this website also uses “Custom Audiences from customer lists” of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Using these, Facebook can target our advertisements at newsletter subscribers who are registered with Facebook. As a result we are able to run targeted advertising for people who have already expressed their interest in our products or our company. These data are passed to Facebook hashed and encrypted. Facebook compares the hash values on the customer list with the hash values of its own stored user data. Facebook then checks the matching data for instances of persons who have not yet liked our Facebook page and delivers our adverts to these Facebook users. You can get more information about the collection and use of the data, the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your options for settings to protect your privacy and rights, from Facebook’s data protection guidelines, accessible via and among other links.

These personal data are passed on to the following recipients for the above-mentioned purposes:

Keymitt SA 29, Boulevard Grande-Duchesse Charlotte

L-1331 Luxembourg

Data processor of the Facebook Custom Audiences service

Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA 

Facebook Custom Audiences service provider

With your consent, we use Facebook Custom Audiences of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, to place advertising on Facebook. This involves passing your data to Facebook Inc. in the USA. Facebook Inc. is a company that has had itself registered in the Privacy Shield list. The EU-US Privacy Shield was passed by the European Commission through Implementing Decision C(2016) 4176 final of 12/07/2016. In accordance with this, Facebook Inc. offers corresponding guarantees for data transferred to the USA. You can get more detailed information from the official Privacy Shield website,


Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page:
To opt-out from Facebook's interest-based ads, follow these instructions from Facebook:
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook's Data Policy:


We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service ( or Privacy Statement (

The payment processors we work with are:

Use of Keymitt app

A user can make use of the Keymitt-developed apps for using the door lock.

The following personal data can be collected and subsequently processed in the course of registering and then using Keymitt: 

  1. Name
  2. Telephone number
  3. Email address
  4. Password
  5. Product, service and contract data
  6. The user’s Internet service provider
  7. Date and time of access
  8. Websites from which the user’s system has accessed our website
  9. Websites the user’s system has accessed via our website
  10. Operating systems of user devices
  11. Age, sex, languages, interests, country of residence
  12. Data for fulfillment of legal and regulatory requirements


Inclusion of third-party services and content

We include third-party content and services in our online provision on the basis of our justified interests (i.e. interests in the analysis, optimization and commercial operation of our online provision in accordance with Art. 6 Para. 1 lit. f GDPR), in order to include their content and services, such as maps and fonts (hereafter summarized as “content”). This always requires that the third-party-providers of this content have access to the users’ IP addresses, because without the IP addresses they would not be able to send the content to the users’ browsers. So the IP address is necessary in order to display this content. We take care only to use content whose corresponding providers use the IP address solely for the delivery of content. Furthermore, third-party providers can use so-called pixel-tags (invisible graphics, also called “web beacons”) for statistical marketing purposes. “Pixel-tags” can be used to collect information such as visitor traffic to the pages of a particular website. Such pseudonymous information can also be stored in cookies on users’ devices, containing technical information such as browser and operating system, referring websites, time of visit and other data about use of our online provision, which are also linked to such information from other sources.

The following description offers an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information about the processing of data and possibilities to object (so-called “opt-out”) mentioned to some extent already:

  • In the event that our customers make use of third-party payment services (e.g. Sofort, Paypal, etc.), the terms and conditions and data protection notices of the relevant third-party providers apply, these being available on the corresponding websites and/or payment applications.


Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us: