App privacy policy: LEGIC

Privacy Declaration

Privacy Declaration

(for the LEGIC EKA Mobile App & the LEGIC Utility App)

(As of: March 2024)

1. Data Controller, Contact, EU Representative and Supervisory Authority

The company that is the source of any data deployed onto a LEGIC mobile application (“App”) is the data controller responsible for processing your personal data in connection with the use of the LEGIC mobile application ("App"). This data controller may be any company (a “company”). If that company is LEGIC, then the data controller is
LEGIC Identsystems AG
Binzackerstrasse 41
CH-8620 Wetzikon (“LEGIC“ or "we").

If that company is not LEGIC, then you should contact this other company to obtain additional and detailed information on its privacy policy.

Our data protection coordinator can be contacted at info@legic.com or using our postal address and adding “The data protection coordinator”.

As our data protection representative in the European Union within the meaning of Art. 27 GDPR we have designated dormakaba Deutschland GmbH, DORMA Platz 1, 58256 Ennepetal, ("EU Representative"). You can reach the EU data protection officer at data.protection@dormakaba.com or at the above postal address of our representative, with the addition of "the data protection officer".

The competent supervisory authority for us as responsible entity for processing your personal data in the context of this privacy declaration is the Federal Data Protection and Information Commissioner, Feldweg 1, CH-30003 Bern, Switzerland (www.edoeb.admin.ch).

2. Scope and subject of this Privacy Declaration

This privacy declaration gives you an overview of what types of personal data we collect from you in connection with the use of the App, for what purposes this data is processed and what rights you have in relation to the processing of your data.

“You” are (i) an individual person using the App, or (ii) any organization or entity represented by such person.

3. Our data processing principles

All data processing is done in accordance with the Swiss Data Protection Act (“DPA”) and the EU General Data Protection Regulation (“GDPR”).

4. Data collected, processing purposes and legal bases

4.1. When the App is downloaded from the app store, the information required for the transaction is transferred to the app store, i.e. in particular the username, e‑mail address and customer number for your account, the time of the download, payment information and the individual device code. We have no influence over these data collections, nor are we responsible for them.

4.2. In order to use the App, you need to register the App with LEGIC. When you register the App, you need to provide your e-mail address. By providing your e-mail address you consent the processing of your personal data within our system.

We process your email address in the App to permit us to provide the service offered and/or to perform a contract with you or the company you work for. We may further process your personal information, where processing is necessary for the purposes of our legitimate interests, where those legitimate interests are not overridden by your rights or interests.

More specifically, if you use your e-mail address during the registration of the App, we transfer your e-mail address to our Service provider “AWS” within the EEA, so you can receive a TOKEN (in terms of the 2-factor authentication) via e-mail to complete the registration process. For further information in regards to data protection by “AWS” please refer to the AWS Data Processing Addendum (DPA).

When using the App some functions (i.e. LC Message) allow you to enter data. The data entered by you will be sent to and processed within our system.

4.3. Where other people’s personal data (e.g. name) is entered by you into the App, this data is also processed by us.

If you process other people’s personal data, you must have an appropriate legal basis for this and must provide the other people beforehand with the information required under data protection laws (including the data processing by us as outlined above) in a comprehensible and transparent manner and, if necessary, give them the opportunity to object to the processing or to withdraw any consent given.

We process the data you provide in the App to permit us to provide the service offered and / or to perform a contract with you or the company you work for and to protect our legitimate interest, where those legitimate interests are not overridden by your rights or interests.

4.4. The App is downloaded to your mobile device and can - with limited functionality - be used without access to the Internet. Apart from the data described in sections 4.1 - 4.3., no other personal data is collected during such use.

4.5. If you contact us by email, your email address, including the information provided by you, will be stored by us for the purposes of processing the request and in case of follow-up questions.

The data transmitted by you by email is processed on the basis of your consent). You may withdraw this consent at any time. An informal notification to us by email suffices for such purposes.

If the aim of the contact request is to clarify problems with the App or to provide other services as part of the customer service provided by us, the legal basis for the processing of your personal data is the performance of our contractual obligation or to take steps at your request prior entering into a contract.

5. Analysis of mobile device data

When accepting this privacy declaration, you provide consent to the following analysis of your mobile device data. When you use the App on your mobile device, we collect specific device and app data (phone vendor, phone model, phone OS type, phone OS version, SDK version of the app, supported phone interfaces as BLE or NFC, time stamps for registration, update or last synchronization, security category supported by the phone, country location) from your mobile device for our statistics in order to improve or optimize our services.

6. Data transfers outside Switzerland or the EEA

There is no data transfer outside Switzerland or the EEA through our systems or through our service provider systems.

7. Storage duration and deletion

We store your personal data in accordance with the applicable data protection laws if and for as long as this is required for the processing purposes referred to in this privacy declaration.
We will delete your personal data after 6 months at the latest, after you un-register the App. This process can be requested within the App shown in the app menu.
An exception to this is where we are legally obliged to keep your personal data longer (e.g. for tax, accounting and auditing purposes). The data transmitted by you by email is kept by until the purpose for the data storage ceases to apply (e.g. once your request has been processed).

8. Your rights

As a data subject, you have the following rights vis-à-vis us or our representative regarding your personal data:

8.1. You may at any time withdraw any consent once given by you to the processing by us of your personal data. As a result, we may in future no longer process your personal data on the basis of your consent. The withdrawal will not affect the lawfulness of any processing done on the basis of the consent up until the said withdrawal, but it will lead to a discontinuation of your ability to use the App.

8.2. You can request information about your personal data as processed by us. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected directly from you, and the existence of automated decision-making including profiling and, if necessary, meaningful information on the details of the same.

8.3. You can request the immediate rectification of inaccurate personal data or the completion of your personal data as stored by us and you also have the right, taking into consideration the purposes of the processing, to request the completion of incomplete personal data - including by means of an additional declaration.

8.4. You can request the erasure of your personal data as stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims, whereby the right to erasure may be limited by national law.

8.5. You can request the restriction of the processing of your personal data insofar as you contest the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, but it is required by you for the establishment, exercise or defense of legal claims, or you have objected to the processing.

8.6. You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit that data to another controller ("Right to data portability").

8.7. You can complain to a supervisory authority. As a rule, you may for such purposes contact the supervisory authority at your usual place of residence, your place of work, the place of our registered office or the headquarters of our EU Representative.

8.8. If your personal data is processed on the basis of legitimate interests, you also have the right to object to the processing of your personal data, provided there are grounds for this arising from your particular situation.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling insofar as it is related to such direct marketing.

9. Updates to Privacy Declaration

We may amend this privacy declaration from time to time for any reason. In case of any update of this privacy declaration, you will be informed via a notification on the app after an update. You will have again the option to read the privacy policy and accept or decline it.

Type	Name	Purpose	Lifetime	Provider
Website	CookieConsent	Saves your consent to using cookies.	1 year	HTML
Website	fe_typo_user	Assigns your browser to a session on the server.	session	HTTP
Pipedrive	_cf_bm	This cookie is used to distinguish between humans and bots.	1 day	HTTP

Type	Name	Purpose	Lifetime	Provider
Google	_gcl_au	Used by Google AdSense to experiment with advertisement efficiency.	3 months	HTML
Facebook	_fbp	Stores the unique visitor ID.	3 months	HTTP
Facebook	facebookPixel	If JavaScript is not enabled, this pixel initiates a connection to facebook.	session	Pixel
Twitter	i/adsct	missing translation: trackingobject.i/adsct.desc	session	Pixel
LinkedIn	JSESSIONID	Keeps the user's states in all page requests at.	session	HTTP
LinkedIn	li_gc	Saves the user's consent status for cookies on the current domain.	2 years	HTTP
LinkedIn	AnalyticsSyncHistory	Used in conjunction with data synchronisation with the third-party analytics service.	29 days	HTTP
LinkedIn	bcookie	Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform.	2 years	HTTP
LinkedIn	bscookie	Used by the social networking service LinkedIn for tracking the use of embedded services.	2 years	HTTP
LinkedIn	lang	Used to memorize a user's language setting.	session	HTTP
LinkedIn	lidc	Used by the social networking service LinkedIn for tracking the use of embedded services.	1 day	HTTP
LinkedIn	UserMatchHistory	Ensures browsing security for visitors by preventing falsification of requests across pages. This cookie is essential for the security of the website and the visitor.	29 days	HTTP