1. General Information

This Privacy Policy explains how we collect, use, and protect personal data when you use our webshop and device control platform in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller

Philipp Freiburger
Heerstrasse 32
70563 Stuttgart
Germany

The Data Controller is the natural or legal person who determines the purposes and means of processing personal data.

3. Hosting

Our website and services are hosted by Hostinger International Ltd..

Hostinger processes personal data on our behalf as a data processor in accordance with Art. 28 GDPR. A Data Processing Agreement (DPA) has been concluded.

Data may be stored on servers within the European Economic Area (EEA). If data is transferred outside the EEA, appropriate safeguards such as Standard Contractual Clauses (SCC) are applied.

4. Data We Collect

a) Account Data

• Email address
• Username
• Password (stored in hashed/encrypted form)

b) Device & Usage Data

• Device identifiers
• Bluetooth connection data
• Device usage statistics (e.g. runtime, switch cycles)
• Technical data (IP address, browser type, timestamps)

c) Order Data (Webshop)

• Name
• Billing and shipping address
• Payment details (processed via payment providers)
• Order history

5. Purpose of Processing

• Providing and operating the platform
• Managing user accounts
• Processing orders and payments
• Enabling device connectivity and control
• Improving products and services
• Ensuring system security and fraud prevention

6. Legal Basis

Processing is based on the following legal grounds:

• Art. 6(1)(b) GDPR – performance of a contract
• Art. 6(1)(c) GDPR – legal obligations (e.g. tax retention requirements)
• Art. 6(1)(f) GDPR – legitimate interests (security, service improvement)
• Art. 6(1)(a) GDPR – consent (e.g. for optional cookies or tracking, if applicable)

7. Data Sharing

We may share personal data with the following categories of recipients:

• Hosting provider (Hostinger International Ltd.)
• Payment service providers
• Shipping providers
• IT and infrastructure service providers

We do not sell personal data to third parties.

8. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), such transfers are carried out in compliance with GDPR requirements.

Appropriate safeguards include:

• Standard Contractual Clauses (SCC) approved by the European Commission

9. Data Retention

• Account data: stored until the account is deleted
• Order data: stored in accordance with legal retention obligations (e.g. 6–10 years under German tax law)
• Usage data: stored only as long as necessary for operation and analysis

10. Your Rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)

To exercise your rights, please contact us at the email address provided above.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or place of the alleged infringement.

12. Provision of Data

Providing personal data may be required for entering into a contract. Failure to provide necessary data may result in the inability to use our services.

13. Automated Decision-Making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

14. Security

We implement appropriate technical and organizational measures (TOMs) to protect personal data against loss, misuse, and unauthorized access.

15. Cookies and Tracking

Our website may use cookies and similar technologies. Non-essential cookies are only used with user consent in accordance with Art. 6(1)(a) GDPR.

16. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect legal or technical changes.

17. Contact

If you have any questions about this Privacy Policy or data protection, please contact:

eMail: info@lockmebox.com