GANTNER PRIVACY POLICY
Privacy Policy: eLoxx 365 Cloud Application and LockPal 365 Mobile Application
Here you can find our specific privacy terms for our cloud software eLoxx 365 and the LockPal App. Our general Privacy Policy can be found here: Privacy Policy
If you have any further questions, please feel free to contact us.
PRIVACY POLICY
eLoxx 365 Cloud Application and LockPal 365 Mobile Application
GANTNER processes personal data to provide the cloud solution (i.e., eLoxx 365) to its Clients which in turn provide the Service, i.e., contactless lockers, they manage via the cloud application to the locker users (“the End Users”) of a specific site operated or managed by them. End Users may also download the LockPal 365 mobile application that enables them to operate lockers managed via eLoxx 365 with their smartphone, provided this is a feature offered by the Client. The access to and the use of the cloud application (the “Platform” and the “Mobile Application”) is limited to those Clients and Mobile Application Users (legal entities or eventually individuals) who have acquired the corresponding licenses of use or subscriptions (the “Clients” and the “Mobile Application Users”) and to the users authorized by the Clients to use some or part of their features (the “Administrators”).
IMPORTANT NOTE
In this setting GANTNER will mainly process personal data as a Processor on behalf of its Clients. Any data privacy questions related to processing activities that GANTNER performs as a Processor shall therefore be directed to the organization that makes available the cloud application or the Service to you. GANTNER is only responsible for the data processing activities that it carries out as a Controller as set forth in this privacy policy. In order to understand in which cases GANTNER acts as Controller or Processor please continue reading.
If you are adding new Administrators or End Users to the Platform, do so only if you are previously authorized to provide such third-party data to GANTNER and have informed them about the processing of their data pursuant to this policy.
You are responsible for the veracity and accuracy of the data you provided as well as to keep such data updated on the Platform. GANTNER reserves the right to exclude you from the Platform if you have provided false data, without prejudice to other actions that may proceed in Law.
Last update: February 2024
© Gantner Electronic GmbH 2024. All rights reserved.
Depending on the specific processing activity we may process your personal data under the role of data controller or data processor as specified in the following.
Where we act as controller, the responsible legal entity will be Gantner Electronic GmbH ("GANTNER") with registered address at Bundesstraße 12, 6714 Nüziders (Vorarlberg) – Austria.
Subject to the conditions described in section 4 “Why and what for will we process your personal data?”, GANTNER may transfer its personal data to SALTO Group entities – which can be consulted at the “Group entities” and to the required public authorities, on the grounds and for the purposes set forth in said section.
Furthermore, GANTNER relies on the collaboration with some third-party service providers which may have access to your personal data and process it as data processor in the name and on behalf of GANTNER for the provision of the services. In this sense, GANTNER follows strict criteria of selection of service providers in order to comply with its obligations in terms of data protection and undertakes to sign with them the corresponding Data Processing Agreement, under which it will impose, among others, the following obligations: applying appropriate technical and organizational measures; processing the personal data for the purposes agreed and strictly following the written instructions of GANTNER; and deleting or returning the data once the provision of services ends.
We inform you that GANTNER does not sell your information to any third party.
The aforementioned recipients can be located, in some particular cases, outside the European Economic Area (EEA). In those cases, GANTNER requires that said recipients comply with the measures designed to protect the personal data established in a binding written contract, such as the standard contractual clauses, except in cases where the European Commission has determined that the country where the recipient is located provides an adequate level of personal data protection. You may obtain a copy of GANTNER's required measures by contacting GANTNER at the address indicated at the end of this policy.
If you want to use our cloud solution, i.e., the Platform, the Service managed by the Platform or the Mobile Application, GANTNER will need to process your personal data and, additionally, you will generate certain personal data through your use of the cloud solution.
The types of personal data processed depend on whether you are a web application user (“Administrator”), a security contact person or an End User (i.e., a locker User of a lockers system managed with our Platform) or a Mobile Application User. Please note, that for contact persons of our Clients for managing the business relationship the general Gantner Privacy Policy (business relationships with interested parties, customers and suppliers) will apply in addition.
4.1.1 WHICH PERSONAL DATA DOES OUR CLOUD APPLICATION PROCESS?
If you are an Administrator of the cloud application on behalf of our Client, GANTNER processes the following data as a Controller: (a) Registration Data: When registering a Platform tenant, you will directly provide us personal data about yourself. The specific personal data includes your name, email address, password and company address. (b) Usage Data: For any Administrator user account, we may collect certain personal data related with your usage of the Platform and the device you are using. (c) Contact Details: In addition, GANTNER will process your name and the contact details provided by you when you contact us for any technical support services. (d) Cookies: In addition, we may use cookies, pixels or similar technologies which are web tools that allow storing and retrieving information from Administrators in order to improve the user experience and navigation on the Platform. You can find additional information about cookies and similar technologies used in the Cookies Policy of the Platform. |
The following data are processed by GANTNER on behalf of our Client as a Processor: |
4.1.2 WHY AND FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA
We process registration data (a) and your contact details (c) in order to manage the business relationship with our Client, to provide technical support to our Client and to notify you in the case of cyber security incidents or data breaches if the Client didn’t register a security contact person in the Platform. The legal basis for these processing activities is our legitimate interest in the performance of the contract with our Client. Your usage data (b) is processed by GANTNER to improve the user experience and navigation on the Platform. The legal basis is our legitimate interest to further develop and improve our services. |
We process the described personal data on behalf of our Client to provide the Platform to our Clients and to enable our Clients to manage the access to the Platform and its operation as well as to ensure information security. GANTNER and its group entities might also have access to data of Administrators in case the Client requests our tech support team’s assistance for resolving technical issues. |
4.2.1 WHICH PERSONAL DATA DOES OUR CLOUD APPLICATION PROCESS?
In addition, GANTNER will process the contact details of the Client’s contact person for security incident notifications registered by the Client in the Platform as a Controller. |
4.2.2 WHY AND FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
We process your contact details to notify registered contact persons of our Client in the case of cyber security incidents or data breaches. The legal basis is our legitimate interest in the performance of the contract with our Client. |
4.3.1 WHICH PERSONAL DATA DOES OUR CLOUD APPLICATION PROCESS?
If you are an End User of a locker system managed with our Platform GANTNER may process the following data on behalf of our Client as Processor:
The data actually processed depends on the specific configuration of our Client. |
4.3.2 WHY AND FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
In order to enable you to use a locker, our Client that manages or operates the locker system with GANTNER’s platform will have to register you in the Platform and to assign the required authorizations to you. Therefore, we process the described personal data on behalf of our Client to enable our Clients to render the Service to you through GANTNER’s Platform. In addition, GANTNER and its group entities might also have access to data of End Users in case the Client requests our tech support team’s assistance for resolving technical issues. |
4.4.1 WHICH PERSONAL DATA DOES OUR MOBILE APPLICATION PROCESS?
If you use the LockPal 365 mobile application, we may process the following data as Controller: (a) Credentials: GANTNER will process the following data provided by you when you register for a LockPal365 user account: email address, password. (b) Cookies: We may use cookies, pixels or similar technologies which are web tools that allow storing and retrieving information from Mobile Application Users. |
If you use the LockPal 365 mobile application GANTNER my process in addition the personal data described in 4.3.1 as a Processor. |
4.4.2 WHY AND FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
We process your credentials (a) to manage the LockPal 365 user account that enables you, as an End User, to operate lockers via the LockPal 365 mobile application at multiple sites which the corresponding Clients have granted you permission to use. The processing of your personal data will be based on your contractual relationship with GANTNER that you enter as a Mobile Application User by accepting the corresponding End-User License Agreement. We use the information gathered by cookies, pixels and similar technologies (b) in order to improve the user experience and navigation in the application. You can find additional information about cookies and similar technologies used in the Cookies Policy of the mobile application. |
See 4.3.2 |
Our Platforms may use cookies and similar technologies that allow storing and retrieving information from Users’ devices in order to improve your usage experience and gain a better understanding of how Users interact with the Platform for further improvement of our services, as it is described in the corresponding Cookies Policy of the Platform or the mobile application. Where required by the applicable regulations, the installation of such cookies will take place, provided that you have consented it.
We keep your personal information for no longer than necessary for the purposes for which it is processed as specified above, and as required to comply with applicable laws and/or as set out in our data retention policy and information management standards.
Basically, we can distinguish the following retention periods in relation to the use of our Platforms, depending on the type of data processed:
- Administrator account metadata: The personal data related with your interaction with the Platform as an Administrator will be kept for the period determined by the Client in the Platform and automatically deleted thereafter. The retention period may range from 1 day to 1 year and is set to 3 months by default. As an exception, your data will also be deleted after the client terminates its subscription to the Platform.
- Administrator account information: Your login credentials and account information will be processed until our Client deletes your account.
- Contact details and other user data of End Users: Contact details and other user data of End Users required to manage the Service will be processed until our Client deletes the respective End User.
In certain circumstances, GANTNER may be entitled to remove your access to the Platform as well as to deactivate your account, after giving notice, if you do not access the Platform for a certain period.
However, please note that GANTNER may retain such data for a longer period to comply with statutory retention obligations (e.g., commercial and tax retention obligations), if the assertion of legal claims prevent erasure or as long as responsibilities can derive for GANTNER for the execution of our relationship. Your data will be kept properly blocked and GANTNER will not process the data unless it is necessary for the formulation, exercise or defense of claims or when it is required by the Public Authorities, Judges and Courts during the period of prescription of rights or legal obligations.
In accordance with current legislation, you can exercise your rights of access, rectification, erasure, restriction, objection, data portability and not to be subject to a decision based solely on automated processing, by previously proving appropriately your identity (including, if necessary, providing a copy of your ID or equivalent), by sending an email to privacy@gantner.com. If we are not able to identify you as a user, we may ask for additional information to this regard.
Equally, in case any processing of your data is based on your consent to GANTNER, you have the right to withdraw your consent for the processing based on it, at any time by writing an email to the mentioned email address. However, the withdrawal of consent shall not affect the lawfulness of processing performed before your withdrawal of consent.
If you believe that GANTNER or any of SALTO’s Group entities has not respected any of the aforementioned rights, you will have the right to submit a claim to the competent Control Authority.
Finally, note that you can only exercise these rights towards GANTNER in relation to the data we are processing under the role of Controller. As we process certain personal data mentioned above as data Processor on behalf of our Clients, you must directly contact the Client (i.e., the organization that provides the Services to you) if you have any questions or want to exercise your rights in regard to such data.