Vantage Towers Privacy Notice for Users of Smart Locks online service (platform and mobile application)
(Art. 13 and 14 of the General Data Protection Regulation (GDPR)) & Sections 32 & 33 Federal Data Protection Act (BDSG)
Updated on : 28.01.2026
This privacy notice applies to VT AG employees , customer´s employees and employees of VTAG´s and /or customer´s maintainance and filed service suppliers, who use the Smart Locks platform / mobile apps and ISEO smart keys to access VTAG sites. With this privacy notice we would like to inform you on the processing of your personal data when you are using Smart Locks platform/mobile apps and ISEO smart keys, herein: Smart Locks online services.
1) What is the identity and the contact details of the responsible for the processing of your personal data:
a) Data Controller – who is responsible for data processing.
· Vantage Towers AG
· Address Prinzenallee 11-13, 40549 Düsseldorf
· E-Mail: info@vantagetowers.com
b) Contact our Group Data Protection Officer
· Vantage Towers AG – Attn: Data Protection Officer
· Address: Prinzenallee 11-13, 40549 Düsseldorf, Germany
· E-Mail: privacy@vantagetowers.com
In this privacy notice:
● “we/us” means Vantage Towers AG
● “Third party” means someone who is not you or us; and
● “VantageTowers” means Vantage Towers and any company or other organisation in which Vantage Towers AG holds a direct or indirect interest of more than 50% or management control
When using the Smart Locks online services:
· Personal data that we process based our legitimate business interests (Art.6 para. 1 f GDPR): Processing is carried out after careful weighing of our legitimate interests in relation to the need to protect your personal data and is limited to the absolutely expected and necessary processing, which is compatible with our transactional relationship.
Data that we process when you use the Smart Locks online service:
o Identification and contact details : Name, work email, job role, employer (VT entity or Customer or Service Provider).
o Account and authentication data : User ID, Key ID, password (before user changes it), MFA information, role/profile in the Smart Lock platform.
o Access-log data : Site/towers ID, lock/door ID, date and time of access attempts, success/failure and access information.
o Service communications: Emails, instant Teams messages, relating to Smart Locks account management and troubleshooting (e.g., account activation, support tickets)
We receive your data from :
o Your employer (other VT entities or Customer or Service Provider) when they provide us with list of authorized users,
o You directly when you activate your Smart Locks platform account and keep your profile up to date.
· Purposes and lawful bases:
Primary purpose – secure site access management and service management
We process your personal data to provide you with secure, auditable access to VT sites, including towers and base stations, and to manage and monitor access to those sites. We process your personal data to fulfill our obligations to our customers and tenants.
Our legal basis for the processing is : legitimate interests (Art. 6(1)(f) GDPR) in protecting VT’s network infrastructure, fulfilling contractual obligations towards customers and ensuring safety and security at sites
Our legal basis for the processing is: performance of a contract (Art. 6(1)(b) GDPR), in fulfilling contractual obligations with our customers and tenants.
Secondary purpose – troubleshooting & security investigations
To investigate and resolve incidents relating to access (e.g. failed access attempts, suspected theft or vandalism), and to support audits and compliance checks.
Our legal basis for the processing is legitimate interests (Art. 6(1)(f) GDPR) and, where applicable, legal obligations (Art.6 (1)(c) GDPR) (e.g. under H&S regulations).
3) Permissions for access to data and functions of the end devices by the online service.
To operate the Smart Locks online service on your device, certain technical permissions are required. These permissions allow the application to communicate with electronic cylinders and keys, and to connect securely to the Smart Locks platform.
Some of these permissions are strictly necessary to provide the core service and are therefore based on Art. 6(1)(f) GDPR (legitimate interests) or Art. 6(1)(b) GDPR (contract necessity).
If you have granted permissions, we will only use them to the extent described below:
a. Location data
Not used
Neither the Smart Locks platform nor the associated applications request access to GPS or other location functions.
b. Contacts/Address book
Not used
Smart Locks applications do not access contacts or corporate address books.
c. Internet communication (Wi-Fi/ Mobile data)
Permission used (strictly necessary)
The online service requires Internet access in order to:
o authenticate users,
o retrieve/update access rights,
o sync lock events with the Smart Locks cloud based platform hosted in the EU
Legal basis:
Strictly necessary to provide the service (no consent required under §25(2) TDDDG / Art. 5(3) ePrivacy, and lawful basis under Art. 6(1)(b)/(f) GDPR), is legitimate interests.
Processing is limited to what is required for communication between your device and the Smart Locks platform.
Storage period:
No local storage on device beyond temporary technical communication logs;
Cloud logs are retained for 6 months.
d. Camera, microphone, USB, photos, videos, message contents, etc. from end user device
Not used
e. Bluetooth / Wireless interface access
Permission used (strictly necessary).
The application needs Bluetooth to:
o connect the smartphone to the smart cylinder or smart key,
o transmit access rights,
o trigger door opening commands.
Legal basis:
o Strictly necessary technical functionality under ePrivacy rules (no consent required because Bluetooth access is required to provide the service the user actively requests).
o lawful basis under Art. 6(1)(f)/(b) GDPR), legitimate interests or contract necessity Art. (enabling site access).
Storage period:
No Bluetooth data stored on the device. Lock event logs are stored in the platform for 6 months.
4) Push notifications
The Smart Locks online service and the associated mobile applications used by Vantage Towers do not request or use push notification permissions on your terminal device.
5) Who do we share your data with and for what purposes
Recipients of your personal data may be third companies with whom we cooperate for the purposes of technical support, troubleshooting, incident management and reporting:
· ISEO Serrature SpA located in Italy and UK for the purpose of providing the Smart Lock online service technical support and troubleshooting services. Data is stored in Azure public cloud in France.
· Other Vantage Towers legal entities located in Europe for the purpose of reporting and incident management. They may access aggregated data and where required user- level data for governance, reporting and incident management.
In these cases, the third-party companies are processing on behalf of Vantage Towers and undertake the execution of a specific project following our instructions and applying the strict procedures of Vantage Towers regarding the processing of your personal data (Art.28 para.3 GDPR).
Internal data sharing with other Vantage Towers legal entities are governed by reciprocal agreements.
In these cases, Vantage Towers AG is still responsible for the processing of your personal data.
6) International data transfers
Your personal data is primarily processed within EU/EEA and outside of EU, in United Kingdom (UK).
More specifically,
· for the provision of the Smart Locks online service data is hosted in Azure public cloud in France.
· aggregated data may also be accessed by other Vantage Towers legal entities located within Europe (e.g, Portugal, Spain, Greece, Germany) for the purposes of reporting, incident management.
· ISEO support staff located in Italy and United Kingdom (UK) may access the absolute necessary data for the provision of technical support and troubleshooting services.
In particular, access from UK is permitted on the basis of the European Commission’s adequacy decision, which recognizes the UK as providing an adequate level of data protection.
If, in exceptional cases, processing of your data also takes place in countries outside the European Union (in so-called third countries), this will happen,
· if you have expressly consented to this (Art. 49 para. 1a GDPR). (In most countries outside the EU, the level of data protection does not meet EU standards. This applies in particular to comprehensive monitoring and control rights of state authorities,
· or insofar as it is necessary for our provision of services to you (Art. 49 (1) GDPR),
· or insofar as it is provided for by law (Art. 6 (1)(c) GDPR).
Furthermore, your data will only be processed in third countries if certain measures ensure that an adequate level of data protection exists (e.g., adequacy decision of the EU Commission or so-called suitable guarantees, Art. 44ff GDPR).
We do not make your personal data available to third parties, unless you have granted your consent, or we are legally obliged to disclose the data.
7) Automated decision-making system, including profiling
We do not use your personal data to make automated decisions, including profiling.
8) How long do we keep your personal data for:
· We keep your Smart Locks access logs for 6 months, after which they are automatically deleted or anonymised.
· We keep your account data for as long as you remain an authorised user under the relevant Vantage Towers or supplier contract and in line with Vantage Towers retention policy. If your account is closed, we delete or anonymise your profile data unless we need to retain specific data longer to comply with legal obligations or to defend legal claims.
9) What your rights are as a user of our website, in relation to the processing of your personal data (Data Subjects Rights)
a) To request information on the categories of data processed, the purposes of processing, any recipients of the data, or the planned storage period (Art. 15 GDPR);
b) to demand the correction or completion of incorrect or incomplete data (Art. 16 GDPR);
c) to revoke given consent at any time with effect for the future (Art. 7 para. 3 GDPR);
d) to object to data processing that is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21 (1) GDPR);
e) in certain cases, within the framework of Art. 17 GDPR, to demand the deletion of data - in particular, insofar as the data is no longer required for the intended purpose or is processed unlawfully, or you have revoked your consent in accordance with (c) above or declared an objection in accordance with (d) above;
f) under certain conditions, to demand the restriction of data, insofar as deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR);
g) to data portability, i.e. you can receive your data that you have provided to us in a conventional machine-readable format, such as CSV, and transmit it to others if necessary (Art. 20 GDPR);
h) to lodge a complaint with the competent supervisory authority about the data processing, Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein‑Westfalen, Postfach 20 04 44, 40102 Düsseldorf, https://www.ldi.nrw.de/, poststelle@ldi.nrw.de
To exercise your rights, you can:
send an email “Exercise of personal data rights” to privacy@vantagetowers.com in attention of the Group Data Protection Officer, describing the right you want to exercise.
How to lodge a complaint:
If you want to contact us about any of your rights or complain about how we use your personal data, contact privacy@vantagetowers.com and we will do our best to support.
If you are still not satisfied, you can lodge a complaint to the Data Protection Authority https://www.ldi.nrw.de/
10) Keeping your personal data secure
We apply appropriate technical and organizational measures to ensure that your personal data processed through the Smart Locks online service is protected against unauthorized access, accidental loss, misuse, alteration or disclosure.
These measures include secure, encrypted communication between your device and the smart locking hardware, controlled authentication for accessing the Smart Locks platform, and strict role‑based access rights for Vantage Towers staff and authorized service providers.
All access events and system interactions are logged and monitored in accordance with Vantage Towers´ Information Security Management requirements to detect and prevent misuse or security incidents.
Where we rely on trusted service providers to host the Smart Locks platform or maintain the digital keys infrastructure, they are contractually required to meet Vantage Towers’ technical and organizational security standards.
As the Smart Locks service may contain links or integrations to external applications (e.g., app‑store providers), please be aware that these are not operated by Vantage Towers, and we recommend reviewing their privacy and security notices before using them.
11) Our cookie policy
Cookie Policy explains what cookies are, how the Smart Locks online service uses them, and the choices available to you. It applies only to the web‑based Smart Locks administration platform and not to the Smart Locks mobile applications, which do not use cookies.
What are cookies?
Cookies are small text files saved on your browser when you access a website. They help the website operate securely, remember your session, and ensure proper technical functionality. Cookies can be essential (required for the site to work) or non‑essential (analytics, marketing, etc.). Under the ePrivacy Directive and GDPR, non‑essential cookies require your consent before being used.
Do the Smart Locks online service use cookies?
Mobile apps
The Smart Locks mobile applications do not use cookies. Mobile apps run natively on your device and do not rely on browser-based tracking technologies. Instead, they use secure local storage and encrypted communication channels; no cookie‑like tracking is performed.
Smart Locks Web Administration Platform
The web platform uses only strictly necessary cookies, required for:
· secure login and authentication
· maintaining your session during platform use
· ensuring platform stability (e.g., load‑balancing cookies)
How we use cookies
When you access the Smart Locks web platform, the following essential cookies may be stored in your browser:
· Strictly necessary cookies
These cookies are necessary (essential) for the Smart Locks platform to function and cannot be switched off in our systems.
These cookies cannot be deactivated/disabled by using any of the functions on the Smart Locks platform. Our legal basis for the usage of these cookies is Art. 6.1(f) of the GDPR, our legitimate interest to deliver the Smart Locks Platform to you.
First party cookies: originate from the same domain as the Smart Locks platform you are visiting:
|
Cookie Type |
Purpose |
Retention |
|
Session cookies (strictly necessary) |
Maintain your login session and authenticate requests |
Deleted when you close your browser |
|
Security / CSRF cookies (strictly necessary) |
Prevent unauthorized or forged requests |
Session-based or up to 24 hours, removed once no longer needed for security or stability |
|
Load-balancing cookies (strictly necessary) |
Route traffic to ensure platform stability |
Session-based or up to 24 hours, deleted when you close your browser |
The Smart Locks services do not use long‑term persistent cookies.
Third party cookies
Third-party cookies originate from a different domain other than the one you are visiting.
The Smart Locks mobile apps do not set cookies.
The Smart Locks web platform does not use any third‑party analytics, advertising, or tracking cookies.
Managing your cookies settings
Because only strictly necessary cookies are used, and these are required for the secure provision of the Smart Locks platform, there is no option to disable them through cookie banners or preferences.
If you block them through your browser settings, the web platform may not function correctly.
Information on controlling and deleting cookies, including on a wide variety of browsers, is also available at allaboutcookies.org
|
Version: V1.0
V2.0
|
Date: 29.10.2024 28.01.2026
|
Changes: Original document
Cookie policy updates
|