Help and Support

Choose your location and language settings

Sweden

|

Svenska

Global

Germany

Switzerland

United Kingdom

Ireland

France

Netherlands

Belgium

Spain

Portugal

Italy

Russia

Poland

Czech Republic

Denmark

Sweden

Norway

Finland

USA

Canada

Mexico

Colombia

Chile

China

Korean

Singapore

Hong Kong

Vietnam

Japan

Australia / New Zealand

UAE

South Africa

India

Access Control Cloud Applications Privacy Policies

Access Control Cloud Applications

1. Which personal data do our access control cloud applications process?

As leading company in the access control industry, Salto provides different cloud solutions to our customers (such as, Salto KS, Salto Nebula, Salto Homelok and JustIN Mobile). The access to and the use of such access control cloud applications is limited to those customers (legal entities or eventually individuals) who have acquired the corresponding licenses of use or subscriptions (the “Customers”) and to the users authorized by the Customers to use some or part of their features (the “Users”).   

If you want to become a User of our access control platforms or install our mobile apps (the “Platforms”), Salto will need to process your personal data and, additionally, you will generate certain personal data by means of your usage of the Platforms. We can distinguish between: 

1.1 Personal data you provide to us

You may provide the following data: 

  • About yourself: You will directly provide us personal data about yourself when registering in any of our Platforms. The specific personal data depends on each Platform, but it usually refers to basic identity and contact data; such as your name, email address or phone number. Please note that the boxes indicated with an asterisk (*) are strictly necessary for registration or for completing certain actions, so it will not be possible to proceed further if you do not provide such information. 

  • About others: In addition, depending on your User role within the Platform, you may provide personal data about others when you add or invite new Users into your site or you assign keys to other Users to access to your premises equipped with Salto products. If you are inviting a new User to join our Platform, do so only if you are previously authorized to provide such third-party data to Salto and have informed them about the processing of their data pursuant this policy. 

You are responsible for the veracity and accuracy of the data you provided as well as to keep such data updated in the Platforms. Salto reserves the right to exclude you from the Platform if you have provided false data, without prejudice to other actions that may proceed in Law. 

1.2. Personal data we collect automatically

In order to render to the Customers the corresponding services through the different Platforms, we may collect the following data:

  • Access activity: Our Platforms will log your interaction with Salto’s locks and access control equipment installed in the buildings or premises of our Customers.  

  • ​​Usage data: We may collect certain personal data related with your usage of the Platform and the device you are using. ​     ​​  

  • ​​​​Location data:​ ​​In case of our mobile apps, please be aware that if your device’s operating system version is Android 6.0 or higher, in order to be able to use the app for opening doors or other Salto access control equipment using Bluetooth technology, Android requires to activate location permissions. Nevertheless, Salto will not access or otherwise process any information relating to your location​​​ in these cases​​​.​​​​​​ 

    In addition, on certain platforms, we will ask you if you want to enable location on your device to make it easier for you to enter your building address. This information will only be used to autocomplete the address. If you prefer not to allow location services, you can always complete your address manually. Also, some platforms, such as Salto XS4 Com, may require access to your location for security purposes, in order to ensure that it is correctly used. 

  • Cookies: In addition, we use cookies, pixels or similar technologies which are web tools that allow storing and retrieving information from Users in order to offer them a better experience in the use and navigation of the Platforms. You can find additional information about cookies and similar technologies used in the Cookies Policy of each Platform.  

1.3. Personal information provided by other Users

As it is the Customer the one who determines which Users can use their access control solutions and which Users are assigned with keys, other Users may enter your data into the Platform. For example, this happens when an existing User is inviting you to join our Platform or when you are granted with digital keys to access the premises of our Customer (e.g. hotels, co-working spaces, etc.).  

At this respect, please make sure you have the convenient authorization before giving any third-party data to Salto and remember to appropriately inform them about the processing of their data prior to providing it to Salto and to obtain the required consent, where appropriate. In addition, be especially cautious when entering data of underage Users (Users under 14 years old). Only do so when you have a consent given or authorised by the holder of parental responsibility over the child.  

1.4. Personal data we collect from other sources

In the event that you login to any Platform through a social network, Salto will receive your identification and contact details from such social network. 

2. Who is the controller of your personal data?

Depending on the specific Platform you are using and the type of Customer (legal entities or individuals) who has granted you access to it, we may process your personal data under the role of data controller or data processor. 

Where we act as controller, the legal entity concerned will be Salto Systems, S.L. ("Salto") with registered address at C/ Arkotz 9 Pol. Lanbarren 20180 Oiartzun (Gipuzkoa) – Spain. 

If you are interested in knowing in which cases we act as controller or as processor, please continue reading to find all the details about each of our Platforms. Please note that his privacy policy is only applicable in relation to the processing of personal data carried out by Salto acting as controller of your data.

3. Why and what for will we process your personal data?

In this section, you can find detailed information about the purposes of the processing that Salto will carry out on your personal data and the legal basis of said processing activities, depending on the specific Platform you are using.

3.1. Salto KS

Processing as controller:

Salto may process the personal data within Salto KS as controller in the following cases:  

  • Account Data: As you will have to register yourself as User in order to get access into Salto KS, Salto will process your data to manage your registration and to provide the services that are linked to your account. This will entitle you to manage through a single Salto KS User account all sites to which the corresponding Customers have granted you access. 

You can obtain your Salto KS account in two different ways: 

  1. You can directly register yourself as a User of Salto KS by completing the registration form for which you will have to provide certain data related to your identity.
  2. You can be invited or added by a Customer of Salto KS who wants to grant you keys to open certain doors of their premises. This means that the Customer may provide us certain information about you (such as, name and email address). 

The processing of your account data will be based on your contractual relationship with Salto as User of Salto KS, as you will need to accept the corresponding Terms of Service and/or End-User License Agreement for registering in Salto KS. For avoidance of doubt, any processing activity related with the provision of the services as well as when we contact you for Salto KS related topics, the processing will be based on these grounds. 

  • Analytic related data: We will also use your data to maintain, develop and improve our products and services, including creating and distributing reports and other materials. We always try to use only non-personal data for this purpose (unless this is not possible), so we will anonymize the information in order to eliminate your personal data. Additionally, we may use it to control compliance with our Intellectual Property rights, and when we communicate with you to keep you informed about our products and/or services that could be of your interest.

  • Site related data: Furthermore, in case you are a consumer-type Customer (i.e. a private person, who is not a company or a professional) who has purchased the subscription to the Salto KS services or your data has been added to Salto KS by a consumer-type Customer, Salto will process as controller all data within your Salto KS account. This also includes data that is related to a specific site – such as, the access permissions or keys you have been granted for accessing Customer’s premises, your usage of the platform and your interaction with Salto locking products installed in such premises. However, the legal bases for the processing of your personal data are the same as mentioned above. 

In addition, Salto and its Group entities may also process Users’ data in case the Customer requests our tech support team’s assistance for resolving a technical issue.

Processing as processor: 

Even if we always process the account and analytic related data as controller, site related data may be processed as Salto under the role of processor depending of the type of client using our Platforms. 

Salto may process the personal data within Salto KS as processor in the event that you are a User of a site belonging to a business-type Customer (i.e. Customers which are legal entities), Salto may process some of the data related directly to such site as data processor on behalf of our Customer who is subscribed to Salto KS services. For instance, this includes the access permissions or keys you have been granted for accessing Customer’s premises and your interaction with Salto locking products installed in such premises.

3.2. Salto Nebula

Salto may process the personal data within Salto Nebula under two different roles depending on the type of Customer (consumer or business) using Salto Nebula: 

  • Consumer Customers – Salto as controller: Salto will process your personal data as controller in the following two circumstances: 
    • In case you are a consumer-type Customer who has purchased the subscription to the Salto Nebula services; or, 
    • In case you are a User who has been added or invited to create a Salto Nebula account by a consumer- type Customer, which means that the Customer will provide us certain personal data about you (such as, your name and your email address). 

In these cases, your data will be processed based on:

  1. Contractual or pre-contractual relationship: As you will need to accept the corresponding Terms of Service and/or End-User License Agreement for registering in Salto Nebula, the processing of your data will be based on your contractual relationship with Salto as User of Salto Nebula. For avoidance of doubt, any processing activity related with the provision of the services as well as when we contact you for Salto Nebula related topics, the processing will be based on these grounds.
  2. Legitimate interest: We will also use your data to maintain, develop and improve our products and services, including creating and distributing reports and other materials with anonymized information. We always try to use only non-personal data for this purpose (unless this is not possible), so we will anonymize the information in order to eliminate your personal data. Additionally, we may use it to control compliance with our Intellectual Property rights, and when we communicate with you to keep you informed about our products and/or services that could be of your interest.

In addition, Salto and its Group entities may also process Users’ data in case the Customer requests our tech support team’s assistance for solving a technical issue.

  • Business Customers – Salto as processor: Salto will process your personal data as processor in the following two circumstances: 
    • In case you are a business-type Customer who has purchased the subscription to Salto Nebula services; or, 
    • In case you are a User who has been added or invited to create a Salto Nebula account by a business-type Customer. 

In these cases, Salto will process all your personal data within Salto Nebula (including, among others, name, email address, access rights, access activity and usage data) on behalf of our Customer for providing the services related to your Salto Nebula account. 

In addition, also in the case of business customers, Salto will process your personal data as controller to maintain, develop and improve our products and services, including creating and distributing reports and other materials. In this sense, as mentioned above, we will anonymize to the possible extent the information in order to eliminate your personal data.

3.3. Salto Homelok

Salto may process the personal data within Salto Homelok under two different roles depending on the type of Customer (consumer or business) using Salto Homelok: 

  • Consumer Customers – Salto as controller: Salto will process your personal data as controller in the following two circumstances: 
    • In case you are a consumer-type Customer who has purchased the subscription to the Salto Homelok services; or, 
    • In case you are User who has been added or invited to create a Salto Homelok account by a consumer-type Customer, which means that the Customer will provide us certain personal data about you (such as, your name and your email address). 

In these cases, your data will be processed based on:

  1. Contractual or pre-contractual relationship: As you will need to accept the corresponding Terms of Service and/or End-User License Agreement for registering in Salto Homelok, the processing of your data will be based on your contractual relationship with Salto as User of Salto Homelok. For avoidance of doubt, any processing activity related with the provision of the services as well as when we contact you for Salto Homelok related topics, the processing will be based on these grounds.
  2. Legitimate interest: We will also use your data to maintain, develop and improve our products and services, including creating and distributing reports and other materials with anonymized information. We always try to use only non-personal data for this purpose (unless this is not possible), so we will anonymize the information in order to eliminate your personal data. Additionally, we may use it to control compliance with our Intellectual Property rights, and when we communicate with you to keep you informed about our products and/or services that could be of your interest.

In addition, Salto and its Group entities may also process Users’ data in case the Customer requests our tech support team’s assistance for solving a technical issue.

  • Business Customers – Salto as processor: Salto will process your personal data as processor in the following two circumstances: 
    • In case you are a business-type Customer who has purchased the subscription to Salto Homelok services; or, 
    • In case you are User who has been added or invited to create a Salto Homelok account by a business-type Customer. 

In these cases, Salto will process all your personal data within Salto Homelok (including, among others, name, email address, access rights, access activity and usage data) on behalf of our Customer for providing the services related to your Salto Homelok account. 

In addition, also in the case of business customers, Salto will process your personal data as controller to maintain, develop and improve our products and services, including creating and distributing reports and other materials. In this sense, as mentioned above, we will anonymize to the possible extent the information in order to eliminate your personal data.

3.4. JustIN Mobile

Salto will process your personal data within JustIN Mobile app under two different roles:

  • Salto as controller:

When you complete the registration process in JustIN Mobile app, you become a User and as such the phone number associated to your device is assigned a randomly generated code or ID, which serves as your device’s ID. 

Therefore, when using JustIN Mobile App, Salto will process the following personal data as controller: phone number, the randomly generated ID of the device to which the mobile key is destined, the randomly generated ID of the digital key, date of activation and expiry of the permits associated to the premises, and room number (if applicable). 

These processing activities are carried out based on the contractual relationship originated by your acceptance of our End User License Agreement in the registration process as well as in Salto’s legitimate interest to maintain, develop and improve our products and services. The processing of the abovementioned data is necessary for the use of JustIN Mobile app. 

In addition, Salto and its Group entities may also process Users’ data in case the Customer requests our tech support team’s assistance for solving a technical issue.

  • Salto as processor:

Additionally, to be able to use JustIN Mobile app as a digital key, it is necessary that you are previously registered at the platform used by the Customer for managing the accesses to their premises. 

For that purpose, the company in charge of such premises registers you into its Platform and assigns certain access credentials to you as controller of the data. The Customer will transfer these access credentials to Salto and every time you use the app, Salto will send back to the Customer the information regarding your access activity (e.g. information about the door you have accessed).

3.5. ​​​Salto XS4 Com​​ 

​​​Processing as controller:​​ ​​​

Salto may process the personal data of Users within Salto XS4 Com as controller in the following cases:  ​​ 

  • Account Data: As you will have to register yourself as User in order to get access to Salto XS4 Com and manage access as a tenant, Salto will process your data to manage your registration and to provide the services that are linked to your account. This will entitle you to manage through a single SALTO XS4 Com​ ​User account all sites to which the corresponding Customer have granted you access. ​​ 

​​​You can obtain your SALTO XS4 Com account in two different ways: ​​ 

  • ​​​You can directly register yourself as a User of Salto XS4 Com by completing the registration form for which you will have to provide certain data related to your identity.​​ 

  • ​​​You can be invited or added by a Customer of Salto XS4 Com who wants to grant you permission to manage your entrance door. This means that the Customer may provide us certain information about you (such as, name and email address). ​​ 

​​​The processing of your account data will be based on your contractual relationship with Salto as User of Salto XS4 Com, as you will need to accept the corresponding Terms of Service and/or End-User License Agreement for registering in Salto XS4 Com. For the avoidance of doubt, any processing activity related to the provision of the services as well as when we contact you for Salto XS4 Com-related topics, the processing will be based on these grounds. ​​ 

  • ​​​Subscription management: ​If you are ​a​ Customer who has ​​subscribed to the​​ Salto XS4 Com services, Salto will process your personal data for managing your contractual relationship with Salto, including the payments.​​ ​​​ 

  • ​​​​Site-related data:​​ Furthermore, in case you are a consumer-type Customer (i.e., a private person, who is not a company or a professional) who has purchased the subscription to the Salto XS4 Com services or your data has been added to Salto XS4 Com by a consumer-type Customer, Salto will process as controller all data within your Salto XS4 Com account. This also includes data that is related to a specific site – such as the calls you have received and your interaction with Salto locking products installed in such premises. However, the legal bases for the processing of your personal data are the same as mentioned above. ​​ ​​​ 

​​​In addition, Salto and its Group entities may also process Users’ data in case the Customer requests our tech support team’s assistance in resolving a technical issue. ​​ 

Finally, if you are a visitor who uses the QR code placed at the entrance to call a building tenant, Salto will process your personal data based on Salto’s legitimate interest in providing this service to the visitor. In particular, your voice and image in the event of a video call to communicate with the building tenant, as well as location data for security purposes, to ensure that the visitor requesting access is in the vicinity of the building. The video call between the visitor and the tenant will not be recorded by Salto nor any other data you may exchange through the chat, if available. 

​​​​Processing as processor: ​​     ​​​ 

​​​​Even if we always process the account and analytic-related data as a controller, site-related data may be processed as Salto under the role of processor depending ​​on the​​ type of client using our Platforms. ​​​ 

​​​​Salto may process the personal data within Salto XS4 Com as processor in the event that you are a User of a site belonging to a business-type Customer (i.e. Customers which are legal entities or professionals), Salto may process some of the data related directly to ​​such a site​​ as data processor on behalf of our Customer who is subscribed to Salto XS4 Com services. For instance, this includes your use of the Platform and your interaction with Salto locking products installed in such premises.

3.6 ​​​Salto Orion 

​Processing as controller: 

​Salto may process the personal data within Salto Orion as controller in the following cases:   

  • ​Account Data: As you will have to register yourself as User in order to get access into Salto Orion, Salto will process your data to manage your registration and to provide the services that are linked to your account. This will entitle you to manage through a single Salto Orion User account your consent for the use of biometric in all sites to which the corresponding Customers have granted you access.  

​For obtaining your Salto Orion account, you first need to be invited or added by a Customer using a Salto access control solution who wants to grant you access to open certain doors of their premises by using facial recognition technology. This means that the Customer will provide us your email address for sending you the invitation for enrolment.   

​In addition, in order to enrol yourself, you will be required to provide a picture of your face taken with your phone camera, which Salto will process as part of your Account Data based on your contractual relationship. The processing of your account data will be based on your contractual relationship with Salto as User of Salto Orion, as you will need to accept the End-User License Agreement for registering in Salto Orion. For avoidance of doubt, any processing activity related with the provision of the services as well as when we contact you for Salto Orion related topics, the processing will be based on these grounds.  

​When the facial recognition functionality is available for one or more of the sites to which you have been granted access, Salto will request your consent to transfer your profile picture to the Customer to use your biometric data for facial recognition purposes. This consent will be required and may be revoked for each site independently. 

  • Analytic related data: We will also use your data to maintain, develop and improve our products and services, including creating and distributing reports and other materials. We always try to use only non-personal data for this purpose (unless this is not possible), so we will anonymize the information in order to eliminate your personal data. Additionally, we may use it to control compliance with our Intellectual Property rights, and when we communicate with you to keep you informed about our products and/or services that could be of your interest. 

​In addition, Salto and its Group entities may also process Users’ data in case the Customer requests our tech support team’s assistance for resolving a technical issue.   

3.7. Cookies and similar technologies

Our Platforms may use cookies and similar technologies that allow storing and retrieving information from Users’ devices in order to improve your usage experience and gain a better understanding of how Users interact with the Platform for further improvement of our services, as it is described in the corresponding Cookies Policy of each Platform. Where required by the applicable regulations, the installation of such cookies will take place, provided that you have consented it. 

4. Vem kan få ta emot dina personuppgifter?

In the terms described in section 3. “Why and what for will we process your personal data?”, Salto may transfer its personal data to its Group entities - which can be consulted in https://www.saltosystems.com/en/quick-links/salto-systems-offices/ - (the “koncernenheter”) and to the required public authorities, on the grounds and for the purposes set forth in said section.

Furthermore, Salto relies on the collaboration of some third-party service providers which may have access to your personal data and process it as data processor in the name and on behalf of Salto for the provision of services. In this sense, Salto follows strict criteria of selection of service providers in order to comply with its obligations in terms of data protection and undertakes to sign with them the corresponding Data Processing Agreement, under which it will impose, among others, the following obligations: applying appropriate technical and organizational measures; processing the personal data for the purposes agreed and strictly following the written instructions of Salto; and deleting or returning the data once the provision of services ends. 

We inform you that Salto does not sell your information to any third party. 

5. Kommer vi att göra internationella överföringar av dina personuppgifter?

The aforementioned recipients can be located, in some particular cases, outside the European Economic Area (EEA). In those cases, Salto requires that said recipients comply with the measures designed to protect the personal data established in a binding written contract, such as the standard contractual clauses, except in cases where the European Commission has determined that the country where the recipient is located provides an adequate level of personal data protection. You may obtain a copy of Salto's required measures by contacting Salto at the address indicated at the end of this policy.

6. Hur länge kommer vi att spara dina personuppgifter?

We keep your personal information for no longer than necessary for the purposes for which it is processed, and as required to comply with applicable laws and/or as set out in our data retention policy and information management standards. 

Basically, we can distinguish the following retention periods in relation to the use of our Platforms, depending on the type of data processed: 

  • Usage data & access activity: The personal data related with your activity in the Platform (e.g. your interaction with Salto locks and access points and the activity of administration roles in the Platform) will be kept for the period determined in the Platform and automatically deleted thereafter. Where Salto acts as controller, these data will be erased after the retention period set by default in the relevant platform, which may range from 6 months to 2 years. As an exception, your data will also be deleted after the Customer terminates its subscription to the Platform.
  • User account data: Your identity and contact information related to your account will be processed as long as you keep registered as User of any of our Platforms. This means that your data will continue being processed until your account is deleted. 

In certain circumstances, Salto may be entitled to remove your access to the Platform as well as to deactivate your account, after giving notice, if you do not access the Platform for a certain period. 

Once the corresponding period elapses or milestones are met, we will proceed to the delete your personal data taking the necessary actions for such purpose. 

However, please note that Salto may retain such data for a longer period to comply with legally determined data retention obligations or as long as responsibilities can derive for Salto for the execution of our relationship. Your data will be kept properly blocked and Salto will not process the data unless it is necessary for the formulation, exercise or defense of claims or when it is required by the Public Authorities, Judges and Courts during the period of prescription of rights or legal obligations. 

7. Vilka rättigheter har du i samband med att du lämnar personuppgifter till oss? Var kan du lämna in ett klagomål?

In accordance with current legislation, you can exercise your rights of access, rectification, erasure, restriction, objection, data portability and not to be subject to a decision based solely on automated processing, by previously proving appropriately your identity (including, if necessary, providing a copy of your ID or equivalent), through the contact form “Kontakta vårt dataskyddsombud”. If we are not able to identify you as a User, we may ask for additional information to this regard.

Equally, in case any processing of your data is based on your consent to Salto, you have the right to withdraw your consent for the processing based on it, at any time by writing an email to the mentioned email address. However, the withdrawal of consent shall not affect the lawfulness of processing performed before your withdrawal of consent.

If you believe that Salto or any of its Group entities has not respected any of the aforementioned rights, you will have the right to submit a claim to the competent Control Authority.

Finally, note that you can only exercise these rights towards Salto in relation to the data we are processing under the role of controller. But as we process certain personal data mentioned above as data processor on behalf of our Customers, you must directly contact the Customer (i.e. the manager of the premises for which you have been granted access to) if you have any questions or want to exercise your rights in regards to such data.